Usage
security testing: Test whether the code you encrypted with network tools can be quickly decrypted.
Learning reference: Decrypt the source code you are interested in for programming learning, or learn about encryption and decryption.
Security assessment: Decrypt the third-party source code you use to see if there are any dangerous behaviors, such as backdoors or espionage.
Do not use it for
decryption and sale: Please respect the fruits of other people's work and do not disclose or steal other people's intellectual property rights or other infringements.
Black product: It shall not be used for network attacks, illegal acquisition of network data and other purposes that violate laws and regulations.
Remarks indicate that most of the encrypted content (not all) can be decrypted, which is enough for you to use for network security analysis and decryption ideas learning.
<?php
/*
建议用途
1. 安全测试:测试你用网络工具加密的代码是否可以被快速解密。
2. 学习参考:对自己感兴趣的源码解密用于编程学习,或了解加密解密。
3. 安全评估:解密自己用的第三方源码是否有危险行为,比如后门、间谍行为.
不得用于
1. 解密出售:请尊重他人劳动成果,不得公开、盗卖他人知识产权等侵权行为。
2. 黑产:不得用于网络攻击、非法获取网络数据等违反法律法规的用途。
版本说明
1. 非完美解密,仅供参考。很多正则提取替换值得学习。
*/
function logx($sta){
file_put_contents("index.php1.php.log","\r\n\r\n".$sta,FILE_APPEND);
}
function lists($tips,$arr){
if(!is_array($arr)){
echo "<h3>$tips</h3>";
if($arr=="") return false;
echo "<textarea style=\"width:99%;height:60px;\" required>";
echo htmlspecialchars($arr);
echo "</textarea>";
return false;
}
echo "<h3>$tips (".count($arr).")</h3>";
$text = "";
foreach($arr as $t => $v){
if(is_array($v)) $v=join("|",$v);
$text .= "$t => $v \r\n";
}
echo "<textarea style=\"width:99%;height:60px;\" required>";
echo htmlspecialchars($text);
echo "</textarea>";
}
function Titi($str){
global $log,$fafa;
preg_match_all('/(\\\x[A-Fa-f0-9]{1,2}|\\\[0-9]{1,3})+/', $str, $ziti);
$liti =array(); $lita =array();
foreach($ziti[0] as $tiqu5){
$lans = strlen($tiqu5); $mdx=md5($tiqu5);
$liti[$mdx] = $lans; $lita[$mdx] = $tiqu5;
}
arsort($liti); $ati = "";
foreach($liti as $md => $nb){
$tiquc = $lita[$md]; $tsts="<!--ttss-->";
eval("\$tsts = \"$tiquc\";");
$ati .= "\r\n<p>$tsts <= $tiquc</p>";
$str = str_replace($tiquc, $tsts, $str);
}
return $str;
}
// Step 1@read code
$coda = file_get_contents('./we7.txt');//demo/demo5.txt we7.txt
lists("Step 1 get code;","?????");
// Step 2@get all xxx
$labelRegex = '/goto\s+(\w+);/m';
preg_match_all($labelRegex, $coda, $labels);
$labels = $labels[1];
lists("Step 2 all goto xxx;",$labels);
// Step 3.1
$gotoRegex = '/goto\s+(\w+);\s+}\s+goto\s+(\w+);/m';
preg_match_all($gotoRegex, $coda, $gotosMatch);
$gotosMatch = $gotosMatch[0];
$gotos = [];
foreach ($gotosMatch as $goto) {
preg_match($gotoRegex, $goto, $matches);
$from = $matches[1];
$to = $matches[2];
$gotos[$from] = $to;
}
lists("Step 3.1:goto1 } goto2",$gotos);
// Step 3.2
$code = preg_replace_callback($gotoRegex, function ($matches) {
$from = $matches[1];
$to = $matches[2];
return "goto $to; } goto $from;";
}, $coda);
lists("Step 3.1:goto2 } goto1",$code);
// Step 4
$matches = [];
preg_match_all('/(\w+):(\s+(\w+):)+/m', $code, $matches);
$matches = $matches[0];
foreach ($matches as $match) {
preg_match_all('/(\w+):/m', $match, $index);
$index = $index[0];
foreach ($index as $x) {
$z = str_replace(":", "", $x);
$y = "goto $z; $z: ";
$code = str_replace($x, $y, $code);
}
}
lists("Step 4:duo xxx: xxx:",$code);
// Step 5.1
$labelCodex = '/(\w+):(.*?)goto\s+(\w+);/m';
preg_match_all($labelCodex, $code, $labelCodesMatch);
$labelCodes = [];
foreach ($labelCodesMatch[0] as $labelCode) {
preg_match($labelCodex, $labelCode, $matches);
$from = $matches[1];
$codeline = $matches[2];
$labelCodes[$from] = $codeline;
}
lists("Step 5.1:label:code ",$labelCodes);
// Step 5.2
preg_match_all($labelCodex, $code, $labelgogoxMatch);
$labelgogok = [];
foreach ($labelgogoxMatch[0] as $gogoCode) {
preg_match($labelCodex, $gogoCode, $matches);
$from = $matches[1];
$to = $matches[3];
$labelgogok[$from] = $to;
}
$labelgogos = $labelgogok; $lasde = end($labelgogok);
lists("Step 5.2:label:gogo ",$labelgogok);
lists("Step 5.2:label:gogo ",json_encode($labelgogok));
// Step 6.1
$current = $labels[0];
$labelCodas= $labelCodes; $t6 = [];
while ($current && isset($labelCodas[$current])) {
$t6[] = $current; unset($labelCodas[$current]);
$current = $labelgogos[$current];
}
lists("Step 6.1:goto shun.xu1",$t6);
// Step 6.2
$tbs = array();
$jieguo = "|".join("|",$t6)."|";
lists("Step 6.1:goto shun.jieguo",$jieguo);
foreach ($gotos as $from => $to) {
$current = $from; $tr = ["$current"];
while ($current && isset($labelCodas[$current])) {
unset($labelCodas[$current]);
$current = $labelgogos[$current]; $tr[] = $current;
}
$lian = $tr[count($tr) - 1]; unset($tr[count($tr) - 1]);
$tbs[$lian] = $tr;
}
lists("Step 6.2:goto shun.xu2",$tbs);
$ii=0;
do {
$jixu = "F"; $ii++;
foreach ($tbs as $laste => $vals) {
if (stristr($jieguo, "|$laste|") !== false) {
if(count($vals)>1){ $vale = "|".join("|",$vals); }else{ $vale=""; }
$jieguo = str_replace("|$laste|", "$vale|ChaLiDe|$laste|", $jieguo);
$jixu = "Y"; unset($tbs[$laste]);
//echo "|$laste|==>$vale|ChaLiDe|$laste|<br>";
}
}
//echo "===> $jixu@{$ii}@Yu".count($tbs)."<br>";
} while (!empty($tbs) && $jixu != "F"); //
$t6 = explode("|",Trim($jieguo,"|"));
lists("Step 7.1:goto shun.xu7",$t6);
// Step 8
$codenew = '';
foreach ($t6 as $label) {
if ($labelCodes[$label]) {
$codenew .= Trim($labelCodes[$label])."//{$label}\n";
} elseif ($label=="ChaLiDe") {
$codenew .= "}\n";
} else {
$codenew .= "";
}
unset($labelCodes[$label]);
}
preg_match_all('/;\s+(\w+):/m', $coda, $labelall);
$labelend = end($labelall[0]);
$etxt = explode($labelend,$coda);
$codenew .= "\r\n//".$labelend."\r\n". $etxt[1];
$codenew .= "\r\n\r\n/*\r\n";
foreach($labelCodes as $t=>$v) $codenew .= "\r\n$t => $v => ".$labelgogok[$v];
$codenew .= "\r\n*/\r\n";
lists("Step 8: newcode",$codenew);
$codenow = Titi($codenew);
$codenow = preg_replace('/(^\s+|\s+$|^\n+|\n+)+/m', "\r\n", $codenow);
lists("Step 9: escape",$codenow);