CodeIgniter Forums
Codeigniter Encrypt Decrypt - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Codeigniter Encrypt Decrypt (/showthread.php?tid=70728)

Codeigniter Encrypt Decrypt - bhavanichavala - 05-21-2018

 Please help me codeigniter files are encrypted
 I want to decode those files
I had done encryption by using https://github.com/rougin/codeigniter
 How to decrypt
Please help me anyone in the group #codeigniter

RE: Codeigniter Encrypt Decrypt - jreklund - 05-21-2018

We need code examples.

Those are just regular PHP files you have given us, it's not encrypted.

RE: Codeigniter Encrypt Decrypt - bhavanichavala - 05-22-2018

<?php ${"G\x4cO\x42\x41\x4cS"}["ye\x6a\x6c\x79\x68\x62\x6dcd\x70\x62"]="\x6aou\x72n\x61l\x73\x6c\x69\x73\x74";${"\x47\x4cOB\x41\x4c\x53"}["\x6bwl\x74\x6a\x70\x75o\x78\x6e"]="\x6d\x65\x73\x73\x61\x67e_\x62\x6fdy";${"\x47LO\x42A\x4c\x53"}["\x6c\x63\x67eu\x71ob\x69"]="\x72\x65\x73";${"\x47L\x4f\x42AL\x53"}["\x72gn\x62\x6c\x7au\x71"]="\x6d\x61\x69\x6cda\x74\x61";${"\x47L\x4fB\x41L\x53"}["\x65hc\x78d\x6cuk\x72c\x73"]="\x64ayaa\x72r\x61y";${"\x47\x4cO\x42AL\x53"}["\x69\x65\x69\x75\x74\x76p\x6f\x71rg"]="s\x74\x72";${"\x47\x4cOB\x41\x4cS"}["\x6bnr\x72\x6ao"]="\x64\x61t\x61";defined("\x42\x41S\x45P\x41T\x48")OR exit("\x4eo \x64\x69r\x65ct \x73\x63\x72\x69\x70\x74\x20ac\x63e\x73s \x61\x6c\x6co\x77ed");class Home extends CI_Controller{function __construct(){parent::__construct();date_default_timezone_set("\x41s\x69\x61/Ko\x6c\x6bat\x61");$this->load->model("\x50a\x67\x65c\x6f\x6e\x74\x65nt\x5f\x6d\x6f\x64el");$this->load->model("\x61\x64\x6d\x69\x6e/J\x6f\x75\x72n\x61\x6cs_m\x6fd\x65\x6c","A\x64m\x69\x6e\x5f\x4a\x6f\x75rna\x6cs_\x6d\x6fde\x6c",TRUE);}public function index(){${"\x47LOB\x41\x4c\x53"}["\x6c\x68\x73s\x62\x74\x63c"]="\x64\x61\x74\x61";${${"\x47\x4cOB\x41LS"}["lh\x73sb\x74\x63\x63"]}["pa\x67\x65\x43\x6fnt\x65\x6e\x74"]=$this->Pagecontent_model->getMainsitePortion();$this->load->view("in\x63\x6cu\x64e\x73/h\x65\x61der");$this->load->view("\x68o\x6de",${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x6bn\x72\x72\x6a\x6f"]});$this->load->view("inclu\x64es/f\x6f\x6f\x74e\x72");}public function pages($str=""){$gnzhuleoixp="\x73\x74\x72";if(trim(${$gnzhuleoixp})!=""){$this->load->view("include\x73/\x68ea\x64\x65\x72");if(${${"\x47LO\x42\x41\x4c\x53"}["\x69ei\x75\x74v\x70\x6f\x71r\x67"]}!="\x63on\x74a\x63\x74-\x75s"){if(${${"G\x4c\x4f\x42\x41\x4c\x53"}["i\x65i\x75tvpoq\x72\x67"]}=="jour\x6e\x61\x6cs"){$mmxhwlypbb="\x64at\x61";${"\x47\x4c\x4f\x42A\x4c\x53"}["\x79\x71a\x6b\x64\x75ih\x76\x67g"]="\x64\x61\x74\x61";${$mmxhwlypbb}["jo\x75r\x6e\x61ls\x6ci\x73\x74"]=$this->Admin_Journals_model->get_total_journals_list();$this->load->view("\x6a\x6furn\x61\x6c\x73-\x62y-\x63\x61teg\x6f\x72\x79",${${"GLO\x42A\x4cS"}["\x79\x71a\x6b\x64u\x69\x68\x76gg"]});}else{$dwldpm="\x73\x74\x72";${"\x47LO\x42AL\x53"}["n\x70p\x66\x63\x63\x73pg\x6f\x67s"]="\x64\x61t\x61";${${"G\x4cO\x42\x41\x4cS"}["\x6b\x6e\x72r\x6a\x6f"]}["p\x61\x67eC\x6fnt\x65\x6e\x74"]=$this->Pagecontent_model->getMainsiteContent(${$dwldpm});if(count(${${"\x47\x4c\x4fB\x41\x4c\x53"}["n\x70\x70\x66\x63\x63sp\x67\x6fg\x73"]}["p\x61ge\x43o\x6et\x65\x6et"])){$jrerpni="\x64\x61\x74a";$this->load->view("contentp\x61\x67\x65",${$jrerpni});}else{redirect("H\x6f\x6d\x65");}}}else{$irqabozy="\x64\x61\x74\x61";$qfmqutbhfwm="\x64\x61\x74a";${$irqabozy}["ca\x70tch\x61\x63\x6fd\x65"]=strtoupper(substr(md5(rand(10000,99999)),0,6));$this->load->view("\x63\x6f\x6et\x61c\x74",${$qfmqutbhfwm});}$this->load->view("i\x6e\x63\x6c\x75d\x65s/foo\x74er");}else{redirect("Home");}}public function loadcaptcha(){echo strtoupper(substr(md5(rand(10000,99999)),0,6));}public function sendmails(){${"\x47\x4cO\x42\x41\x4c\x53"}["\x71\x73jp\x74\x63y\x78\x78\x6aq"]="\x6d\x65\x73\x73\x61\x67\x65\x5f\x62\x6f\x64\x79";${"\x47\x4c\x4f\x42\x41LS"}["\x73\x74\x64c\x6f\x63\x6d\x70\x71"]="at\x74a\x63\x68m\x65\x6et\x73";extract($_POST);${${"GLO\x42\x41\x4c\x53"}["\x65\x68\x63\x78d\x6c\x75\x6b\x72\x63s"]}=json_decode(${${"\x47\x4c\x4f\x42AL\x53"}["\x72\x67\x6eb\x6c\x7a\x75q"]});${"G\x4c\x4fBAL\x53"}["i\x65u\x70\x64\x7a"]="at\x74a\x63hme\x6e\x74\x73";${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x73\x74\x64co\x63\x6dp\x71"]}="";${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x71\x73\x6a\x70t\x63\x79x\x78j\x71"]}=contact_email_body($dayaarray->Person_name,$dayaarray->subject,$dayaarray->Person_Message);${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x6c\x63g\x65\x75q\x6f\x62i"]}=opusemail($dayaarray->Person_email,$dayaarray->subject,${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6b\x77\x6c\x74j\x70\x75o\x78n"]},${${"\x47\x4cO\x42\x41\x4cS"}["\x69\x65\x75\x70\x64\x7a"]});${"\x47LOBALS"}["\x61\x75\x64x\x6fw"]="\x72\x65\x73";print_r(${${"\x47\x4cOB\x41\x4cS"}["\x61ud\x78\x6fw"]});}public function journals_search(){$hmqqbdk="\x6aou\x72\x6e\x61\x6c\x73l\x69\x73\x74";${$hmqqbdk}=$this->Admin_Journals_model->journals_search();echo journals_search(${${"\x47\x4cO\x42\x41\x4c\x53"}["\x79e\x6al\x79h\x62\x6dc\x64\x70b"]});}}
?>

RE: Codeigniter Encrypt Decrypt - jreklund - 05-22-2018

What kind of function did you use to encrypt them?
Does it actually run?
What are the dependencies to decrypt them (in real time), if it's running?
What encryption key did you use?

EDIT: On a second thought, that looks more like a weird HEX/BYTE encoding/encryption. You didn't write this yourself did you?
PHP Code:
<?php
${"GLOBALS"}["yejlyhbmcdpb"] = "journalslist";
${"GLOBALS"}["kwltjpuoxn"]   = "message_body";
${"GLOBALS"}["lcgeuqobi"]    = "res";
${"GLOBALS"}["rgnblzuq"]     = "maildata";
${"GLOBALS"}["ehcxdlukrcs"]  = "dayaarray";
${"GLOBALS"}["ieiutvpoqrg"]  = "str";
${"GLOBALS"}["knrrjo"]       = "data";
defined("BASEPATH") OR exit("No direct script access allowed");
class Home extends CI_Controller
{
    function __construct()
    {
        parent::__construct();
        date_default_timezone_set("Asia/Kolkata");
        $this->load->model("Pagecontent_model");
        $this->load->model("admin/Journals_model""Admin_Journals_model"TRUE);
    }
    public function index()
    {
        ${"GLOBALS"}["lhssbtcc"]                   = "data";
        ${${"GLOBALS"}["lhssbtcc"]}["pageContent"] = $this->Pagecontent_model->getMainsitePortion();
        $this->load->view("includes/header");
        $this->load->view("home", ${${"GLOBALS"}["knrrjo"]});
        $this->load->view("includes/footer");
    }
    public function pages($str "")
    {
        $gnzhuleoixp "str";
        if (trim(${$gnzhuleoixp}) != "") {
            $this->load->view("includes/header");
            if (${${"GLOBALS"}["ieiutvpoqrg"]} != "contact-us") {
                if (${${"GLOBALS"}["ieiutvpoqrg"]} == "journals") {
                    $mmxhwlypbb                    "data";
                    ${"GLOBALS"}["yqakduihvgg"]    = "data";
                    ${$mmxhwlypbb}["journalslist"] = $this->Admin_Journals_model->get_total_journals_list();
                    $this->load->view("journals-by-category", ${${"GLOBALS"}["yqakduihvgg"]});
                } else {
                    $dwldpm                                  "str";
                    ${"GLOBALS"}["nppfccspgogs"]             = "data";
                    ${${"GLOBALS"}["knrrjo"]}["pageContent"] = $this->Pagecontent_model->getMainsiteContent(${$dwldpm});
                    if (count(${${"GLOBALS"}["nppfccspgogs"]}["pageContent"])) {
                        $jrerpni "data";
                        $this->load->view("contentpage", ${$jrerpni});
                    } else {
                        redirect("Home");
                    }
                }
            } else {
                $irqabozy                   "data";
                $qfmqutbhfwm                "data";
                ${$irqabozy}["captchacode"] = strtoupper(substr(md5(rand(1000099999)), 06));
                $this->load->view("contact", ${$qfmqutbhfwm});
            }
            $this->load->view("includes/footer");
        } else {
            redirect("Home");
        }
    }
    public function loadcaptcha()
    {
        echo strtoupper(substr(md5(rand(1000099999)), 06));
    }
    public function sendmails()
    {
        ${"GLOBALS"}["qsjptcyxxjq"] = "message_body";
        ${"GLOBALS"}["stdcocmpq"]   = "attachments";
        extract($_POST);
        ${${"GLOBALS"}["ehcxdlukrcs"]} = json_decode(${${"GLOBALS"}["rgnblzuq"]});
        ${"GLOBALS"}["ieupdz"]         = "attachments";
        ${${"GLOBALS"}["stdcocmpq"]}   = "";
        ${${"GLOBALS"}["qsjptcyxxjq"]} = contact_email_body($dayaarray->Person_name$dayaarray->subject$dayaarray->Person_Message);
        ${${"GLOBALS"}["lcgeuqobi"]}   = opusemail($dayaarray->Person_email$dayaarray->subject, ${${"GLOBALS"}["kwltjpuoxn"]}, ${${"GLOBALS"}["ieupdz"]});
        ${"GLOBALS"}["audxow"]         = "res";
        print_r(${${"GLOBALS"}["audxow"]});
    }
    public function journals_search()
    {
        $hmqqbdk    "journalslist";
        ${$hmqqbdk} = $this->Admin_Journals_model->journals_search();
        echo journals_search(${${"GLOBALS"}["yejlyhbmcdpb"]});
    }


EDIT2: How it should look after HEX/BYTE decoding and cleanup.
PHP Code:
<?php
defined("BASEPATH") OR exit("No direct script access allowed");
class Home extends CI_Controller
{
    function __construct()
    {
        parent::__construct();
        date_default_timezone_set("Asia/Kolkata");
        $this->load->model("Pagecontent_model");
        $this->load->model("admin/Journals_model""Admin_Journals_model"TRUE);
    }
    public function index()
    {
        $data["pageContent"] = $this->Pagecontent_model->getMainsitePortion();
        $this->load->view("includes/header");
        $this->load->view("home"$data);
        $this->load->view("includes/footer");
    }
    public function pages($str "")
    {
        if (trim($str) != "") {
            $this->load->view("includes/header");
            if ($str != "contact-us") {
                if ($str == "journals") {
                    $data["journalslist"] = $this->Admin_Journals_model->get_total_journals_list();
                    $this->load->view("journals-by-category"$data);
                } else {
                    $data["pageContent"] = $this->Pagecontent_model->getMainsiteContent($str);
                    if (count($data["pageContent"])) {
                        $this->load->view("contentpage"$data);
                    } else {
                        redirect("Home");
                    }
                }
            } else {
                $data["captchacode"] = strtoupper(substr(md5(rand(1000099999)), 06));
                $this->load->view("contact"$data);
            }
            $this->load->view("includes/footer");
        } else {
            redirect("Home");
        }
    }
    public function loadcaptcha()
    {
        echo strtoupper(substr(md5(rand(1000099999)), 06));
    }
    public function sendmails()
    {
        extract($_POST);
        $dayaarray json_decode($maildata);
        $attachments   "";
        $message_body contact_email_body($dayaarray->Person_name$dayaarray->subject$dayaarray->Person_Message);
        $res   opusemail($dayaarray->Person_email$dayaarray->subject$message_body$attachments);
        print_r($res);
    }
    public function journals_search()
    {
        $journalslist $this->Admin_Journals_model->journals_search();
        echo journals_search($journalslist);
    }


https://security.stackexchange.com/questions/115461/i-found-unknown-php-code-on-my-server-how-do-i-de-obfuscate-the-code
https://www.conetix.com.au/blog/byte-encoding-exploits-php-files