Форум АНТИЧАТ - Реверс файла

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)

- PHP, PERL, MySQL, JavaScript (https://forum.antichat.xyz/forumdisplay.php?f=37)

- - Реверс файла (https://forum.antichat.xyz/showthread.php?t=121672)

Реверс файла

Вроде бы нужно декодить бэйс64, я прошелся по коду, без результатно. Какой алгоритм расшифровки?

Цитата:

<?php # Uber Void Team (http://void.su) | deZend - 21/5/2009 17:03:19 $o = "QAAAOzh3b3cKDXRidHRuaGlYdAAAc2Z1cy8uPAoNbmEvJm50d AAEYnMvI1hXSFRTXCBlZgIAcmUAAGpucyBaLi58Cg04OQoNO24 AAGpgJ3R1ZDolbmlka3JjYnQACihzYn9zWG5qZmBiKQXAOADxO gAAVEJVUUJVJ0RISUFOQCU5OwAAZidvdWJhOiVtZnFmdGR1bgA Cd3M9cWhuYy83LjwlJ2gEoG4AAGRsOiVmbWZ/WGtoZmNEaGkBAHNiaXMvIGQAkyArIGZjam5pAgAobmljYn8Gcn RvaHA6NiAuPAAAdWJzcnVpJ2Fma3RiJSd0cwAAfmtiOiVlaHVj YnU9aWhpYngAPAfwC18KYQtdOyonQGgnZWZkbCVEAicEEzolNw PgKGY5O2V1JygP8TgYBgoNehLSEsVUQlRUTkhJXAoTEqAnBAIh IScjWAF9Jzo6JyVobCUUgQoABA11YnZybnViLyUpKSgOMGFuT4 BgDUElLhiBENAVcAGyFjZ0YmRydW5zQhF+AmYoKCdUG7EnaGEn EKFuaWALkAyAaXQnJgnSHK9YdBypI3ZyYnV+OgIAanR0dmtYAM IvJVRCS0JEUycAAC0nYXVoaid3dH5wYmVYZWbACAVAFMInZX4n bmMnRlRECnJiZG8AAGgnJTtzZmVrYidwbmNzbzoGADI3NzklDC ABtXUnZWBkaGtodQAIOiRhZGJkYjM5O3NjAsQ2NzkEBCQ7KHNj ATkyNzlJZmpiAXU5VQcEYmZ0aGkA9QOUAlBDYmticwJ0KHNQAH UHQicAEGFodS8jbjo3PCNuO4ApDaNpcmpYdWhwdC8PAy4BoCws GCGRAALgJyMBoCc6JwKjYWJzZG9YZnUTQHVmfgLWCg0Ccg9QOg LSXCBuYyBa8IMOEAFxAEEzMG50WG4qgCNuYyg1MkIBgcK0AEUQ nyAkYTIAISAPgTkDYA3lOQjhXGmuiw/wWgE7dRBSAVc0pVs0vy48WzTHWzTfNN5lj2U+ECfnOGMVgjoJY DVsWyU5F0UwoBtiF4mf5w7xemI34EIwAMEARQ/2Dt8XsA7fcFwO30NzDt/Xv0OADt9rQ69zQ6YO3yRQDt9iDt8ZECZXDdFAEAB0vHwONCgwc iiSAcA5wEJpYzmvOaJDdVY/I/IjZAD3b2Z1ZmRzYnUpsFiZAYEn0iMSUwH8AVPCGAITDqBzbmpi AixjZn50Ag0CcS8uLCBwLyMDNC01My0xNwAwSJEIsGJkbDbgQA RwMjNCfUFVSEonRAr2cG9idWInm74sITogA7AMZCBC0gEABLA1 BL9HJASyRykE32T5AhEwBNM3YAkTPedkbwXwNi4nOyc2PeFjQG duVaBJaCdUcmRvCicIononKpEEPwokCDkuJzk6BEhTb250Jxeh GSMA0GZrFqAi+GN+VsFpYmMFOCcv0DOgDj8OP1VTUE9CJAJVQl UgOi9XlEpGXy9uYy4nEN0u/zIGYgXJStoDMEkwAfMAYEpTLDYBQR1gaGkJIGMABWZzYi8gYyA uKSUnJSkA40EA4VNAKwD2Xj8wCg0ggQMAamF5bml0YnVzQNMnT mBoJ2NlaCkaeArwKx8iKycRYFrATAArEYFoaQByJcEuJ3Fma3J idC8gj+0JoCArJyGZAOEDYwGSCsIApQPBIA+EAZBYI64wAHJ3D GEdxyd0YnMnZHNrZGhjYgdEOiA2ICckHyQXO1NEK6ZFZmkcwCc pEJ8nV2tW0GInVWJEkScpbME88AAwIwA7hT8/QEKRoFKjfsAm4Q2wE0AjWAGqF/EzEgGwFPMbWfmeASMCAnePd4cMU25jNRBnoCUuOWI2IQVQbSNc f7wgAPE9cwlTAbAF6hKkLFcSqjcSrATiJwME/3V+EvQvJUOCUFNCKk4nLOYeogQiFnM7nuMncwJ4fndiOlsll3E obaBWVtCfT2kwc2Jpx4Fbp59PPDsoBXNXNamiATMna2ZpYHKo0 BaAOiVNBoYlCAMH/SWdIAoNYXJpZHOhFbDQJ0UQZWJ1U6zwL2JxCCArJXBppHCCiR5 hDnFmdSdVQXAI8GhwKQISJziJYCcQaWMA9j0nAXIf0ALybGJ+G PBjaGRyQlRqBOApZmtrAxBiKQFwRCqAJwLgKWTgFShgANEDMAo NDm5hJy8mAfAuNQBzrVELi3N1cmIBsA4BwAFwBNBUc3WesCmaM SwRuIADsS8BoCGhA+YpamaM0C8oXDcqPloX6yguLgPQDrJZBRA tQBQ2vUCToGpIsSU20QkxXwAlPXI6AQcSkJ7NAj23tWpmdWBua SprAMpiYXM9KjU3f7gABjBzdaDmIKD0IABLJ2ZrbmBpOiVkEeB idRjRJwAQolB37zk5MD3XeABjCAGHQQSulPMErwSQJwShEmFb4 6XGPBgnJwRgBNYFoaiBbml3cnMieBA+J2RrACRmdHQ6JWFuYmt jxpBufcaAPzd/zSXBgAovr6UOwAovDs+uuAnvCe9/cwnpVGMlCg+e+woPc3UO8hjKCg8KC0ODkA4SCa8JrwmrYwOwqT GTQCogd3XnIDolKIQ2r3N2sC4lJ2pmfwB/a2JpYHNvOiU1DS8XLxx/HHJMgSvjz3OAnkAFZXJzc2hpJWlzOiUmeh0w48PM4j0MADM+M3 crwOnXaWJwJ0ZtZn8pUpeYZ9J1L/ISZDwQa3Hp8zQCaGndBAGAfGpiACBzb2hjPScgd2h0TTAnZnR+ aQBAZG91aGlocnQ9PfErJ3dmdWaAKAJwYnV0PUFodWopdwBuMa B9Yi/gAUO2BYIGoC56LjwnYnR3YnVmdfKQ5vg2gAho9LEoORqyLhcoq bMBET5hH/HsMzg5"; eval( base64_decode( "JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR 3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw 9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3O UoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGx sbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUc z0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCg kbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsb GxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY21 4bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Z m9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGx sbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJ GxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGx bJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJ jB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKyt dKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pP j40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGx sbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7J GxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGx sbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9J GxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKyt dKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pK zE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGx sbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsX SkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGx sbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsb CsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCR sbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5S npzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd 4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnM k1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGx sbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkb GxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGx sbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd 3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTt ldmFsKCRsbGxsbGxsbGwpOw==" ) ); return; ?>

Просто обфусцированный текст php скрипта декодиш base64 а далее уже смотриш, именна переменных изменены на манер $lllllllllllllllllll, $llllllll,$llllllllllllllllllllllllllllllllll итд...

меняешь eval на echo 2 раза и получаешь результат:

PHP код:


		
			
?><?php

session_start();

if(!isset($_POST['ban_submit'])){

?>

<img src="includes/text_image.php?text=SERVER CONFIG"><a href="javascript:void(0);" onclick="ajax_loadContent('content','admin/index.php?show=1');return false" style="border:none;"><img src="includes/text_image.php?text=<- Go back" border="0"></a><br />

<?

}

if(isset($_SESSION['admin']) && $_SESSION['admin'] == "ok"){



require("../config.php");

include("../includes/security.php");

// Start of showing bans !

if(!isset($_POST['ban_submit'])){

$query=mssql_query("SELECT * from psyweb_bans order by id ASC");

echo "<table width=500>";

echo "<tr bgcolor=#fcece4><td width=10>#</td><td width=150>Name</td><td>Reason</td><td width=50>Delete</td></tr>";

    for($i=0;$i<mssql_num_rows($query);$i++){

    $row = mssql_fetch_array($query);

    $id = $row['id'];

        if(is_int($id/2)){

            echo "<tr bgcolor='#f5f5f5'><td>$id</td><td>$row[name]</td><td>$row[reason]</td><td><a href=\"javascript:void(0);\" onclick=\"ajax_loadContent('content','admin/ban_config.php?delete=$id');return false\">Delete</a></td></tr>";

        }else{

            echo "<tr><td>$id</td><td>$row[name]</td><td>$row[reason]</td><td><a href=\"javascript:void(0);\" onclick=\"ajax_loadContent('content','admin/ban_config.php?delete=$id');return false\">Delete</a></td></tr>";

        }

    }

echo "</table>";

}

// End of showing bans !

if(isset($_POST['ban_submit'])){

$character = $_POST['ban_char'];

$reason = $_POST['ban_reason'];

$bantime = $_POST['ban_days'];

$bantime = time()+($bantime*24*60*60);

$check1 = mssql_query("SELECT * FROM Character where name='$character'");

$check2 = mssql_query("SELECT * FROM psyweb_bans where name='$character'");

if(mssql_num_rows($check1) < 1){

die("No Such Character");

} elseif(mssql_num_rows($check2) >= 1){

die("This character is already banned");

} else {

$id = mssql_query("SELECT * FROM psyweb_bans WHERE id=(SELECT MAX(id) FROM psyweb_bans)");

$id = mssql_fetch_array($id);

$id = $id['id']+1;

$banon = date('d')." ".date('F').", ".date('Y');

$ban = mssql_query("insert into dbo.psyweb_bans(id, name, reason, banon, bantime) values('$id', '$character', '$reason', '$banon', '$bantime')");

$ban_2 = mssql_query("update Character set ctlcode='1' where name='$character'");

echo "Character Banned . Please Reload .";

}

}

if(isset($_GET['delete'])){

$id = $_GET['delete'];

$query = mssql_fetch_array(mssql_query("SELECT * from psyweb_bans where id='$id'"));

$name = $query['name'];

$delete = mssql_query("update character set ctlcode='0' where name='$name'");

$delete = mssql_query("DELETE FROM psyweb_bans WHERE id='$id'");

echo "<script type=\"text/javascript\">ajax_loadContent('content','admin/index.php?show=1');</script>";

}

?>

<script language="Javascript" type="text/javascript">



function numberText(event, sender){

    var e = window.event ? window.event : event;

    var key = document.all ? e.keyCode : e.charCode;



    if (!key) return true;

    

    key = String.fromCharCode(key);

    if (!key.match(/[0-9]/))

        return false;

}

</script>

<form id="ban_char" name="ban_char">

<table width=500 name="ban_char" style="margin-left:-20x;">

<tr bgcolor='#fcece4' align="center">

    <td>Ban Character</td>

</tr>

<tr bgcolor='#f5f5f5' align="center">

    <td>Character Name</td>  

</tr>

<tr>

<td><input type="text" name="ban_char" class="field" size="80" /></td>

</tr>

<tr bgcolor='#f5f5f5' align="center">

    <td>Ban Reason</td>  

</tr>

<tr>

<td><input type="text" name="ban_reason" class="field" size="80" /></td>

</tr>

<tr bgcolor='#f5f5f5' align="center">

    <td>Days</td>  

</tr>

<tr>

<td><input type="text" name="ban_days" onkeypress="return numberText(event, this)" maxlength="2" class="field" size="80" /></td>

</tr>

<tr>

<td><input name="ban_submit" type="button" value="Ban Character" style="width:494px;" onclick="new Ajax.Updater('ban_char', 'admin/ban_config.php', {method: 'post', asynchronous:true, parameters:Form.serialize(document.ban_char)}); esperar_login('ban_char');" /></td>

</tr>

</table>

</form>

<?

}

?><?