Über Hund
What type of encryption technique is used when the following nested functions are called in a PHP script?
In the case of the script I am looking at, there are 13260 characters of encrypted code in the parameter string.Code:eval(gzinflate(str_rot13(base64_decode('FZi3ksTWEV. . .
Can this be decrypted to make sure that there is nothing malicious in the code?
Does anyone know of a site where I can learn about this technique?
This is from a footer in a WordPress template.
Administrator
Basically you're trying to remove footer links, right?Originally Posted by TopDogger
Über Hund
It would be nice to remove the links. Actually, I could easily do that by just replacing the footer file with the standard code from a WordPress template footer.
One of my clients wants to use a freebie template with a footer that is loaded with spam links. These are really crappy spam links. The terms just require that the link to the designer remain in place. I have already advised the client not to use this template.
I really am just curious about this encryption technique.
Administrator
Well, I really don't know much about that technique, but you could contact one of those WP theme developers and ask them about it, I'm pretty sure some might be friendly enough to teach you something about that.
Retired
ROT-13 is funny. It just moves characters 13 steps up in a 26 character alphabet. The end result is that if you run it twice, you get back to where you started.
"SEO" encrypted with ROT-13 becomes "FRB"; "FRB" encrypted with ROT-13 becomes "SEO".
Base-64 also is an encoder, not an encrypter. You can use a quick little tool to decode Base-64.
Submit Your Webmaster Related Sites to the NB Directory
I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.
Newbie Net Builder
Try to replace the "eval" with "echo" and you'll get the hidden php code.
While you get the "eval" from the "echo"ing result, keep doing the same thing, replace "eval" with "echo".
However it's strange usually most encrypted code is just a simple HTML backlink.
Why the original designer does not put simple HTML backlink without encrypts it.
Administrator
The theme will probably not work without those links; typically there's some validation elsewhere on the code that's checking for those footer links, while encrypted, encoded or whatever not-plain, 95% of people won't be able to change that.
TopDogger (10 March, 2009)
Über Hund
Thanks for the info, guys. I think I have what I need to dig into this. Like I said, it is a curiosity thing. The client is now designing their own theme.
The links in this footer are leading to such spammy sites that anyone who decides to use this theme will likely get wacked by Google. I'm curious about whether or not there is anything other than links hidden in the code.
The terms for the original designer only require that the link to her site remain. She must be selling the spam links to someone.
If there is code hidden somewhere else in the theme, I will find it.
Unknown Net Builder
The encrypted code will most probably be in the functions.php file
on leave from Net Builders : will post rarely
TopDogger (27 May, 2010)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
Bookmarks