What does this PHP do? Is it an encoder/decoder?
I don't know PHP at all; this is more of a question of curiosity.
Following the PHP function below in the text file are a few thousand characters of text, such as:
xnEFstUhSNWGSx5zTq4X/AUw/rtism+klrBETWg0xE1uwb49rnRxrgrgY5EEp3Y0uvTcvLqhUFOP
4n7LDLQpQ9UACTyuUjGBKmUScQCYLCP08u06t0K3nWTNiM7Q6bQMk/iZBE+UK1ywbVC1Lzr9OOEK
Does this php function encode the random-looking text into php? Can the encryption scheme be figured out from this?
EDIT: The client says he has full ownership and rights to the code, developed by someone else. How would it be decoded? Does it require a password?
<?php //003ac
if (!extension_loaded('ionCube Loader')) {
$__oc = strtolower(substr(php_uname(), 0, 3));
$__ln = 'ioncube_loader_' . $__oc . '_' . substr(phpversion(), 0, 3) . (($__oc == 'win') ? '.dll' : '.so');
@dl($__ln);
if (function_exists('_il_exec')) {
return _il_exec();
}
$__ln = '/ioncube/' . $__ln;
$__oid = $__id = realpath(ini_get('extension_dir'));
$__here = dirname(__FILE__);
if (strlen($__id) > 1 && $__id[1] == ':') {
$__id = str_replace('\\', '/', substr($__id, 2));
$__here = str_replace('\\', '/', substr($__here, 2));
}
$__rd = str_repeat('/..', substr_count($__id, '/')) . $__here . '/';
$__i = strlen($__rd);
while ($__i--) {
if ($__rd[$__i] == '/') {
$__lp = substr($__rd, 0, $__i) . $__ln;
if (file_exists($__oid . $__lp)) {
$__ln = $__lp;
break;
}
}
}
@dl($__ln);
} else {
die('The file ' . __FILE__ . " is corrupted.\n");
}
if (function_exists('_il_exec')) {
return _il_exec();
}
echo ('Site error: the file <b>' . __FILE__ . '</b> requires the ionCube
PHP Loader ' . basename($__ln) . ' to be installed by the site administrator.');
exit(199);
?>
Answer
It's practically ioncube-encoded PHP, or obfuscated if you like. Ioncube is a non-free obfuscated-bytecode execution engine and the ioncube loader is the library which handles the obfuscated code.
Worth to mention that the 'deobfuscator' is a free library, and it's loaded in most of the PHP installations I've seen.