logo blog
Welcome to Ateng go blog
I hope what I share here can be useful to us
Thanks to you all for visiting my blog

Step editing PHP Function that uses Encode Bytecode

Some premium wordpress theme that we buy sometimes deliberately provided with Bytecode encoding by the developer (PHP files), examples are premuim wordpress theme that I got this.

Examples of my wordpress themes contained Bytecode decoding, for example:


<?php $_F=__FILE__;$_X='Pz48P3A5cA0KDQo3dW5jdGlvbiAwcHQ5M20zc25vMF9zM3R0aW5ncygkazN5KSB7DQoNCglnOG9iNTggJHMzdHRpbmdzOw0KDQoJMjN0dTJuICRzM3R0aW5nc1skazN5XTsNCg0KfQ0';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIo........................

base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCdqd3ZhcmhlZmw4NzM5MjU0MDYnLCc2MDQ1MjkzNzhsZmVocmF2d2onKTskX1I9ZXJlZ19yZXBsYWNlKF9fRklMRV9fLCRfRiwkX1gpO2V2YWwoJF9SKTskX1I9MDskX1g9MDs=')); ?>


With Bytecode encoding means it can not if we want to change the layout of a function or a particular part of the code of this theme, even if we've paid for it, we can not.

Obviously this is a bit frustrating, but it is possible to reverse engineer the file as follows to make the changes you need. I myself need 2 days to find a way on the internet. And here I will share with you now.

Here are the steps you need to do to change the PHP function that is secured by encoding Bytecode:

  • The three component parts
Each file has 3 main parts to it:
$_F=__FILE__;

$_X='a-string-of-text-and-numbers';

eval(base64_decode('a-string-of-text-and-numbers');


These parts are as follows:
$_F - a holder to do the ereg_replace of the obfuscater code with the unencryption keys

$_X - the encrypted PHP code

eval(base64_decode() - the decryption code for $_X

  • Getting the decryption code
To get the decryption code, we need to change the eval(base64_decode()); code to be an echo instead.

In our case above this would be:
echo(base64_decode(‘a-string-of-text-and-numbers’); and this gives us the decryption code for the main $_X values;
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;

If we break this apart into it’s core lines we have:
//decode our main string with base64_decode
$_X=base64_decode($_X);
//replace obfuscater characters in the result with the correct ones
$_X=strtr($_X,'123456aouie','aouie123456');
//replace the contents of $_R with our unencrypted file/PHP code
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);
//run the contents of the unencrypted file/PHP code
eval($_R);
//clear the contents of $_R so you can't access it
$_R=0;
//clear the contents of $_X so you can't access it
$_X=0;


  • Decrypting the encoded code
So now we just need to run the decryption code as far as it replacing the contents of $_R with the un-encrypted result, and echo that out to the screen.


  • Here’s the code:
//decode our main string with base64_decode
$_X=base64_decode($_X);
//replace obfuscater characters in the result with the correct ones
$_X=strtr($_X,'123456aouie','aouie123456');
//replace the contents of $_R with our unencrypted file/PHP code
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);
//print the contents of the unencrypted file/PHP code
echo($_R);


  • Final code
So we end up with:

<?php
$_F=__FILE__;
$_X='a-string-of-text-and-numbers';
$_X=base64_decode($_X);
$_X=strtr($_X,'123456aouie','aouie123456');
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);
echo $_R;
?>

Done.. And we can now make the changes we need. 


NOTE: The use of this article is not my responsibility, but entirely your own responsibility

Enter your email address to get update from Ateng go blog.
Print PDF
Next
« Prev Post
Previous
Next Post »
Copyright © 2013. ateng go blog - All Rights Reserved | Template by Kompi Ajaib Proudly powered by Blogger