Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: PHP Encryption

  1. #1
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,077
    Thanks
    347
    Thanked 913 Times in 697 Posts

    PHP Encryption

    What type of encryption technique is used when the following nested functions are called in a PHP script?

    Code:
    eval(gzinflate(str_rot13(base64_decode('FZi3ksTWEV. . .
    In the case of the script I am looking at, there are 13260 characters of encrypted code in the parameter string.

    Can this be decrypted to make sure that there is nothing malicious in the code?

    Does anyone know of a site where I can learn about this technique?

    This is from a footer in a WordPress template.

  2. #2
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts
    Quote Originally Posted by TopDogger View Post
    What type of encryption technique is used when the following nested functions are called in a PHP script?

    Code:
    eval(gzinflate(str_rot13(base64_decode('FZi3ksTWEV. . .
    In the case of the script I am looking at, there are 13260 characters of encrypted code in the parameter string.

    Can this be decrypted to make sure that there is nothing malicious in the code?

    Does anyone know of a site where I can learn about this technique?

    This is from a footer in a WordPress template.
    Basically you're trying to remove footer links, right?

  3. #3
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,077
    Thanks
    347
    Thanked 913 Times in 697 Posts
    It would be nice to remove the links. Actually, I could easily do that by just replacing the footer file with the standard code from a WordPress template footer.

    One of my clients wants to use a freebie template with a footer that is loaded with spam links. These are really crappy spam links. The terms just require that the link to the designer remain in place. I have already advised the client not to use this template.

    I really am just curious about this encryption technique.

  4. #4
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts
    Well, I really don't know much about that technique, but you could contact one of those WP theme developers and ask them about it, I'm pretty sure some might be friendly enough to teach you something about that.

  5. #5
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,329 Times in 1,259 Posts
    Quote Originally Posted by TopDogger View Post
    Code:
    eval(gzinflate(str_rot13(base64_decode('FZi3ksTWEV. . .
    In the case of the script I am looking at, there are 13260 characters of encrypted code in the parameter string.
    ROT-13 is funny. It just moves characters 13 steps up in a 26 character alphabet. The end result is that if you run it twice, you get back to where you started.

    "SEO" encrypted with ROT-13 becomes "FRB"; "FRB" encrypted with ROT-13 becomes "SEO".

    Base-64 also is an encoder, not an encrypter. You can use a quick little tool to decode Base-64.
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  6. Thanked by:

    Aziz (3 May, 2010), jayant_me (11 March, 2009), TopDogger (10 March, 2009)

  7. #6
    xrvel's Avatar
    xrvel is offline Newbie Net Builder
    Join Date
    Mar 2009
    Location
    Xrvel.com
    Posts
    37
    Blog Entries
    1
    Thanks
    19
    Thanked 19 Times in 8 Posts

    Lightbulb

    Try to replace the "eval" with "echo" and you'll get the hidden php code.
    While you get the "eval" from the "echo"ing result, keep doing the same thing, replace "eval" with "echo".

    However it's strange usually most encrypted code is just a simple HTML backlink.
    Why the original designer does not put simple HTML backlink without encrypts it.

  8. Thanked by:

    anantshri (3 May, 2010), TopDogger (10 March, 2009)

  9. #7
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts
    Quote Originally Posted by xrvel View Post
    Why the original designer does not put simple HTML backlink without encrypts it.
    The theme will probably not work without those links; typically there's some validation elsewhere on the code that's checking for those footer links, while encrypted, encoded or whatever not-plain, 95% of people won't be able to change that.

  10. Thanked by:

    TopDogger (10 March, 2009)

  11. #8
    TopDogger's Avatar
    TopDogger is online now Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,077
    Thanks
    347
    Thanked 913 Times in 697 Posts
    Thanks for the info, guys. I think I have what I need to dig into this. Like I said, it is a curiosity thing. The client is now designing their own theme.

    The links in this footer are leading to such spammy sites that anyone who decides to use this theme will likely get wacked by Google. I'm curious about whether or not there is anything other than links hidden in the code.

    The terms for the original designer only require that the link to her site remain. She must be selling the spam links to someone.

    If there is code hidden somewhere else in the theme, I will find it.

  12. #9
    Dr. Teeth's Avatar
    Dr. Teeth is offline Unknown Net Builder
    Join Date
    Jan 2009
    Posts
    7
    Thanks
    2
    Thanked 0 Times in 0 Posts
    The encrypted code will most probably be in the functions.php file

  13. #10
    anantshri is offline on leave from Net Builders : will post rarely
    Join Date
    Apr 2010
    Location
    india
    Posts
    338
    Thanks
    80
    Thanked 47 Times in 40 Posts

  14. Thanked by:

    TopDogger (27 May, 2010)

Page 1 of 2 12 LastLast

Similar Threads

  1. [WTS] Run Your Own Encryption Site & Free Hosting @ $14.99
    By sdscripts in forum Scripts
    Replies: 0
    Last Post: 8 June, 2010, 15:42 PM
  2. Advanced Footer Encryption techniques
    By Dr. Teeth in forum Programming
    Replies: 5
    Last Post: 3 May, 2010, 13:43 PM
  3. Replies: 1
    Last Post: 21 November, 2009, 00:21 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •