-5

我有一个脚本的 MRR 权限,但是这个函数是旧的并且不能正常工作。任何人都可以将其分解为可用的功能代码,以便我可以解决问题。我认为脚本中有多个功能。

function d($s, $k = '') {
    if ($k == '') {
        for ($i = 0; $i < strlen($s); $i) {
            $d. = chr(hexdec(substr($s, $i, 2)));
            $i = (float)($i) + 2;
        }
        return $d;
    } else {
        $r = '';
        $f = d('6261736536345f6465636f6465');
        $u = $f('Z3ppbmZsYXRl');
        $s = $u($f($s));
        for ($i = 0; $i < strlen($s); $i++) {
            $c = substr($s, $i, 1);
            $kc = substr($k, ($i % strlen($k)) - 1, 1);
            $c = chr(ord($c) - ord($kc));
            $r. = $c;
        }
        return $r;
    }
}
eval(d("lZTpbts4FIXfq2iQZJIHcGWb1GJZkdekSRxrcdo0M5gZoEU3pIkXWQtpUdZOKm6D9rHmJUZ23EHR/pq/JC9573cOj4+bEomYXcjifQNoby6hcG8MewL8+329SVJqFaJEFWC+NiEodAPPwghLRw8ecZrwoxfkgM5zN0uhT0GUk8L2KPKqDoUDp07ZfWiZnwQnCcP8uVc40YSv+iF2zDHvZyzQ1N79aqUurMRKXZSrdN4NMJ3wmj4ZDRZxzKouiZZUn/DgpN1vDQfl1h/y74EXeyjRlcUyoabecgaG6hiyMvhWY7aTuX7VqLCUznIUhWPPViDgFcC1am2Bolk+JZL+256YojG1SN0AKQvnMU5Ce454QRBUwNdb23sa2s7+7n6nC976FtTXA2ZJhWVZhmgKYmJDVMRz5qbBP3WUJ0nIdvfLm920YnIvUJI6MS8F+J5iB83aXDMrOwQ7+5T4IZLgHC8XsogjRfjKHe4CAHPymevq4NJdWEWiCDhVQKd/et7UwN7eCu7uj7BLkgiLEkrLeyqHTw93CZaARW3fb8oXJMZkJHeOGroSpDg0ZQXU6PKzCsQkydYrQKkqlfVbB3tV0S3suJzd+RxES+R9L2+0Nm2gwovG7amgbw5Dct4/31TdOIGPZZFU9YpEnBX1w5UAV5ut/9pgbuFjo9mRlbNeGtAQaXIDgoCi6JPottqzsp+MxJENN3NVSkf5LHTAOUyKzMqdFDsWlnm9NjaujY+X47VwQhMKjGShdXS+AbV54mfhbmcG36ryXJuTKGEECfpaC1BFIXYDWdZJSX2otI+Uiy4OgtCQW48Q7kTS7N+UVSwPq8ppybkOxDzH8ALmLJ/kVuY7DmrW9WeT0fXlhxef+AaslSZZn9n2U4QRZ5ZWT6wQh9HcRRJ/Mxs+GqkiZXSpaHt7O/sc9HLkEb45QB51ExIUKI3MpnokGOqPK2vh1nqNRayqs3J2186QncaBp2jVgyeQkxybOQtC0S8QBvzd1Svzgzaptet8ia7mTQtvkSTkOzp3XNh+nJNfgE/vzBKdAFs/nFFOD5/CuujOmOUvqY/AEESl3zOUEnuKRUEK2WBNw/h/VYvHqtEvVVsjeV5al/WRebb+3YDiB8vsQGS7jpHiGM1jW7HDYBoZuv2YJFAGKqjdx9Fdf1rtVJo1SO3cQ7E5dpd27JsQHm39M2nP6h0g6oozNDo4WbIyN64MIJdVkuVQtAhzF98cT0CnKp+5MeyY8vajlSZRNx2Cb9WuggNUX/k4tKCfxunBzsETKcFlBqKfqaqlAQROUEXq2KHnHQ0P9krPY4vEvD5HfmFTQ3/5xjy7Ghq+qc+AQ+1FmXWIxdlZr5MnFIVd251/6cyTRS9OC5S3+sqgfdw6Oz57Lp+cDs7bvVb/4u31tS66i4b216XZ652cXPSOe/K7P18NGzi1zAVj0VDpPXbYsdzpQ9tNgm7GVObZ+dxXPkwj7/0mGLVFmWLDPlgkaWL0BRyzi2PJZ8MeYNPNPzW2wXjLV4opxYgNJ9x8Fs3j5S0/MJw0YsAtVb5Yebk3i8cwCb4gowumqZ9mRu54gxuE74FNwsp3Yus/mINkCayr6YPWxWEcjwa9eZnqpFTH3fJ5PdJevtN0xbNLJrnGb7TYUoU6oFl+S+1sWZqkycG1+dWfMvwr6LaQj7gAAZQgO+AYjdi/", 663607275));
4

2 回答 2

2

第一个分支的唯一if用途是解码

$f = d('6261736536345f6465636f6465');

作为一个简单的十六进制 ASCII 码序列,变为:

$f = 'base64_decode';

然后它使用它来解码 base64 字符串Z3ppbmZsYXRl,它变成:

$u = 'gzinflate';

所以它最终会:

$s = gzinflate(base64_decode($s));

$s底部的长输入字符串在哪里。

最后,for底部的循环使用简单的替换密码进行解码,其中的第二个参数d()是密钥。但是,它有一个语法错误(也许 PHP 曾经允许它):

$r. = $c;

应该:

$r .= $c;

这是最终结果(Johnny Mopp 很接近,但他错过了某些字符串中的 HTML 代码):

if((isset($v) AND $v==0) OR (isset($t) AND $t==false)){
  die('This script is protected by <a style=\"color:cyan\" 
       href=\"http://www.gencoder.sf.net\"><b><font color=\"#330099\">G-Encoder</font></b></a>');}
$search = str_replace(" ", "+",$search);
$search = str_replace("'", "",$search);

// The @ is to supress the function\264 errors

$fp = @fopen($newsfeed, 'r'); 
while(!feof($fp)){ 
  $row .= @fgets($fp, 4096); 
} 
@fclose($fp);  

if( eregi('<item>(.*)</item>', $row, $rowitem ) ) { 

 $item = explode('<item>', $rowitem[0]); 

$i=0;

 While($i < $maxshow) {

  eregi('<title>(.*)</title>', $item[$i+1], $title ); 
  $title = str_replace("<![CDATA[", "", $title);
  $title = str_replace("]]>", "", $title);

  eregi('<link>(.*)</link>', $item[$i+1], $url ); 
  $url = str_replace("<![CDATA[", "", $url);
  $url = str_replace("]]>", "", $url);

  eregi('<description>(.*)</description>', $item[$i+1], $categorie); 
  $categorie = str_replace("<![CDATA[", "", $categorie);
  $categorie = str_replace("]]>", "", $categorie);
  $categorie = str_replace("&lt;", "<", $categorie);
  $categorie = str_replace("&gt;", ">", $categorie);


  echo '<B><font size=2 face=verdana,arial><a href="' . 
       $url[1] . '" target=_blank>' . $title[1] . '</a></font></B> ' . 
       $categorie[1] . '<br />';  

$i++;

 } //end while loop

$search = str_replace("+", " ",$search);

 echo"<center><BR><B><i><a href=\"http://rover.ebay.com/rover/1/711-6294-2978-0/1?PID=$cj&AID=10369614&SID=&loc=http://search.ebay.com/ws/search/SaleSearch?fsoo=1&fsop=1&fts=1&ht=0&satitle=$search\" 
     target=\"_blank\"><font face=verdana size=2 color=red>
     View all $search items on eBay</font></a></i></b><BR><BR><BR></center>";

$search = str_replace(" ", "+",$search);

} //end if eregi stmt
于 2012-09-07T19:41:16.607 回答
2

$d 在第 5 行未定义。修复:

function d($s, $k = '') {
    if ($k == '') {
        $d = "";
    ...

只是为了好玩,我解码了字符串。这是它试图评估的内容。很基本。为什么这么糊涂?

if((isset($v) AND $v==0) OR (isset($t) AND $t==false)){
    die('This script is protected by G-Encoder');
}
$search = str_replace(" ", "+",$search);
$search = str_replace("'", "", $search);
// The @ is to supress the function? errors
$fp = @fopen($newsfeed, 'r');
while(!feof($fp)){
    $row .= @fgets($fp, 4096);
}
@fclose($fp);
if( eregi('(.*)', $row, $rowitem ) ) {
    $item = explode('', $rowitem[0]); $i=0;
    While($i < $maxshow) {
        eregi('', $item[$i+1], $title );
        $title = str_replace("", "", $title);
        eregi('(.*)', $item[$i+1], $url );
        $url = str_replace("", "", $url);
        eregi('(.*)', $item[$i+1], $categorie);
        $categorie = str_replace("", "", $categorie);
        $categorie = str_replace("<", "<", $categorie);
        $categorie = str_replace(">", ">", $categorie);
        echo '' . $title[1] . ' ' . $categorie[1] . '';
        $i++;
    } //end while loop
    $search = str_replace("+", " ",$search);
    echo "View all $search items on eBay";
    $search = str_replace(" ", "+",$search);
} //end if eregi stmt

我忘了提到我必须将“。=”更改为“。=”。

于 2012-09-07T19:36:02.663 回答