base64 encode/decode help

newbtophp · June 30, 2009

How would i encode and decode base64 strings:

eval(base64_decode(strtr(strrev('$code')));

&

eval(base64_decode(strrev('$code')));

&

eval(base64_decode(strtr('$code')));

Thanks

Daniel0 · June 30, 2009

Replace eval with print or echo?

newbtophp · June 30, 2009

I've already tried that, that only works on normal eval(base64_decode, whereas these are slightly different.

newbtophp · June 30, 2009

OK I've found a way to decode, I have to place the encoded base64 in encoded_file.php and run the below script, which then provides the source code.

Except if the code is encoded numerous times, I have to place the eval...base64 in encoded_file.php, run the below script and then copy the new eval...base64 back an fourth in to encoded_file.php until the source code is displayed.

Is their a way to auto run this so I just place the encoded in encoded_file.php and the results will display in the below script, without me having to keep on copying and pasting.

<?php

// Open and read the content of the encoded file into a variable
$file = file_get_contents('encoded_file.php');

// Strip php tags
$file = str_replace('<?php', "", $file);
$file = str_replace('<?', "", $file);   // Make sure to get rid of short tags....
$file = str_replace('?>', "", $file);

// Strip new lines
$file = str_replace("\n", "", $file);

// Add semi colon to get around a parsing issue.
$file = $file.';';

// Change the Eval function
$file = str_replace('eval', 'echo ', $file);

// Function to eval the new string
function deval()
{
  global $file;
  ob_start();
  eval($file);
  $contents = ob_get_contents();
  ob_end_clean();
  return($contents);
}

// Run the code thru once
$file = deval();

// Counter
$cnt = 1;

// Loop it till it's decoded
while(preg_match('/^\?><\?php eval/', $file))
{
  $file = str_replace('?><?php eval', 'echo', $file);
  $file = str_replace('?><?', "", $file);
  $file = deval();
  ++$cnt;
}

//clean up some tags
$file = str_replace('?><?php', "", $file);
$file = str_replace('?><?', "", $file);

echo $cnt,' iterations<br/><br/>';
echo '<pre>';
echo $file;
echo '</pre>';
?>

newbtophp · July 1, 2009

Any help please?, someone suggested recursive function which runs the loop?, which i dont understand.

newbtophp · July 1, 2009

Copying and pasting the echo result from and too encoded_file.php is driving me insane.

Daniel0 · July 1, 2009

I really don't understand your problem.

If you have

eval(base64_decode(strtr(strrev('$code')));

, then

base64_decode(strtr(strrev('$code'))

will be evaluated as PHP code. Just echo it instead of evaluating it. I don't see the problem. The output of the latter will have to be valid PHP code. Otherwise you'll get a fatal error.

newbtophp · July 1, 2009

No I must have explained it wrong, what I mean, is the script I just posted renames eval to echo and displays the result.

Except if the encoded script is nested, so base64 is encoded on top of another base64; then the result will display the first base64 layer and show the second layer as the result, I have to keep copying the output back in to the encoded_file.php until it displays the real php source.

So is their a way which will automatically loop it, so it decodes all the base64 no matter how many times its encoded/layered/nested.?

If you still dont understand, try encoding an encoded base64 string and submitting it to encoded_file.php, and running the above decode script, you'll see that it just displays the result as the first encoded base64 string. It dont loop/run until all source is displayed.

nested = encoded numerous times using same encoding

Daniel0 · July 1, 2009

Hmm... maybe something like this:

function decode($phpCode)
{
if (stripos($phpCode, 'eval') === false) {
	return $phpCode;
}

$phpCode = trim($phpCode);

if (substr($phpCode, -1) != ';') {
	$phpCode .= ';';
}

$phpCode = eval(str_replace('eval', 'return', $phpCode));

if (stripos($phpCode, 'eval') !== false) {
	$phpCode = decode($phpCode);
}

return $phpCode;
}

It's a bit difficult testing without having any sample code, but I think it should work.

Edit: Okay, it should work.

echo decode("eval(base64_decode('ZXZhbChiYXNlNjRfZGVjb2RlKCdaV05vYnlBaVJtOXZJanM9JykpOw=='))");

outputs:

echo "Foo";

which is two times "encoded".

newbtophp · July 1, 2009

Yes thanks, that works.

Whereas I tried another type of base64 string and it returned errors:

Warning: fopen() [function.fopen]: Filename cannot be empty in /home/dechost/public_html/baser.php(49) : eval()'d code on line 10

Warning: fseek(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 11

Warning: fread(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 12

Warning: fclose(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 15

Warning: Cannot modify header information - headers already sent by (output started at /home/dechost/public_html/baser.php(49) : eval()'d code:10) in /home/dechost/public_html/baser.php(49) : eval()'d code on line 5

This is the string type im trying to decode:

eval(base64_decode(strrev('$string')))

Its encoded 7 times using base64.

newbtophp · July 1, 2009

Yes thanks, that works.

Whereas I tried another type of base64 string and it returned errors:

Warning: fopen() [function.fopen]: Filename cannot be empty in /home/dechost/public_html/baser.php(49) : eval()'d code on line 10

Warning: fseek(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 11

Warning: fread(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 12

Warning: fclose(): supplied argument is not a valid stream resource in /home/dechost/public_html/baser.php(49) : eval()'d code on line 15

Warning: Cannot modify header information - headers already sent by (output started at /home/dechost/public_html/baser.php(49) : eval()'d code:10) in /home/dechost/public_html/baser.php(49) : eval()'d code on line 5

This is the string type im trying to decode:

eval(base64_decode(strrev('$string')))

Its encoded 7 times using base64.

Edit: Another bug, the encoded base64 is functioning/running (like a normal php script) instead of displaying the php source code. (so i can copy)

sloth456 · July 1, 2009

who's script are you trying to reverse engineer?

newbtophp · July 1, 2009

who's script are you trying to reverse engineer?

A wp footer, i want to see whats within it. Theirs usually malicous code in most free wp skins.

As you can see since the designer has encoded the base64 7 times, its becoming hard to decode.

I might use this technique in my footer when it comes my own scripts.

Daniel0 · July 1, 2009

Can you perhaps attach it here? I don't see what the problem is.

sloth456 · July 1, 2009

perhaps then, ot wuld be better to simply delete it and see if it screws up your footer or not. If not, leave it out.

Sign In

base64 encode/decode help

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived

Important Information