Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      hack3core

      Decode+ Encode php code

      Recommended Posts

      [align=center]hello brothers, perhaps you have it already knows and who does not know that I will teach, today we will talk about Decode and Encode Php code

       

      There are many ways to encode and decode PHP code. From the perspective of site security, there are three PHP functions — str_rot13(), base64_encode(), and gzinflate — that are frequently used to obfuscate malicious strings of PHP code. For those involved in the securing of websites, understanding how these functions are used to encode and decode encrypted chunks of PHP data is critical to accurate monitoring and expedient attack recovery.[/align]

       

      [align=center]Encoding and decoding with str_rot13()[/align]

       

      As explained in the

      Hidden Content

        Give reaction to this post to see the hidden content.
      , str_rot13() is a simple function used for rotating every letter “13 places in the alphabet” while ignoring non-alphanumeric characters. This type of encoding is called ROT13 encoding and it’s very straightforward using the str_rot13() function. Let’s look at an example..

       

      Let’s say we want to ROT13-encode the following string:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      We run this string through str_rot13() and set it as a variable named $encoded like so:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Echoing the $encoded variable to the browser, we get this string of gibberish:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      To decode a string encoded with str_rot13(), we simply run it back through the function to restore the original string. Here is an example that returns the original string to a variable named $decoded:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Echoing $decoded, we see the original string as expected:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Example:

      Hidden Content

        Give reaction to this post to see the hidden content.

       

       

      [align=center]Encode and decode with base64_encode() & base64_decode()[/align]

       

      This encoding is designed to make binary data survive transport through transport layers that are not 8-bit clean, such as mail bodies.

      Also explained in the

      Hidden Content

        Give reaction to this post to see the hidden content.
      .

       

      Ahh, I love taking stuff out of context, but I digress.. Let’s get back on track with a quick example showing how base64_encode() works its magic. Let’s say we want to encode the following string with base64:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      We run this string through base64_encode() and set it as a variable named $encoded like so:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Echoing the $encoded variable to the browser, we get this string of gibberish:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      As you may count, the base64-encoded string contains around 33% more data than the original. Now to decode a string encoded with base64_encode, we use the converse function,

      Hidden Content

        Give reaction to this post to see the hidden content.
      . Here is an example that returns the original string to a variable named $decoded:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Echoing $decoded, we see the original string as expected:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Example:

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      [align=center]Deflate and inflate with gzdeflate() & gzinflate()[/align]

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Let’s say we want to “gzdeflate” the following string:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      We run this string through gzdeflate() and set it as a variable named $compressed:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Echoing the $compressed variable to the browser, we get this bizarre-looking gibberish:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      To “decode” this alien-speak, we inflate it with the converse function, gzinflate(), to restore the original string. Here is an example that returns the original string to a variable named $uncompressed:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Echoing $uncompressed, we see the original string as expected:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      Example:

      Hidden Content

        Give reaction to this post to see the hidden content.

       

      [align=center]Combined example: gzinflate(str_rot13(base64_decode()))[/align]

       

      Malicious scripts often combine multiple encoding methods to further obfuscate data strings. Using the numerous PHP encoding-type functions (and their various parameters), it’s possible to scramble data with many layers of obfuscation. For example, on common technique for encrypting malicious scripts combines all three of the functions described in this article. The structure of such technique looks like this:

       

      Hidden Content

        Give reaction to this post to see the hidden content.

       

       

      [align=center]Additional resources

      [/align]

      Into this decoding/ecoding stuff? You may also enjoy these fine functions..

      Hidden Content

        Give reaction to this post to see the hidden content.
      — Split a string into smaller chunks

      Hidden Content

        Give reaction to this post to see the hidden content.
      — Uuencode a string

      Hidden Content

        Give reaction to this post to see the hidden content.
      — Compress a string

      Hidden Content

        Give reaction to this post to see the hidden content.
      — Uncompress a compressed string

      Hidden Content

        Give reaction to this post to see the hidden content.
      — Create a gzip compressed string

       

      All good hack!!

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this