how do i go about decrypting php code?

[pushyr]

i've been handed some php code that i need to decrypt.

this is the first i've come across encryption and decryption for php (sounds pretty useful for protecting scripts!!)

ok, here is a sample of the encrypted code. the person that handed it to me couldn't provide any more info.

how would i go about decrypting it? i'm thinking that there are various types of encryption right?




Û©çZɯKª¯•]¸Xn?Áõ~?âyÊ~Êç4Îw¿7Ù?%ÛËo€?(lÅçKu€:ÍsçÛPÃË|
ã?µÛ? '?«FÍç¶À‘@/ZPoÄ?e§? |?@?
2jK?
{?H?A¯¿4Ìp}ÉÙ>!–ê9V#;Ï3ÛB “oÔ‚Z„„£r%ŒèH® )Q¬âç?¢º(jøù

 

[rkolva]

Oh yeah, there are a bunch of publicly recognized encryption algorithms (DES, 3DES, Blowfish, RC4, etc.) and if it's one of those your chances of decoding without knowing the key is pretty slim. If you know where this code was called from I would look there for some clue to how this was decoded, maybe a reference to the algorithm of key.

It could also just be some sort of XOR encryption or bit-shift thing in which you might want to try a couple of simple things like character substitution or string transformation to shift the characters up or down the ASCII or Unicode character set.

I've done a little encryption coding and research and quickly learned to leave the algorithms to those much smarter than I. If it were me I would spend an hour or two trying XOR or bit shift but outside of that you may wind up giving yourself a good headache.

Good luck

Ralph

 

[pushyr]

ok, thanks Ralph!

 

[webdev007]

It could very well be the result of ZEND or IonCube.

Crypting is not free, reading is;

if this is ioncube then you need to know a few details about your setting in orfer to d-load and install the correct decoder

 

[pushyr]

actually it is ZEND... what would be my first step?

 

[webdev007]

Since it is ZEND
go on the ZEND site and found about using ZEND decrypt
next you need to edit your php
go to its very bottom

and add on the top of any other Zend line any missing lines
something like
zend_extension_manager.optimizer=/usr/local/zend/lib/Optimizer-3.2.2
zend_extension_manager.optimizer_ts=/usr/local/zend/lib/Optimizer_TS-3.2.2
zend_optimizer.version=3.2.2
zend_extension=/usr/local/zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/zend/lib/ZendExtensionManager_TS.so

 

[jpadie]

next you need to edit your php
[/quote

should read [red]php.ini[/red] remember to restart your webbrowser afterwards.

however are you (webdev006) sure that this will allow decrypting of the code for editing? it will 'run' the code, of course.

 

[webdev007]

Of course it should have been typed as "ini." thanks for that.

and the paths need also to point correctly as per the very onw set of server details

as far as decrypting is concerned I am not one 100% sure
but it might need some handshake between the crypt and decrypt ZEND scripts
if not everyone would be able to decrypt anything

my guess is the "key" is within the original server
so they both were able to initiate that handshake/"unique-key"

 

[jpadie]

i think tools like zend and IONCube are not true encryption tools. it's more that they obfuscate the code to a high degree. the code is deobfuscated and executed on the fly by the zend extensions. but i do not think it is fully rendered deobfuscated and then saved in a nice format back to the file system.

but as with all these things, 'dezend' tools do exist. just google for them.

as always, make sure that it is lawful for you to dezend the file. i.e. that your licence to use it includes the right to dezend and/or use the dezended file. if someone has taken the trouble to obfuscate their code it could well be taken that they don't want you editing it!

 

[webdev007]

Within the crypted zend is a call to the script owner server
and actually the handshake consists in verif license number, expiration date etc..
it sometimes goes further when it is only supposed to have a unique user on a unique server.