为了维护自己的版权好多wordpress主题都被加密了,一般被加密的主题文件是footer.php,方式为base64加密。解密被加密的 wordpress主题文件并不是为了篡改版权删掉作者的链接,而是为了在原有主题的基础上加以修改使主题更加个性化。
keko是一款相当精致的wordpress主题,其主题文件 footer.php被作者加密,如果想自己制定博客底部的内容就需要解密这个文件,当然如果你有编码能力也可以自己写footer.php。
网上有人用查看源代码的方式来解密,就是用firefox浏览器直接打开wordpress博客查看被加密部分的源代码。用这种方式可以根据css 来还原php文件,但是这种方式并不是真正的解密,如果被加密代码的函数较多,这种方式就不可行了。
如何解密被加密的wordpress主题文件?下面就以keko为例子尝试一下真正的解密。
先看看keko主题的demo 很精致吧?!这款主题给我的映像是外观大方,设置简单,也很适合中文博客。打开footer.php看到如下代码(我用代码方式呈现可能不太直观,请拷贝 到记事本方便查看)
1 |
<?php $_F=__FILE__;$_X='Pz48L2Q0dj4NCjwvZDR2Pg0KPC9kNHY+DQoNCjxkNHYgNGQ9ImYyMnQ1ci13cjFwIj4NCg0KPGQ0diA0ZD0iZjIydDVyIj4NCjxkNHYgY2wxc3M9ImM1bnQ1cjVkLTEiPg0KPGQ0diBjbDFzcz0iYzVudDVyNWQtYiI+DQoNCjxkNHYgY2wxc3M9ImYyMnQ1ci1jMm50NW50Ij4NCjxkNHYgY2wxc3M9ImZiMXIiPg0KPDNsIGNsMXNzPSJmMjJ0NXJfbDRzdCI+DQo8bDQgNGQ9Im0yc3QtYzJtbTVudDVkIj4NCjxobz48P3BocCBfNSgnTTJzdCBDMm1tNW50NWQnKTsgPz48L2hvPg0KPDNsPg0KPD9waHAgZ3Q1X20yc3RfYzJtbTVudDVkKCk7ID8+DQo8LzNsPg0KPC9sND4NCjwvM2w+DQo8L2Q0dj4NCg0KDQo8ZDR2IGNsMXNzPSJmYjFyIj4NCjwzbCBjbDFzcz0iZjIydDVyX2w0c3QiPg0KPGw0IDRkPSJyMW5kMm0tNW50cjQ1cyI+DQo8aG8+PD9waHAgXzUoJ1IxbmQybSBBcnQ0Y2w1cycpOyA/PjwvaG8+DQo8M2w+DQo8P3BocCBndDVfcjFuZDJtX3Ayc3RzKCk7ID8+DQo8LzNsPg0KPC9sND4NCjwvM2w+DQo8L2Q0dj4NCg0KDQo8ZDR2IGNsMXNzPSJmYjFyIj4NCjwzbCBjbDFzcz0iZjIydDVyX2w0c3QiPg0KPGw0IDRkPSJmNTF0M3I1ZC1jMXQiPg0KDQo8P3BocCAkdGg1X2MxdF9zbDNnID0gZzV0XzJwdDQybigndG5fazVrMl9mMjJ0NXJfZjUxdDNyNWQnKTsgPz4NCg0KPD9waHAgNGYoKCR0aDVfYzF0X3NsM2cgPT0gJycpIHx8ICgkdGg1X2MxdF9zbDNnID09ICdDaDIyczUgMSBjMXQ1ZzJyeTonKSl7ID8+DQoNCjxobz5GNTF0M3I1ZCBuMnQgczV0IHk1dDwvaG8+DQo8M2w+DQo8bDQ+UzV0M3AgZjIydDVyIGY1MXQzcjVzIDRuIDwxIGhyNWY9Ijw/cGhwIDVjaDIgZzV0X3M1dHQ0bmdzKCdoMm01Jyk7ID8+L3dwLTFkbTRuL3RoNW01cy5waHA/cDFnNT1mM25jdDQybnMucGhwIj50aDVtNSAycHQ0Mm48LzE+PC9sND4NCjwvM2w+DQoNCjw/cGhwIH0gNWxzNSB7ID8+DQoNCjxobz5SNWM1bnRseSA0biA8P3BocCA1Y2gyIHN0cjRwY3NsMXNoNXMoJHRoNV9jMXRfc2wzZyk7ID8+PC9obz4NCjwzbD4NCjw/cGhwDQovLzRuczVydCB5MjNyIGMxdDVnMnJ5IG4xbTUNCiRteV9xMzVyeSA9IG41dyBXUF9RMzVyeSgnYzF0NWcycnlfbjFtNT0nLiAkdGg1X2MxdF9zbDNnIC4gJyYnIC4gJ3NoMndwMnN0cz0nIC4gOCk7DQp3aDRsNSAoJG15X3EzNXJ5LT5oMXY1X3Ayc3RzKCkpIDogJG15X3EzNXJ5LT50aDVfcDJzdCgpOw0KJGQyX24ydF9kM3BsNGMxdDUgPSAkcDJzdC0+SUQ7DQokdGg1X3Ayc3RfNGRzID0gZzV0X3RoNV9JRCgpOw0KPz4NCjxsND4NCjw/cGhwIHRoNV90NHRsNSgpOyA/PjxiciAvPg0KPDVtPjwxIGhyNWY9Ijw/cGhwIHRoNV9wNXJtMWw0bmsoKTsgPz4iPkNsNGNrIGg1cjUgdDIgcjUxZCBtMnI1ICZyMXJyOzwvMT48LzVtPg0KPC9sND4NCjw/cGhwIDVuZHdoNGw1Oz8+DQo8LzNsPg0KDQo8P3BocCB9ID8+DQoNCjwvbDQ+DQo8LzNsPg0KDQo8L2Q0dj4NCjwvZDR2Pg0KDQoNCg0KDQo8L2Q0dj4NCjwvZDR2Pg0KPC9kNHY+DQo8L2Q0dj4NCg0KDQoNCjxkNHYgNGQ9ImYyMnQ1ci0yM3QiPg0KPGQ0diBjbDFzcz0iYzVudDVyNWQtMSI+DQo8ZDR2IGNsMXNzPSJjNW50NXI1ZC1iIj4NCg0KPGQ0diBjbDFzcz0iMWw0Z25sNWZ0Ij4NCkMycHlyNGdodCAmYzJweTs8P3BocCA1Y2gyIGdtZDF0NShfXygnWScpKTsgPz4gPDEgaHI1Zj0iPD9waHAgNWNoMiBnNXRfczV0dDRuZ3MoJ2gybTUnKTsgPz4iPjw/cGhwIGJsMmc0bmYyKCduMW01Jyk7ID8+PC8xPjxiciAvPg0KPDEgdDR0bDU9IkZyNTUgVzJyZFByNXNzIFRoNW01IiBocjVmPSJodHRwOi8vd3d3Lm1rNWxzLmMybSI+RnI1NSBXMnJkUHI1c3MgVGg1bTU8LzE+IEJ5IE1rNWxzDQo8L2Q0dj4NCg0KPGQ0diBjbDFzcz0iMWw0Z25yNGdodCI+DQpDMmxsMWIycjF0NDJuIHc0dGggPDEgaHI1Zj0iaHR0cDovL3d3dy5rMnI1MW4tY2wydGg0bmcuYzJtLyIgdDR0bDU9IksycjUxbiBDbDJ0aDRuZyI+SzJyNTFuIENsMnRoNG5nPC8xPiZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDs8MSBocjVmPSJodHRwOi8vd3d3LnRoNXA0Z2d5YjFuazVyLmMybS8iIHQ0dGw1PSJDRCBSMXQ1cyI+Q0QgUjF0NXM8LzE+Jm5ic3A7Jm5ic3A7fCZuYnNwOyZuYnNwOzwxIGhyNWY9Imh0dHA6Ly93d3cuYjFuazRuZ3o1bi5jMm0vIiB0NHRsNT0iQjFuayBSMXQ1cyI+QjFuayBSMXQ1czwvMT4NCjwvZDR2Pg0KPC9kNHY+DQo8L2Q0dj4NCjwvZDR2Pg0KPD9waHAgd3BfZjIydDVyKCk7ID8+DQo8L2IyZHk+DQo8L2h0bWw+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?> |
不要头晕,作者在加密的时候已经把解密的方法告诉我们了,在文件结尾出看到了base64_decode 先分析后面这段代码
1 |
base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==') |
很明显是用的base64加密了
1 |
JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw== |
请出代码解密工具Malzilla ,可别看成了 Mozilla 咯,这可不是火狐出的。Malzilla是一款网页解密工具, 集成了好多常见加密算法的解密工具,多用来分析网页木马。Malzilla 下载地址 如果觉得用软件麻烦,可以直接使用在线base64解密工具 如:http://tool.chinaz.com/Tools/Base64.aspx
解密后的代码为:
1 |
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0; |
解密后的代码就比较容易分析了。是将$_X中的字符替 换$_X=strtr($_X,’123456aouie’,’aouie123456′); 1换成a,2换成o,3换成u,4换成i,5换成e ,这是一个简单的替换规则。
然后直接将$_X 用base64解密,解密后的代码为:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
?></d4v> </d4v> </d4v> <d4v 4d="f22t5r-wr1p"> <d4v 4d="f22t5r"> <d4v cl1ss="c5nt5r5d-1"> <d4v cl1ss="c5nt5r5d-b"> <d4v cl1ss="f22t5r-c2nt5nt"> <d4v cl1ss="fb1r"> <3l cl1ss="f22t5r_l4st"> <l4 4d="m2st-c2mm5nt5d"> <ho><?php _5('M2st C2mm5nt5d'); ?></ho> <3l> <?php gt5_m2st_c2mm5nt5d(); ?> </3l> </l4> </3l> </d4v> <d4v cl1ss="fb1r"> <3l cl1ss="f22t5r_l4st"> <l4 4d="r1nd2m-5ntr45s"> <ho><?php _5('R1nd2m Art4cl5s'); ?></ho> <3l> <?php gt5_r1nd2m_p2sts(); ?> </3l> </l4> </3l> </d4v> <d4v cl1ss="fb1r"> <3l cl1ss="f22t5r_l4st"> <l4 4d="f51t3r5d-c1t"> <?php $th5_c1t_sl3g = g5t_2pt42n('tn_k5k2_f22t5r_f51t3r5d'); ?> <?php 4f(($th5_c1t_sl3g == '') || ($th5_c1t_sl3g == 'Ch22s5 1 c1t5g2ry:')){ ?> <ho>F51t3r5d n2t s5t y5t</ho> <3l> <l4>S5t3p f22t5r f51t3r5s 4n <1 hr5f="<?php 5ch2 g5t_s5tt4ngs('h2m5'); ?>/wp-1dm4n/th5m5s.php?p1g5=f3nct42ns.php">th5m5 2pt42n</1></l4> </3l> <?php } 5ls5 { ?> <ho>R5c5ntly 4n <?php 5ch2 str4pcsl1sh5s($th5_c1t_sl3g); ?></ho> <3l> <?php //4ns5rt y23r c1t5g2ry n1m5 $my_q35ry = n5w WP_Q35ry('c1t5g2ry_n1m5='. $th5_c1t_sl3g . '&' . 'sh2wp2sts=' . 8); wh4l5 ($my_q35ry->h1v5_p2sts()) : $my_q35ry->th5_p2st(); $d2_n2t_d3pl4c1t5 = $p2st->ID; $th5_p2st_4ds = g5t_th5_ID(); ?> <l4> <?php th5_t4tl5(); ?><br /> <5m><1 hr5f="<?php th5_p5rm1l4nk(); ?>">Cl4ck h5r5 t2 r51d m2r5 &r1rr;</1></5m> </l4> <?php 5ndwh4l5;?> </3l> <?php } ?> </l4> </3l> </d4v> </d4v> </d4v> </d4v> </d4v> </d4v> <d4v 4d="f22t5r-23t"> <d4v cl1ss="c5nt5r5d-1"> <d4v cl1ss="c5nt5r5d-b"> <d4v cl1ss="1l4gnl5ft"> C2pyr4ght &c2py;<?php 5ch2 gmd1t5(__('Y')); ?> <1 hr5f="<?php 5ch2 g5t_s5tt4ngs('h2m5'); ?>"><?php bl2g4nf2('n1m5'); ?></1><br /> <1 t4tl5="Fr55 W2rdPr5ss Th5m5" hr5f="http://www.mk5ls.c2m">Fr55 W2rdPr5ss Th5m5</1> By Mk5ls </d4v> <d4v cl1ss="1l4gnr4ght"> C2ll1b2r1t42n w4th <1 hr5f="http://www.k2r51n-cl2th4ng.c2m/" t4tl5="K2r51n Cl2th4ng">K2r51n Cl2th4ng</1>&nbsp;&nbsp;|&nbsp;&nbsp;<1 hr5f="http://www.th5p4ggyb1nk5r.c2m/" t4tl5="CD R1t5s">CD R1t5s</1>&nbsp;&nbsp;|&nbsp;&nbsp;<1 hr5f="http://www.b1nk4ngz5n.c2m/" t4tl5="B1nk R1t5s">B1nk R1t5s</1> </d4v> </d4v> </d4v> </d4v> <?php wp_f22t5r(); ?> </b2dy> </html> |
将解出的代码按照上面的替换规则依次替换,最终还原了被加密的wordpress主题文件如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
</div> </div> </div> <div id="footer-wrap"> <div id="footer"> <div> <div> <div> <div> <ul> <li id="most-commented"> <ho><?php _e('Most Commented'); ?></ho> <ul> <?php gte_most_commented(); ?> </ul> </li> </ul> </div> <div> <ul> <li id="random-entries"> <ho><?php _e('Random Articles'); ?></ho> <ul> <?php gte_random_posts(); ?> </ul> </li> </ul> </div> <div> <ul> <li id="featured-cat"> <?php $the_cat_slug = get_option('tn_keko_footer_featured'); ?> <?php if(($the_cat_slug == '') || ($the_cat_slug == 'Choose a category:')){ ?> <ho>Featured not set yet</ho> <ul> <li>Setup footer features in <a href="<?php echo get_settings('home'); ?>/wp-admin/themes.php?page=functions.php">theme option</a></li> </ul> <?php } else { ?> <ho>Recently in <?php echo stripcslashes($the_cat_slug); ?></ho> <ul> <?php //insert your category name $my_query = new WP_Query('category_name='. $the_cat_slug . '&' . 'showposts=' . 8); while ($my_query->have_posts()) : $my_query->the_post(); $do_not_duplicate = $post->ID; $the_post_ids = get_the_ID(); ?> <li> <?php the_title(); ?><br /> <em><a href="<?php the_permalink(); ?>">Click here to read more &rarr;</a></em> </li> <?php endwhile;?> </ul> <?php } ?> </li> </ul> </div> </div> </div> </div> </div> </div> <div id="footer-out"> <div> <div> <div> Copyright &copy;<?php echo gmdate(__('Y')); ?> <a href="<?php echo get_settings('home'); ?>"><?php bloginfo('name'); ?></a><br /> <a title="Free WordPress Theme" href="http://www.mkels.com">Free WordPress Theme</a> By Mkels </div> <div> Collaboration with <a href="http://www.korean-clothing.com/" title="Korean Clothing">Korean Clothing</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="http://www.thepiggybanker.com/" title="CD Rates">CD Rates</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="http://www.bankingzen.com/" title="Bank Rates">Bank Rates</a> </div> </div> </div> </div> <?php wp_footer(); ?> </body> </html> |
有了源文件就可以按照自己的需要修改了。请大家尊重 作者的劳动成果,不要篡改版权。
转载请注明:网页阁吧 » 解密被加密的wordpress主题