Security issue
Brought to you by:
kuni_pm9
Menu
▾
▴
#4 Security issue
open
nobody
None
5
2003-05-03
2003-05-03
Anonymous
No
To decrypt an encrypted php script is enough to follow
the following steps:
- open php_screw.so with a disassebler (for example ldasm)
- find the keyword pm9screw_mycryptkey
- take the "file offset" info
- open php_screw.so with an hexeditor (vi, hexedit,
whatever, ...)
- go to the offset taken from ldasm
- read 10 bytes
You have the key to decrypt php-screw encrypted scripts
than...
- use the following code to decrypt the script:
FILE *fp;
char *data;
char *res;
int len;
int i;
fp = fopen(encrypted_script, "r");
len = fseek(fp, 0L, SEEK_END);
fseek(fp, 0L, SEEK_SET);
fread(data, len, 1, fp);
for(i = 0 ; i < len ; i++)
{
res[i] = ~(data[i] ^ pm9screw_mycryptkey[(len -
i) % (sizeof(pm9screw_mycryptkey) / 2]);
}
... encryption should first of all secure...
why don't use a well known secure cipher like 3DES ,
Blowfish, Twofish, CAST, etc.?
Logged In: NO
Hah hah hah!!! Have anyone tried show_source()???