Threaded Mode | Linear Mode

NoBack · (This post was last modified: 04-20-2012 10:28 AM by NoBack.)

Hello,

Whos the Problem by this file (Zend 5) Decrypt
files in the Attachment ..

Decode Output

PHP Code:

function createimage( $_obfuscate_LM35OcVjOOJ1, $_obfuscate_54Y6ZmNci58PDgÿ, $_obfuscate_5Qÿÿ, $_obfuscate_OAÿÿ )
{
    global $HTTP_SESSION_VARS;
    global $HTTP_GET_VARS;
    mt_srand( ( double ) * 1000000 );
    $_obfuscate_UGoBBobdFdYÿ = mt_rand( 100000, 999999 );
    $_obfuscate_38lJ6BqA = $HTTP_GET_VARS['image'];
    if ( is_numeric( $HTTP_SESSION_VARS['anmeldung_val_var'][$_obfuscate_38lJ6BqA] ) && $HTTP_SESSION_VARS['anmeldung_val_var'][$_obfuscate_38lJ6BqA] != 0 && $HTTP_SESSION_VARS['anmeldung_val_var'][$_obfuscate_38lJ6BqA] != "" )
    {
        $_obfuscate_UGoBBobdFdYÿ = $HTTP_SESSION_VARS['anmeldung_val_var'][$_obfuscate_38lJ6BqA];
    }
    if ( is_array( $HTTP_SESSION_VARS['anmeldung_val_var'] ) )
    {
        $HTTP_SESSION_VARS['anmeldung_val_var'] = array( );
    }
    $HTTP_SESSION_VARS['anmeldung_val_var'][$_obfuscate_38lJ6BqA] = $_obfuscate_UGoBBobdFdYÿ;
    if ( !( $_obfuscate_GtMÿ = imagecreate( $_obfuscate_5Qÿÿ, $_obfuscate_OAÿÿ ) ) )
    {
        exit( "Cannot Initialize new GD image stream" );
    }
    $_obfuscate_fP1lU2jUcPfYVhGbvXP2Qÿÿ = imagecolorallocate( $_obfuscate_GtMÿ, $_obfuscate_LM35OcVjOOJ1[0], $_obfuscate_LM35OcVjOOJ1[1], $_obfuscate_LM35OcVjOOJ1[2] );
    $_obfuscate_IAM4q8TpnVvjlwÿÿ = imagecolorallocate( $_obfuscate_GtMÿ, $_obfuscate_54Y6ZmNci58PDgÿ[0], $_obfuscate_54Y6ZmNci58PDgÿ[1], $_obfuscate_54Y6ZmNci58PDgÿ[2] );
    imagestring( $_obfuscate_GtMÿ, 5, 0, 0, $_obfuscate_UGoBBobdFdYÿ, $_obfuscate_IAM4q8TpnVvjlwÿÿ );
    header( "Content-type: image/png" );
    imagepng( $_obfuscate_GtMÿ );
    imagedestroy( $_obfuscate_GtMÿ );
}

include( "mysql.php" );
createimage( array( 255, 255, 255 ), array( 0, 0, 0 ), 60, 14 ); 

Lg

gerard · 04-20-2012, 11:37 AM

there is no need to deobfuscate the $_vars (ioncube or zend or any obfuscation)
you need only internal functions

**iDENTiTY** · 04-20-2012, 02:08 PM

Decoded

PHP Code:

<?php
function createimage( $, $, $, $ )
{
    global $HTTP_SESSION_VARS;
    global $HTTP_GET_VARS;
    mt_srand( ( double )$HTTP_GET_VARS * 1000000 );
    $ = mt_rand( 100000, 999999 );
    $ = $HTTP_GET_VARS['image'];
    if ( is_numeric( $HTTP_SESSION_VARS['anmeldung_val_var'][$] ) && $HTTP_SESSION_VARS['anmeldung_val_var'][$] != 0 && $HTTP_SESSION_VARS['anmeldung_val_var'][$] != "" )
    {
        $ = $HTTP_SESSION_VARS['anmeldung_val_var'][$];
    }
    if ( !is_array( $HTTP_SESSION_VARS['anmeldung_val_var'] ) )
    {
        $HTTP_SESSION_VARS['anmeldung_val_var'] = array( );
    }
    $HTTP_SESSION_VARS['anmeldung_val_var'][$] = $;
    if ( !( $ = imagecreate( $, $ ) ) )
    {
        exit( "Cannot Initialize new GD image stream" );
    }
    $ = imagecolorallocate( $, $[0], $[1], $[2] );
    $ = imagecolorallocate( $, $[0], $[1], $[2] );
    imagestring( $, 5, 0, 0, $, $ );
    header( "Content-type: image/png" );
    imagepng( $ );
    imagedestroy( $ );
}

include( "mysql.php" );
?>

gerard · 04-20-2012, 08:06 PM

(04-20-2012 02:08 PM)magedxp Wrote: Decoded

PHP Code:

<?php function createimage( $, $, $, $ ) { global $HTTP_SESSION_VARS; global $HTTP_GET_VARS; mt_srand( ( double )$HTTP_GET_VARS * 1000000 ); $ = mt_rand( 100000, 999999 ); $ = $HTTP_GET_VARS['image']; if ( is_numeric( $HTTP_SESSION_VARS['anmeldung_val_var'][$] ) && $HTTP_SESSION_VARS['anmeldung_val_var'][$] != 0 && $HTTP_SESSION_VARS['anmeldung_val_var'][$] != "" ) { $ = $HTTP_SESSION_VARS['anmeldung_val_var'][$]; } if ( !is_array( $HTTP_SESSION_VARS['anmeldung_val_var'] ) ) { $HTTP_SESSION_VARS['anmeldung_val_var'] = array( ); } $HTTP_SESSION_VARS['anmeldung_val_var'][$] = $; if ( !( $ = imagecreate( $, $ ) ) ) { exit( "Cannot Initialize new GD image stream" ); } $ = imagecolorallocate( $, $[0], $[1], $[2] ); $ = imagecolorallocate( $, $[0], $[1], $[2] ); imagestring( $, 5, 0, 0, $, $ ); header( "Content-type: image/png" ); imagepng( $ ); imagedestroy( $ ); } include( "mysql.php" ); ?>

are you ok today ?

**sidxx55** · 04-20-2012, 08:25 PM

(04-20-2012 08:06 PM)gerard Wrote:
(04-20-2012 02:08 PM)magedxp Wrote: Decoded

PHP Code:

<?php function createimage( $, $, $, $ ) { global $HTTP_SESSION_VARS; global $HTTP_GET_VARS; mt_srand( ( double )$HTTP_GET_VARS * 1000000 ); $ = mt_rand( 100000, 999999 ); $ = $HTTP_GET_VARS['image']; if ( is_numeric( $HTTP_SESSION_VARS['anmeldung_val_var'][$] ) && $HTTP_SESSION_VARS['anmeldung_val_var'][$] != 0 && $HTTP_SESSION_VARS['anmeldung_val_var'][$] != "" ) { $ = $HTTP_SESSION_VARS['anmeldung_val_var'][$]; } if ( !is_array( $HTTP_SESSION_VARS['anmeldung_val_var'] ) ) { $HTTP_SESSION_VARS['anmeldung_val_var'] = array( ); } $HTTP_SESSION_VARS['anmeldung_val_var'][$] = $; if ( !( $ = imagecreate( $, $ ) ) ) { exit( "Cannot Initialize new GD image stream" ); } $ = imagecolorallocate( $, $[0], $[1], $[2] ); $ = imagecolorallocate( $, $[0], $[1], $[2] ); imagestring( $, 5, 0, 0, $, $ ); header( "Content-type: image/png" ); imagepng( $ ); imagedestroy( $ ); } include( "mysql.php" ); ?>

are you ok today ?

haha...you right... any OBF may use without decoding