时间:2021-07-01 10:21:17 帮助过:4人阅读
你的代码缺少名为 compat.php 的文件
你的代码缺少名为 compat.php 的文件
这个解密很容易解的
eval($WSc("JG9hTmhDd2JYZXo9Ik9aR2dKRm92eVFkekltcEFQc0x3VFNDaEJ1a2xIak5lcWlEV3RLRWF4TWNucmZSYlVYVlluQ1VKaUFLdUdzWFFTZ2FrVGJxbVdleWpJdnRkUkRwVlpZTnp4SE1vd0ZMbFBoQkVPZnJjVE45bW9Sa3B5WUlHQ2ZBMW9maWRmMjl2YzJPS1NncjVvMmFoQ1VBMENlNW1vUmtZSFdiSm96Y0pIeUFnWHo1RFhVZHVFZDlkVlVkUVhSRktpMkNhRV..............这个部分你把eval($WSc换成base64_decode就能解出一部分了
通过接出来的部分,你就知道是怎么解了,都差不多一样的
0) { switch ($method) { case 8: $data = gzinflate($body, $maxlength); break; default: $error = "Unknown compression method."; return false; } } $crc = sprintf("%u", crc32($data)); $crcOK = $crc == $datacrc; $lenOK = $isize == strlen($data); if (!$lenOK || !$crcOK) { $error = ( $lenOK ? '' : 'Length check FAILED. ') . ( $crcOK ? '' : 'Checksum FAILED.'); return false; } return $data; } if (version_compare(phpversion(), "5", "<")) { function serialize_fix($v) { return str_replace('O:11:"phprpc_date":7:{', 'O:11:"PHPRPC_Date":7:{', serialize($v)); } } else { function serialize_fix($v) { return serialize($v); } } function declare_empty_class($classname) { static $callback = null; $classname = preg_replace('/[^a-zA-Z0-9\_]/', '', $classname); if ($callback===null) { $callback = $classname; return; } if ($callback) { call_user_func($callback, $classname); } if (!class_exists($classname)) { if (version_compare(phpversion(), "5", "<")) { eval('class ' . $classname . ' { }'); } else { eval(' class ' . $classname . ' { private function __get($name) { $vars = (array)$this; $protected_name = "\0*\0$name"; $private_name = "\0'.$classname.'\0$name"; if (array_key_exists($name, $vars)) { return $this->$name; } else if (array_key_exists($protected_name, $vars)) { return $vars[$protected_name]; } else if (array_key_exists($private_name, $vars)) { return $vars[$private_name]; } else { $keys = array_keys($vars); $keys = array_values(preg_grep("/^\\\\x00.*?\\\\x00".$name."$/", $keys)); if (isset($keys[0])) { return $vars[$keys[0]]; } else { return NULL; } } } }'); } } } declare_empty_class(ini_get('unserialize_callback_func')); ini_set('unserialize_callback_func', 'declare_empty_class'); ?>
运行在服务器端的东西,有必要加密代码么?
这个由于缺少文件eykj_cn.php,只能角到这地步了:
include("eykj_cn.php");
$client = new EYS_Client('http://api.eykj.cn/api.php');
$client->setCharset("utf-8");
eval($client->eys("4gZyhUemRTzZnTmuCygdyKwft/2FGfSWYA6II3DUMmvfaXU1tRFu4/IjiPt5Qi8nh+9Bp2l8NT9YSFvkKDIOMsVL/i1Q7VhxxXKeHwv5gnWKyw0IDlRFeJat0X1LjZc0Q2LG3cDWJOARTVjB2joFo78xJUMPC2X1gqTB/FnyY5IwHEpUDZFVs6oVHVX4m+iTES3gvf37vn6O4mWM2d4MMOCTOIR+35bD9FxKogSRrgZR+SkG7GDQelbhMUzi+352iLIetpGRZL5Upz4iK+ZgLvS/l/W+bcJ31OMH3o6/lR9wSzI+JboXMROAW1fEB5QQzmqa6CsCUQ2fQ6lw/P0qHz7mBDRyU1OaVobO0M/G91rDbfmFvZTGqXXtyFB3M4l3UAFF41+dG511lhwwkfLwfCr+DxKhYb4yUWX1l0/SSEbcL2+/wMuxTEKUtSGYEdjl0sHWgnk5VL98FxK0xovJiysVHSSQtgm90DX9yN6TVstlLVK4V56vVv92NqkZBj/EwklKvtaY+Uup+p5SbKR7UXi1pIrbk4A9rFPfcBCokRSrtsmJy/5GviASKeE17lkPhswbq+Nl0WG0awYkhqNMegZ9/5vFHdO+TLGKPBekeUxxihDZ2SYadQhCZtzf10QPwTdA0z6RNHLFh8mxHoY9/o6fJzG1g++r7fU7RzABwKFZowCyKE0tKMR6Y4P8wYvTfZowst6tVYJ/vmIcTzi/l23nK5tMW6wvQQe0EFqbWugML6AGSrlkRsY1HzsDPGFOBb+b1wAdlaEiLdLJfI5EBBVBUL+f4BJ6r/9IqzFujm6bS9vBJgAr/bNbb2CJbt5A+WIKvsfE1BSmrclxVsGYP6AEkwqL2ggBt9LF/8S6Sz/bv/mh8epymk6PNAL559yE7Ua4oXYyz9znTy2xofMsQzgu8hPIi4A/1eNlq0Zoa5N5RqnSOFNRJUOUmO596b9Jibkouxv27+seq7M9LoPVVnJ+s0esmNnpMptDJbGaVGNc+TEHQRgZTae44X0LMPsZIi36IKgbMsvpYndHdZS9pnqkjbR3Vg91anXETH6TlzNsemskDAGgvJr46woKeXMxQoZiovajTS9QF0QfYbsLs4UGm3GMFJ2BdI/a/QuBmrGIQCWx/0HtAVMKCcK0bxKPbfTVp4faBMIo0rqKk5fOB12dBNfSDDA92AoBRKkoW1+noWRrd+/gNMbpnX0q6wTK9eXUJePOnRwpGJ2YiyPNjXePKWZ5z5lKfHPEcFINjjWKGemrcbWpfnxddBdW/GZk7Iel6cBfjIaNPLfOfg64EJI8q9D1MOHi1aUmW+kxtQCveKAFemGqhRF7/6DliKPzMvl9gOa/uCK1JeHemxu/nFsPi1/3G7shDh4e07rIzEO6mkJ5yn6/KBDcmEFXdhVGt+2JjcJ2pLdpZhWbdr8bEO88oXqvHs/0yX+i0b5Cc+wLW26IRs/4wX1ckRX2zNIkhEkc6ubO1vv484otnjRE",base64_encode($_SERVER["SERVER_NAME"])));
其实这种加密解决方法很简单,用echo代替eval,你就能知道执行的是什么了。然后如果输出来发现还是用eval的,继续。就能发现最终语句是什么了。
楼主失算了,姿态高明
这种加密好象是越来越多了,
不断变形之中。学习中。