Add decodeRecursive. Add ExplodeDelimiterWithApostropheException.

3 years ago · 76cd4c7752
--- a/README.md
+++ b/README.md
@ -20,15 +20,25 @@ Download the `zip` file and unzip them into a folder. All dependencies have been

 ## Usage

 ### Decode One File

 ```bash
 php bin/decode.php input.php output.php
 ```

 Call `bin/decode.php` decode `input.php` and save it to `output.php`.

 ## About EnPHP Bugs
 ### Decode All Files in A Directory

 ```bash
 php bin/decodeRecursive.php dir/
 ```

 Call `bin/decodeRecursive.php` decode all php files in `dir/` recursively and save it to its original path.

 **EnPHP is for php 5. There may be some problem is you use the obfuscated files on php 7.**
 **CAUTION: This will OVERWRITE all php files! If any error happened with the decoder, your files MAY NOT BE RECOVERED! Please backup your files!**

 ## About EnPHP Bugs

 See <docs/enphp_bugs.md>.

--- a/bin/decodeRecursive.php
+++ b/bin/decodeRecursive.php
@ -0,0 +1,76 @@
 <?php
 /**
 * EnPHP Decoder
 *
 * https://github.com/ganlvtech/php-enphp-decoder
 *
 * Copyright (C) 2019  Ganlv
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

 use Ganlv\EnphpDecoder\AutoDecoder;
 use Ganlv\EnphpDecoder\KnownEnphpBugs\KnownEnphpBugsException;

 error_reporting(E_ALL);

 require __DIR__ . '/../vendor/autoload.php';

 function endsWith($haystack, $needle)
 {
    $length = strlen($needle);
    if ($length == 0) {
        return true;
    }
    return (substr($haystack, -$length) === $needle);
 }

 function decodeRecursive($dir)
 {
    $files = scandir($dir);
    foreach ($files as $key => $value) {
        $path = realpath($dir . DIRECTORY_SEPARATOR . $value);
        if (!is_dir($path)) {
            if (endsWith($path, '.php')) {
                echo $path;
                $modified = false;
                try {
                    $code = file_get_contents($path);
                    $ast = AutoDecoder::parseFile($code);
                    $decoder = new AutoDecoder($ast);
                    $modified = $decoder->autoDecode();
                    if ($modified) {
                        file_put_contents($path, $decoder->prettyPrintFile());
                        echo '  Decoded.';
                    }
                } catch (KnownEnphpBugsException $e) {
                    echo '  Known EnPHP Bugs: ', $e->getMessage();
                } catch (Throwable $e) {
                    echo '  Decode error.', PHP_EOL;
                    echo $e->getTraceAsString();
                }
                if (!$modified) {
                    echo '  Unchanged.';
                }
                echo PHP_EOL;
            }
        } else {
            if ($value != '.' && $value != '..') {
                decodeRecursive($path);
            }
        }
    }
 }

 decodeRecursive($argv[1]);
--- a/docs/enphp_bugs.md
+++ b/docs/enphp_bugs.md
@ -1,77 +1,11 @@
 # About EnPHP Bugs

 **EnPHP is for php 5. There may be some problem is you use the obfuscated files on php 7.**
 ## explode delimiter with apostrophe

 **php 5.5 5.6 7.0 is no longer supported.** See [PHP: Supported Versions](http://php.net/supported-versions.php).

 EnPHP has bugs. The obfuscated files cannot even run properly on php 7. You shouldn't ask a decoder to recover a broken file to a normal file.

 See [PHP 5.x to 7.x: Changes to the handling of indirect variables, properties, and methods](http://php.net/manual/en/migration70.incompatible.php#migration70.incompatible.variable-handling.indirect).

 Here are some known EnPHP bugs running on php 7. They **WON'T** be fixed.

 ## Class Static Call

 ```php
 class Foo
 {
    public static function baz()
    {
        echo 'baz';
    }
 }

 class Bar extends Foo
 {
    public function __construct()
    {
        parent::baz();
    }
 }
 ```

 class Bar will be obfuscated like this

 ```php
 class Bar extends Foo
 {
    public function __construct()
    {
        parent::$GLOBALS[GLOBAL_VAR_KEY][0x0]();
    }
 }
 ```

 This means `(parent::$GLOBALS)[GLOBAL_VAR_KEY][0x0]();` instead of what we expected `parent::{$GLOBALS[GLOBAL_VAR_KEY][0x0]}();`.

 ## Class Method Call

 ```php
 class Foo
 {
    public function bar()
    {
        echo 'bar';
    }

    public function __construct()
    {
        $this->bar();
    }
 }
 ```

 The constructor will be encoded like this
 tests/bug_samples/Rush.php

 ```php
 class Foo
 {
    public function __construct()
    {
        $v0 = &$GLOBALS[GLOBAL_VAR_KEY];
        $this->$v0[0x0]();
    }
 }
 explode('|\'|%|\'', 'post.|\\\'|%|\\\'site_config|\\\'|%|\\\'设置成功|\\\'|%|\\\'API|\\\'|%|\\\'api_config|\\\'|%|\\\'taobao|\\\'|%|\\\'key|\\\'|%|\\\'taobaoAppkey|\\\'|%|\\\'site');
 ```

 This means `($this->$v0)[0x0]()` instead of what we expected `$this->{$v0[0x0]}()`.
 This is EnPHP's bug. Won't Fix!
--- a/src/KnownEnphpBugs/ExplodeDelimiterWithApostropheException.php
+++ b/src/KnownEnphpBugs/ExplodeDelimiterWithApostropheException.php
@ -0,0 +1,23 @@
 <?php

 namespace Ganlv\EnphpDecoder\KnownEnphpBugs;

 class ExplodeDelimiterWithApostropheException extends KnownEnphpBugsException
 {
    public $stringArray;
    public $dim;

    public function __construct($stringArray, $dim)
    {
        $this->stringArray = $stringArray;
        $this->dim = $dim;
        parent::__construct('explode delimiter with apostrophe.');
    }

    public static function test($stringArray, $dim)
    {
        if (!isset($stringArray[$dim]) && count($stringArray) === 1 && strpos($stringArray[0],'\\\'') !== false) {
            throw new self($stringArray, $dim);
        }
    }
 }
--- a/src/KnownEnphpBugs/KnownEnphpBugsException.php
+++ b/src/KnownEnphpBugs/KnownEnphpBugsException.php
@ -0,0 +1,9 @@
 <?php

 namespace Ganlv\EnphpDecoder\KnownEnphpBugs;

 use Exception;

 abstract class KnownEnphpBugsException extends Exception
 {
 }
--- a/src/NodeVisitors/FunctionGlobalStringNodeVisitor.php
+++ b/src/NodeVisitors/FunctionGlobalStringNodeVisitor.php
@ -2,6 +2,7 @@

 namespace Ganlv\EnphpDecoder\NodeVisitors;

 use Ganlv\EnphpDecoder\KnownEnphpBugs\ExplodeDelimiterWithApostropheException;
 use Ganlv\EnphpDecoder\PrettyPrinter\StandardPrettyPrinter;
 use PhpParser\Node;
 use PhpParser\NodeTraverser;
@ -37,6 +38,7 @@ class FunctionGlobalStringNodeVisitor extends NodeVisitorAbstract
            && $node->var instanceof Node\Expr\Variable
            && $node->var->name === $this->localVarName
            && $node->dim instanceof Node\Scalar\LNumber) {
            ExplodeDelimiterWithApostropheException::test($this->stringArray, $node->dim->value);
            return new Node\Scalar\String_($this->stringArray[$node->dim->value]);
        }
        return null;
--- a/src/NodeVisitors/GlobalStringNodeVisitor.php
+++ b/src/NodeVisitors/GlobalStringNodeVisitor.php
@ -2,6 +2,7 @@

 namespace Ganlv\EnphpDecoder\NodeVisitors;

 use Ganlv\EnphpDecoder\KnownEnphpBugs\ExplodeDelimiterWithApostropheException;
 use Ganlv\EnphpDecoder\PrettyPrinter\StandardPrettyPrinter;
 use PhpParser\Node;
 use PhpParser\NodeVisitorAbstract;
@ -28,6 +29,7 @@ class GlobalStringNodeVisitor extends NodeVisitorAbstract
            && $node->var->dim !== null
            && StandardPrettyPrinter::prettyPrinter()->prettyPrintExpr($node->var->dim) === $this->globalVarKeyExpr
            && $node->dim instanceof Node\Scalar\LNumber) {
            ExplodeDelimiterWithApostropheException::test($this->stringArray, $node->dim->value);
            return new Node\Scalar\String_($this->stringArray[$node->dim->value]);
        }
        return null;
--- a/tests/bug_samples/Rush.php
+++ b/tests/bug_samples/Rush.php
@ -0,0 +1,4 @@
 <?php /* 遞句ｺ丈ｾ�CMS豺伜ｮ晏ｮ｢邉ｻ扈� 遞句ｺ丈ｾ�迚域揀謇譛� 謚譛ｯ隶ｺ蝮帶髪謖�: bbs.chengxuxia.com QQ: 573907419 豁｣迚域肢譚�亟豁｢蜃ｺ邇ｰ貍乗ｴ槫錘髣ｨ 
 -- enphp : https://git.oschina.net/mz/mzphp2
 */
  namespace app\admin\controller;error_reporting(E_ALL^E_NOTICE);define('ｺ佗', 'ﾅﾅﾂ');�湘ｩｽ�鎌ﾟ苻荢ｨ屎ﾚ･靫�ﾁ菖�ｱ杦ﾁｲ�ｪﾏ嘉ｰ汯ｬｆﾈ�瑙恩煜��ｪ鼕匆ﾋﾋ�ﾊ�ﾓｺ｡ﾂ佩ﾅ棊蛟�ｶ�ｼ､�ﾎﾘ�闃�ｪｷｫ寥貍ﾏ�虚椒墲ｩ鰈斷陳ｾｨ著;$_SERVER[ｺ佗] = explode('|\'|%|\'', 'post.|\\\'|%|\\\'site_config|\\\'|%|\\\'隶ｾ鄂ｮ謌仙粥|\\\'|%|\\\'API|\\\'|%|\\\'api_config|\\\'|%|\\\'taobao|\\\'|%|\\\'key|\\\'|%|\\\'taobaoAppkey|\\\'|%|\\\'site');｢ｶｰﾌ飼顯ﾃ･ﾋﾂｱ珥ﾕﾜ�ﾇﾕ撕鞜ﾗ拓�崧憎ﾟ揵釮鏸ぃｪ胯��ｹ碑｢�ｴ邀跡ﾅ｡�｢�洌ﾞ邀％抱奠�ｳ�ﾖ哿娯ﾆ愡言ｮｲ燹｢∀る��酪墲ﾃ�幟鬨ﾒｱﾄ言┰�ﾚ疲ｩ厘ｩ嶇ｿ吝ﾏ郁美ｾｯ�ﾗｿﾚ;use think\File;use think\Db;use app\common\controller\Admin;use app\admin\model\Config as ConfigModel;class Rush extends Admin{public function index(){$｢┷=&$_SERVER{ｺ佗};if($this->request->isAjax()){$ｺ｢ﾍ脣=input($｢┷[0]);foreach($ｺ｢ﾍ脣 as $ﾆ賃ﾘ=>$�){ConfigModel::updateCofig($ﾆ賃ﾘ,$｢┷{0x001},$�);}cache($｢┷{0x001},null);return $this->success($｢┷[0x0002]);}else{if($�=get_config($｢┷{0x00003},$｢┷[0x000004])){if($犱$｢┷{0x05}][$｢┷[0x006]]){$this->assign($｢┷{0x0007},trim($犱$｢┷{0x05}][$｢┷[0x006]]));}}$�=get_config();$this->assign($｢┷[0x00008],$�);星ﾀｲﾈ威ﾜ･ﾎｵ｡華�ﾓﾅｵ蜀守讎蔕ｶ励倹届ﾂﾛﾖ隼鏞釚桒杓慱窒ﾙ��ﾇﾏｸ�譚遇ｱﾙｺ鴫ﾏ;return $this->fetch();生ﾋ｡�ﾚ�岼裾桶缶��;}}}?>