What type of encryption technique is used when the following nested functions are called in a PHP script?
In the case of the script I am looking at, there are 13260 characters of encrypted code in the parameter string.Code:eval(gzinflate(str_rot13(base64_decode('FZi3ksTWEV. . .
Can this be decrypted to make sure that there is nothing malicious in the code?
Does anyone know of a site where I can learn about this technique?
This is from a footer in a WordPress template.
It would be nice to remove the links. Actually, I could easily do that by just replacing the footer file with the standard code from a WordPress template footer.
One of my clients wants to use a freebie template with a footer that is loaded with spam links. These are really crappy spam links. The terms just require that the link to the designer remain in place. I have already advised the client not to use this template.
I really am just curious about this encryption technique.
Well, I really don't know much about that technique, but you could contact one of those WP theme developers and ask them about it, I'm pretty sure some might be friendly enough to teach you something about that.
ROT-13 is funny. It just moves characters 13 steps up in a 26 character alphabet. The end result is that if you run it twice, you get back to where you started.
"SEO" encrypted with ROT-13 becomes "FRB"; "FRB" encrypted with ROT-13 becomes "SEO".
Base-64 also is an encoder, not an encrypter. You can use a quick little tool to decode Base-64.
Try to replace the "eval" with "echo" and you'll get the hidden php code.
While you get the "eval" from the "echo"ing result, keep doing the same thing, replace "eval" with "echo".
However it's strange usually most encrypted code is just a simple HTML backlink.
Why the original designer does not put simple HTML backlink without encrypts it.
Thanks for the info, guys. I think I have what I need to dig into this. Like I said, it is a curiosity thing. The client is now designing their own theme.
The links in this footer are leading to such spammy sites that anyone who decides to use this theme will likely get wacked by Google. I'm curious about whether or not there is anything other than links hidden in the code.
The terms for the original designer only require that the link to her site remain. She must be selling the spam links to someone.
If there is code hidden somewhere else in the theme, I will find it.
The encrypted code will most probably be in the functions.php file