| thepcguy |
| Beginner |
 |
|
| Joined: Aug 01, 2012 |
| Posts: 1 |
|
|
|
 |
|
 |
|
I've a file that is somehow obfuscated and the support site for it no longer exists. I've been following several posts here and have been able to recover some parts of the code, but hit a roadblock in translating the rest. It appears to be defining a php function as x0b(something,something), but that's either a form feed or the letter b? I'm lost in it! 
If someone can clue me in on some tools to use, and how to use them, I probably could manage thru or just unscramble the code for me would be quicker for both of us!
Here's the full php page:
| Code: | <?php
$x25="\x63\x68m\x6fd"; $x26="\143\x6c\x65\x61r\163tat\143\x61\x63\x68\145"; $x27="\x65\170pl\157d\x65"; $x28="f\x69\x6c\x65\x5f\x65\x78is\x74\163"; $x29="\x66i\x6c\x65\x5fg\x65\x74\137c\x6f\x6et\145\x6e\x74\x73"; $x2a="\x67\x65\x74\145\x6ev"; $x2b="h\145xd\x65\x63"; $x2c="i\x6d\x61\x67\x65\143olo\x72\x61\x6c\x6co\143\x61te"; $x2d="\151ma\x67\145\x63\162\145\141\x74\145\164\162\x75\145\143\157\154or"; $x2e="\151mag\x65\x66il\x6c\145\144\x72\x65c\164\x61n\147le"; $x2f="\x69\155a\147e\143\157p\x79me\x72\x67\x65"; $x30="\151m\141\x67e\x63\x72e\x61\x74e"; $x31="\x69ma\x67\x65d\145\x73\164\162oy"; $x32="\151\x6da\x67\x65f\x69\x6ct\x65\162"; $x33="\x69m\x61ges\x78"; $x34="\151m\x61ges\171"; $x35="i\155ag\145\163\164\162i\x6e\147"; $x36="s\x74\x72\137\162\145\x70\154\x61\x63\145"; $x37="\163\165\x62\x73\164\162"; $x38="\x75\x6elink";
error_reporting(0);function x0b(&$x0b,$x0c){ global $x25,$x26,$x27,$x28,$x29,$x2a,$x2b,$x2c,$x2d,$x2e,$x2f,$x30,$x31,$x32,$x33,$x34,$x35,$x36,$x37,$x38; $x0d=$x33($x0b);$x0e=$x34($x0b);$x0f=$x2d($x0d,$x0e);$x10=$x2c($x0f,100,50,50);$x2e($x0f,0,0,$x0d,$x0e,$x10);$x2f($x0b,$x0f,0,0,0,0,$x0d,$x0e,$x0c);}function x0c(&$x0b, $x11){ global $x25,$x26,$x27,$x28,$x29,$x2a,$x2b,$x2c,$x2d,$x2e,$x2f,$x30,$x31,$x32,$x33,$x34,$x35,$x36,$x37,$x38; if($x11 == "\x6e\157")return $x0b; elseif($x11 == "n\x65ga\164\145")$x32($x0b, IMG_FILTER_NEGATE); elseif($x11 == "\x67\x72a\171sc\141\x6c\x65")$x32($x0b, IMG_FILTER_GRAYSCALE); elseif($x11 == "\142\x72\151\147\150\164\x6ee\x73\163")$x32($x0b, IMG_FILTER_BRIGHTNESS, 50); elseif($x11 == "\x63\157nt\162\141s\164")$x32($x0b, IMG_FILTER_CONTRAST, 225); elseif($x11 == "\x65dg\x65")$x32($x0b, IMG_FILTER_EDGEDETECT); elseif($x11 == "\142l\165\x72")$x32($x0b, IMG_FILTER_GAUSSIAN_BLUR); elseif($x11 == "em\x62\x6f\x73\x73")$x32($x0b, IMG_FILTER_EMBOSS); elseif($x11 == "s\x6bet\143\150")$x32($x0b, IMG_FILTER_MEAN_REMOVAL); elseif($x11 == "\x73\x65\160\151a") {$x32($x0b, IMG_FILTER_CONTRAST, 25);x0b($x0b, 40); }}$x12 = $x27('x', $_GET['size']);$x13 = array( 'wm_opacity' => 50, 'wm_vrt_alignment' => 'p', 'wm_hor_alignment' => 'c', 'wm_padding' => 0, 'wm_use_truetype' => TRUE, 'dynamic_output' => FALSE, 'orig_width' => $x12[0], 'orig_height' => $x12[1],);require_once 'includes/Image_lib.php';$x14 = new CI_Image_lib($x13); if(!isset($_GET['uploaded_image']) || $_GET['uploaded_image'] == ''){ require_once('includes/gd-gradient.php'); $x15 = new gd_gradient_fill($x12[0],$x12[1],$_GET['grad'], '#'.$x36('%23', '', $_GET['grad_start_color']),'#'.$x36('%23', '', $_GET['grad_end_color']) );$x14->image_type = 3; $x0b = $x15->image;} else{ $x16 = $_GET['uploaded_image']; $x17 = $_GET['uploaded_ext'];if($x28('uploads/'.$x16.'_banner.'.$x17)) {if($x17 == 'gif')$x18 = 1;elseif($x17 == 'jpg' || $x17 == 'jpeg')$x18 = 2;else $x18 = 3; $x14->image_type=$x18; $x0b = $x14->image_create_gd('uploads/'.$x16.'_banner.'.$x17); }}include 'includes/check.php';if(!checkup()){ if(isset($_GET['eba']) and ($_GET['eba'] == 'edge' or $_GET['eba'] == 'blur' or $_GET['eba'] == 'emboss' or $_GET['eba'] == 'sketch' or $_GET['eba'] == 'sepia')) $_GET['eff'] = 'no';}if(isset($_GET['eba'])) x0c($x0b, $_GET['eff']);for($x19 = 0; $x19 < 3; $x19++){ if(!isset($_GET['tx'][$x19]) or $_GET['tx'][$x19] == "") {continue; }$x14->wm_text = $_GET['tx'][$x19]; $x14->wm_font_path = 'fonts/'.$_GET['ff'][$x19].'.ttf'; $x14->wm_font_size = $_GET['fs'][$x19]; $x14->wm_font_color = $_GET['tc'][$x19]; $x14->wm_vrt_percent = 100 - $_GET['vs'][$x19]; $x14->wm_hor_percent = $_GET['hs'][$x19]; if($_GET['sd'][$x19] != 0) {$x14->wm_use_drop_shadow = TRUE;$x14->wm_shadow_color = $_GET['sc'][$x19];$x14->wm_shadow_distance = $_GET['sd'][$x19]; } else { $x14->wm_use_drop_shadow = FALSE; } $x14->wm_text_angle = $_GET['a'][$x19];$x0b = $x14->text_watermark($x0b);}if(!isset($_GET['eba'])) x0c($x0b, $_GET['eff']);if(isset($_GET['bs']) && $_GET['bs'] != 0){ $x1a = $_GET['bs']; $x1b = $x2b($x37($_GET['bc'], 0, 2)); $x1c = $x2b($x37($_GET['bc'], 2, 2)); $x1d = $x2b($x37($_GET['bc'], 4, 2)); $x1e = $x2c($x0b, $x1b, $x1c, $x1d);$x2e($x0b, 0, 0, $x14->orig_width, $x1a - 1, $x1e);$x2e($x0b, $x14->orig_width - $x1a +20, 0, $x14->orig_width, $x14->orig_height, $x1e);$x2e($x0b, 0, $x14->orig_height - $x1a, $x14->orig_width, $x14->orig_height, $x1e);$x2e($x0b, 0, 0, $x1a - 1, $x14->orig_height, $x1e);} if(checkup()){ $x1f = $x29('pro/watermark.info'); $x20 = ''; $x21 = ''; @list($x20, $x21) = $x27('::', $x1f); if($x20 == '') {$x20 = $x2a('SERVER_NAME'); }}else{ $x20 = base64_decode('TWFkZSB3aXRoIEJhbm5lcmRldg==');} if($x21 != 'on'){ $x22 = @$x30($x12[0], 15); $x23 = $x2c($x22, 0, 0, 0); $x2e($x22, 0, 0, $x12[0], 15, $x23); $x24 = $x2c($x22, 255, 255, 255); $x35($x22, 2, 5, 0,$x20, $x24); $x2f($x0b, $x22, 0, $x12[1] - 15, 0, 0, $x12[0], 20, 50);}if(!isset($_GET['save'])){ $x14->image_display_gd($x0b);}else{ if(isset($x17)) {$x18 = $x17; } else {$x18 = 'png'; } $x14->full_dst_path = 'banners/'.$_GET['save'].'.'.$x18;if($x28($x14->full_dst_path))$x38($x14->full_dst_path);$x14->image_save_gd($x0b); @$x25($x14->full_dst_path, 0777);echo 'http://'.$x2a('SERVER_NAME').$x36('wizard.php', '', $x2a('SCRIPT_NAME')).$x14->full_dst_path;}$x31($x0b);if(isset($x15->image)){ $x31($x15->image); } $x26(); |
Much thanks in advance!
[/code] |
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 140
Members: 0
Total: 140
