Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help to decode this code #119

Open
xoceunder opened this issue Dec 30, 2023 · 6 comments
Open

Help to decode this code #119

xoceunder opened this issue Dec 30, 2023 · 6 comments

Comments

@xoceunder
Copy link

xoceunder commented Dec 30, 2023
edited
Loading

Help to decode this code

goto b90ea5151ac67729b14c9b1822dc162a; D3aa631f1fe7217217f3893fc45c3f43: $b7eaa095f27405cf78a432ce6504dae0 = $_SERVER["\x52\x45\115\117\x54\105\137\x41\104\x44\122"]; goto Cf1a44bb5bdae788fe6a2b66373affd0; b90ea5151ac67729b14c9b1822dc162a: set_time_limit(0); goto b34071cd8224bd806c9a2e686173303b; B4d0c2c01a529bb6b69bed40e0845fd7: Ac1a81228acfbd324b64ee30148afd1f: goto Bfd6964984b7d4b31ae435f1dd3dbf71; c31605b4c573994382021ca01630adec: cd5f291f17fc89d840f4f69783ef81c8: goto B7454738eb37658b7db7dc14ed9b2c5c;

@pk-fr
@KminekMatej
Copy link

Thats impossible without knowing context. Context is generated during obfuscation process and located in output directory/context folder (set of serialized files)

@gab12
Copy link

gab12 commented Jan 13, 2024
edited
Loading

`<?php
// Set unlimited execution time
set_time_limit(0);

// Retrieve the value of the REMOTE_ADDR key from the $_SERVER array
$remoteAddr = $_SERVER["REMOTE_ADDR"];

// Check if the IP address is set
if (!empty($remoteAddr)) {

// ... (the rest of the code after the check)

}

// Continue with the rest of the code

// ...

`

@sedimentation-fault
Copy link

@gab12 I would say that this is pure hallucination on the part of the chatbot you used to produce this piece of onstensibly "unobfuscated" code. This is just some code that (maybe) bears some similarity in structure with the obfuscated one - but that's all. It's not the deobfuscated version of the code in question, because there are probably infinite many unobfuscated originals that could lead to that obfuscated example.

Don't take everything a chatbot throws to you as Pure Truth. A lot of times, it will just create an answer, that looks true - but is not.

@xoceunder
Copy link
Author

@gab12
How can I make this reversible?

@xoceunder
Copy link
Author

Could you help me achieve my goal since I have several files to decode?
@gab12 @pk-fr

@xoceunder
Copy link
Author

Could you help me if I'm doing well with being able to make Riversa have the obfuscated code?

function reverse_obfuscate($filename) // takes a file_path as input, returns the corresponding obfuscated code as a string
{
global $conf;
global $parser,$traverser,$prettyPrinter;
global $debug_mode;

$src_filename = $filename;
$tmp_filename = $first_line = '';
$t_source = file($filename);
if (substr($t_source[0],0,2)=='#!')
{
    $first_line = array_shift($t_source);
    $tmp_filename = tempnam(sys_get_temp_dir(), 'po-');
    file_put_contents($tmp_filename,implode(PHP_EOL,$t_source));
    $filename = $tmp_filename; // override
}

try
{
    $source = php_strip_whitespace($filename);
    fprintf(STDERR,"Obfuscating %s%s",$src_filename,PHP_EOL); 
    //var_dump( token_get_all($source));    exit;
    if ($source==='')
    {
        if ($conf->allow_and_overwrite_empty_files) return $source;
        throw new Exception("Error obfuscating [$src_filename]: php_strip_whitespace returned an empty string!");
    }
    try
    {
        $stmts  = $parser->parse($source);  // PHP-Parser returns the syntax tree 
    }
    catch (PhpParser\Error $e)                              // if an error occurs, then redo it without php_strip_whitespace, in order to display the right line number with error!
    {
        $source = file_get_contents($filename);
        $stmts  = $parser->parse($source);
    }
    if ($debug_mode===2)                                    //  == 2 is true when debug_mode is true!
    {
        $source = file_get_contents($filename);
        $stmts  = $parser->parse($source);
    }
    if ($debug_mode) var_dump($stmts);

    $stmts  = $traverser->traverse($stmts);                 //  Use PHP-Parser function to 

    $code   = trim($prettyPrinter->prettyPrintFile($stmts));            //  Use PHP-Parser function to output the obfuscated source, taking the modified obfuscated syntax tree as input

    if (isset($conf->strip_indentation) && $conf->strip_indentation)    // self-explanatory
    {
        $code = remove_whitespaces($code);
    }
    $endcode = substr($code,6);//?<?php

    $code  = '<?php'.PHP_EOL;
    $code .= $conf->get_comment();                                          // comment obfuscated source
    if (isset($conf->extract_comment_from_line) && isset($conf->extract_comment_to_line) )
    {
        $t_source = file($filename);
        for($i=$conf->extract_comment_from_line-1;$i<$conf->extract_comment_to_line;++$i) $code .= $t_source[$i];
    }
    if (isset($conf->user_comment))
    {
        $code .= '/*'.PHP_EOL.$conf->user_comment.PHP_EOL.'*/'.PHP_EOL;
    }
    $code .= $endcode;

    if (($tmp_filename!='') && ($first_line!=''))
    {
        $code = $first_line.$code;
        unlink($tmp_filename);
    }

    return trim($code);
}
catch (Exception $e)
{
    fprintf(STDERR,"Obfuscator Parse Error [%s]:%s\t%s%s", $filename,PHP_EOL, $e->getMessage(),PHP_EOL);
    return null;
}

}

@gab12 @pk-fr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gab12 @xoceunder @KminekMatej @sedimentation-fault