前两天在某破解看到此贴,想试着解,但是奈何本人技术较差无法还原,想求助佬提供思路
以下内容来自52pojie,仅研究算法解密!
基本思路:
- 使用PHP解析器,将PHP代码解析成抽象语法树(AST)
- 梯度遍历AST,根据预定义的规则修改节点
- 修改变量名和函数名
- 内联字符串调用
- 合并字符串
- 删除无用代码
- 格式化代码
- 从修改后的AST重新生成PHP代码
- PHP代码后的输出反混淆
- 关键点是解析出AST,并定义修改AST的规则
思路就这些,但是想要批量还原的话,目前没有看到这些库,又没有可以直接解的方法,ai工具都有试过,可能是我询问的方法问题,并没有给出相对应的解法
加密前:
<?php
namespace app\api\controller\v6;
class Update extends Base
{
public function Index()
{
require_once 'apk/v16.php';
$vsdata = get_url_up();
$data = array('code' => $vsdata['code'], 'msg' => 'success', 'url' => $vsdata['url']);
die(json_encode($data));
}
}
加密后:
<?php
namespace app\api\controller\v6;
if (!defined("A_AA_AAAAAA_AAA__")) {
define("A_AA_AAAAAA_AAA__", "A_AA_AAAAAA_AAA_A");
}
$GLOBALS[A_AA_AAAAAA_AAA__] = explode("|E|`|k", "H*|E|`|k415F41415F4141414141415F5F4141415F");
if (!defined("A_AA_AAAAAA_A___A")) {
define("A_AA_AAAAAA_A___A", "A_AA_AAAAAA_A__A_");
}
$GLOBALS[A_AA_AAAAAA_A___A] = explode("|r|y||", "H*|r|y||61706B2F7631362E706870|r|y||636F6465|r|y||6D7367|r|y||73756363657373|r|y||75726C");
if (!defined(pack($GLOBALS[A_AA_AAAAAA_AAA__][0], $GLOBALS[A_AA_AAAAAA_AAA__][1]))) {
define(pack($GLOBALS[A_AA_AAAAAA_AAA__][0], $GLOBALS[A_AA_AAAAAA_AAA__][1]), ord(63));
}
$C3zBuEt1402 = array();
$C3zBuEt1402[] = 16;
$C3zBuEt1402[] = 8;
$C3zBuEt1402[] = 9;
$C3zBuEt1402[] = 10;
$C3zBuEt1402[] = 17;
class Update extends Base
{
public function Index()
{
$C3zBuEt1403 = array();
$C3zBuEt1403[] = 4;
$C3zBuEt1403[] = 20;
$C3zBuEt1403[] = 3;
$C3zBuEt1403[] = 14;
$C3zBuEt1403[] = 11;
$A_AA_AAAAAA_A__AA = "pack";
$C3zeF8H = $A_AA_AAAAAA_A__AA($GLOBALS[A_AA_AAAAAA_A___A][00], $GLOBALS[A_AA_AAAAAA_A___A][01]);
$C3z8H = (require_once $C3zeF8H);
unset($C3ztI8H);
$C3ztI8H = get_url_up();
$vsdata = $C3ztI8H;
$A_AA_AAAAAA_A_A__ = "pack";
$C3zeFvP8H = $A_AA_AAAAAA_A_A__($GLOBALS[A_AA_AAAAAA_A___A][00], $GLOBALS[A_AA_AAAAAA_A___A][02]);
$A_AA_AAAAAA_A_A_A = "pack";
$C3zeFvPvP8I = $A_AA_AAAAAA_A_A_A($GLOBALS[A_AA_AAAAAA_A___A][00], $GLOBALS[A_AA_AAAAAA_A___A][02]);
$A_AA_AAAAAA_A_AA_ = "pack";
$C3zeFvP8J = $A_AA_AAAAAA_A_AA_($GLOBALS[A_AA_AAAAAA_A___A][00], $GLOBALS[A_AA_AAAAAA_A___A][3]);
$A_AA_AAAAAA_A_AAA = "pack";
$C3zeFvP8K = $A_AA_AAAAAA_A_AAA($GLOBALS[A_AA_AAAAAA_A___A][00], $GLOBALS[A_AA_AAAAAA_A___A][4]);
$A_AA_AAAAAA_AA___ = "pack";
$C3zeFvP8L = $A_AA_AAAAAA_AA___($GLOBALS[A_AA_AAAAAA_A___A][00], $GLOBALS[A_AA_AAAAAA_A___A][05]);
$A_AA_AAAAAA_AA__A = "pack";
$C3zeFvPvP8M = $A_AA_AAAAAA_AA__A($GLOBALS[A_AA_AAAAAA_A___A][00], $GLOBALS[A_AA_AAAAAA_A___A][05]);
$C3zzA8N = array();
$C3zzA8N[$C3zeFvP8H] = $vsdata[$C3zeFvPvP8I];
$C3zzA8N[$C3zeFvP8J] = $C3zeFvP8K;
$C3zzA8N[$C3zeFvP8L] = $vsdata[$C3zeFvPvP8M];
unset($C3ztI8H);
$C3ztI8H = $C3zzA8N;
$data = $C3ztI8H;
die(json_encode($data));
}
}
