php 威盾解密 批量解密方法
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
<?php /*********************************** *威盾PHP加密专家解密算法 By:zhrt *http://www.oicto.com *2013.12.31 *把该程序放到网站程序的目录下,即可针对文件所在目录及子目录的文件进行破解,源加密文件被更改名为.bak.php. ***********************************/ //decode("Image.class.php"); function explorerdir($dir) { $dp=opendir($dir); //打开目录句柄 //echo " ".$dir."\r\n"; //输出目录 while ($file = readdir($dp)) //遍历目录 { if ($file !='.'&&$file !='..') //如果文件不是当前目录及父目录 { $path=$dir.DIRECTORY_SEPARATOR.$file; //获取路径 if(is_dir($path)) //如果当前文件为目录 { explorerdir($path); //递归调用 } else //如果不是目录 { //echo "-".$path."\n"; //输出文件名 echo decode($path); } } } closedir($dp); //关闭文件名柄 } explorerdir("."); //调用当前目录 function decode($filename="") { if(pathinfo($filename, PATHINFO_EXTENSION)!="php" || strpos($filename,".bak.php") || realpath($filename) == __FILE__ ){return;} //$filename="intro.class.php";//要解密的文件 if(!file_exists($filename)) { exit("file is not exist;"); } $lines = file($filename);//0,1,2行 //第一次base64解密 $content=""; if(preg_match("/O0O0000O0\('.*'\)/",$lines[1],$y)) { $content=str_replace("O0O0000O0('","",$y[0]); $content=str_replace("')","",$content); $content=base64_decode($content); } else { weidun_log(false,realpath($filename)." is not Encrypted!"); return false; } //第一次base64解密后的内容中查找密钥 $decode_key=""; if(preg_match("/\),'.*',/",$content,$k)) { $decode_key=str_replace("),'","",$k[0]); $decode_key=str_replace("',","",$decode_key); } //查找要截取字符串长度 $str_length=""; if(preg_match("/,\d*\),/",$content,$k)) { $str_length=str_replace("),","",$k[0]); $str_length=str_replace(",","",$str_length); } //截取文件加密后的密文 $Secret=substr($lines[2],$str_length); //echo $Secret; //直接还原密文输出 echo "<!-- <?php\n".base64_decode(strtr($Secret,$decode_key,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'))."?> -->"; //很奇怪,去掉这行,下面的代码就出现问题,可能跟编码有关,在这里我就暂时不做进一步分析了,注视掉避免界面缭乱。 //echo "解密中....\<br>"; $filecontent = "<?php\n".base64_decode(strtr($Secret,$decode_key,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'))."?>"; //echo $filecontent; $filenamebak = str_replace(".php",".bak.php",$filename); if(!file_exists($filenamebak)){ if(rename($filename,$filenamebak)) { if(!file_exists($filename) && file_exists($filenamebak))//文件被更改成功 { $fp = fopen($filename,"w"); fwrite($fp,$filecontent); fclose($fp); } } }else{ //return("备份文件".$filenamebak."已存在,停止解密。"); weidun_log(false,realpath($filenamebak)." is exist!"); return false; } weidun_log(true,realpath($filename)." - successful!"); return $filename." - successful! \n"; } function weidun_log($s = true,$c ="") { if($s) { $fp = fopen("./log.txt","a+"); fwrite($fp,$c."\n"); fclose($fp); } else { $fp = fopen("./log_error.txt","a+"); fwrite($fp,$c."\n"); fclose($fp); } } ?> |