最近二开过程中,碰到PHP混淆zym加密的问题,刚开始找了好多网站都是付费的,后来在吾爱破解找到了解决方法。
大神解密及调试过程,详见原文:https://www.52pojie.cn/thread-693641-1-1.html
先看看加密代码的样子:
代码开头一般是这样的
<?php /* 找源码PHP加密 https://www.zhaoyuanma.com/phpencode.html */error_reporting(0);ini_set("display_errors", 0);if(!defined('jtyxnvrc')){define('jtyxnvrc',__FILE__);ˋFFAA5ΞAAHA仄A狝ADA牣噩A璋BF斈EHЗ补曯頌?‵0HA维菳A頕AF扚AF.................
保存以下代码命名为decrypt.php
<?php function decrypt($data, $key) { $data_1 = ''; for ($i = 0; $i < strlen($data); $i++) { $ch = ord($data[$i]); if ($ch < 245) { if ($ch > 136) { $data_1 .= chr($ch / 2); } else { $data_1 .= $data[$i]; } } } $data_1 = base64_decode($data_1); $key = md5($key); $j = $ctrmax = 32; $data_2 = ''; for ($i = 0; $i < strlen($data_1); $i++) { if ($j <= 0) { $j = $ctrmax; } $j--; $data_2 .= $data_1[$i] ^ $key[$j]; } return $data_2; } function find_data($code) { $code_end = strrpos($code, '?>'); if (!$code_end) { return ""; } $data_start = $code_end + 2; $data = substr($code, $data_start, -46); return $data; } function find_key($code) { // $v1 = $v2('bWQ1'); // $key1 = $v1('??????'); $pos1 = strpos($code, "('" . preg_quote(base64_encode('md5')) . "');"); $pos2 = strrpos(substr($code, 0, $pos1), '$'); $pos3 = strrpos(substr($code, 0, $pos2), '$'); $var_name = substr($code, $pos3, $pos2 - $pos3 - 1); $pos4 = strpos($code, $var_name, $pos1); $pos5 = strpos($code, "('", $pos4); $pos6 = strpos($code, "')", $pos4); $key = substr($code, $pos5 + 2, $pos6 - $pos5 - 2); return $key; } $input_file = $argv[1]; $output_file = $argv[1] . '.decrypted.php'; $code = file_get_contents($input_file); $data = find_data($code); if (!$code) { echo '未找到加密数据', PHP_EOL; exit; } $key = find_key($code); if (!$key) { echo '未找到秘钥', PHP_EOL; exit; } $decrypted = decrypt($data, $key); $uncompressed = gzuncompress($decrypted); // 由于可以不勾选代码压缩的选项,所以这里判断一下是否解压成功,解压失败就是没压缩 if ($uncompressed) { $decrypted = str_rot13($uncompressed); } else { $decrypted = str_rot13($decrypted); } file_put_contents($output_file, $decrypted); echo '解密后文件已写入到 ', $output_file, PHP_EOL;
使用方法
php decrypt.php encrypt.php
encrypt.php为需解密的文件
棒,貌似可道云就用了这种加密方式