in reply to Re^2: Is there a script somewhere to de-obfuscate code?
in thread Is there a script somewhere to de-obfuscate code?
First, they use a *very long* variable name, which is the $A361 stuff.
Then they put their code, packed, inside that variable.
Afterwards, they eval their unpacked code.
Simply replace the eval statement with a print and you'll get their code out, which looks like this:
$ip = $ENV{'REMOTE_ADDR'};$time = time;$found = 0;$users = 0;@pairs = split(/&/, $ENV{"QUERY_STRING"});foreach $pair (@pairs) {($name, $value) = split(/=/, $pair);$value =~ tr/+/ /;$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;chomp($value);$QUERY{$name} = $value;}if (! (-f "data/users.txt")) {open (CREATE, ">data/users.txt");close CREATE;chmod(0666, "data/users.txt");}open FILE,"+<data/users.txt";&lock(FILE);@users = <FILE>;chomp(@users);seek(FILE,0,0);truncate(FILE,0);foreach $line (@users) {($savedip,$savedtime) = split/\|/,$line;if ($savedip eq $ip) {$savedtime = $time;$found = 1;}if ($time < $savedtime + ($minutes * 60)) {print FILE "$savedip|$savedtime\n"; $users = $users + 1;}}if ($found == 0) {print FILE "$ip|$time\n";$users = $users + 1;}close (FILE);$code = "<a href=\"http://www.perlonline.com\" style=\"$style\">$users</a>";if ($QUERY{'output'} eq "javascript" or $output eq "javascript") {print "Content-type: text/html\n\n";$code =~ s/\'/\\\'/ig;$code =~ s/\"/\\\"/ig;print "document.write(\"$code\");";exit;}else{print "Content-type: text/html\n\n";print "$code";exit;}sub lock{my $lock = 0;while ($lock < 5) {if (flock(@_[0], 2)) {return 0;}sleep (1);$lock++;}exit;}
Simply run perltidy on that code and you'll be able to see, clearly, everything that is going on.
|
|---|