Non-alpha PHP code I guess the fun can begin all over again :D [www.thespanner.co.uk] http://sla.ckers.org/forum/read.php?24,36986,36986#msg-36986 Fri, 24 May 2013 02:55:01 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?24,36986,36995#msg-36995 Re: Non-alpha PHP code http://sla.ckers.org/forum/read.php?24,36986,36995#msg-36995
[hackvertor.co.uk]

Quoteless, underscoreless, this calls assert and chr for every char and will allow you to generate anything.]]> Gareth Heyes Obfuscation Mon, 26 Sep 2011 12:41:41 -0500 http://sla.ckers.org/forum/read.php?24,36986,36990#msg-36990 Re: Non-alpha PHP code http://sla.ckers.org/forum/read.php?24,36986,36990#msg-36990 @$§[]=$§;

So here we need to convert it to strings and get "_" for complete non-alpha without quotes or underscore. I wonder how small it can get? :D

Here's how to get underscore: $§[]=$§;$§=$§.$§;$§§=+$§;$§[+$§§++]|($§[$§§+$§§+$§§]^);

I started work on a basic generator, lots of chars still missing; 


(function(){   

//externals
params = ['Ϩ'];
code = 'array0123456789';
//end externals

           var i,        
           output = '', lookup;
    output += '<?php\n';
    output += '$'+params[0]+'[]=$'+params[0]+';';
    output += '$'+params[0]+'=$'+params[0]+'.$'+params[0]+';';
    output += '$'+params[0]+''+params[0]+'=+$'+params[0]+';';
    output += '$'+params[0]+''+params[0]+''+params[0]+'=$'+params[0]+'[+$'+params[0]+''+params[0]+'++]|($'+params[0]+'[$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+']^);';       
    lookup = {
                0:'(+$'+params[0]+')',
                1:'($'+params[0]+''+params[0]+')',
                2:'($'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+')',
                3:'($'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+')',
                4:'($'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+')',
                5:'($'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+')',
                6:'($'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+')',
                7:'($'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+')',
                8:'($'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+')',
                9:'($'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+')',
                '_':'$'+params[0]+''+params[0]+''+params[0],
                'A':'$'+params[0]+'[+$'+params[0]+']',
                'a':'$'+params[0]+'[$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+']',
                'r':'$'+params[0]+'[$'+params[0]+''+params[0]+']',
                'y':'$'+params[0]+'[$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+']',
                's':'($'+params[0]+'[$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+']|'+'$'+params[0]+'[$'+params[0]+''+params[0]+'])',
                'p':'($'+params[0]+'[$'+params[0]+''+params[0]+']&'+'$'+params[0]+'[$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'+$'+params[0]+''+params[0]+'])',
                'R':'($'+params[0]+'[$'+params[0]+''+params[0]+']'
    };
    output += '\n?>';
    output += '<?php\n';
    output += code.replace(/./g,function(c){
        if(lookup[c]) {
            return '.('+lookup[c]+')';
        } else {
            return c;
        }
    }).replace(/^[.]/,'');       
    output += '\n?>';
    return output;
})();
]]> Gareth Heyes Obfuscation Thu, 22 Sep 2011 19:05:12 -0500 http://sla.ckers.org/forum/read.php?24,36986,36988#msg-36988 Re: Non-alpha PHP code http://sla.ckers.org/forum/read.php?24,36986,36988#msg-36988
Ex: 
$create_function = '`pd`td_dtl`thll'|'cbaa`a_babc`acb';
$register_shutdown_function = 'pddhptdp_phttdltl_dtl`thll'|'bacac`ab_c`a``ccb_babc`acb';

$shell = 'var_dump(123);';

$register_shutdown_function($create_function('', $shell));

Here all the var names can be changed, but you can still get the func names as strings without actually writing them. This would make it impossible to find just by grepping through the source.


Half-assed code to generate the strings: 
$str='create_function';
$part1 = '';
$part2 = '';
for($a=0;$a<strlen($str);$a+=1){
  $chr = $str[$a];
  if($chr < 'a' || $chr > 'z'){
    $part1.=$chr;
    $part2.=$chr;
    continue;
  }
  $num = ord($chr);
  $bin = substr(str_pad(base_convert($num, 10, 2), 8, '0', STR_PAD_LEFT), 0, 8);
  $part1.=chr(base_convert('011'.substr($bin,3,3).'00', 2, 10));
  $part2.=chr(base_convert('011000'.substr($bin,6,2), 2, 10));
}
var_dump(
  $part1,
  $part2,
  $part1 | $part2
);
]]> barbarianbob Obfuscation Thu, 22 Sep 2011 18:26:38 -0500 http://sla.ckers.org/forum/read.php?24,36986,36986#msg-36986 Non-alpha PHP code http://sla.ckers.org/forum/read.php?24,36986,36986#msg-36986
[www.thespanner.co.uk]]]> Gareth Heyes Obfuscation Thu, 22 Sep 2011 11:59:47 -0500