newbtophp Posted June 30, 2009 Share Posted June 30, 2009 How would i encode and decode base64 strings: eval(base64_decode(strtr(strrev('$code'))); & eval(base64_decode(strrev('$code'))); & eval(base64_decode(strtr('$code'))); Thanks Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/ Share on other sites More sharing options...
Daniel0 Posted June 30, 2009 Share Posted June 30, 2009 Replace eval with print or echo? Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-866658 Share on other sites More sharing options...
newbtophp Posted June 30, 2009 Author Share Posted June 30, 2009 I've already tried that, that only works on normal eval(base64_decode, whereas these are slightly different. Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-866674 Share on other sites More sharing options...
newbtophp Posted June 30, 2009 Author Share Posted June 30, 2009 OK I've found a way to decode, I have to place the encoded base64 in encoded_file.php and run the below script, which then provides the source code. Except if the code is encoded numerous times, I have to place the eval...base64 in encoded_file.php, run the below script and then copy the new eval...base64 back an fourth in to encoded_file.php until the source code is displayed. Is their a way to auto run this so I just place the encoded in encoded_file.php and the results will display in the below script, without me having to keep on copying and pasting. <?php // Open and read the content of the encoded file into a variable $file = file_get_contents('encoded_file.php'); // Strip php tags $file = str_replace('<?php', "", $file); $file = str_replace('<?', "", $file); // Make sure to get rid of short tags.... $file = str_replace('?>', "", $file); // Strip new lines $file = str_replace("\n", "", $file); // Add semi colon to get around a parsing issue. $file = $file.';'; // Change the Eval function $file = str_replace('eval', 'echo ', $file); // Function to eval the new string function deval() { global $file; ob_start(); eval($file); $contents = ob_get_contents(); ob_end_clean(); return($contents); } // Run the code thru once $file = deval(); // Counter $cnt = 1; // Loop it till it's decoded while(preg_match('/^\?><\?php eval/', $file)) { $file = str_replace('?><?php eval', 'echo', $file); $file = str_replace('?><?', "", $file); $file = deval(); ++$cnt; } //clean up some tags $file = str_replace('?><?php', "", $file); $file = str_replace('?><?', "", $file); echo $cnt,' iterations<br/><br/>'; echo '<pre>'; echo $file; echo '</pre>'; ?> Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-866782 Share on other sites More sharing options...
newbtophp Posted July 1, 2009 Author Share Posted July 1, 2009 Any help please?, someone suggested recursive function which runs the loop?, which i dont understand. Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-866804 Share on other sites More sharing options...
newbtophp Posted July 1, 2009 Author Share Posted July 1, 2009 Copying and pasting the echo result from and too encoded_file.php is driving me insane. Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867144 Share on other sites More sharing options...
Daniel0 Posted July 1, 2009 Share Posted July 1, 2009 I really don't understand your problem. If you have eval(base64_decode(strtr(strrev('$code'))); , then base64_decode(strtr(strrev('$code')) will be evaluated as PHP code. Just echo it instead of evaluating it. I don't see the problem. The output of the latter will have to be valid PHP code. Otherwise you'll get a fatal error. Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867151 Share on other sites More sharing options...
newbtophp Posted July 1, 2009 Author Share Posted July 1, 2009 No I must have explained it wrong, what I mean, is the script I just posted renames eval to echo and displays the result. Except if the encoded script is nested, so base64 is encoded on top of another base64; then the result will display the first base64 layer and show the second layer as the result, I have to keep copying the output back in to the encoded_file.php until it displays the real php source. So is their a way which will automatically loop it, so it decodes all the base64 no matter how many times its encoded/layered/nested.? If you still dont understand, try encoding an encoded base64 string and submitting it to encoded_file.php, and running the above decode script, you'll see that it just displays the result as the first encoded base64 string. It dont loop/run until all source is displayed. nested = encoded numerous times using same encoding Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867213 Share on other sites More sharing options...
Daniel0 Posted July 1, 2009 Share Posted July 1, 2009 Hmm... maybe something like this: function decode($phpCode) { if (stripos($phpCode, 'eval') === false) { return $phpCode; } $phpCode = trim($phpCode); if (substr($phpCode, -1) != ';') { $phpCode .= ';'; } $phpCode = eval(str_replace('eval', 'return', $phpCode)); if (stripos($phpCode, 'eval') !== false) { $phpCode = decode($phpCode); } return $phpCode; } It's a bit difficult testing without having any sample code, but I think it should work. Edit: Okay, it should work. echo decode("eval(base64_decode('ZXZhbChiYXNlNjRfZGVjb2RlKCdaV05vYnlBaVJtOXZJanM9JykpOw=='))"); outputs: echo "Foo"; which is two times "encoded". Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867222 Share on other sites More sharing options...
newbtophp Posted July 1, 2009 Author Share Posted July 1, 2009 Yes thanks, that works. Whereas I tried another type of base64 string and it returned errors: Warning: fopen() [function.fopen]: Filename cannot be empty in /home/dechost/public_html/baser.php(49) : eval()'d code on line 10 Warning: fseek(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 11 Warning: fread(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 12 Warning: fclose(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 15 Warning: Cannot modify header information - headers already sent by (output started at /home/dechost/public_html/baser.php(49) : eval()'d code:10) in /home/dechost/public_html/baser.php(49) : eval()'d code on line 5 This is the string type im trying to decode: eval(base64_decode(strrev('$string'))) Its encoded 7 times using base64. Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867265 Share on other sites More sharing options...
newbtophp Posted July 1, 2009 Author Share Posted July 1, 2009 Yes thanks, that works. Whereas I tried another type of base64 string and it returned errors: Warning: fopen() [function.fopen]: Filename cannot be empty in /home/dechost/public_html/baser.php(49) : eval()'d code on line 10 Warning: fseek(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 11 Warning: fread(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 12 Warning: fclose(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 15 Warning: Cannot modify header information - headers already sent by (output started at /home/dechost/public_html/baser.php(49) : eval()'d code:10) in /home/dechost/public_html/baser.php(49) : eval()'d code on line 5 This is the string type im trying to decode: eval(base64_decode(strrev('$string'))) Its encoded 7 times using base64. Edit: Another bug, the encoded base64 is functioning/running (like a normal php script) instead of displaying the php source code. (so i can copy) Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867271 Share on other sites More sharing options...
sloth456 Posted July 1, 2009 Share Posted July 1, 2009 who's script are you trying to reverse engineer? Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867294 Share on other sites More sharing options...
newbtophp Posted July 1, 2009 Author Share Posted July 1, 2009 who's script are you trying to reverse engineer? A wp footer, i want to see whats within it. Theirs usually malicous code in most free wp skins. As you can see since the designer has encoded the base64 7 times, its becoming hard to decode. I might use this technique in my footer when it comes my own scripts. Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867311 Share on other sites More sharing options...
Daniel0 Posted July 1, 2009 Share Posted July 1, 2009 Can you perhaps attach it here? I don't see what the problem is. Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867316 Share on other sites More sharing options...
sloth456 Posted July 1, 2009 Share Posted July 1, 2009 perhaps then, ot wuld be better to simply delete it and see if it screws up your footer or not. If not, leave it out. Quote Link to comment https://forums.phpfreaks.com/topic/164292-base64-encodedecode-help/#findComment-867395 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.