Method to reveal hidden code in PHP

Method to reveal hidden code in PHP

Working in mp3.gaguma.net me encontre the following extract of code in repositorio I publish Github.

The code this codified 15 times in a combination of multiple calls to functions as str_rot13, gzinflate, gzuncompress, strrev and base64_decode. Studying computation I have learned that one of the important rules but for a programmer is that you never must include hidden code in your application since is problems of security and privacy.

One of the forms to reveal the hidden code is to call each function, one by one, until it gives back the open code to you. Within repositorio there is a closed commentary that reveals the code to you but I did not see it when she was analyzing the code, but as I like a good challenge I was decided to reveal the code without the aid of tools online that specialize in this type of tasks.

For this task decidi of using a tool to execute code PHP online. Lines 22-64 are the code to reveal, copy the code and eliminate the call eval so that it showed to me what it was executed hidden.

The result showed but hidden code to me

eval (gzinflate (base64_decode (rawurldecode (‘XZXHroTgDUYfJ4lY0IamKAt67w…’))));

If the same process repeated to copy the exit code and to remove the call to eval, it gave but hidden code me

eval (base64_decode (gzuncompress (base64_decode (‘eJwVlt1iq6wWRV8JNfbbudy…’))));

Viedo that the same landlord repeated itself, decidi to make small script to automate the process.

<? php $linea = str_rot13 (gzinflate (str_rot13 (base64_decode (‘LUnHEuy4DfyarX2+KXhHPs0o5xwvLuWcs77elNdGZgBOECBAoFtYPdx/tv6I13solz/jQywE9p9smZJs +ZMPWpXf/1/8Lauymyf8cwrK6nC3AmzDE3UlTjZaNBohU4wImn6oue3r8DrE8UpabJ/zfyG2iquVvsb4CBNNwAHFX4gujah4BOouJ3IJliTQsmeTl1NdzCM7aVTeMWPWZx1TfiBh3GZFoGPVmCpxiXTHfDKZlZKhw3wNE0 dIv2CzYnzXebK5O0K83W3UAS7RPBWUGi+3QOsEab94b7uwoaVAxCD/WgHN9kB5vOEIgPWUrMiwXJwbNku84HydkiJt7bmduUKDSH6eBKxIe9UAp+lhf9wZszH1N6IX5Md9psZSdUUShRljc/YF5f8cCMHpAQ1HXOQtD0LQ/YMKv8Ry7bAc54SpZ3uMhL7apFLMvvA5cBU3wZrSkTO4lRI0ErTgHoGm6R3XOBs7MxRgFq7DhtdJ/iIl9EyyVXyOVqoFmzrwvSIGUF9oZZUXLGWEtnZBhP9zdaFMja8tVdKbZ+WZgmtJdCMvZwUtdaHnLltMJZgi3pdk+RP/kr74W52GYsbC8p/lc1OsAptzZl4UnNHlFgNfN0pxzVu4aqeAqsnxfumYj4U/PdaIbl7LFDxNx1876yRZsZ3tE9Gd0oywUtlnTcBLbUREIIgxpUZPgYMI9s9oiGcIlhrIj6g92+lq0vgh9sUvubY67QQDLaRbyNkjmRdLFugwfaGTIsawcmYp6EvkYX4ym7p+gUseMrXxgj4gplomZkp+De0ncef4JvMEuumtx0pEs65cC12nxoTdKO77SOSgUbWMjE/UTU95XvP0oA0WNSkPkhhxxO0h1YGHjWPJQGAcdb3PFeet9hFk5ldK/jAQVk3uA1LoVXnJqRR+ArRtIKf4+KCuBc6+aGaQFAl16QZld5u2DS+VJp9lFLQ+nwClAOxc4xoR64w2adRkygg6ra85lTrAtsT/9sDdSYP9AMNXTUWX5NcZiui92kNJhrO4r1s390cs1aroI8QIcZJSHMMsLND7DlwMFw5KKZ97OjS2dAnXI6hUYMWLuNTh1ulTL5d18UMs1MqYUafz966z09i22ouDTRlRW kYOKEuJbHHGxgAeLag+HPplR8yJ8Z9Cm6wfkRnDS9zMpbq8aWvcE/gP73eYxRQUXBxIYy7Dy9CdqeSLT1+r9bGl+vEzvqMVFEfRmQ5C2llyj4kET17hRsjtU9uH+6YtbnOBYhOJKYdc3qb+URnQlqOrxbLcEdltyUdgtNxdRGs0H6ZkFxiZiz0SMmtV4OAp7O0hlpDrgKQXJizlJJmzF2Z4YjoD3T0+OmQerLw4Um9OfQjK4y7vd6bLOPx8JzK9+X407Ld/que3FMhJz6RzFf+VRucAynIvK2vAtuMAM6gd+xXPjEdxz48YIP8vEzu58smehGmuodBbrZJU3EZbTgyKEwJ/f9W+6NqoDRjjjXJ8BSOsCwcguTCV33nYGJF8FDZ7qqt1vAkcRuxx/OuGEzIfHLnwx3vtPs1ygIarImswm3MX0CGONHJ6ekTMT1/fWQWfES9LnAsaI4ulny59fCpsXnaojPbK98JoSd324KHabEo2VvVkv2YY0Bn2cBR8kZZkWjoy2JtozG9FNn2RQbOfuwAiwRjShGKroPjPfuhqDkeML00CPfDva0F7pRtYBEi7cgyT73KtgKvTdvU/JUFnZsqcLPEqIQBZQrwPS/OIyB6yh259xFEH7yhz+Iz7AZAN6q5mfNMFBu4+6Z+TFaTa8jcLeimEQi3b/UE7E504I3J9G2mpLAloakZQmhtz57n0wkIyBTQz/m4R+eKHhvHj7JLvGQdUo1W3I8iOou+0ASZIKwasjyK85GMHJtFLkUEjKta+xfi4XjaBmoL4/ovtbZlV0rlu3B+hyvJ01LDHKmkKNG08/Odoa1qtxMO7qw7LXDVvdYdiLybhrPHiZZR/66cPj3gTSRZNJdUZKdqhuz1+SpeLx7bT1Rax4rzGXD6fy6K0YAIWeaxLNVS5sWOSOZFnkYk//G0+1ykMr+7RXGyEQ92m7Tfm9SVtfIC4vaIdIoWbS8mOBIi4fSERMO2RBQpTaq2piwNxp9M6B1kN2NQ/Y6Yjxw7T5s7KKzd9u7cnApNpUZ5FU4zGkuuWsl+8phIz09M4T1AoadHTsIMmXbcfjBk0gt1gJ5QtS4Bb6CefYtG6B+pytP+P85/lFD4ZD7C9neKgPOXqYxfr2xnOuNgaBQLhq/Cl3Gd5e2M/ED38SEMVo+Fn+bLMLfx94EL4QjNWSHe/PTUos459CgDqEfA/h0nC5uQvlC7HU78V5wXsZLnWMNF1UN60UuG2kMeZC2y5cH5Obt8grUFtWOvcLcKbXfJJoc5K38P2FhZFZ0VjDDkjVPzhEV+N6x74hdehwfL7WCm/IPGe+BX98AiJ0Ws/G1dA2++Bf1+1xTeg6nCZ8ub0juPNUUiNr+G4tPQViIk9cGkcl3Kb5CWznRFevxNbASzD9jXjdUDqplNUZiuBX6UXBTa5+pZFamW6zEIlO1zhSYGLTmIJT4QjX+NCYtacOZPLuSsnm4r0ovmah5l8HzqE32Rch4GqO7bsycE92ZfoFvr1cRJJ0/J8OraL9gh0OCRrm5wwNceGlXWKTMauH/FB+P9HMLiORGC4Jt8/xe/L3J66fkJSI/w2pHdPgnFrC4j/Llw+bv0MT/P/+F/j9+78=’)))); //original line without the call to ‘eval’

$profundidad = 100; //I number of repetitions, 100 is I number random to try

for ($nivel = 0; $nivel<=$profundidad; $nivel++) \ {$linea_sin_eval = substr (substr ($linea, 5), 0, -2) . “; ?; //to remove “eval (? and it completes “)?
    eval (‘$linea=’. $linea_sin_eval); //to execute new line without “eval? and to keep the result
    I throw ($linea. \ n?); }? >

Finally it observes that $profundidad = 14 script showed the hidden code to me.

<? php $ytresponse = @file_get_contents (“https://www.youtube.com/oembed?url=http%3A//youtube.com/watch%3Fv%3D$id&format=json?); $ytinfo = Array (); $ytinfo = json_decode ($ytresponse, true); $type = $ytinfo [‘type’]; >

Perhaps this it is a method that develops in some minutes, but exist other faster and efficient methods than mine. In the end I must say that using code that you cannot read in your servant she is a very bad one it practices and he is preferable to run code that your you understand and you trust.

If you are going to share code with the rest of the world, please never you try to hide it!

JG.

Julio G.

Julio G.
I am an enthusiastic GNU/Linux, I like to program in my free time and to write about problems that I am in my personal projects