解密被加密的wordpress主题

为了维护自己的版权好多wordpress主题都被加密了,一般被加密的主题文件是footer.php,方式为base64加密。解密被加密的wordpress主题文件并不是为了篡改版权删掉作者的链接,而是为了在原有主题的基础上加以修改使主题更加个性化。

keko是一款相当精致的wordpress主题,其主题文件footer.php被作者加密,如果想自己制定博客底部的内容就需要解密这个文件,当然如果你有编码能力也可以自己写footer.php。

网上有人用查看源代码的方式来解密,就是用firefox浏览器直接打开wordpress博客查看被加密部分的源代码。用这种方式可以根据css来还原php文件,但是这种方式并不是真正的解密,如果被加密代码的函数较多,这种方式就不可行了。

如何解密被加密的wordpress主题文件?下面就以keko为例子尝试一下真正的解密。

先看看keko主题的demo 很精致吧?!这款主题给我的映像是外观大方,设置简单,也很适合中文博客。打开footer.php看到如下代码(我用代码方式呈现可能不太直观,请拷贝到记事本方便查看)

<?php $_F=__FILE__;$_X='Pz48L2Q0dj4NCjwvZDR2Pg0KPC9kNHY+DQoNCjxkNHYgNGQ9ImYyMnQ1ci13cjFwIj4NCg0KPGQ0diA0ZD0iZjIydDVyIj4NCjxkNHYgY2wxc3M9ImM1bnQ1cjVkLTEiPg0KPGQ0diBjbDFzcz0iYzVudDVyNWQtYiI+DQoNCjxkNHYgY2wxc3M9ImYyMnQ1ci1jMm50NW50Ij4NCjxkNHYgY2wxc3M9ImZiMXIiPg0KPDNsIGNsMXNzPSJmMjJ0NXJfbDRzdCI+DQo8bDQgNGQ9Im0yc3QtYzJtbTVudDVkIj4NCjxobz48P3BocCBfNSgnTTJzdCBDMm1tNW50NWQnKTsgPz48L2hvPg0KPDNsPg0KPD9waHAgZ3Q1X20yc3RfYzJtbTVudDVkKCk7ID8+DQo8LzNsPg0KPC9sND4NCjwvM2w+DQo8L2Q0dj4NCg0KDQo8ZDR2IGNsMXNzPSJmYjFyIj4NCjwzbCBjbDFzcz0iZjIydDVyX2w0c3QiPg0KPGw0IDRkPSJyMW5kMm0tNW50cjQ1cyI+DQo8aG8+PD9waHAgXzUoJ1IxbmQybSBBcnQ0Y2w1cycpOyA/PjwvaG8+DQo8M2w+DQo8P3BocCBndDVfcjFuZDJtX3Ayc3RzKCk7ID8+DQo8LzNsPg0KPC9sND4NCjwvM2w+DQo8L2Q0dj4NCg0KDQo8ZDR2IGNsMXNzPSJmYjFyIj4NCjwzbCBjbDFzcz0iZjIydDVyX2w0c3QiPg0KPGw0IDRkPSJmNTF0M3I1ZC1jMXQiPg0KDQo8P3BocCAkdGg1X2MxdF9zbDNnID0gZzV0XzJwdDQybigndG5fazVrMl9mMjJ0NXJfZjUxdDNyNWQnKTsgPz4NCg0KPD9waHAgNGYoKCR0aDVfYzF0X3NsM2cgPT0gJycpIHx8ICgkdGg1X2MxdF9zbDNnID09ICdDaDIyczUgMSBjMXQ1ZzJyeTonKSl7ID8+DQoNCjxobz5GNTF0M3I1ZCBuMnQgczV0IHk1dDwvaG8+DQo8M2w+DQo8bDQ+UzV0M3AgZjIydDVyIGY1MXQzcjVzIDRuIDwxIGhyNWY9Ijw/cGhwIDVjaDIgZzV0X3M1dHQ0bmdzKCdoMm01Jyk7ID8+L3dwLTFkbTRuL3RoNW01cy5waHA/cDFnNT1mM25jdDQybnMucGhwIj50aDVtNSAycHQ0Mm48LzE+PC9sND4NCjwvM2w+DQoNCjw/cGhwIH0gNWxzNSB7ID8+DQoNCjxobz5SNWM1bnRseSA0biA8P3BocCA1Y2gyIHN0cjRwY3NsMXNoNXMoJHRoNV9jMXRfc2wzZyk7ID8+PC9obz4NCjwzbD4NCjw/cGhwDQovLzRuczVydCB5MjNyIGMxdDVnMnJ5IG4xbTUNCiRteV9xMzVyeSA9IG41dyBXUF9RMzVyeSgnYzF0NWcycnlfbjFtNT0nLiAkdGg1X2MxdF9zbDNnIC4gJyYnIC4gJ3NoMndwMnN0cz0nIC4gOCk7DQp3aDRsNSAoJG15X3EzNXJ5LT5oMXY1X3Ayc3RzKCkpIDogJG15X3EzNXJ5LT50aDVfcDJzdCgpOw0KJGQyX24ydF9kM3BsNGMxdDUgPSAkcDJzdC0+SUQ7DQokdGg1X3Ayc3RfNGRzID0gZzV0X3RoNV9JRCgpOw0KPz4NCjxsND4NCjw/cGhwIHRoNV90NHRsNSgpOyA/PjxiciAvPg0KPDVtPjwxIGhyNWY9Ijw/cGhwIHRoNV9wNXJtMWw0bmsoKTsgPz4iPkNsNGNrIGg1cjUgdDIgcjUxZCBtMnI1ICZyMXJyOzwvMT48LzVtPg0KPC9sND4NCjw/cGhwIDVuZHdoNGw1Oz8+DQo8LzNsPg0KDQo8P3BocCB9ID8+DQoNCjwvbDQ+DQo8LzNsPg0KDQo8L2Q0dj4NCjwvZDR2Pg0KDQoNCg0KDQo8L2Q0dj4NCjwvZDR2Pg0KPC9kNHY+DQo8L2Q0dj4NCg0KDQoNCjxkNHYgNGQ9ImYyMnQ1ci0yM3QiPg0KPGQ0diBjbDFzcz0iYzVudDVyNWQtMSI+DQo8ZDR2IGNsMXNzPSJjNW50NXI1ZC1iIj4NCg0KPGQ0diBjbDFzcz0iMWw0Z25sNWZ0Ij4NCkMycHlyNGdodCAmYzJweTs8P3BocCA1Y2gyIGdtZDF0NShfXygnWScpKTsgPz4gPDEgaHI1Zj0iPD9waHAgNWNoMiBnNXRfczV0dDRuZ3MoJ2gybTUnKTsgPz4iPjw/cGhwIGJsMmc0bmYyKCduMW01Jyk7ID8+PC8xPjxiciAvPg0KPDEgdDR0bDU9IkZyNTUgVzJyZFByNXNzIFRoNW01IiBocjVmPSJodHRwOi8vd3d3Lm1rNWxzLmMybSI+RnI1NSBXMnJkUHI1c3MgVGg1bTU8LzE+IEJ5IE1rNWxzDQo8L2Q0dj4NCg0KPGQ0diBjbDFzcz0iMWw0Z25yNGdodCI+DQpDMmxsMWIycjF0NDJuIHc0dGggPDEgaHI1Zj0iaHR0cDovL3d3dy5rMnI1MW4tY2wydGg0bmcuYzJtLyIgdDR0bDU9IksycjUxbiBDbDJ0aDRuZyI+SzJyNTFuIENsMnRoNG5nPC8xPiZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDs8MSBocjVmPSJodHRwOi8vd3d3LnRoNXA0Z2d5YjFuazVyLmMybS8iIHQ0dGw1PSJDRCBSMXQ1cyI+Q0QgUjF0NXM8LzE+Jm5ic3A7Jm5ic3A7fCZuYnNwOyZuYnNwOzwxIGhyNWY9Imh0dHA6Ly93d3cuYjFuazRuZ3o1bi5jMm0vIiB0NHRsNT0iQjFuayBSMXQ1cyI+QjFuayBSMXQ1czwvMT4NCjwvZDR2Pg0KPC9kNHY+DQo8L2Q0dj4NCjwvZDR2Pg0KPD9waHAgd3BfZjIydDVyKCk7ID8+DQo8L2IyZHk+DQo8L2h0bWw+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

不要头晕,作者在加密的时候已经把解密的方法告诉我们了,在文件结尾出看到了base64_decode 先分析后面这段代码

base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==')

很明显是用的base64加密了

JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==

请出代码解密工具Malzilla ,可别看成了 Mozilla 咯,这可不是火狐出的。Malzilla是一款网页解密工具,集成了好多常见加密算法的解密工具,多用来分析网页木马Malzilla 下载地址 如果觉得用软件麻烦,可以直接使用在线base64解密工具 如:http://tool.chinaz.com/Tools/Base64.aspx

解密后的代码为:

$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;

解密后的代码就比较容易分析了。是将$_X中的字符替换$_X=strtr($_X,’123456aouie’,’aouie123456′); 1换成a,2换成o,3换成u,4换成i,5换成e ,这是一个简单的替换规则。
然后直接将$_X 用base64解密,解密后的代码为:

?></d4v>
</d4v>
</d4v>

<d4v 4d="f22t5r-wr1p">

<d4v 4d="f22t5r">
<d4v cl1ss="c5nt5r5d-1">
<d4v cl1ss="c5nt5r5d-b">

<d4v cl1ss="f22t5r-c2nt5nt">
<d4v cl1ss="fb1r">
<3l cl1ss="f22t5r_l4st">
<l4 4d="m2st-c2mm5nt5d">
<ho><?php _5('M2st C2mm5nt5d'); ?></ho>
<3l>
<?php gt5_m2st_c2mm5nt5d(); ?>
</3l>
</l4>
</3l>
</d4v>


<d4v cl1ss="fb1r">
<3l cl1ss="f22t5r_l4st">
<l4 4d="r1nd2m-5ntr45s">
<ho><?php _5('R1nd2m Art4cl5s'); ?></ho>
<3l>
<?php gt5_r1nd2m_p2sts(); ?>
</3l>
</l4>
</3l>
</d4v>


<d4v cl1ss="fb1r">
<3l cl1ss="f22t5r_l4st">
<l4 4d="f51t3r5d-c1t">

<?php $th5_c1t_sl3g = g5t_2pt42n('tn_k5k2_f22t5r_f51t3r5d'); ?>

<?php 4f(($th5_c1t_sl3g == '') || ($th5_c1t_sl3g == 'Ch22s5 1 c1t5g2ry:')){ ?>

<ho>F51t3r5d n2t s5t y5t</ho>
<3l>
<l4>S5t3p f22t5r f51t3r5s 4n <1 hr5f="<?php 5ch2 g5t_s5tt4ngs('h2m5'); ?>/wp-1dm4n/th5m5s.php?p1g5=f3nct42ns.php">th5m5 2pt42n</1></l4>
</3l>

<?php } 5ls5 { ?>

<ho>R5c5ntly 4n <?php 5ch2 str4pcsl1sh5s($th5_c1t_sl3g); ?></ho>
<3l>
<?php
//4ns5rt y23r c1t5g2ry n1m5
$my_q35ry = n5w WP_Q35ry('c1t5g2ry_n1m5='. $th5_c1t_sl3g . '&' . 'sh2wp2sts=' . 8);
wh4l5 ($my_q35ry->h1v5_p2sts()) : $my_q35ry->th5_p2st();
$d2_n2t_d3pl4c1t5 = $p2st->ID;
$th5_p2st_4ds = g5t_th5_ID();
?>
<l4>
<?php th5_t4tl5(); ?>

<5m><1 hr5f="<?php th5_p5rm1l4nk(); ?>">Cl4ck h5r5 t2 r51d m2r5 &r1rr;</1></5m>
</l4>
<?php 5ndwh4l5;?>
</3l>

<?php } ?>

</l4>
</3l>

</d4v>
</d4v>




</d4v>
</d4v>
</d4v>
</d4v>



<d4v 4d="f22t5r-23t">
<d4v cl1ss="c5nt5r5d-1">
<d4v cl1ss="c5nt5r5d-b">

<d4v cl1ss="1l4gnl5ft">
C2pyr4ght &c2py;<?php 5ch2 gmd1t5(__('Y')); ?> <1 hr5f="<?php 5ch2 g5t_s5tt4ngs('h2m5'); ?>"><?php bl2g4nf2('n1m5'); ?></1>

<1 t4tl5="Fr55 W2rdPr5ss Th5m5" hr5f="http://www.mk5ls.c2m">Fr55 W2rdPr5ss Th5m5</1> By Mk5ls
</d4v>

<d4v cl1ss="1l4gnr4ght">
C2ll1b2r1t42n w4th <1 hr5f="http://www.k2r51n-cl2th4ng.c2m/" t4tl5="K2r51n Cl2th4ng">K2r51n Cl2th4ng</1>  |  <1 hr5f="http://www.th5p4ggyb1nk5r.c2m/" t4tl5="CD R1t5s">CD R1t5s</1>  |  <1 hr5f="http://www.b1nk4ngz5n.c2m/" t4tl5="B1nk R1t5s">B1nk R1t5s</1>
</d4v>
</d4v>
</d4v>
</d4v>
<?php wp_f22t5r(); ?>
</b2dy>
</html>

将解出的代码按照上面的替换规则依次替换,最终还原了被加密的wordpress主题文件如下:

</div>
</div>
</div>

<div id="footer-wrap">

<div id="footer">
<div class="centered-a">
<div class="centered-b">

<div class="footer-content">
<div class="fbar">
<ul class="footer_list">
<li id="most-commented">
<ho><?php _e('Most Commented'); ?></ho>
<ul>
<?php gte_most_commented(); ?>
</ul>
</li>
</ul>
</div>


<div class="fbar">
<ul class="footer_list">
<li id="random-entries">
<ho><?php _e('Random Articles'); ?></ho>
<ul>
<?php gte_random_posts(); ?>
</ul>
</li>
</ul>
</div>


<div class="fbar">
<ul class="footer_list">
<li id="featured-cat">

<?php $the_cat_slug = get_option('tn_keko_footer_featured'); ?>

<?php if(($the_cat_slug == '') || ($the_cat_slug == 'Choose a category:')){ ?>

<ho>Featured not set yet</ho>
<ul>
<li>Setup footer features in <a href="<?php echo get_settings('home'); ?>/wp-admin/themes.php?page=functions.php">theme option</a></li>
</ul>

<?php } else { ?>

<ho>Recently in <?php echo stripcslashes($the_cat_slug); ?></ho>
<ul>
<?php
//insert your category name
$my_query = new WP_Query('category_name='. $the_cat_slug . '&' . 'showposts=' . 8);
while ($my_query->have_posts()) : $my_query->the_post();
$do_not_duplicate = $post->ID;
$the_post_ids = get_the_ID();
?>
<li>
<?php the_title(); ?>

<em><a href="<?php the_permalink(); ?>">Click here to read more →</a></em>
</li>
<?php endwhile;?>
</ul>

<?php } ?>

</li>
</ul>

</div>
</div>




</div>
</div>
</div>
</div>



<div id="footer-out">
<div class="centered-a">
<div class="centered-b">

<div class="alignleft">
Copyright ©<?php echo gmdate(__('Y')); ?> <a href="<?php echo get_settings('home'); ?>"><?php bloginfo('name'); ?></a>

<a title="Free WordPress Theme" href="http://www.mkels.com">Free WordPress Theme</a> By Mkels
</div>

<div class="alignright">
Collaboration with <a href="http://www.korean-clothing.com/" title="Korean Clothing">Korean Clothing</a>  |  <a href="http://www.thepiggybanker.com/" title="CD Rates">CD Rates</a>  |  <a href="http://www.bankingzen.com/" title="Bank Rates">Bank Rates</a>
</div>
</div>
</div>
</div>
<?php wp_footer(); ?>
</body>
</html>

有了源文件就可以按照自己的需要修改了。请大家尊重作者的劳动成果,不要篡改版权。

《解密被加密的wordpress主题》有21个想法

发表评论

电子邮件地址不会被公开。 必填项已用*标注