今天看到小鬼(不确定是否为真正作者)更新了IMPEPD,就去他们的授权站看了一下,授权站地址:www.xiaogui.icu。破解开源后的源码可以直接划到文章最后去看,同时也说明一下,正式营运请支持正版,破解仅供学习用途!
那么话不多说我们直接开始吧!首先我们需要在授权站下载好未破解的源码,并且进行解压!
首先我们需要破解的就是includes文件夹里面的common.php,我们这里使用两个编辑器,分别是Notepad++和VS Code,那么我们先打开看看,打开后应该是显示一下内容:
看到这么一大串先不用慌,懂一点php的人应该看到了关键,那就是urldecode();,一般都是直接去冲去decode的,但是我们可以先冷静下来,先把整段源码看完。我们可以发现很明显的下面的eval里面的内容才是最关键的!
我们第一步要怎么做呢?首先,我们可以先去百度一下“PHP在线测试”,因为目前还没破解成功,我们要防止官方的授权站检查到我们的域名,所以我们使用在线测试。我们可以看到,这个“加密”是由这几个参数来进行的:
$OO0O00
$O0OO00
$OO0000
$O00OO0
$O00O0O现在我们可以先去掉下面那一行eval,那个很明显就是执行的,所以我们先去掉,获取到这些参数的内容才是最关键的,那么我们可以通过echo进行查看,需要注意的是,其实我们根本不用自己去urldecode那一串东西,直接保留就行!echo完毕后我们可以发现这些参数的内容应该是:
$O00OO0=n1zb/ma5\vt0i28-pxuqy*6lrkdg9_ehcswo4+f37j
$O00O0O=base64_decode
$OO0000=52
$O0OO00=strtr
$OO0O00=substr那就很明显了,这个“加密”是通过base64加密和一些普通的字符串处理来进行的,那么我们在看会上面eval那一段,可以看到eval里面的内容是通过$O00O0O这个参数来运行的,也就是base64_decode,我们现在先将里面那一段base64_decode,这时候我们可以直接使用Notepad++进行。在Notepad++里面,我们找到插件->MIME Tools,这里面就有一个base64解码的功能,我们进行解码后应该会或者下面这一段代码:
$O0O000="iwLqRhsPBDJucoXaxSCkKIbfFdUeWArZMtHNYpOVGjzvlnTQgmyEynzYEtXfcpmQxORPkeUdMqsDboWruCVLBKIjviJHhZNASGlTgaFwfp9nPICMPhHtLhHFMUops250Lu50zRE5xhW6ohH4oU9Ooh1XJ0jOvRmNLRT9oREazlgGMlXMUaESLaSQLegGHdHeW0SflyxXqUxFzZoNmFd7UaESLaSQLegGTHHWeb9HWdnGzUCGPIE0xpOAz3o3oF54PubAL3HizaSZoe8GMlXMLhHaPu5SMUocHHEqR0bTeH9HWdnGzUCGPIE0xpOAz3o3oF54PubAL3HizaSZoe9txhdQxhtnmFd7UyE1xakwvREtqp0gThiNs25DLhHZs2ESMhLishHDL2H0R2jAsGESsGENMwbHHwtDTHcmR1HelUCQqUx/vuj0fubnPHjSvRmZPbHFsUL1xan9mFCQqUEDW0HeHdHeuFoqHbETR0tfW1TGRedXHbmHEed7UaSaqUgtmIHFswEtohbsm2jALhWGRedgLRtioUtOoh1Xx3cSv2StshjOvRmNR2ESv29dLegdoRmXEhb0vHXGsRjGm10iMlXMPuvgMUbix19txGmtregdoRmXEhb0vediqhH4PRTOm+r9drr7GJalAQPJirudXry0iexiJnOMLhHaPu5SMUowEWBGzUcweHmbT1EfWSSDW0HTTHmcHw9eMlXAzFpGX7AGQ5/SyqsiailGVMvMLhHaPu5SMUoel09WR1ccHwgGzUcNoImDxaHnshbZLetNoImFv2tFMb9DEwSeR18XqwEbTFdXqUxGzUcDR0EmWS9DMeCQqwEbTFd7zF8g5YU555QQ5s2HUaESLaSQLegGeW5plbHwEHjDWwbWeUxXqb9DEwSeR18gzycwEWBiJF8AqJu8SrubirrsVQu9STidLuLisaWOm0SJW1EclwkDWwbWeUxXqbmfl1EDWwbWeUCQqUoisGj0vukXmFCQqwEbTFd7zF8g5P6m6MJb55QQ5s2HUgOdPRjBs2oisyC9qhLtsIjSJnOdPRjHx2HFlh9GPu4gfecavukNLlXMmh1ALUC9qhSNx2H0MUEKs2Tiqp8gmh1ALUC6qUxGqpXMUGmSxRHixaHDs25ZLecmldjBHWEbW19TTHEqqU4GLGHQv3Eis24QxhtnmNXMxaHkouSFLH9AsajSqwSJT0kHEwHlR1ccHwggzyoZs21Ks24Qv2ktx3BQxhtnmNXMxaHkouSFLH9AsajSqbmfl1EDWwbWeUCQqUoZs25aPuxQxhtnmNXMxaHkouSFLH9AsajSqwSJT0kHEwHlR1ccHwggzyoSxhb5zajXvRjNzGcOxUx7UGmSxRHixaHDs25ZLecmldjBHWEbW19TTHEqqU4Gv29dLRctre5ZshbNxF5nPICGJniiLytnPIc2LRmNPu9QMUdgql0gje42MHEixIB6JaHFxa9FMUDOiOIaXvmTebpGyvZaGMn1zZvGMlXMUaSaqUgtLaSXLH9SrhSNoIBOeW5lHwbBlb9TTHEqqU4gm2SQx3EtshnQsh9ZPFxiqUvaqUEKs2Tgql0gm2SQx3EtshnGMecWPRcNJZiSxGmAxygG6M+35vuq5P6m6MJb77FcmFnGz2SQx3EtshnGMlXMUaSaqUgdsu9dqUw9qUoisGj0vukXmFdgrnOmmhENsyC9qUoKrRjkspiOs3j0fexQmhEyuFodvdtAx3TGRe4GJ3cAxGT9mF4dLhmsm2EyWh9FoUoozyx7LhmQvu1SfexQmhEyuFodvd5tsuWGRe4GJ2jOvRmNLRT9oREaJUx7UgS0xGdgrnOmUeEwTZ1QLRxgWwEfMUEdx24XmhEyuFodvSHNLRqGRendLhmsm2EyWIodm10iJnOmDecZvREZPUtbrhjSxIEis24gmhWiqIXMUTSWPRcNJZiSxGmAxygG5iun5O2Q5sYl6z+r5O6S6LeL6M+A77FB6M+35YJC5i+S5YU555QQ5s2HqhjAsaLiLF5nPICg5iPI5zQ2mFd7UgS9UgOmmhbXswEyqp0gmwEUzl5kouHFregGx2tAoFc0vumXLRBGMe0+LaH0v2tcshnOWwEfJZihEHEpeb9cW1jfTFd7UgSiLytSsRc0regdvukXEhqiMRXMUTS1sakisaXOeW5lHwbBlb9TTHEqqU4gm2SQx3EtshnQsh9ZPFxiJnOmUuSaMUEKs2Tgql0gm2SQx3EtshnGMHEixIB6JaHFxa9FMUDaSspaZP7SQifdQzVGYsVAAqNOV7Dit43aSVpSVOGOO4RAAqwGzUxAPu5NohbXsUxiJnOmDTi9UgiiLygdsu9dqp09qUoisGj0vukXmFCamycaPukSR2H4PRj0xFtmlSjWTWkBR1ccHwggzyCGPu5NohbXsU5Xs2jVmFdiHhSnxNO6LRmFs3qOm+u3XQuQyryZtr+8ZJaIZrPuXJuQyryZtryAK+uqOJaLiUCAPu5NohbXsU9isGj0vukXzakAv2Xg5iPI5zQ2mFnGzFxiJnOMx2HNx2SAsS9NohbFoUgiJnOMPuvOmh1ALUCtfeCGPu5NohbXsUxirnOgqUCgPuvOPRjNLRTOmb9lEHjleW9JuFotLh1isSHNLRqGRedirnOgqUCgqUCgqUEtLh1isSHNLRqgfeCdR1jbW1jml05sm2bdsuSQHRjSxyooJnOgqUCgqUCgqUEixUC9qwoSoIB6JaSnMUd7UyCgqUCgqUCgmILSxGjis24gfecYx29QR2ESv29dLetaPukSR2oSob9Zs250Lu50xFtcHHEqR0bTeH9HWdngzyCGf2bZop12LRmNPu9QmFdXoIm1Led7UgOgqUCgqUCgqUEtLh1isdEtohwgfeCdEwqKfGb1LRm5MUmlEWkbT1TgMychWd9jqhcisRcSxhEDvuEKPu5gqboqEHmbqhctLh1isSHNLRmgqp0gmFEtLh1isSHNLRqGqydKfaLSohjOMbcwlNO6EdHWT0tDTHjll0BiJnOgqUCgqUCgqhSaMUbSsRc0regdvuEKPu5wvREtMeCamyCdvuEKPu5wvREtuFotLh1isdkAL2SQeRCGReC9feCdPRCimhSNlh9GPu4gfec0xGHSJnOgqUCgDTOgqUCgPuvOquSNx2H0MUEQs3EBs2oisydgmyvgmh1ALUC9feCGvuEKPu4GqUvaqUwdPRjBs2oisySOLubdLRqOm0kAv2b0Pu9QJy9tLh1isy9Xs2oisy5nPICGMlXMUyCgqUciLytix3jSoUgdR1jbW1jml05sm3HNLRmJvu1Sm10iMRXMqUCgqUCgqUCdoRjSxd5tsuWgfeCdR1jbW1jml05sm3HNLRmJvu1Sm107UyCgqUCgqUCgmhSnqp0gE2H0xNO6PRCOMlXMUyCgqUCgqUCgmIHNLRmwvREtqp0gmwEUzl5kouHFregyW0HBEWjWqUOgESmflecgPu1nLRcdR3HNLRmgqboqEHmbqhc1x2HFlabKLuCgfeCGmIHNLRmJvu1SmFqizl5aLREZPUtTEw86JdLbHwjqR0blW09pMlXMqUCgqUCgqUciLygtLu1noIdOmIHNLRmwvREtMeCamyCdoRjSxdEtohbsm3HNLRmmxUooqp09qUEixUCamyCdoRjSxdEtohbsm3HNLRmlohb0Leooqp09qpwimhSNHRjSxdkAL2SQqp0goIm1LlXMqUCgqI0MqUCgqhSaMUbix3jSoUgdsa90lh9GPu4iqUvaqUEKs2Tgfl0gm3HNLRqGqUvaqUwdPRjHx2HFlh9GPu4iPhHtLhHFMUoBs2jtohSAsZOAoRjSxy9Xs2oisy5nPICGMlXMUyCgqUCdv29QLdEtohwgfeCdEwqKfGb1LRm5MUolEWkbT1TgMychWd9jqhcisRcSxhEDv29QLaSGvUxizl5aLREZPwbXsUtTEw86JdLbHwjqR0blW09pMlXMqUCgqhLAxaHtv2ggMUEZs25aEhb0vectxFCdoabXouWiqIXMqUCgqUCgqUCdv29QLSXdoabXouHsm2XGRH0gfeCdoabXouHsm3vGRlXMqUCgqI0MDT==";
eval('?>'.$O00O0O($O0OO00($OO0O00($O0O000,$OO0000*2),$OO0O00($O0O000,$OO0000,$OO0000),
$OO0O00($O0O000,0,$OO0000))));现在我们多出了一个$O0O000,不过不用害怕,那个只是一个参数,我们可以直接来到eval执行这一行来进行破解。你会看到eval里面都是一些很混乱的参数,但是其实这些参数我们在上面就已经找出来了,现在只需要一个一个的替换掉就行,但是要注意的是,为了避免官方盗版检查,我们现在还不可以进行eval执行,我们还是需要通过echo显示源码出来。替换之后应该是这样的:
$O0O000="iwLqRhsPBDJucoXaxSCkKIbfFdUeWArZMtHNYpOVGjzvlnTQgmyEynzYEtXfcpmQxORPkeUdMqsDboWruCVLBKIjviJHhZNASGlTgaFwfp9nPICMPhHtLhHFMUops250Lu50zRE5xhW6ohH4oU9Ooh1XJ0jOvRmNLRT9oREazlgGMlXMUaESLaSQLegGHdHeW0SflyxXqUxFzZoNmFd7UaESLaSQLegGTHHWeb9HWdnGzUCGPIE0xpOAz3o3oF54PubAL3HizaSZoe8GMlXMLhHaPu5SMUocHHEqR0bTeH9HWdnGzUCGPIE0xpOAz3o3oF54PubAL3HizaSZoe9txhdQxhtnmFd7UyE1xakwvREtqp0gThiNs25DLhHZs2ESMhLishHDL2H0R2jAsGESsGENMwbHHwtDTHcmR1HelUCQqUx/vuj0fubnPHjSvRmZPbHFsUL1xan9mFCQqUEDW0HeHdHeuFoqHbETR0tfW1TGRedXHbmHEed7UaSaqUgtmIHFswEtohbsm2jALhWGRedgLRtioUtOoh1Xx3cSv2StshjOvRmNR2ESv29dLegdoRmXEhb0vHXGsRjGm10iMlXMPuvgMUbix19txGmtregdoRmXEhb0vediqhH4PRTOm+r9drr7GJalAQPJirudXry0iexiJnOMLhHaPu5SMUowEWBGzUcweHmbT1EfWSSDW0HTTHmcHw9eMlXAzFpGX7AGQ5/SyqsiailGVMvMLhHaPu5SMUoel09WR1ccHwgGzUcNoImDxaHnshbZLetNoImFv2tFMb9DEwSeR18XqwEbTFdXqUxGzUcDR0EmWS9DMeCQqwEbTFd7zF8g5YU555QQ5s2HUaESLaSQLegGeW5plbHwEHjDWwbWeUxXqb9DEwSeR18gzycwEWBiJF8AqJu8SrubirrsVQu9STidLuLisaWOm0SJW1EclwkDWwbWeUxXqbmfl1EDWwbWeUCQqUoisGj0vukXmFCQqwEbTFd7zF8g5P6m6MJb55QQ5s2HUgOdPRjBs2oisyC9qhLtsIjSJnOdPRjHx2HFlh9GPu4gfecavukNLlXMmh1ALUC9qhSNx2H0MUEKs2Tiqp8gmh1ALUC6qUxGqpXMUGmSxRHixaHDs25ZLecmldjBHWEbW19TTHEqqU4GLGHQv3Eis24QxhtnmNXMxaHkouSFLH9AsajSqwSJT0kHEwHlR1ccHwggzyoZs21Ks24Qv2ktx3BQxhtnmNXMxaHkouSFLH9AsajSqbmfl1EDWwbWeUCQqUoZs25aPuxQxhtnmNXMxaHkouSFLH9AsajSqwSJT0kHEwHlR1ccHwggzyoSxhb5zajXvRjNzGcOxUx7UGmSxRHixaHDs25ZLecmldjBHWEbW19TTHEqqU4Gv29dLRctre5ZshbNxF5nPICGJniiLytnPIc2LRmNPu9QMUdgql0gje42MHEixIB6JaHFxa9FMUDOiOIaXvmTebpGyvZaGMn1zZvGMlXMUaSaqUgtLaSXLH9SrhSNoIBOeW5lHwbBlb9TTHEqqU4gm2SQx3EtshnQsh9ZPFxiqUvaqUEKs2Tgql0gm2SQx3EtshnGMecWPRcNJZiSxGmAxygG6M+35vuq5P6m6MJb77FcmFnGz2SQx3EtshnGMlXMUaSaqUgdsu9dqUw9qUoisGj0vukXmFdgrnOmmhENsyC9qUoKrRjkspiOs3j0fexQmhEyuFodvdtAx3TGRe4GJ3cAxGT9mF4dLhmsm2EyWh9FoUoozyx7LhmQvu1SfexQmhEyuFodvd5tsuWGRe4GJ2jOvRmNLRT9oREaJUx7UgS0xGdgrnOmUeEwTZ1QLRxgWwEfMUEdx24XmhEyuFodvSHNLRqGRendLhmsm2EyWIodm10iJnOmDecZvREZPUtbrhjSxIEis24gmhWiqIXMUTSWPRcNJZiSxGmAxygG5iun5O2Q5sYl6z+r5O6S6LeL6M+A77FB6M+35YJC5i+S5YU555QQ5s2HqhjAsaLiLF5nPICg5iPI5zQ2mFd7UgS9UgOmmhbXswEyqp0gmwEUzl5kouHFregGx2tAoFc0vumXLRBGMe0+LaH0v2tcshnOWwEfJZihEHEpeb9cW1jfTFd7UgSiLytSsRc0regdvukXEhqiMRXMUTS1sakisaXOeW5lHwbBlb9TTHEqqU4gm2SQx3EtshnQsh9ZPFxiJnOmUuSaMUEKs2Tgql0gm2SQx3EtshnGMHEixIB6JaHFxa9FMUDaSspaZP7SQifdQzVGYsVAAqNOV7Dit43aSVpSVOGOO4RAAqwGzUxAPu5NohbXsUxiJnOmDTi9UgiiLygdsu9dqp09qUoisGj0vukXmFCamycaPukSR2H4PRj0xFtmlSjWTWkBR1ccHwggzyCGPu5NohbXsU5Xs2jVmFdiHhSnxNO6LRmFs3qOm+u3XQuQyryZtr+8ZJaIZrPuXJuQyryZtryAK+uqOJaLiUCAPu5NohbXsU9isGj0vukXzakAv2Xg5iPI5zQ2mFnGzFxiJnOMx2HNx2SAsS9NohbFoUgiJnOMPuvOmh1ALUCtfeCGPu5NohbXsUxirnOgqUCgPuvOPRjNLRTOmb9lEHjleW9JuFotLh1isSHNLRqGRedirnOgqUCgqUCgqUEtLh1isSHNLRqgfeCdR1jbW1jml05sm2bdsuSQHRjSxyooJnOgqUCgqUCgqUEixUC9qwoSoIB6JaSnMUd7UyCgqUCgqUCgmILSxGjis24gfecYx29QR2ESv29dLetaPukSR2oSob9Zs250Lu50xFtcHHEqR0bTeH9HWdngzyCGf2bZop12LRmNPu9QmFdXoIm1Led7UgOgqUCgqUCgqUEtLh1isdEtohwgfeCdEwqKfGb1LRm5MUmlEWkbT1TgMychWd9jqhcisRcSxhEDvuEKPu5gqboqEHmbqhctLh1isSHNLRmgqp0gmFEtLh1isSHNLRqGqydKfaLSohjOMbcwlNO6EdHWT0tDTHjll0BiJnOgqUCgqUCgqhSaMUbSsRc0regdvuEKPu5wvREtMeCamyCdvuEKPu5wvREtuFotLh1isdkAL2SQeRCGReC9feCdPRCimhSNlh9GPu4gfec0xGHSJnOgqUCgDTOgqUCgPuvOquSNx2H0MUEQs3EBs2oisydgmyvgmh1ALUC9feCGvuEKPu4GqUvaqUwdPRjBs2oisySOLubdLRqOm0kAv2b0Pu9QJy9tLh1isy9Xs2oisy5nPICGMlXMUyCgqUciLytix3jSoUgdR1jbW1jml05sm3HNLRmJvu1Sm10iMRXMqUCgqUCgqUCdoRjSxd5tsuWgfeCdR1jbW1jml05sm3HNLRmJvu1Sm107UyCgqUCgqUCgmhSnqp0gE2H0xNO6PRCOMlXMUyCgqUCgqUCgmIHNLRmwvREtqp0gmwEUzl5kouHFregyW0HBEWjWqUOgESmflecgPu1nLRcdR3HNLRmgqboqEHmbqhc1x2HFlabKLuCgfeCGmIHNLRmJvu1SmFqizl5aLREZPUtTEw86JdLbHwjqR0blW09pMlXMqUCgqUCgqUciLygtLu1noIdOmIHNLRmwvREtMeCamyCdoRjSxdEtohbsm3HNLRmmxUooqp09qUEixUCamyCdoRjSxdEtohbsm3HNLRmlohb0Leooqp09qpwimhSNHRjSxdkAL2SQqp0goIm1LlXMqUCgqI0MqUCgqhSaMUbix3jSoUgdsa90lh9GPu4iqUvaqUEKs2Tgfl0gm3HNLRqGqUvaqUwdPRjHx2HFlh9GPu4iPhHtLhHFMUoBs2jtohSAsZOAoRjSxy9Xs2oisy5nPICGMlXMUyCgqUCdv29QLdEtohwgfeCdEwqKfGb1LRm5MUolEWkbT1TgMychWd9jqhcisRcSxhEDv29QLaSGvUxizl5aLREZPwbXsUtTEw86JdLbHwjqR0blW09pMlXMqUCgqhLAxaHtv2ggMUEZs25aEhb0vectxFCdoabXouWiqIXMqUCgqUCgqUCdv29QLSXdoabXouHsm2XGRH0gfeCdoabXouHsm3vGRlXMqUCgqI0MDT==";
echo base64_decode(strtr(substr($O0O000,52*2),substr($O0O000,52,52),
substr($O0O000,0,52)));然后也是一样,PHP在线测试运行一次,但是记住这次请开一个新的页面进行,原因稍后会说!运行之后应该就会出现这个源码了:
query('show tables')->fetchAll(PDO::FETCH_ASSOC);
if(empty($allDb)){
unlink(INSTALL_PATH . 'install.lock');
if($mod != 'install')Tips::error('数据库为空,请重新安装!','/install');
}
}
if($mod == 'install' && file_exists(INSTALL_PATH . 'install.lock'))Tips::error('已安装,重新安装请删除 /install/install.lock 文件','/');
session_start();
if($mod != 'install'){
if(isset($_SESSION['adminUser'])){
$adminUser = $_SESSION['adminUser'];
$ip = Gets::ip();
$version = json_decode(file_get_contents(AUTH_API_URL . '?act=version'),true);
$adminData = $DB->query("SELECT * FROM `impepd_admin` WHERE `adminUser` = '$adminUser'")->fetch(PDO::FETCH_ASSOC);
if(!empty($adminData) && $adminData['adminLoginIp'] == $ip)$isLogin = true;
}
if(!isset($notLogin) && $mod == 'admin' && !$isLogin)header('Location:/admin/login.php');
if(isset($_SESSION['userName'])){
$userName = $_SESSION['userName'];
$ip = Gets::ip();
$userData = $DB->query("SELECT * FROM `impepd_user` WHERE `userName` = '$userName'")->fetch(PDO::FETCH_ASSOC);
if(!empty($userData) && $userData['userIp'] == $ip && $userData['userState'] == 1)$isUserLogin = true;
}
if(!isset($notLogin) && $mod == 'user' && !$isUserLogin)header('Location:/user/login.php');
$confData = $DB->query('SELECT * FROM `impepd_config`')->fetchAll(PDO::FETCH_ASSOC);
foreach ($confData as $value) {
$conf[$value['k']] = $value['v'];
}
}看到了,源代码出来了,现在我们只需要把下面这一段删掉了就代表这个文件破解成功了!
define('AUTH_URL', 'http://www.xiaogui.icu/');
define('AUTH_API_URL', 'http://www.xiaogui.icu/api.php');
$urlData = @json_decode(file_get_contents(AUTH_API_URL . '?act=apiSearchUrl&url=' . $_SERVER['HTTP_HOST']),TRUE);
if (!$urlData['code']) exit(htmlspecialchars_decode($urlData['msg']));
if (!is_array($urlData)) exit('网络链接失败');好我们先冷静下来,也就是这一个文件破解成功而已,其实我们还有其他文件,但是不用怕麻烦,因为作者只是加密了部分文件,不是全部文件都有加密并且检查授权的!我们继续来破解下一部分的文件!
破解源码必须的工作,就是检查每一个文件,我们的admin文件夹其实还有一些文件等着我们去破解呢!首先就是admin文件夹里面的index.php和login.php。
同样我们打开index.php来看也是一段乱码,但是先不用慌,我们有了上面的经验,可以看到这个文件的前半段是和上面的前半段是一模一样的,也就是说我们可以直接跳到base64解码的部分!解码出来如下:
$O0O000="zAGofcekwuEqYHCpXyKSdrJlNRLaZiUFjbvWBTIDOxPMtnVshgmQAOxrMPtisUvKuwqSpIYdZzhWokeFCNVHcDGbjnQTfJBRgyElLaXmBT9sFwOYFburCXWlCpoStXVrQN4Ue2WUu2J1CxEAe2oGDb1GDN5sFwONYdv9QcuJfnmNQwJ8QxCSDxEAFpSWYqhLCx1SDN5cDxHAPI5sFwONYdv9Qcv5fnm2QNW7CpLSZqaN5zKm56qj5DtI6YYz56+L5Sd577IR6Y+36uto5SFs6QxV57f75F6N5SIo5eNe6e295zKm56qjQNi7MmriDb9iQT0ah2HiDbWUhAlYPXEJZbWICE9GDXoWQqPUeN9SDXolZbkWPI9cD21gD24UPxLshAlYPXEJZbWICE9GDXoWQqPUe2HiDbWUeXolupoAeyjrPqP7qariC29UC2ZLDIO9QxSAD25MCxEcD2kWYxCSDxEMC2E0p2oGDykWDykAYvHEEvLMmEjhp1EdnqOUQqP/ubo0Bb5GZxWcCdPSeqjVVWEHYnlYqNk0FpklCdO9QqMWiQ7Wc7TSSSDSrDVyfsSICpH1FphWp29Uu2VahI4GFxELCq5sFwOyfsr/BaraQqOaQqOaQqOaQqO8DbHSDNjSCT0NDbHSDN1cD250ubWUCpQNBaraQqOaQqOaQqOaQqOaQqOaBxkSZNjcDxHAPA0Nu29UZxEUZqjcD250Cb50eb5LPyhGZIQ+qaraQqOaQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QyhGZIQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QXoGDq02QxoGDq1gCq0AQxoGDq1lCI02QxoGDq14Dq0AQc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJLQxolupoABdhNDx9cFIjNDx9cFI1ID3EUCxEiQxhlD2ozebJSDXlgPx9sQxhGPXkWPN1lCbC0QxhGPXkWPN1sPXWguph5QxhGPXkWPN00tqQaFwhWCc0NFXH2upocPXWsZTr7Qc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8CxW2QxolupoABdhNDx9cFI1cD250Cb50QxhlD2ozeboGDykWDymgCyElDqQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QXCGDymgP2W6Cd1ADdjXD250epP2RTOaZxE4Zq11PwjWPXoLP2VaZxE4Zq1gZpkWCqQ+5r6W5u+c5Sbs6utB57UM6Y6LBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QXCGDymgP2W6Cd1rRIjXD250epP0RTOaZxE4Zq1iuphzQc48BA1TD3EUZwR6fykLuXJWYqkvmNsyFb1sCpjip2HsFdPSBA4a5eNKBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8e2v+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTsGCxW2BaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8CxW2QxolupoABdhcD2sgoNjcD2sgDbmgRIjcD2sgDxPgoNjcD2sgtxsgRIQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8udjcDxHAPA0NuXJGu2lauXJGu2lgPX91DXkWCqjNDx9cFI1lFb5zepjGPqjND3hiCpQgDxEXZqjND3hiCpQgPwhSDbHItdjND3hiCpQgowaNQxLICbu9QXSLZXHAu3hSPwm6fIQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBxkSZNjcDxHAPA0NuXJGu2lgu29UZxEUZqjNDx9cFI1cD250Cb50ebC1DxsNBaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8CxW2QxolupoABdhXD250epoStXVgP20aCX9UZq13ocOsQwkWtwmgZpjsCphcupoWQwkWtwmgDpE0CbmNBUtVKfFQg+FElfXwc+t7y+NUrnsGCxW2BaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8CxW2QxolupoABdhXD250epoStXVgFTRaCX9UZq13oTOsQwkWtwmgCxHIFIQ+BT89m291DykAfcS0ubhlCdaikvQlh2WgPxEsCH91P2EIhIi/BNTiUYr8e2kSZc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8e2kSZc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTsGun4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QXoGDq02QxoGDq1gCq0AQxoGDq1lCI02QxoGDq14Dq0AQc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJLQxolupoABdhNDx9cFIjNDx9cFI1ID3EUCxEiQxhlD2ozebJSDXlgPx9sQxhGPXkWPN1lCbC0QxhGPXkWPN1sPXWguph5QxhGPXkWPN00tqQaFwhWCc0NFXH2upocPXWsZTr7Qc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8CxW2QxolupoABdhNDx9cFI1cD250Cb50QxhlD2ozeboGDykWDymgCyElDqQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QXCGDymgP2W6Cd1ADdjXD250epP2RTOaZxE4Zq11PwjWPXoLP2VaZxE4Zq1gZpkWCqQ+5e2/55dr5Sbs6utB5KIL5SbsBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QXCGDymgP2W6Cd1rRIjXD250epP0RTOaZxE4Zq1iuphzQc48BA1TD3EUZwR6fyo1DdaikvQlh2WgPxEsCH9LPxiyeqZLPxWEP2VyYn9TD3EUZwR6fyo1DdaikvQlh2WgPxEsCH9LPxiyeqZLPxWEP2VyYnryRqP7BA4a5KILBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8e2v+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTsGCxW2BaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8CxW2QxolupoABdhcD2sgoNjcD2sgDbmgRIjcD2sgDxPgoNjcD2sgtxsgRIQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8udjcDxHAPA0NuXJGu2lauXJGu2lgPX91DXkWCqjNDx9cFI1lFb5zepjGPqjND3hiCpQgDxEXZqjND3hiCpQgPwhSDbHItdjND3hiCpQgowaNQxLICbu9QXSLZXHAu3hSPwm6fIQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBxkSZNjcDxHAPA0NuXJGu2lgu29UZxEUZqjNDx9cFI1cD250Cb50ebC1DxsNBaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8CxW2QxolupoABdhXD250epoStXVgP20aCX9UZq13ocOsQwkWtwmgZpjsCphcupoWQwkWtwmgDpE0CbmNBUd7NUFpStFVgUtDNcsGCxW2BaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8CxW2QxolupoABdhXD250epoStXVgFTRaCX9UZq13oTOsQwkWtwmgCxHIFIQ+BT89m291DykAfcSAZb1vupirhvkqeqZSDpjWPxkMPxH5hIsyDb9UCpiyexkLZxVrh1igDd1ihIiSB0oGZb50PAr6P3EgkxH5YqkvmNsyFb1sCpjip3jLtdPlh21GDXE5hIJiupkWYqZCeb0gCqPSYnryRq4sRqP7BA4a5ubTBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8e2v+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTsGCxW2BaraQqOaQqOaQqOaQqOaQqOaQqOaQTsGCxW2BarYQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QXoGDykWDymau29UZxEUZq1ND3LWCqQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaBxkSZNjcDxHAPA0NPX93Qc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBxkSZNjcDxHAPA0Nu29leb1ienvIQxoGDq14Dq0JRNQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8Zbsau2JLP3R9QykSDbElFb5WQwkSDbElFb5WebHlZqjstd0sQc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8B3jrPqjXD3hWuborQqaiC29UC2ZLDIjLPIOiZNW7QT8+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJlFdjcDxHAPA0NZxWgCbJSDXVgCpCWDymNBaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBxkSZNjcDxHAPA0NZxWgCbJSDXVgCpCWDymgFboGDNjNCI1iCbCLZbJ0Qc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8FdjcDxHAPA0NCXHIQxCLebolD2ozQc48e2i+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8e2kSZc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QykSDbElFb5WebE2Cb50ebhlD2ozQxhlD2ozQxWUZXWAFbhlCdQaCxH0ud10D2ZyDxV9QXHsPxELPNQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBxkSZNjcDxHAPA0NuXJGu2lgFxELCxEIQc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBxaAQxolupoABdhNDx9cFI10FpklCdQ+BT89hwCDh25GZxWcCVkLZxVypn8+Bq9rRA4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8e2kSZc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8CxW2QxolupoABdhNDx9cFI1cD250Cb50Qc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBwOau2JLP3R9QXCGDymgZAusRqjguN0IQNjAZwWlCn0NZxE4Zq1LDxWyDcrau2EUZxEIfIQ+BT89hwCDh25GZxWcCEkSZxJWh10/BcsGPT4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBwOaP3k5DxV9QyZGPXmguyhWubl6QxhICbHzebHlDTg3D3hiepZIupO6QxhICbHzepZGPXm7Qc48BA1rZx1lP3jWu2WLDxoruphAp2kWu29iCdaiZWlyDX90FboWm29UZxEUZqZZYn8+Bq9sBaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTsGCxW2BaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTsGDxi+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBT9sFwOaMdO/BaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBq91DT4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqO8e2kSZc4YqNOaQqOaQqOaQqOaQTsGDbHSDc4YQqOaQqOaQqOaQqOaBxCGD3kWPNjSCT0NPxHyCd1XD290CpQNQxolupoABdhNCI1ND2k5ebJSC2L0Qc4YQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QXoGDykWDymaPwigRIQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaBxkSZNjcDxHAPA0NPX93QxCGDymgP2W6Cd1ADdQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQTJiFpuau2JLP3R9QXoGDq1ADd02Qx9ICxEIepogenQaPwigRdj0CpL0eboWDykWPNj0CpL0epogephSC2L0Qc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqCcD3j5fITyNucXyuBXNuTXyQiaBxiau2JLP3R9QXCLQxCLebLWuph0QwkWtwmgCxHUC2EIQc48e2i+QTJLQxolupoABdhXD250epP2RTONQxLICbu9QXL0ZwO6eI93PxvUPpvUu29ge21AC3hiB3u9RIC1Fb49Rcm3oAV4RnRsRNCAFpkWBpHJhX1WDyV9tbEAQNj0uphyCpm9QW9NDxHUFIQ+5DqB6FI8Bq9LBNO8P3jLDNjiupkLepkGC2ZlCn0NtbELPN1cD3j5Qc4IRTQsBq9APxHUBaraQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8e2kSZc4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBxkSZNjcDxHAPA0Nu29lepogenuaD3hiCpQgP20gRdjstd0JQwkWtwmgu2EUZxEIQwkWtwmgP20gDxEXZqQ+qNOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqO8udjcDxHAPA0NCX9UZq13ocOsQNjrPXEXBdhrZwksfN8GZ3jLeyHJeXoGDd9gP2ZICT92BnRXZbWUBns/BdkcD25XbIZ3CbhkPdZZBA4XP2W0Cn1JPdCgCb51BpWWPIQaZxHIC2E0BdhMuXJLDXlNBUNjWftAU+FPzftzXtbUrUFPcnsGun4YQqOaQqOaQqOaQqOaQqOaQqOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaQqOaQqOaQqO8e2kSZc4YQqOaQqOaQqOaQqOaBq9XD290CpQ+qNOaQqOaQqOaBq9iFpu+qNOaQqOaQqOaBwocPXWsZqjAPXR9QN4Ue2HAP2E0PI9KPI9GDXE1Fd5cD3hWeX1SDN5KPIQ+Bq9Au3hSPwm+qNOaQqOaQqOaBwocPXWsZqjAPXR9QN4Ue2HAP2E0PI9KPI9GDXE1Fd5LPwOUDbWUeXSAQc48e3ocPXWsZT4YQqOaQqOaQqO8P2oIFpj0QwoIuA0NeN4GupoACpkAe3CWDXkGPN9lupWWPN9lupWWPN5KPIQ+Bq9Au3hSPwm+qNOaQqO8e2hGCwi+qcsGFwkgDT4YBT9sFwOaFburEiEdV0WBnNO8QxHiDbWUm2JLP3R6fXZWZHCWPyoSD24rYdW7QT8+qNOaQqO8P2oIFpj0BaraQqOaQqOaQxJLtbEIeXHlCph0YqMXr4TXguGWNeTXWzTyNucXyYAGGQAXXY/WiYDXX7nXWzTGGh8yewgNZx46bIMXX7nXWzOyeqMWc5DXgraypp0lCyEUu3kSD24aYqiatsraQqOaQqOaQqOaQqjlD2oLZxWGDN5rPXEXQT0ahI9LCx1SDN91PxkXFbJWeyjrPqP7qNOaQqOaQqOaMdi7qNOaQqO8e3ocPXWsZT4YBT9sFwOaMdO/Ba==";
eval('?>'.$O00O0O($O0OO00($OO0O00($O0O000,$OO0000*2),$OO0O00($O0O000,$OO0000,$OO0000),
$OO0O00($O0O000,0,$OO0000))));同样也是先不要慌,其实基本上所有参数一样,只剩下内容不一样而已,所以刚才我先不用关掉那个破解的测试运行页面,也是这个原因,我们直接把那一串复制替换掉上面第二部那一串再运行一次就行了!得出代码应该如下:
我们可以看到这个作者也是做了一些防御的手段,在这个文件的开头我们看到了filesize,这一段其实是检查核心文件,也就是刚才我们还原的文件的大小,还有就是检查等一下我们会继续破解的那一个文件的大小,但是其实我们把这一段删掉就行!目前这个index.php我们已经破解完毕了!至于login.php作者似乎没有进行加密,那么我们进去可以看到也是有filesize这一段检查,我们直接删掉就行!
同样我们在head.php这个文件中,也是有发现这么一段filesize的代码存在,把它删掉就行。接下来我们来处理admin.class.php这一个文件。
同样还是那一段东西,同样的手法破解掉出现代码应该如下:
query("SELECT * FROM `impepd_admin` WHERE `adminUser` = '$adminUser'")->fetch(PDO::FETCH_ASSOC);
}
public static function getAdminId($DB,$id)
{
return $DB->query("SELECT * FROM `impepd_admin` WHERE `id` = '$id'")->fetch(PDO::FETCH_ASSOC);
}
public static function loginAdmin($DB,$adminUser)
{
$ip = Gets::ip();
return $DB->exec("UPDATE `impepd_admin` SET `adminLoginIp` = '$ip' WHERE `adminUser` = '$adminUser'");
}
public static function get_os()
{
if (!empty($_SERVER['HTTP_USER_AGENT'])){
$os = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/win/i', $os)) {
$os = 'Windows';
} else if (preg_match('/mac/i', $os)) {
$os = 'MAC';
} else if (preg_match('/linux/i', $os)) {
$os = 'Android';
} else if (preg_match('/unix/i', $os)) {
$os = 'Unix';
} else if (preg_match('/bsd/i', $os)) {
$os = 'BSD';
} else {
$os = 'Other';
}
return $os;
} else {
return 'unknow';
}
}
public static function browse_info()
{
if (!empty($_SERVER['HTTP_USER_AGENT'])){
$br = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/MSIE/i', $br)) {
$br = 'MSIE';
} else if (preg_match('/Firefox/i', $br)) {
$br = 'Firefox';
} else if (preg_match('/Chrome/i', $br)) {
$br = 'Chrome';
} else if (preg_match('/Safari/i', $br)) {
$br = 'Safari';
} else if (preg_match('/Opera/i', $br)) {
$br = 'Opera';
} else {
$br = 'Other';
}
return $br;
} else {
return 'unknow';
}
}
public static function mysql_info($DB)
{
$info=$DB->query('select VERSION()')->fetch(PDO::FETCH_ASSOC);
return $info['VERSION()'];
}
public static function detect_encoding($file='./login.php')
{
$list = array('GBK', 'UTF-8', 'UTF-16LE', 'UTF-16BE', 'ISO-8859-1');
$str = file_get_contents($file);
foreach ($list as $item) {
$tmp = mb_convert_encoding($str, $item, $item);
if (md5($tmp) == md5($str)) {
return $item;
}
}
return null;
}
public static function getVersion()
{
$data = json_decode(file_get_contents(AUTH_API_URL . '?act=version'),true);
return $data['0']['versionCode'];
}
public static function getApi($DB, $id = false)
{
$data = $DB->query('SELECT * FROM `impepd_api`')->fetchAll(PDO::FETCH_ASSOC);
if($id)$data = $DB->query("SELECT * FROM `impepd_api` WHERE `id` = '$id'")->fetch(PDO::FETCH_ASSOC);
return $data;
}
public static function getHost($DB, $id = false,$name=null)
{
if($id){
$data = $DB->query("SELECT * FROM `impepd_host` WHERE `id` = '$id'")->fetch(PDO::FETCH_ASSOC);
}elseif($name!=''){
$data=$DB->query("SELECT * FROM `impepd_host` WHERE `hostName` LIKE '%$name%'")->fetchAll(PDO::FETCH_ASSOC);
}else{
$data = $DB->query('SELECT * FROM `impepd_host`')->fetchAll(PDO::FETCH_ASSOC);
}
return $data;
}
public static function createHost($DB, $data)
{
$ip = $data['apiIp'];
$apiData = self::getApiIp($DB, $ip);
unset($data['apiIp']);
$data['log_file'] = '1';
$data['htaccess'] = '1';
$data['access'] = '1';
$url = self::CreateUrl($apiData['apiIp'], $apiData['apiKey'], 'add_vh');
$resultData = self::GetCloud($url, $data);
if($resultData['result'] != 200)return false;
$hostData = array(
'hostIp' => $apiData['apiIp'],
'hostName' => $data['name'],
'hostPwd' => $data['passwd'],
'hostWebSize' => $data['web_quota'],
'hostDbSize' => $data['db_quota']
);
self::addHost($DB, $hostData);
return true;
}
public static function isShow($DB, $id, $isShow)
{
return $DB->exec("UPDATE `impepd_api` SET `isShow` = '$isShow' WHERE `id` = '$id'");
}
public static function apiState($DB, $id, $apiState)
{
return $DB->exec("UPDATE `impepd_api` SET `apiState` = '$apiState' WHERE `id` = '$id'");
}
public static function editApi($DB, $data)
{
$id = $data['id'];
$apiIp = $data['apiIp'];
$apiKey = $data['apiKey'];
$apiMoney = $data['apiMoney'];
$apiName = $data['apiName'];
$apiMixWeb = $data['apiMixWeb'];
$apiMixDb = $data['apiMixDb'];
$apiMixFlow = $data['apiMixFlow'];
$apiUseMoney = $data['apiUseMoney'];
return $DB->exec("UPDATE `impepd_api` SET `apiIp` = '$apiIp',`apiKey` = '$apiKey',`apiMoney` = '$apiMoney',`apiName` = '$apiName',`apiMixWeb` = '$apiMixWeb',`apiMixDb` = '$apiMixDb',`apiMixFlow` = '$apiMixFlow',`apiUseMoney` = '$apiUseMoney' WHERE `id` = '$id'");
}
public static function delApi($DB, $id)
{
return $DB->exec("DELETE FROM `impepd_api` WHERE `id` = '$id'");
}
public static function getApiIp($DB, $ip)
{
$data = $DB->query("SELECT * FROM `impepd_api` WHERE `apiIp` = '$ip'")->fetch(PDO::FETCH_ASSOC);
return $data;
}
public static function getUserApi($DB, $ip)
{
$data = $DB->query("SELECT * FROM `impepd_apib` WHERE `apiIp` = '$ip'")->fetch(PDO::FETCH_ASSOC);
return $data;
}
public static function apiAdd($DB, $data)
{
$apiIp = $data['apiIp'];
$apiKey = $data['apiKey'];
$apiMoney = $data['apiMoney'];
return $DB->exec("INSERT INTO `impepd_api`(`apiIp`,`apiKey`,`apiMoney`)VALUES('$apiIp','$apiKey','$apiMoney')");
}
public static function getUser ($DB, $id = false,$uname = null)
{
$data = $DB->query('SELECT * FROM `impepd_user`')->fetchAll(PDO::FETCH_ASSOC);
if($id)$data = $DB->query("SELECT * FROM `impepd_user` WHERE `id` = '$id'")->fetch(PDO::FETCH_ASSOC);
if(!empty($uname))$data = $DB->query("SELECT * FROM `impepd_user` WHERE `userName` LIKE '%$uname%'")->fetchAll(PDO::FETCH_ASSOC);
return $data;
}
public static function delUser($DB, $id)
{
return $DB->exec("DELETE FROM `impepd_user` WHERE `id` = '$id'");
}
public static function userState($DB, $id, $userState)
{
return $DB->exec("UPDATE `impepd_user` SET `userState` = '$userState' WHERE `id` = '$id'");
}
public static function editUser($DB, $data)
{
$id = $data['id'];
$userName = $data['userName'];
$userPwd = $data['userPwd'];
$userMoney = $data['userMoney'];
$userMail = $data['userMail'];
$sql = "UPDATE `impepd_user` SET `userName` = '$userName',`userMoney` = '$userMoney',`userMail` = '$userMail' WHERE `id` = '$id'";
if(!empty($data['userPwd'])){
$userPwd = md5($data['userPwd']);
$sql = "UPDATE `impepd_user` SET `userName` = '$userName',`userMoney` = '$userMoney',`userPwd` = '$userPwd',`userMail` = '$userMail' WHERE `id` = '$id'";
}
return $DB->exec($sql);
}
public static function getUserName($DB, $userName)
{
$data = $DB->query("SELECT * FROM `impepd_user` WHERE `userName` = '$userName'")->fetch(PDO::FETCH_ASSOC);
return $data;
}
public static function userAdd($DB, $data)
{
$userName = $data['userName'];
$userPwd = $data['userPwd'];
$userMail = $data['userMail'];
return $DB->exec("INSERT INTO `impepd_user`(`userName`,`userPwd`,`userMail`)VALUES('$userName','$userPwd','$userMail')");
}
public static function apiDis($DB, $data)
{
$sql = self::insSql('impepd_apib', $data);
$apiData = self::getUserApi($DB, $data['apiIp']);
$ary['useLength'] = '`useLength` + ' . $data['useLength'];
if(!empty($apiData))$sql = self::updSql('impepd_apib', $ary, '`apiIp` = \'' . $apiData['apiIp'] . '\'');
return $DB->exec($sql);
}
public static function noticeAdd($DB, $data)
{
$data['time'] = date('Y-m-d');
$data['adminUser'] = $_SESSION['adminUser'];
$sql = self::insSql('impepd_gonggao', $data);
return $DB->exec($sql);
}
public static function getNotice($DB, $id = false)
{
$data = $DB->query('SELECT * FROM `impepd_gonggao`')->fetchAll(PDO::FETCH_ASSOC);
if($id)$data = $DB->query("SELECT * FROM `impepd_gonggao` WHERE `id` = '$id'")->fetch(PDO::FETCH_ASSOC);
return $data;
}
public static function delNotice($DB, $id)
{
return $DB->exec("DELETE FROM `impepd_gonggao` WHERE `id` = '$id'");
}
public static function GetCloud($url, $data)
{
foreach ($data as $k => $v) {
$url .= '&' . $k . '=' . $v;
}
return json_decode(file_get_contents($url), TRUE);
}
public static function CreateUrl($apiIp, $apiKey, $type)
{
$ip = $apiIp;
$key = $apiKey;
$c = 'whm';
$a = $type;
$r = rand(100000,999999);
$json = '1';
$s = md5($a.$key.$r);
$url = "http://$ip:3312/api/index.php?c=$c&a=$a&r=$r&json=$json&s=$s";
return $url;
}
public static function addHost($DB, $data){
$sql = 'INSERT INTO `impepd_host`(';
foreach ($data as $k => $v) {
$sql .= "`$k`,";
}
$sql = trim($sql, ',');
$sql .= ')VALUES(';
foreach ($data as $k => $v) {
$sql .= "'$v',";
}
$sql = trim($sql, ',');
$sql .= ')';
$DB->query($sql);
}
public static function insSql($table, $data){
$sql = 'INSERT INTO `' . $table . '`(';
foreach ($data as $k => $v) {
$sql .= "`$k`,";
}
$sql = trim($sql, ',');
$sql .= ')VALUES(';
foreach ($data as $k => $v) {
$sql .= "'$v',";
}
$sql = trim($sql, ',');
$sql .= ')';
return $sql;
}
public static function updSql($table, $data, $where = false){
$sql = 'UPDATE `' . $table . '` SET ';
foreach ($data as $k => $v) {
$sql .= "`$k` = '$v',";
}
$sql = trim($sql, ',');
if($where)$sql .= " WHERE $where";
return $sql;
}
public static function editNotice($DB, $data)
{
$sql = self::updSql('impepd_gonggao', $data, '`id` = \'' . $data['id'] . '\'');
return $DB->exec($sql);
}
}
同样我们来检查,发现getVersion这一个功能会用到官方的接口,我们其实可以毫不犹疑的把这一个功能给删掉了。删掉的同时我们再次回到index.php看到最下面那一段代码有用到getVersion这一个功能,把那一段删掉。中间的代码,也就是公告的那一部分似乎也有用到官方授权站的API,所以我们也可以把它删掉,现在index.php的内容应该是这样的:
到目前为止,admin目录已经是全部破解完毕,那么我们只需要检查一遍user文件夹之后就可以直接进行安装测试了!
过不期然,user文件夹里面的user.class.php,apicron.php,apilist.php也是被加密的,当然也是同样的加密,同样的手法破解还原,出来的代码应该如下:
query('SELECT * FROM `impepd_user`')->fetchAll(PDO::FETCH_ASSOC);
if($userName)$data = $DB->query("SELECT * FROM `impepd_user` WHERE `userName` = '$userName'")->fetch(PDO::FETCH_ASSOC);
return $data;
}
public static function getUserId($DB, $id)
{
return $DB->query("SELECT * FROM `impepd_user` WHERE `id` = '$id'")->fetch(PDO::FETCH_ASSOC);
}
public static function regUser($DB, $data)
{
$userName = $data['userName'];
$userPwd = $data['userPwd'];
$userMail = $data['userMail'];
$sql = "INSERT INTO `impepd_user`(`userName`,`userPwd`,`userMail`)VALUES('$userName','$userPwd','$userMail')";
if(isset($data['upUserId'])){
$upUserId = $data['upUserId'];
$upUserData = self::getUserId($DB, $upUserId);
$upUserName = $upUserData['userName'];
$sql = "INSERT INTO `impepd_user`(`userName`,`userPwd`,`upUserName`,`userMail`)VALUES('$userName','$userPwd','$upUserName','$userMail')";
}
return $DB->exec($sql);
}
public static function userB($DB, $userName, $id)
{
$userData = self::getUser($DB, $userName);
$userId = $userData['id'];
$DB->exec("INSERT INTO `impepd_userb`(`upUserId`,`downUserId`)VALUES('$id','$userId')");
}
public static function getUserMail($DB, $userMail)
{
return $DB->query("SELECT * FROM `impepd_user` WHERE `userMail` = '$userMail'")->fetch(PDO::FETCH_ASSOC);
}
public static function loginUser($DB,$userName)
{
$ip = Gets::ip();
return $DB->exec("UPDATE `impepd_user` SET `userIp` = '$ip' WHERE `userName` = '$userName'");
}
public static function get_os()
{
if (!empty($_SERVER['HTTP_USER_AGENT'])){
$os = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/win/i', $os)) {
$os = 'Windows';
} else if (preg_match('/mac/i', $os)) {
$os = 'MAC';
} else if (preg_match('/linux/i', $os)) {
$os = 'Android';
} else if (preg_match('/unix/i', $os)) {
$os = 'Unix';
} else if (preg_match('/bsd/i', $os)) {
$os = 'BSD';
} else {
$os = 'Other';
}
return $os;
} else {
return 'unknow';
}
}
public static function browse_info()
{
if (!empty($_SERVER['HTTP_USER_AGENT'])){
$br = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/MSIE/i', $br)) {
$br = 'MSIE';
} else if (preg_match('/Firefox/i', $br)) {
$br = 'Firefox';
} else if (preg_match('/Chrome/i', $br)) {
$br = 'Chrome';
} else if (preg_match('/Safari/i', $br)) {
$br = 'Safari';
} else if (preg_match('/Opera/i', $br)) {
$br = 'Opera';
} else {
$br = 'Other';
}
return $br;
} else {
return 'unknow';
}
}
public static function mysql_info($DB)
{
$info=$DB->query('select VERSION()')->fetch(PDO::FETCH_ASSOC);
return $info['VERSION()'];
}
public static function detect_encoding($file='./login.php')
{
$list = array('GBK', 'UTF-8', 'UTF-16LE', 'UTF-16BE', 'ISO-8859-1');
$str = file_get_contents($file);
foreach ($list as $item) {
$tmp = mb_convert_encoding($str, $item, $item);
if (md5($tmp) == md5($str)) {
return $item;
}
}
return null;
}
public static function getVersion()
{
$data = json_decode(file_get_contents('http://129.204.108.129/'),true);
$version = array_reverse($data['version']);
return $version['0']['version'];
}
public static function getMoney($DB, $userName)
{
$data = $DB->query("SELECT * FROM `impepd_user` WHERE `userName` = '$userName'")->fetch(PDO::FETCH_ASSOC);
return $data['userMoney'];
}
public static function editPwd($DB, $userName, $newUserPwd)
{
return $DB->exec("UPDATE `impepd_user` SET `userPwd` = '$newUserPwd' WHERE `userName` = '$userName'");
}
public static function getUserApi($DB, $id)
{
return $DB->query("SELECT * FROM `impepd_apib` WHERE `id` = '$id'")->fetch(PDO::FETCH_ASSOC);
}
public static function getUserApiIp($DB, $ip, $userName)
{
return $DB->query("SELECT * FROM `impepd_apib` WHERE `apiIp` = '$ip' AND `userName` = '$userName'")->fetch(PDO::FETCH_ASSOC);
}
public static function delUserApi($DB, $id)
{
return $DB->exec("DELETE FROM `impepd_apib` WHERE `id` = '$id'");
}
public static function getUserApiUserName($DB, $userName)
{
return $DB->query("SELECT * FROM `impepd_apib` WHERE `userName` = '$userName'")->fetchAll(PDO::FETCH_ASSOC);
}
public static function apiAdd($DB, $data)
{
$apiIp = $data['apiIp'];
$apiKey = $data['apiKey'];
$apiMoney = $data['apiMoney'];
$userName = $data['userName'];
return $DB->exec("INSERT INTO `impepd_api`(`apiIp`,`apiKey`,`apiMoney`,`userName`,`apiState`)VALUES('$apiIp','$apiKey','$apiMoney','$userName',1)");
}
public static function getApiIp($DB, $ip)
{
$data = $DB->query("SELECT * FROM `impepd_api` WHERE `apiIp` = '$ip'")->fetch(PDO::FETCH_ASSOC);
return $data;
}
public static function getApi($DB, $userName)
{
$data = $DB->query("SELECT * FROM `impepd_api` WHERE `userName` = '$userName'")->fetchAll(PDO::FETCH_ASSOC);
return $data;
}
public static function getApiId($DB, $id)
{
$data = $DB->query("SELECT * FROM `impepd_api` WHERE `id` = '$id'")->fetch(PDO::FETCH_ASSOC);
return $data;
}
public static function isShow($DB, $id, $isShow)
{
return $DB->exec("UPDATE `impepd_api` SET `isShow` = '$isShow' WHERE `id` = '$id'");
}
public static function apiState($DB, $id, $apiState)
{
return $DB->exec("UPDATE `impepd_api` SET `apiState` = '$apiState' WHERE `id` = '$id'");
}
public static function delApi($DB, $id, $userName = fasle)
{
if($userName)return $DB->exec("DELETE FROM `impepd_api` WHERE `id` = '$id' AND `userName` = '$userName'");
return $DB->exec("DELETE FROM `impepd_api` WHERE `id` = '$id'");
}
public static function editApi($DB, $data)
{
$id = $data['id'];
$apiIp = $data['apiIp'];
$apiKey = $data['apiKey'];
$apiMoney = $data['apiMoney'];
$apiName = $data['apiName'];
$apiMixWeb = $data['apiMixWeb'];
$apiMixDb = $data['apiMixDb'];
$apiMixFlow = $data['apiMixFlow'];
$apiUseMoney = $data['apiUseMoney'];
return $DB->exec("UPDATE `impepd_api` SET `apiIp` = '$apiIp',`apiKey` = '$apiKey',`apiMoney` = '$apiMoney',`apiName` = '$apiName',`apiMixWeb` = '$apiMixWeb',`apiMixDb` = '$apiMixDb',`apiMixFlow` = '$apiMixFlow',`apiUseMoney` = '$apiUseMoney' WHERE `id` = '$id'");
}
public static function getShowApi($DB)
{
return $DB->query('SELECT * FROM `impepd_api` WHERE `isShow` = 1')->fetchAll(PDO::FETCH_ASSOC);
}
public static function buyApi($DB, $ip, $userName)
{
$useTime = date('Y-m-d');
$useLength = 30;
$apiData = self::getUserApiIp($DB, $ip, $userName);
$apiData2 = self::getApiIp($DB, $ip);
$apiName = $apiData2['apiName'];
$apiMoney = $apiData2['apiMoney'];
$apiUseMoney = $apiData2['apiUseMoney'];
if(empty($apiData))return $DB->exec("INSERT INTO `impepd_apib`(`userName`,`apiIp`,`useLength`,`useTime`,`apiName`,`apiMoney`,`apiUseMoney`)VALUES('$userName','$ip','$useLength','$useTime','$apiName','$apiMoney','$apiUseMoney')");
return $DB->exec("UPDATE `impepd_apib` SET `useLength` = `useLength` + '$useLength' WHERE `apiIp` = '$ip' AND `userName` = '$userName'");
}
public static function getUp($DB, $id)
{
return $DB->query("SELECT * FROM `impepd_userb` WHERE `downUserId` = '$id'")->fetch(PDO::FETCH_ASSOC);
}
public static function incId($DB, $id, $money)
{
return $DB->query("UPDATE `impepd_user` SET `userMoney` = `userMoney` + '$money' WHERE `id` = '$id'");
}
public static function incUserName($DB, $userName, $money)
{
return $DB->query("UPDATE `impepd_user` SET `userMoney` = `userMoney` + '$money' WHERE `userName` = '$userName'");
}
public static function buy($DB, $data, $buyUserName, $userName, $upTicheng)
{
$ip = $data['apiIp'];
$money = $data['apiMoney'];
$useTime = date('Y-m-d');
$useLength = 30;
$apiData = self::getUserApiIp($DB, $ip, $buyUserName);
$buy = true;
$apiData2 = self::getApiIp($DB, $ip);
$apiName = $apiData2['apiName'];
$apiMoney = $apiData2['apiMoney'];
$apiUseMoney = $apiData2['apiUseMoney'];
$DB->setAttribute(PDO::ATTR_AUTOCOMMIT, false);
try {
$DB->beginTransaction();
if($money > 0){
$DB->exec("UPDATE `impepd_user` SET `userMoney` = `userMoney` - '$money' WHERE `userName` = '$buyUserName'");
if($money >= 1){
$upTicheng = $upTicheng / 100;
$ticheng = $money * $upTicheng;
$userData = self::getUser($DB, $buyUserName);
$upData = self::getUp($DB, $userData['id']);
if(!empty($upData)){
$upUserId = $upData['upUserId'];
$DB->exec("UPDATE `impepd_user` SET `userMoney` = `userMoney` + '$ticheng' WHERE `id` = '$upUserId'");
$upData = self::getUp($DB, $upUserId);
if(!empty($upData)){
$upUserId = $upData['upUserId'];
$DB->exec("UPDATE `impepd_user` SET `userMoney` = `userMoney` + '$ticheng' WHERE `id` = '$upUserId'");
}
}
}
}
if(!empty($userName))$DB->exec("UPDATE `impepd_user` SET `userMoney` = `userMoney` + '$money' WHERE `userName` = '$userName'");
if(empty($apiData))$DB->exec("INSERT INTO `impepd_apib`(`userName`,`apiIp`,`useLength`,`useTime`,`apiName`,`apiMoney`,`apiUseMoney`)VALUES('$buyUserName','$ip','$useLength','$useTime','$apiName','$apiMoney','$apiUseMoney')");
if(!empty($apiData))$DB->exec("UPDATE `impepd_apib` SET `useLength` = `useLength` + '$useLength' WHERE `apiIp` = '$ip' AND `userName` = '$buyUserName'");
$DB->commit();
} catch (PDOException $e) {
$DB->rollback();
$buy = false;
}
$DB->setAttribute(PDO::ATTR_AUTOCOMMIT, true);
return $buy;
}
public static function makeKey($DB, $userName)
{
$key = md5(uniqid());
return $DB->exec("UPDATE `impepd_user` SET `userKey` = '$key' WHERE `userName` = '$userName'");
}
public static function gonggao($DB)
{
return $DB->query('SELECT * FROM `impepd_gonggao` ORDER BY `time` DESC')->fetchAll(PDO::FETCH_ASSOC);
}
public static function BindQq($DB, $userQqCode)
{
$username = $_SESSION['userName'];
return $DB->exec("UPDATE `impepd_user` SET `userQq` = '$userQqCode' WHERE `userName` = '$username'");
}
public static function SearchCode($DB, $code)
{
return $DB->query("SELECT * FROM `impepd_user` WHERE `userQq` = '$code'")->fetch(PDO::FETCH_ASSOC);
}
}
getVersion这个功能很明显的API还没换,也是和admin文件夹里面同样的手法处理了,或者不处理也可以,因为连接的根本不是官方,现在打开还是显示403ForBidden呢!
那么现在我们可以直接进行安装测试了!
上传,域名绑定这些我就不多说了,我直接来汇报结果吧!破解全部成功了,运行全部成功,过程十分顺利!
截图如下:
安装页面,全部成功无提示授权问题。
后台页面,所有页面正常无提示授权问题
前台首页,无提示任何异常
用户后台,全部正常无提示任何问题
恭喜破解成功了,如果你是一直看到这里的人十分感谢你,如果你是直接划到这里要源码的人我也十分感谢你,如果要转载记得要注明NE博客哦!
下载地址:https://pan.baidu.com/s/1BFwRoN6G0dayqXvcrvl7CA
提取密码:q701
作者提示:我不晓得有没有遗漏,如果有的话也是用同样的手法处理了就行,感谢各位的支持哦!如果是程序本来就有的bug我也是不负责的啊哈哈哈!破解源码仅供学习用途哦!(虽然我知道你们不会管的哈哈哈)
