Created
January 22, 2021 21:08
-
-
Save unk9vvn/4d6da81db718e0c9dc65f202480da9f1 to your computer and use it in GitHub Desktop.
obfuscation results in a php script without any alphabet character. by default this script processes stdin as input file and writes the obfuscated php code to the stdout.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/python3 | |
| # v3 | |
| # ┌──(unk9vvn㉿mrt3acher)-[~] | |
| # └─$ sudo chmod +x under-cover.py | |
| # ┌──(unk9vvn㉿mrt3acher)-[~] | |
| # └─$ cat in.php | python3 under-cover.py > out.php | |
| # ┌──(unk9vvn㉿mrt3acher)-[~] | |
| # └─$ python3 under-cover.py -i in.php -o out.php | |
| import argparse | |
| import sys | |
| import re | |
| class UnderCoverObf: | |
| def __init__(self, args): | |
| self.args = args | |
| self.debug = args.debug | |
| self.res = '' | |
| def string(self, inp): | |
| self._('$_=[];$_=@"$_";$_=$_[0];') # we have 'A' now | |
| self._('$__="";') # result variable | |
| for i in inp: | |
| char = i.upper() | |
| if 65 <= ord(char) <= 90: # not from A to Z | |
| diff = ord(char) - ord('A') | |
| self._('$__.="$_";') | |
| self._('$__++;' * diff) | |
| else: | |
| if char == '"': # escape if it's double quatation | |
| char = '\\"' | |
| self._(f'$__.="{char}";') | |
| # make it debuggable | |
| if self.debug: | |
| self._('print $__;') | |
| return self.res | |
| def one_arg_func(self, func, arg): | |
| self.string(func) | |
| self._('$___="$__";') # store it in another php variable | |
| self.string(arg) | |
| # now we have func in $___ and arg in $__ | |
| self._('$___($__);') | |
| return self.res | |
| def assert_script(self, script): | |
| content = script.read() | |
| php_blocks = content.count('<?') | |
| if php_blocks != 1: | |
| raise Exception('[X] input file should only contain one php code block (<?php ... ?> or <? ... ?>)') | |
| m = re.match('\<\?php(.*)\?\>', content, re.DOTALL) | |
| content = m.group(1) | |
| # remove new lines | |
| content = content.replace('\n', '') | |
| self.one_arg_func('assert', content) | |
| return self.res | |
| def _(self, add_res): | |
| self.res += add_res | |
| if self.debug: | |
| self.res += '\n' | |
| if __name__ == '__main__': | |
| parser = argparse.ArgumentParser(description='obfuscation results in a php script without any alphabet character. by default this script processes stdin as input file and writes the obfuscated php code to the stdout.') | |
| parser.add_argument('--in-file', '-i', nargs='?', type=argparse.FileType('r'), default=sys.stdin) | |
| parser.add_argument('--out-file', '-o', nargs='?', type=argparse.FileType('w'), default=sys.stdout) | |
| parser.add_argument('--debug', '-d', action='store_true', help='do obfuscation but make it easier to debug the result code.') | |
| subparsers = parser.add_subparsers(title='mode', dest='mode') | |
| # string mode | |
| sub_string = subparsers.add_parser('string') | |
| sub_string.add_argument('input', type=str) | |
| # function mode | |
| sub_function = subparsers.add_parser('function') | |
| sub_function.add_argument('function_name', type=str) | |
| sub_function.add_argument('argument', type=str) | |
| # assertize | |
| # sub_assertize = subparsers.add_parser('assertize') | |
| args = parser.parse_args() | |
| obf = UnderCoverObf(args) | |
| mode = args.mode | |
| out = args.out_file | |
| try: | |
| if mode == 'string': | |
| res = obf.string(args.input) | |
| elif mode == 'function': | |
| res = obf.one_arg_func(args.function_name, args.argument) | |
| else: | |
| res = obf.assert_script(args.in_file) | |
| except Exception as e: | |
| print(e) | |
| exit() | |
| # make it runnable | |
| res = f'<?php {res}' | |
| out.write(res) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment