如题,之前用过,现在没有测试验证过了。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 | <?php $file = 'plugin.php'; //要破解的文件 $fp = fopen($file, 'r'); $str = fread($fp, filesize($file)); fclose($fp); copy($file, '0_'.$file); $n = 1; while($n < 10){ $code = strdecode($str); if($n == 1){ $code = str_replace("__FILE__", "'0_$file'", $code); } $replace = '$decode'.$n.'=trim'; if(strpos($code, 'eval(') > 0){ $code = str_replace('eval(', $replace.'(', $code); }else{ preg_match("/@\\$(.*)\(\\$(.*),(.*)\(/isU", $code, $res); $code = str_replace($res[3], "'$replace", $code); } $code = preg_replace('/\\$(.*)=false;(.*?)\(\);/', '', $code); //上一版本 $code = preg_replace('/\|\|@\\$(.*?)\(\);/', '|| print("ok");', $code); $code = destr($code); $tmp_file = 'detmp'.$n.'.php'; file_put_contents($tmp_file, $code); include($tmp_file); $val = 'decode'.$n; $str = $$val; unlink($tmp_file); if(strpos($str, ';?>') === 0){ $decode = $str; break; } $str = "<?php\r\n". $str; $n++; } $decode = preg_replace("/^(.*)exit\('Access Denied'\); /", "<?php\r\n", $decode); $del = strrchr($decode, 'unset'); $decode = str_replace($del, "\r\n?>", $decode); file_put_contents($file.'.de.php' ,$decode); unlink('0_'.$file); echo 'done'; //////////// function val_replace($code, $val, $deval){ $code = str_replace('$'.$val.',', '$'.$deval.',', $code); $code = str_replace('$'.$val.';', '$'.$deval.';', $code); $code = str_replace('$'.$val.'=', '$'.$deval.'=', $code); $code = str_replace('$'.$val.'(', '$'.$deval.'(', $code); $code = str_replace('$'.$val.')', '$'.$deval.')', $code); $code = str_replace('$'.$val.'.', '$'.$deval.'.', $code); $code = str_replace('$'.$val.'/', '$'.$deval.'/', $code); $code = str_replace('$'.$val.'>', '$'.$deval.'>', $code); $code = str_replace('$'.$val.'<', '$'.$deval.'<', $code); $code = str_replace('$'.$val.'^', '$'.$deval.'^', $code); $code = str_replace('$'.$val.'||', '$'.$deval.'||', $code); $code = str_replace('($'.$val.' ', '($'.$deval.' ', $code); return $code; } function fmt_code($code){ global $vals,$funs; preg_match_all("/\\$[0-9a-zA-Z\[\]']+(,|;)/iesU", $code, $res); foreach($res[0] as $v){ $val = str_replace(array('$',',',';'), '', $v); $deval = destr($val, 1); $vals[$val] = $deval; $code = val_replace($code, $val, $deval); } preg_match_all("/\\$[0-9a-zA-Z\[\]']+=/iesU", $code, $res); foreach($res[0] as $v){ $val = str_replace(array('$','='), '', $v); $deval = destr($val, 1); $vals[$val] = $deval; $code = val_replace($code, $val, $deval); } preg_match_all("/function\s[0-9a-zA-Z\[\]]+\(/iesU", $code, $res); foreach($res[0] as $v){ $val = str_replace(array('function ','('), '', $v); $deval = destr($val, 1); $funs[$val] = $deval; $code = str_replace('function '.$val.'(', 'function '.$deval.'(', $code); $code = str_replace('='.$val.'(', '='.$deval.'(', $code); $code = str_replace('return '.$val.'(', 'return '.$deval.'(', $code); } return $code; } function strdecode($str){ $len = strlen($str); $newstr = ''; for($i=0; $i<$len; $i++){ $n = ord($str[$i]); $newstr .= decode($n); } return $newstr; } function decode($dec){ if(($dec > 126 || $dec<32) && $dec<>13 && $dec<>10){ return '['.$dec.']'; }else{ return chr($dec); } } function destr($str, $val=0){ $k = 0; $num = ''; $n = strlen($str); $code = ''; for($i=0; $i<$n; $i++){ if($str[$i] == '[' && ($str[$i+1]==1 || $str[$i+1]==2)){ $k = 1; }elseif($str[$i] == ']' && $k==1){ $num = intval($num); if($val==1){ $num = 97 + fmod($num, 25); } $code .= chr($num); $k = 0; $num = null; }else{ if($k == 1){ $num .= $str[$i]; }else{ $code .= $str[$i]; } } } return $code; } ?> |