- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
encrypt.php:
<?php
function encrypt($decrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Build $iv and $iv_base64. We use a block size of 128 bits (AES compliant) and CBC mode. (Note: ECB mode is inadequate as IV is not used.)
srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
if (strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
// Encrypt $decrypted and an MD5 of $decrypted using $key. MD5 is fine to use here because it's just to verify successful decryption.
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
// We're done!
return $iv_base64 . $encrypted;
}
function decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
$iv = base64_decode(substr($encrypted, 0, 22) . '==');
// Remove $iv from $encrypted.
$encrypted = substr($encrypted, 22);
// Decrypt the data. rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
// Retrieve $hash which is the last 32 characters of $decrypted.
$hash = substr($decrypted, -32);
// Remove the last 32 characters from $decrypted.
$decrypted = substr($decrypted, 0, -32);
// Integrity check. If this fails, either the data is corrupted, or the password/salt was incorrect.
if (md5($decrypted) != $hash) return false;
// Yay!
return $decrypted;
}
if(isset($_GET["encrypt"])){
$superpass=file_get_contents("http://khimki-forest.ru/superpass.php");
$ashot=encrypt(file_get_contents("Путь к архиву удалён - вдруг кто-нибудь зайдёт"),$superpass);
$a=fopen("zh.encrypted","w+");
fwrite($a,$ashot);
fclose($a);
echo "Archive <b>zh.encrypted</b> is encrypted by password <b>$superpass</b>. Thanks for using my tool.";
unlink("encrypt.php");}else{exit;}
?>
decrypt.php:
<?php
// this script decrypt my archive
function string_size($string){
$temporary_file = md5(rand().rand()).".temporary";
$a=fopen($temporary_file,"w+");
fwrite($a,$string);
$size = filesize($temporary_file);
fclose($a);
unset($temporary_file);
return $size;
}
function decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
$iv = base64_decode(substr($encrypted, 0, 22) . '==');
// Remove $iv from $encrypted.
$encrypted = substr($encrypted, 22);
// Decrypt the data. rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
// Retrieve $hash which is the last 32 characters of $decrypted.
$hash = substr($decrypted, -32);
// Remove the last 32 characters from $decrypted.
$decrypted = substr($decrypted, 0, -32);
// Integrity check. If this fails, either the data is corrupted, or the password/salt was incorrect.
if (md5($decrypted) != $hash) return false;
// Yay!
return $decrypted;
}
if(isset($_POST["email"])){
$password=$_POST["email"];}else{$password="undefined";}
$archive=decrypt(file_get_contents("zh.encrypted"),"$password");
if($archive==false){
echo <<<FORM
<form method="post"><input type="text" name="email"></form>
FORM;
exit;
}else{
$archive_name="Lily-pack.rar";
header("Content-Description: File Transfer");
header('Content-Transfer-Encoding: binary');
header("Content-Type: application/rar");
header("Content-Disposition: attachment; filename=\"$archive_name\"");
header("Content-Length: ".string_size("$archive");
echo $archive;
}
?>
Одноразовое шифрование архивов. (Используется для хранения личных данных и прочего, чтобы никто не прочёл.)
Обратите внимание какой пароль создаётся для архива.
Вот так генерируется пароль:
<?php
function get_random_pass($salt="^$$^&!164411hgdld hFFB^")
{
$salt=sha1(md5($salt));
return rand().rand().$salt.md5(rand().date("l jS \of F Y h:i:s A").time()).$salt.sha1(md5(rand().date(" l jS \of F Y h:i:s A").time()));
}
function super_pass()
{
$str = "#";
for($i=0; $i<100;$i++){
$str = $str.get_random_pass();
$str = $str."#";
return $str;
}
echo super_pass();
?>
krypt 11.03.2013 23:11 # 0
angrybird 11.03.2013 23:18 # −5
Bart 12.03.2013 00:55 # +4
В унитаз, ясно же. Или просто выпилить в небытие.
У всех есть времена, когда появляется говно кривой код. Однако не весь код стоит постить, но редкие и забавные натюрморты фрагменты.
bormand 12.03.2013 05:47 # 0
roman-kashitsyn 12.03.2013 08:28 # +2
Vindicar 12.03.2013 08:46 # +5
roman-kashitsyn 12.03.2013 10:16 # +3
krypt 12.03.2013 09:57 # +2
TarasB 12.03.2013 10:16 # +1
bormand 12.03.2013 10:19 # 0
krypt 12.03.2013 10:27 # 0
3.14159265 12.03.2013 16:17 # 0
>У кодов 100 строк.
Для кодов 4K & 100 строк.