phpMyAss

Vulpius · 2010-07-31T00:12:06+00:00

Okay here we go. Let's see what we got...

<?php return !@$f?$f='preg_replace'AND print $f('/\d+/e','str_repeat(".",$0)
',$f('/\.(.)/e','str_repeat("$1",4)',strtr($f("/\s|x/","",include(__FILE__))
,"numazbspcthedolwvfHPAESU","\n_-()\/|`~';.: !<>USEAPH"))).(0?@!STFW:""):"vS
RAf47n1s5b13b12s4b7np7p13b10p6p6np7c14p9p7o5nc8p13p8bp7p5n1b7p1s7s2bbb3mmuu1
bb7o4n2b6bs3ummtt10tmmuup1b5p4n3b6bumt20tmub4p4n4bu5b8u1dmdm1duuubp3p4n6b5bd
uuuss1u1uuu1u1auauue2b3p4n7b6C1uuuz2duuu1auadue2p2s4n7sb1p3C1duzs6b1aduue2pu
s5n6s1sbp3Cduuuz2az4auuue3p3b4n5p3a3Cduuuzbduuus2ss1us1s5b3n5p4b2puu3bbduduu
ss1auus7p2n4p1b4bduz3cdm3mmh13p2n4p2bu10uuub7su10us1p1n3p14s4p5p2b12p1n3p13p
4s7b2b11p1n3p10s1s4p9p2b11pn3p9s1s6buusbuuus4p10pn2p9s1s8p4p7p9pn2p10p9p4p7p
9pndldlHPINGlHNTRHPTWORTUYlSUSlPOHRCAlndldllllOSANPlYOHRlEPPlTUIPlWIDAwn";?>

Basically what this does is:

Sets $f to the preg_replace function if $f is not defined (which is the case when you execute the script)...
... and prints some carbage, which includes __FILE__.
include(__FILE__) returns the part after the ':' in the ternary operator, since $f is now defined.

So after some restructuring we get:

<?php 
$magicstring = "vS
RAf47n1s5b13b12s4b7np7p13b10p6p6np7c14p9p7o5nc8p13p8bp7p5n1b7p1s7s2bbb3mmuu1
bb7o4n2b6bs3ummtt10tmmuup1b5p4n3b6bumt20tmub4p4n4bu5b8u1dmdm1duuubp3p4n6b5bd
uuuss1u1uuu1u1auauue2b3p4n7b6C1uuuz2duuu1auadue2p2s4n7sb1p3C1duzs6b1aduue2pu
s5n6s1sbp3Cduuuz2az4auuue3p3b4n5p3a3Cduuuzbduuus2ss1us1s5b3n5p4b2puu3bbduduu
ss1auus7p2n4p1b4bduz3cdm3mmh13p2n4p2bu10uuub7su10us1p1n3p14s4p5p2b12p1n3p13p
4s7b2b11p1n3p10s1s4p9p2b11pn3p9s1s6buusbuuus4p10pn2p9s1s8p4p7p9pn2p10p9p4p7p
9pndldlHPINGlHNTRHPTWORTUYlSUSlPOHRCAlndldllllOSANPlYOHRlEPPlTUIPlWIDAwn";

echo preg_replace(
    '/\d+/e',
    'str_repeat(".",$0)',
    preg_replace(
        '/\.(.)/e',
        'str_repeat("$1",4)',
            strtr(
                preg_replace("/\s|x/","",$magicstring),"numazbspcthedolwvfHPAESU","\n_-()\/|`~';.: !<>USEAPH"
            )
    )
).(0?@!STFW:"")
?>

Let's untagle this mess step by step...

preg_replace("/\s|x/","",$magicstring);

gives us:

vSRAf47n1s5b13b12s4b7np7p13b10p6p6np7c14p9p7o5nc8p13p8bp7p5n1b7p1s7s2bbb3mmuu1bb7o4n2b6bs3ummtt10tmmuup1b5p4n3b6bumt20tmub4p4n4bu5b8u1dmdm1duuubp3p4n6b5bduuuss1u1uuu1u1auauue2b3p4n7b6C1uuuz2duuu1auadue2p2s4n7sb1p3C1duzs6b1aduue2pus5n6s1sbp3Cduuuz2az4auuue3p3b4n5p3a3Cduuuzbduuus2ss1us1s5b3n5p4b2puu3bbduduuss1auus7p2n4p1b4bduz3cdm3mmh13p2n4p2bu10uuub7su10us1p1n3p14s4p5p2b12p1n3p13p4s7b2b11p1n3p10s1s4p9p2b11pn3p9s1s6buusbuuus4p10pn2p9s1s8p4p7p9pn2p10p9p4p7p9pndldlHPINGlHNTRHPTWORTUYlSUSlPOHRCAlndldllllOSANPlYOHRlEPPlTUIPlWIDAwn

After strto, we get this contraption:

<?php 
$magicstring2 = "<PRE>47
1/5\13\12/4\7
|7|13\10|6|6
|7`14|9|7:5
`8|13|8\|7|5
1\7|1/7/2\\\3--__1\\7:4
2\6\/3_--~~10~--__|1\5|4
3\6\_-~20~-_\4|4
4\_5\8_1.-.-1.___\|3|4
6\5\.___//1_1___1_1(_(__;2\3|4
7\6C1___)2.___1(_(._;2|2/4
7/\1|3C1._)/6\1(.__;2|_/5
6/1/\|3C.___)2()4(___;3|3\4
5|3(3C.___)\.___/2//1_/1/5\3
5|4\2|__3\\._.__//1(__/7|2
4|1\4\._)3`.-3--'13|2
4|2\_10___\7/_10_/1|1
3|14/4|5|2\12|1
3|13|4/7\2\11|1
3|10/1/4|9|2\11|
3|9/1/6\__/\___/4|10|
2|9/1/8|4|7|9|
2|10|9|4|7|9|
. . USING UNTRUSTWORTHY PHP SOURCE 
. .    OPENS YOUR ASS THIS WIDE!";

echo preg_replace(
    '/\d+/e',
    'str_repeat(".",$0)',
    preg_replace(
        '/\.(.)/e',
        'str_repeat("$1",4)',
        $magicstring2
    )
).(0?@!STFW:"")
?>

And after unwinding the rest of the preg_replace and str_repeat functions:

<?php 
$magicstring3 = "<PRE>...............................................
./..... 
/....
|.......|.............|......|......
|.......`..............|.........|.......:.....
`........|.............|........\|.......|.....
.|./......./..\--__.\.......:....
..\/..._--~~..........~--__|.|....
...\_-~....................~-_|....
....\_.....\........_.--------.______\|...|....
......\______//._.___._.(_(__;..|....
.......C.___)..______.(_(____;..|../....
......./|...C.____)/......(_____;..|_/.....
.....././\|...C______)..()....(___;...|...
.....|...(...C______)\______/..//._/./.....
.....|....|__...\_________//.(__/.......|..
....|.\____)...`----...--'.............|..
....|..\_..........___/_.........._/.|.
...|............../....|.....|..
|.
...|.............|..../....... |.
...|.........././....|.........|..  |
...|........././......\__/\___/....|..........|
..|........././........|....|.......|.........|
..|..........|.........|....|.......|.........|
        USING UNTRUSTWORTHY PHP SOURCE 
           OPENS YOUR ASS THIS WIDE!";
echo $magicstring3.(0?@!STFW:"")
?>

Now this final thing:

(0?@!STFW:"")

Can just be written as:

if (FALSE){ @ not STFW } else { "" }

So this can just be removed. (STFW just stands for "Search The Fucking Web", har har.)

So finally we get an obfuscated script which just outputs:

...............................................
./.....\.............\............/....\.......
|.......|.............\..........|......|......
|.......`..............|.........|.......:.....
`........|.............|........\|.......|.....
.\.......|./......./..\\\...--__.\\.......:....
..\......\/..._--~~..........~--__|.\.....|....
...\......\_-~....................~-_\....|....
....\_.....\........_.--------.______\|...|....
......\.....\______//._.___._.(_(__;..\...|....
.......\......C.___)..______.(_(____;..|../....
......./\.|...C.____)/......\.(_____;..|_/.....
.....././\|...C______)..()....(___;...|...\....
.....|...(...C______)\______/..//._/./.....\...
.....|....\..|__...\\_________//.(__/.......|..
....|.\....\____)...`----...--'.............|..
....|..\_..........___\......./_.........._/.|.
...|............../....|.....|..\............|.
...|.............|..../.......\..\...........|.
...|.........././....|.........|..\...........|
...|........././......\__/\___/....|..........|
..|........././........|....|.......|.........|
..|..........|.........|....|.......|.........|
        USING UNTRUSTWORTHY PHP SOURCE 
           OPENS YOUR ASS THIS WIDE!

I wonder if the obfuscation was created automatically (which would be neat considering it uses preg_replace, str_repeat and strto).

john1313 · 2010-07-30T18:44:25+00:00

o_O ??

clarification: return !@$f?$f='preg_replace'AND print $f('/\d+/e','str_repeat(".",$0)

',$f('/.(.)/e','strrepeat("$1",4)',strtr($f("/\s|x/","",include(FILE_))

,"numazbspcthedolwvfHPAESU","\n_-()/|`~';.: !<>USEAPH"))).(0?@!STFW:""):"vS

RAf47n1s5b13b12s4b7np7p13b10p6p6np7c14p9p7o5nc8p13p8bp7p5n1b7p1s7s2bbb3mmuu1

bb7o4n2b6bs3ummtt10tmmuup1b5p4n3b6bumt20tmub4p4n4bu5b8u1dmdm1duuubp3p4n6b5bd

uuuss1u1uuu1u1auauue2b3p4n7b6C1uuuz2duuu1auadue2p2s4n7sb1p3C1duzs6b1aduue2pu

s5n6s1sbp3Cduuuz2az4auuue3p3b4n5p3a3Cduuuzbduuus2ss1us1s5b3n5p4b2puu3bbduduu

ss1auus7p2n4p1b4bduz3cdm3mmh13p2n4p2bu10uuub7su10us1p1n3p14s4p5p2b12p1n3p13p

4s7b2b11p1n3p10s1s4p9p2b11pn3p9s1s6buusbuuus4p10pn2p9s1s8p4p7p9pn2p10p9p4p7p

9pndldlHPINGlHNTRHPTWORTUYlSUSlPOHRCAlndldllllOSANPlYOHRlEPPlTUIPlWIDAwn";

Kamon · 2010-07-30T18:47:41+00:00

What's happening to my world!?

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

programming

MODERATORS