Weidun PHP Encryption Expert Decryption Algorithm By: Neeao, if you encounter code encrypted by Weidun PHP Encryption Expert, you can use the following code to view the source file.
Method:
<?php /*********************************** *威盾PHP加密专家解密算法 By:Neeao *http://Neeao.com *2009-09-10 ***********************************/ $filename="play-js.php";//要解密的文件 $lines = file($filename);//0,1,2行 //第一次base64解密 $content=""; if(preg_match("/O0O0000O0\('.*'\)/",$lines[1],$y)) { $content=str_replace("O0O0000O0('","",$y[0]); $content=str_replace("')","",$content); $content=base64_decode($content); } //第一次base64解密后的内容中查找密钥 $decode_key=""; if(preg_match("/\),'.*',/",$content,$k)) { $decode_key=str_replace("),'","",$k[0]); $decode_key=str_replace("',","",$decode_key); } //查找要截取字符串长度 $str_length=""; if(preg_match("/,\d*\),/",$content,$k)) { $str_length=str_replace("),","",$k[0]); $str_length=str_replace(",","",$str_length); } //截取文件加密后的密文 $Secret=substr($lines[2],$str_length); //echo $Secret; //直接还原密文输出 echo "<?php\n".base64_decode(strtr($Secret,$decode_key,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'))."?>"; ?>
Weidun PHP script crack
<?php function get_filetree($path){ $tree = array(); foreach(glob($path . '/*') as $single){ if(is_dir($single)){ $tree = array_merge($tree,get_filetree($single)); } else { $tree[] = $single; } } return $tree; } function eval_decode($File) { $Lines = file($File); $Content; if(preg_match("/O0O0000O0\('.*'\)/", $Lines[1], $S)){ $Content = str_replace("O0O0000O0('", "", $S[0]); $Content = str_replace("')", "", $Content); $Content = base64_decode($Content); } else { return "file not encode!"; } $Key; if(preg_match("/\),'.*',/", $Content, $K)){ $Key = str_replace("),'", "", $K[0]); $Key = str_replace("',", "", $Key); } else { return "not decode key!"; } $Length; if(preg_match("/,\d*\),/", $Content, $K)){ $Length = str_replace("),", "", $K[0]); $Length = str_replace(",", "", $Length); } else { return "not decode base64 string!"; } $Secret = substr($Lines[2], $Length); $Decode = "<?php".base64_decode(strtr($Secret,$Key,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')) ."?>"; file_put_contents($File, $Decode); return "file decode success!"; } $filelist = get_filetree("D:/PHPnow/htdocs/1"); foreach($filelist as $value){ echo $value." :\t\t".eval_decode($value) . "\n\r<br>"; } ?>