这个是一个PHP订单系统,其中有3个加密文件,难倒我了。
一个是混淆:wfinc.php
一个里边貌似用了MD5加密的:wfnet.php
一个是发送相关的:wfsend.php
三个文件下载地址:http://pan.baidu.com/s/1d4g5g 可以下载。
期中第三个文件wfsend里边很多没加密,基本就几个小片段,如最后几行:$uwfphp = WFCode('WxI8RebUtb8Ipy3EZfmx6Ze2XbEj5o/Q9ogNeA','D','WFPHP');
还有: function SetLanguage($langcode = 'en', $lang_path = 'language/') {
$PHPMAILER_LANG = array(
'provide_address' => WFCode('XUBiTeGAuuPKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi7/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'mailer_not_supported' => WFCode('CRBnQLaF4e3KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi7POC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'execute' => WFCode('DBBmTeHU4LjKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi7fOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'instantiate' => WFCode('WBdgFOHbsujKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi6vOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'authenticate' => WFCode('W0NiRbfbs+rKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi6/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'from_failed' => WFCode('VhZhRrbUtO/KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi6POC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'recipients_failed' => WFCode('CRE3TL3SsO7KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi6fOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'data_not_accepted' => WFCode('WEIwFreFsrnKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi5vOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'connect_host' => WFCode('V0FgEbDQsOzKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi5/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'file_access' => WFCode('CkI3QLeHse3KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj7vOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'file_open' => WFCode('DEM2FrWA4urKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj7/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'encoding' => WFCode('XkViFryFsrrKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj7POC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'signing' => WFCode('XRY1F+LTsurKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj7fOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'smtp_error' => WFCode('VkY1QLzXte/KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj6vOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'empty_message' => WFCode('VhUwQbCBsrnKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj6/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'invalid_address' => WFCode('XUZgR+aC5+jKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj6POC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'variable_set' => WFCode('ChIwFrOC57nKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj6fOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
);
$l = true;
if ($langcode != 'en') {
$l = @include $lang_path.'phpmailer.lang-'.$langcode.'.php';
}
$this->language = $PHPMAILER_LANG;
return ($l == true);
}
我技术有限,搞了一星期,未果,现在求还原源代码,谢了。
如果还需要其它相关的文件,贴中请留言,我可以随时提供。
一个是混淆:wfinc.php
一个里边貌似用了MD5加密的:wfnet.php
一个是发送相关的:wfsend.php
三个文件下载地址:http://pan.baidu.com/s/1d4g5g 可以下载。
期中第三个文件wfsend里边很多没加密,基本就几个小片段,如最后几行:$uwfphp = WFCode('WxI8RebUtb8Ipy3EZfmx6Ze2XbEj5o/Q9ogNeA','D','WFPHP');
还有: function SetLanguage($langcode = 'en', $lang_path = 'language/') {
$PHPMAILER_LANG = array(
'provide_address' => WFCode('XUBiTeGAuuPKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi7/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'mailer_not_supported' => WFCode('CRBnQLaF4e3KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi7POC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'execute' => WFCode('DBBmTeHU4LjKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi7fOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'instantiate' => WFCode('WBdgFOHbsujKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi6vOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'authenticate' => WFCode('W0NiRbfbs+rKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi6/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'from_failed' => WFCode('VhZhRrbUtO/KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi6POC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'recipients_failed' => WFCode('CRE3TL3SsO7KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi6fOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'data_not_accepted' => WFCode('WEIwFreFsrnKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi5vOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'connect_host' => WFCode('V0FgEbDQsOzKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoi5/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'file_access' => WFCode('CkI3QLeHse3KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj7vOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'file_open' => WFCode('DEM2FrWA4urKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj7/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'encoding' => WFCode('XkViFryFsrrKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj7POC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'signing' => WFCode('XRY1F+LTsurKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj7fOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'smtp_error' => WFCode('VkY1QLzXte/KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj6vOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'empty_message' => WFCode('VhUwQbCBsrnKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj6/OC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'invalid_address' => WFCode('XUZgR+aC5+jKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj6POC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
'variable_set' => WFCode('ChIwFrOC57nKNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj6fOC7UV5sPcw9e82tyypa4ka3K3ari+UrQ','D','WFPHP'),
);
$l = true;
if ($langcode != 'en') {
$l = @include $lang_path.'phpmailer.lang-'.$langcode.'.php';
}
$this->language = $PHPMAILER_LANG;
return ($l == true);
}
我技术有限,搞了一星期,未果,现在求还原源代码,谢了。
如果还需要其它相关的文件,贴中请留言,我可以随时提供。
wfinc.php 没有加密,只是定义了一些可读性很差的函数
[user] => Array
(
[0] => unscrambler
[1] => f82212813a4540acdeed38d4cd9084ade1739498
[2] => f82212813b5434f0acdeed38d4cd9084ade1739498
[3] => f82212813c43dsd0acdeed38d4cd9084ade1739498
[4] => f82212813xdsf0acdeed38d4cd9084ade1739498
[5] => f82212813y0666f0acdeed38d4cd9084ade1739498
[6] => f82212813f5434f0acdeed38d4cd9084ade1739498
[7] => f82212813j43dsd0acdeed38d4cd9084ade1739498
[8] => f82212813hdsf0acdeed38d4cd9084ade1739498
[9] => f82212813tr5434f0acdeed38d4cd9084ade1739498
[10] => f82212813f0666f0acdeed38d4cd9084ade1739498
[11] => f82212813g0666f0acdeed38d4cd9084ade1739498
[12] => f82212813hyr3dsd0acdeed38d4cd9084ade1739498
[13] => f82212813uygf0acdeed38d4cd9084ade1739498
[14] => f82212813drfg34f0acdeed38d4cd9084ade1739498
[15] => f82212813jhkgvdsd0acdeed38d4cd9084ade1739498
[16] => f82212813yrdhhdacdeed38d4cd9084ade1739498
)wfsend.php 使用了函数 WFCode,但不是在 wfinc.php 定义的
wfnet.php 使用了常量 wfsys (require_once wfsys.'public/wfinc.php')
可伪造一下,得到解码后的程序<?php
function WFCode($string,$operation,$key){
$key=md5('WFPHPWENFEI20128888');
$key_length=strlen($key);
$string=$operation=='D'?base64_decode($string):substr(md5($string.$key),0,8).$string;
$string_length=strlen($string);
$rndkey=$box=array();
$result='';
for($i=0;$i<=255;$i++){
$rndkey[$i]=ord($key[$i%$key_length]);
$box[$i]=$i;
}
for($j=$i=0;$i<256;$i++){
$j=($j+$box[$i]+$rndkey[$i])%256;
$tmp=$box[$i];
$box[$i]=$box[$j];
$box[$j]=$tmp;
}
for($a=$j=$i=0;$i<$string_length;$i++){
$a=($a+1)%256;
$j=($j+$box[$a])%256;
$tmp=$box[$a];
$box[$a]=$box[$j];
$box[$j]=$tmp;
$result.=chr(ord($string[$i])^($box[($box[$a]+$box[$j])%256]));
}
if($operation=='D'){
if(substr($result,0,8)==substr(md5(substr($result,8).$key),0,8)){
return substr($result,8);
}
else{
return'';
}
}
else{
return str_replace('=','',base64_encode($result));
}
}
require_once wfsys.'config.php';
require_once wfsys.'public/wfsend.php';
$errormsg = WFCode('CkMxRuLbtum4Kt1WmnnIzKnQXUS6YRgyc3KP9KqFvHc8fY2meAJef94','D','WFPHP');
$wferror = WFCode('XRExRryGtL/KNtYo4SFReVo0uR/dJwkHBFSf9yR0UYChnEoj5vOC7UV5sPcw9e82tyypa4ka3K3ari+UrUbPv+qGyiodOmxlZp0TMFrZYLRgB0Sjhf8GDHZYRtPnhgw','D','WFPHP');
if($uwfphp!= WFCode('VxZgTOfT5egIpy3EZfmx6Ze2','D','WFPHP').$swfphp){echo $wferror;exit;}
$wfno = date('YmdHis');
$wfdate = date('Y-m-d H:i');
$wfproduct = $_POST['wfproduct'];
$wfproductb = $_POST['wfproductb'];
$wfproductdx = $_POST['wfproductdx'];
$wfproductc = implode('<br>',$wfproductdx);
$wfmun = $_POST['wfmun'];
$wfprice = $_POST['wfprice'];
$wfzfbjg = $wfprice * $alipayzk;
$wfname = $_POST['wfname'];
$wfmob = $_POST['wfmob'];
$wftel = $_POST['wftel'];
$wfprovince = $_POST['wfprovince'];
$wfcity = $_POST['wfcity'];
$wfarea = $_POST['wfarea'];
$wfaddress = $_POST['wfaddress'];
$wfqq = $_POST['wfqq'];
$wfemail = $_POST['wfemail'];
$wfpost = $_POST['wfpost'];
$wfpay = $_POST['wfpay'];
$wfguest = $_POST['wfguest'];
$mail = new PHPMailer();
$mail->CharSet = 'gb2312';
$mail->IsSMTP();
$mail->SMTPAuth = true;
$mail->Port = 25;
$mail->Host = $wfhost;
$mail->Username = $wfuser;
$mail->Password = $wfpw;
$mail->From = $wffrom;
$mail->FromName = $wfsite;
$mail->AddAddress($wftoa,$wfsite);
$mail->AddAddress($wftob,$wfsite);
$mail->WordWrap = 50;
$mail->IsHTML(true);
?>这里已有 WFCode 函数的定义了!
就在自己继续弄吧