{"id":343,"date":"2015-07-13T12:28:09","date_gmt":"2015-07-13T09:28:09","guid":{"rendered":"https:\/\/furkansandal.com\/sitesunucu\/?p=343"},"modified":"2015-07-13T12:43:02","modified_gmt":"2015-07-13T09:43:02","slug":"php-keystroke-sifrelemesini-kirmak-cozmek","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/php-keystroke-sifrelemesini-kirmak-cozmek\/","title":{"rendered":"PHP Keystroke \u015eifrelemesini K\u0131rmak, \u00c7\u00f6zmek"},"content":{"rendered":"

\u00c7al\u0131\u015ft\u0131\u011f\u0131m yerde \u015firketten ayr\u0131lan programc\u0131 arkada\u015f\u0131m baz\u0131 kodlar\u0131n\u0131 \u015fifrelemi\u015f. Bu k\u0131s\u0131mlarda redeclare hatas\u0131 meydana gelince kodlar\u0131 \u00e7\u00f6zmek gerekti. Ioncube gibi bir\u015fey de\u011fil genel olarak wordpress, joomla gibi cms\u2019lerde kar\u015f\u0131la\u015faca\u011f\u0131m\u0131z PHP kodu \u015fifreleme y\u00f6ntemi kullan\u0131lm\u0131\u015f.<\/p>\n

\"\u015eifreleme\"<\/a>Bu \u015fifreleme y\u00f6ntemi i\u00e7in keystroke \u015fifrelemesi diyebiliriz. \u015eifreleme i\u00e7in base64_decode kullan\u0131lm\u0131\u015f. Ayr\u0131ca gzdeflate ile s\u0131k\u0131\u015ft\u0131r\u0131lan verilerin \u00e7\u00f6z\u00fcm\u00fc i\u00e7in gzinflate fonksiyonu kullan\u0131lm\u0131\u015f. \u015eifrelenmi\u015f veriyi g\u00f6relim. Kod b\u00f6l\u00fcm\u00fcn\u00fc \u2018\u015fifreli veriler burada\u2019 \u015feklinde de\u011fi\u015ftiriyorum g\u00fcvenlik i\u00e7in. Siz kendinize g\u00f6re uyarlayabilir algoritmay\u0131 anlay\u0131p farkl\u0131 tarzda benzer \u015fifreleme y\u00f6ntemlerini k\u0131rabilirsiniz.<\/p>\n

\r\n<?php\r\n \/* Ne arad\u00c4\u00b1ysan yok burda *\/\r\n$keystroke1 = <a href="http:\/\/www.php.net\/base64_decode">base64_decode<\/a>("d2RyMTU5c3E0YXllejd4Y2duZl90djhubHVrNmpoYmlvMzJtcA==");\r\n\u00a0\r\n<a href="http:\/\/www.php.net\/eval">eval<\/a>(<a href="http:\/\/www.php.net\/gzinflate">gzinflate<\/a>(<a href="http:\/\/www.php.net\/base64_decode">base64_decode<\/a>('hY69DsIgFIVf5QwMENGUuWH0QZTeKrFekgsMxvTdLWlqTBfX8\/uNlUOJiSGpEIc0kFa5SOSbVZdnqlwM3lAPesEj1+vifQPoLJzpEUe9KBPx5hjvXasJlSqMcBedZNBtxeCAbbjHDJoy\/U\/i1PjOK9+ewlns7o\/O2N+X+QM=')));\r\n\u00a0\r\n$O0O0O0O0O0O0=$keystroke1[2].$keystroke1[32].$keystroke1[20].$keystroke1[11].$keystroke1[23].$keystroke1[15].$keystroke1[32].$keystroke1[1].$keystroke1[11];\r\n\u00a0\r\n$keystroke2 = $O0O0O0O0O0O0("\u201eq>BF\u20ac~An\u2020r\u2021D\u2026pt{sl\u0081\u0192E{y\u201axCwuov|@?z}", -13);\r\n$OO000OO000OO=$keystroke2[16].$keystroke2[12].$keystroke2[31].$keystroke2[23].$keystroke2[18].$keystroke2[24].$keystroke2[9].$keystroke2[20].$keystroke2[11];\r\n\u00a0\r\n$O0000000000O=$keystroke1[30].$keystroke1[9].$keystroke1[6].$keystroke1[11].$keystroke1[27].$keystroke1[8].$keystroke1[19].$keystroke1[1].$keystroke1[11].$keystroke1[15].$keystroke1[32].$keystroke1[1].$keystroke1[11];\r\n<a href="http:\/\/www.php.net\/eval">eval<\/a>($OO000OO000OO(<a href="http:\/\/www.php.net\/base64_decode">base64_decode<\/a>('\u015fifreli veriler burada')));\r\n?><\/pre>\n
\u015fifreli veriler b\u00f6yle. Burada keystroke de\u011ferlerini \u00e7\u00f6z\u00fcmledim \u00f6ncelikle daha rahat olmas\u0131 i\u00e7in. \u015e\u00f6yle ki;<\/p>\n
<?php\r\n \/* Ne arad\u0131ysan yok burda *\/\r\n$keystroke1 = 'wdr159sq4ayez7xcgnf_tv8nluk6jhbio32mp';\r\n\u00a0\r\nfunction rotencode($string,$amount) { $key = <a href="http:\/\/www.php.net\/substr">substr<\/a>($string, 0, 1); if(<a href="http:\/\/www.php.net\/strlen">strlen<\/a>($string)==1) { return <a href="http:\/\/www.php.net\/chr">chr<\/a>(<a href="http:\/\/www.php.net\/ord">ord<\/a>($key) + $amount); } else { return <a href="http:\/\/www.php.net\/chr">chr<\/a>(<a href="http:\/\/www.php.net\/ord">ord<\/a>($key) + $amount) . rotEncode(<a href="http:\/\/www.php.net\/substr">substr<\/a>($string, 1, <a href="http:\/\/www.php.net\/strlen">strlen<\/a>($string)-1), $amount); }}\r\n\u00a0\r\n$O0O0O0O0O0O0='rotencode';\r\n$OO000OO000OO='gzinflate';\r\n$O0000000000O='base64_decode';\r\n\u00a0\r\n$x = <a href="http:\/\/www.php.net\/base64_decode">base64_decode<\/a>('\u015fifreli veriler burada');\r\n\u00a0\r\n$out = <a href="http:\/\/www.php.net\/gzinflate">gzinflate<\/a>($x);\r\n\u00a0\r\necho $out.'<hr>';\r\n\u00a0\r\n\u00a0\r\n?>\r\n<\/pre>\n
Daha sonra birde bakt\u0131m $out\u2019tan \u00e7\u0131kan veride \u015fifrelenmi\u015f \u015fekilde;<\/p>\n
\r\n<pre class="php"><a href="http:\/\/www.php.net\/eval">eval<\/a>($OO000OO000OO(<a href="http:\/\/www.php.net\/base64_decode">base64_decode<\/a>('yeni \u015fifreli veriler burada')));\r\n<\/pre>\n
Tekrar tekrar eval yerine print_r yazarak a\u00e7maya \u00e7al\u0131\u015ft\u0131m bakt\u0131m olmuyor en sona bir for d\u00f6ng\u00fcs\u00fc koydum ve eval olmayan veriye kadar d\u00f6nd\u00fcrd\u00fcm. O son b\u00f6l\u00fcm\u00fc dikkatli inceleyin. A\u00e7\u0131lan yeni \u015fifreli veriler i\u00e7erisinde \u201ceval($OO000OO000OO(base64_decode(\u201d b\u00f6l\u00fcm\u00fcn\u00fc kald\u0131r\u0131p kendim bu fonksiyonlar\u0131 manuel uygulad\u0131m(eval hari\u00e7). d\u00f6nen de\u011fer tekrar tekrar sorgulan\u0131p eval bulunmayan as\u0131l kodlara gelene kadar d\u00f6nd\u00fc.<\/p>\n
\u0130\u015fte for d\u00f6ng\u00fcl\u00fc son hali;<\/p>\n
\r\n<?php\r\n \/* Ne arad\u0131ysan yok burda *\/\r\n$keystroke1 = 'wdr159sq4ayez7xcgnf_tv8nluk6jhbio32mp';\r\n\u00a0\r\nfunction rotencode($string,$amount) { $key = <a href="http:\/\/www.php.net\/substr">substr<\/a>($string, 0, 1); if(<a href="http:\/\/www.php.net\/strlen">strlen<\/a>($string)==1) { return <a href="http:\/\/www.php.net\/chr">chr<\/a>(<a href="http:\/\/www.php.net\/ord">ord<\/a>($key) + $amount); } else { return <a href="http:\/\/www.php.net\/chr">chr<\/a>(<a href="http:\/\/www.php.net\/ord">ord<\/a>($key) + $amount) . rotEncode(<a href="http:\/\/www.php.net\/substr">substr<\/a>($string, 1, <a href="http:\/\/www.php.net\/strlen">strlen<\/a>($string)-1), $amount); }}\r\n\u00a0\r\n$O0O0O0O0O0O0='rotencode';\r\n$OO000OO000OO='gzinflate';\r\n$O0000000000O='base64_decode';\r\n\u00a0\r\n$x = <a href="http:\/\/www.php.net\/base64_decode">base64_decode<\/a>('\u015fifreli veriler burada');\r\n\u00a0\r\n$out = <a href="http:\/\/www.php.net\/gzinflate">gzinflate<\/a>($x);\r\n\u00a0\r\necho $out.'<hr>';\r\n\u00a0\r\n\u00a0\r\nfor($x=0; $x<=20; $x++)\r\n\t{\r\n\t$out = <a href="http:\/\/www.php.net\/substr">substr<\/a>($out,34,-5);\r\n\t$out = <a href="http:\/\/www.php.net\/gzinflate">gzinflate<\/a>(<a href="http:\/\/www.php.net\/base64_decode">base64_decode<\/a>($out));\r\n\t<a href="http:\/\/www.php.net\/print_r">print_r<\/a>($out);\r\n\tif(<a href="http:\/\/www.php.net\/substr">substr<\/a>($out,0,4) != 'eval') <a href="http:\/\/www.php.net\/exit">exit<\/a>();\r\n\techo '<hr>';\r\n\t}\r\n\u00a0\r\n\u00a0\r\n?><\/pre>\n
Nihayetinde kodlar kabak gibi a\u00e7\u0131ld\u0131.<\/p>\n
K\u00f6t\u00fc ama\u00e7larla kullanmay\u0131n kul hakk\u0131 yemeyin aksi halde sorumlu de\u011filim. Sadece sorun \u00e7\u0131kt\u0131\u011f\u0131nda m\u00fcdahale etmek i\u00e7in kulland\u0131m bende.<\/p>\n
\u0130yi \u00e7al\u0131\u015fmalar<\/p>\n
Furkan Sandal<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
\u00c7al\u0131\u015ft\u0131\u011f\u0131m yerde \u015firketten ayr\u0131lan programc\u0131 arkada\u015f\u0131m baz\u0131 kodlar\u0131n\u0131 \u015fifrelemi\u015f. Bu k\u0131s\u0131mlarda redeclare hatas\u0131 meydana gelince kodlar\u0131 \u00e7\u00f6zmek gerekti. Ioncube gibi…<\/p>\n","protected":false},"author":1,"featured_media":170,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,3],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2014\/07\/sunucu-guvenligi-k\u0131rm\u0131z\u0131-kilit.jpg?fit=460%2C268&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-5x","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/343"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=343"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/343\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/170"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}