Follow me on twitter

I have been a bit active on twitter.. I don’t know when I stop twitting.. However for the time being, you may follow me on twitter (http://www.twitter.com/alialmahdi/).

Replace text in many files using perl

Last night, I have several files containing the same text and I wanted that text to be replaced. I used perl one liner to do the job and I thought it may be useful for someone else so here it is:

perl -e “s/text/replacewith/g;” -pi.orig *.txt

This is going to save a backup of the files with .orig extension and do the replace. If you don’t want backup, then remove the .orig from the line.

Also, if you want to replace text in all files in a directory, then use:

perl -e “s/text/replacewith/g;” -pi.orig $(find . -type f)

ZenCrypt — PHP Encoder

Last night, I was searching the internet for PHP Encoders, I always knew that ZendGuard and IONCUBE are the best. However, I thought of giving others a chance. While searching I came across ZenCrypt. One of the good things about it that it doesn’t need a loader on the server-side. Thus, the scripts are self-decodable. But this makes it easy to decrypt. On thier website, they have two scripts. One is the source, and the other is the encoded script.

My Attempt to understand its way of encoding to see if it worth the USD45.

Source PHP Code:

<?php
/* -------------------------------------------------
               www.ZenCrypt.com
             ZenCrypt simple demo

User Manual: http://www.zencrypt.com/INFO/ZenCrypt_PHP_Encoder.pdf
------------------------------------------------- */

//{{{PHP_INSERT_a1}}}
// Encoded chunk of code will be inserted here by ZenCrypt
// Encoded version - test_encoded.php was generated by running ZenCrypt with this command:
//    php -f zencrypt.php infile=test_plain.php outfile=test_encoded.php enccycles=10 stripcomments=yes
//{{{/PHP_INSERT_a1}}}

// This code client will see
$encrypted_number = 52728;

$resulted_number = ZEN_encrypt ($encrypted_number);
echo "\nEncrypted number=$resulted_number";
$resulted_number = ZEN_decrypt ($resulted_number);
echo "\nDecrypted number=$resulted_number";

//{{{PHP_ENCODE_a1}}}
// This part will be encoded and moved above (in between PHP_INSERT tags).
// We do not want to expose these "super secret" encryption functions to the clients.
function ZEN_encrypt ($input)
{
return ($input+5432);
}

function ZEN_decrypt ($input)
{
return ($input-5432);
}
//{{{/PHP_ENCODE_a1}}}

?>

Encoded Code:

<?php
/* -------------------------------------------------
               www.ZenCrypt.com
             ZenCrypt simple demo

User Manual: http://www.zencrypt.com/INFO/ZenCrypt_PHP_Encoder.pdf
------------------------------------------------- */

$juTSvfNAGsrLGell='=ch/5z/T/fd3E73dPj+i+/rRNYcW/rz/sr6zjSNreaXN+nf/W876jLfWtd9fYXR5F3mtYCRhWNW7dOXGPsM19c920z3acnzSfxYMLFxg/Lz0nIz1FfpnLVdf/xksrTZqs55rpk///93fz27zHki6/oWYz1+9boz693v+vwQE52qDxffRSPNxjIf7xOfHb07GgxXHS/CawCIAXw9xuOY/EVs2KuqrxeJFCMTjEENA0ny6gTRUnndy30KTE/uyY77Pa0TWPVyHmqmYQ98Vf+dgq80ne2FgRkZzz1I103xrDgFjbVdXrcq4coJhOlJwGfXOMVavufyVOwpoIna3qQ5ldM+cVFUwoIHxuEbp3t6HEKKHnhi8rDY6aBfCxM9HkjSCeDP5gWj8GO2zaLsMsrsmLaLw605dRJDxFQZcyTe/X5RDaN9pJ0JTlyEzs0b6ds4cIeRg0uf7/INtfOgFECfah6aJz5Z8WbW5XorpGJZQAk/0H4sxB6GZiXZT44QtxETrhcqSgW5rtxHBxfDN6o8R8m7tbItO7uy3VBIRCi7f1Z+g6qkDoFRh3oiPBehlfbWHOCxdljFFxBjWwZhwOG/tAPA/EtX8LOkw3h04N+Ju7F25yDu6L7itrTU2jJ4dhqbPfBXzXg73fIzmZCyYxdmischnH+1voRzSntcnhxhyLfEriTCyEOhlOlzadH8WzfTUst9O3HBBP0U2JxDBRaLNQUeZjSpFWaDrQGUz3zWFYzBrYHUEtIjENWe0YsQpaFChodc7xDgaegxTTZNNb/il0sihsr6TdlVaq6HCfBywAK92VzCMeIJ7/7TfVgUvBr/zeaZJxuB1JTzT5n5KL1Kn04GldNUuQ+Zfyu3tcSd4UZDmMCFO2G9JmLQP6lurmNLUrcNO1dTalveKGhbqjZBOKro9Yi4MSS05BPcE+uBGP+wmqsaFP/CCMQvKopFeye2W282Dhwvnt743mYkfm0f1zeyox6ftiQ0KU3X3MjQgtkHG97Ob1iS/VZ+NZRf+c7GCztrRNKRZnElL2tA5GZMIfDXn5kUzCElSANn82mCOe+QXjpImZLFxb+Uh1X0jjsOyBTiZZbNJcFuebnG92TO+p/q1FXf9F9p7CQL32aBFxrtQG1hn6jlq3CjazvZ2k7i3wWbWnMSkyWfKOZtJcFLMvAEH+RPFEnaezjbZpUHR+4a7nYoCD9TUVkmukb7U0xti00EBIIxSVNyZrku/xnuuDAln/k/0IL/JaVQpof19rFjY4yHedvkhCiES1bOWeTO4LhhTJuJMmigCUWH4hobXlpr4cwvUnvNpFJrHJmGTYnCL/Sm+RMd0urBbOcuPDdS1M4whnim/+oEPx9VU4PbEmFy2YscLp8Zeczp8JT7mXnKF5VXK0glSAemv8vlmr/rcc/g34sXfPTqjYhZsc4K2ZuXbbYsWUUc9lJTfc2pSJyJaXcwxnezRpTVzwxkIbE2gr6RFBhmBLD2VNCQlx9Mlq3ib1v0czH2DbK7uqQ8mBEmXFmextYLxOKlUyKi561bLibKNCtMwAu/CJqA7gH9ImS/MP1LCZ6Iq8sYvu6nZvOgpXj5SiTGjZvaj2H0uDkx0E653Ngfd2RPIidVbrIPo/bDjFH5JNbWGTZiwCpi3LZAZ2Jh7CQyiL6qCKyJRMU2mC1KapSxqxZzoZ1IDI5j+ZjJzdyb/N82DRWQ5TKP9GYWLiB6m9Jmku3I31DNv0Wfs0uVuqXFU3kNM3ejaeXtT2ZolhmEhuiYS6fpTXEmym65ITt646EAEfnnSTDy9Ybt7L5xukkRuaHG3DKRJm/I48XOQkubAcY3ZuRHKIl8OcQeyd2jIY06sMvd5Ud8wiqvTtxHuyJV+S9cTmo2NsL/LZV/c19kmOMpKd0N1d62IdjeeufMxGxM42QFe+NS+rZeD5jY9KOe6c4adcJMToZDt7F8mEN4isP9okCSxpN1Wvr8cpj+Rwn6xFslssE60hp54EwDmogCfgu1xz9dLGUCP4hk8BQAEPxCJ3+8KALk/4ry59SEHgAsPZW3QeuBJ1xQWsQQHnvphTU/hFcFApGOYgiqw+P2bHPAtahgbhG4g5twGhSmwIIAggBccUccjnrn9Z2wn+ZbQAB1eN9CTMBQMBEE98OApvjbJ2EAYeui/+/PE0n78g542p9K1FhlIIT7xFwOvff919+OIkX675p2SBB7YNRuCWYXBZyvDISuj3SVb';$QynVyKBtA_laXYfjkJ=';))))yyrTYefTNAsiFGhw$(ireegf(rqbprq_46rfno(rgnysavmt(ynir';$LoMOYHmyNmPlxD=strrev($QynVyKBtA_laXYfjkJ);$lUETluMevSaLCDV=str_rot13($LoMOYHmyNmPlxD);eval($lUETluMevSaLCDV);

// This code client will see
$encrypted_number = 52728;

$resulted_number = ZEN_encrypt ($encrypted_number);
echo "\nEncrypted number=$resulted_number";
$resulted_number = ZEN_decrypt ($resulted_number);
echo "\nDecrypted number=$resulted_number";

?>

My Attempt to Decode the Code:

<?php
/* ————————————————-
www.ZenCrypt.com
ZenCrypt simple demo

User Manual: http://www.zencrypt.com/INFO/ZenCrypt_PHP_Encoder.pdf
————————————————- */

$juTSvfNAGsrLGell=’=ch/5z/T/fd3E73dPj+i+/rRNYcW/rz/sr6zjSNreaXN+nf/W876jLfWtd9fYXR5F3mtYCRhWNW7dOXGPsM19c920z3acnzSfxYMLFxg/Lz0nIz1FfpnLVdf/xksrTZqs55rpk///93fz27zHki6/oWYz1+9boz693v+vwQE52qDxffRSPNxjIf7xOfHb07GgxXHS/CawCIAXw9xuOY/EVs2KuqrxeJFCMTjEENA0ny6gTRUnndy30KTE/uyY77Pa0TWPVyHmqmYQ98Vf+dgq80ne2FgRkZzz1I103xrDgFjbVdXrcq4coJhOlJwGfXOMVavufyVOwpoIna3qQ5ldM+cVFUwoIHxuEbp3t6HEKKHnhi8rDY6aBfCxM9HkjSCeDP5gWj8GO2zaLsMsrsmLaLw605dRJDxFQZcyTe/X5RDaN9pJ0JTlyEzs0b6ds4cIeRg0uf7/INtfOgFECfah6aJz5Z8WbW5XorpGJZQAk/0H4sxB6GZiXZT44QtxETrhcqSgW5rtxHBxfDN6o8R8m7tbItO7uy3VBIRCi7f1Z+g6qkDoFRh3oiPBehlfbWHOCxdljFFxBjWwZhwOG/tAPA/EtX8LOkw3h04N+Ju7F25yDu6L7itrTU2jJ4dhqbPfBXzXg73fIzmZCyYxdmischnH+1voRzSntcnhxhyLfEriTCyEOhlOlzadH8WzfTUst9O3HBBP0U2JxDBRaLNQUeZjSpFWaDrQGUz3zWFYzBrYHUEtIjENWe0YsQpaFChodc7xDgaegxTTZNNb/il0sihsr6TdlVaq6HCfBywAK92VzCMeIJ7/7TfVgUvBr/zeaZJxuB1JTzT5n5KL1Kn04GldNUuQ+Zfyu3tcSd4UZDmMCFO2G9JmLQP6lurmNLUrcNO1dTalveKGhbqjZBOKro9Yi4MSS05BPcE+uBGP+wmqsaFP/CCMQvKopFeye2W282Dhwvnt743mYkfm0f1zeyox6ftiQ0KU3X3MjQgtkHG97Ob1iS/VZ+NZRf+c7GCztrRNKRZnElL2tA5GZMIfDXn5kUzCElSANn82mCOe+QXjpImZLFxb+Uh1X0jjsOyBTiZZbNJcFuebnG92TO+p/q1FXf9F9p7CQL32aBFxrtQG1hn6jlq3CjazvZ2k7i3wWbWnMSkyWfKOZtJcFLMvAEH+RPFEnaezjbZpUHR+4a7nYoCD9TUVkmukb7U0xti00EBIIxSVNyZrku/xnuuDAln/k/0IL/JaVQpof19rFjY4yHedvkhCiES1bOWeTO4LhhTJuJMmigCUWH4hobXlpr4cwvUnvNpFJrHJmGTYnCL/Sm+RMd0urBbOcuPDdS1M4whnim/+oEPx9VU4PbEmFy2YscLp8Zeczp8JT7mXnKF5VXK0glSAemv8vlmr/rcc/g34sXfPTqjYhZsc4K2ZuXbbYsWUUc9lJTfc2pSJyJaXcwxnezRpTVzwxkIbE2gr6RFBhmBLD2VNCQlx9Mlq3ib1v0czH2DbK7uqQ8mBEmXFmextYLxOKlUyKi561bLibKNCtMwAu/CJqA7gH9ImS/MP1LCZ6Iq8sYvu6nZvOgpXj5SiTGjZvaj2H0uDkx0E653Ngfd2RPIidVbrIPo/bDjFH5JNbWGTZiwCpi3LZAZ2Jh7CQyiL6qCKyJRMU2mC1KapSxqxZzoZ1IDI5j+ZjJzdyb/N82DRWQ5TKP9GYWLiB6m9Jmku3I31DNv0Wfs0uVuqXFU3kNM3ejaeXtT2ZolhmEhuiYS6fpTXEmym65ITt646EAEfnnSTDy9Ybt7L5xukkRuaHG3DKRJm/I48XOQkubAcY3ZuRHKIl8OcQeyd2jIY06sMvd5Ud8wiqvTtxHuyJV+S9cTmo2NsL/LZV/c19kmOMpKd0N1d62IdjeeufMxGxM42QFe+NS+rZeD5jY9KOe6c4adcJMToZDt7F8mEN4isP9okCSxpN1Wvr8cpj+Rwn6xFslssE60hp54EwDmogCfgu1xz9dLGUCP4hk8BQAEPxCJ3+8KALk/4ry59SEHgAsPZW3QeuBJ1xQWsQQHnvphTU/hFcFApGOYgiqw+P2bHPAtahgbhG4g5twGhSmwIIAggBccUccjnrn9Z2wn+ZbQAB1eN9CTMBQMBEE98OApvjbJ2EAYeui/+/PE0n78g542p9K1FhlIIT7xFwOvff919+OIkX675p2SBB7YNRuCWYXBZyvDISuj3SVb’;$QynVyKBtA_laXYfjkJ=’;))))yyrTYefTNAsiFGhw$(ireegf(rqbprq_46rfno(rgnysavmt(ynir’;$LoMOYHmyNmPlxD=strrev($QynVyKBtA_laXYfjkJ);$lUETluMevSaLCDV=str_rot13($LoMOYHmyNmPlxD);eval($lUETluMevSaLCDV);

//print  gzinflate(base64_decode(strrev($juTSvfNAGsrLGell)));

$str=str_replace(“eval”,”\$str=”, gzinflate(base64_decode(strrev($juTSvfNAGsrLGell))));
eval($str);
print $str.”\n–\n”;
//print “–\n”;
for($icount=0; $icount<17; $icount++) {
$str=str_replace(“eval”,”\$str=”, $str);
print $str.”\n$icount–\n”;
eval($str);
print $str.”\n$icount–\n”;
}

// This code client will see
$encrypted_number = 52728;

$resulted_number = ZEN_encrypt ($encrypted_number);
echo “\nEncrypted number=$resulted_number”;
$resulted_number = ZEN_decrypt ($resulted_number);
echo “\nDecrypted number=$resulted_number”;
?>

Conclusion:

What I see that it doesn’t worth the the USD45. Maybe if it was encoded with ZendGuard or ionCube and produces a file that requires a PHP Loader. Just like PHPCipher.
However, from this attempt. I thought that I will write my own encoder. It will be using the same method, however, the output will be encoded in both ZendGuard and ionCube. Stay tuned!