Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 77) Position 1 = 61, Position 2 = 186
Branch analysis from position: 61
2 jumps found. (Code = 78) Position 1 = 62, Position 2 = 186
Branch analysis from position: 62
2 jumps found. (Code = 43) Position 1 = 65, Position 2 = 66
Branch analysis from position: 65
1 jumps found. (Code = 42) Position 1 = 61
Branch analysis from position: 61
Branch analysis from position: 66
2 jumps found. (Code = 43) Position 1 = 92, Position 2 = 94
Branch analysis from position: 92
1 jumps found. (Code = 42) Position 1 = 180
Branch analysis from position: 180
2 jumps found. (Code = 44) Position 1 = 185, Position 2 = 95
Branch analysis from position: 185
1 jumps found. (Code = 42) Position 1 = 61
Branch analysis from position: 61
Branch analysis from position: 95
2 jumps found. (Code = 43) Position 1 = 102, Position 2 = 103
Branch analysis from position: 102
1 jumps found. (Code = 42) Position 1 = 180
Branch analysis from position: 180
Branch analysis from position: 103
2 jumps found. (Code = 43) Position 1 = 135, Position 2 = 137
Branch analysis from position: 135
1 jumps found. (Code = 42) Position 1 = 152
Branch analysis from position: 152
2 jumps found. (Code = 46) Position 1 = 160, Position 2 = 163
Branch analysis from position: 160
2 jumps found. (Code = 43) Position 1 = 164, Position 2 = 170
Branch analysis from position: 164
1 jumps found. (Code = 42) Position 1 = 177
Branch analysis from position: 177
2 jumps found. (Code = 44) Position 1 = 185, Position 2 = 95
Branch analysis from position: 185
Branch analysis from position: 95
Branch analysis from position: 170
2 jumps found. (Code = 44) Position 1 = 185, Position 2 = 95
Branch analysis from position: 185
Branch analysis from position: 95
Branch analysis from position: 163
Branch analysis from position: 137
2 jumps found. (Code = 46) Position 1 = 160, Position 2 = 163
Branch analysis from position: 160
Branch analysis from position: 163
Branch analysis from position: 94
Branch analysis from position: 186
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 186
filename: /in/b2W1u
function name: (null)
number of ops: 188
compiled vars: !0 = $imei, !1 = $source_id, !2 = $source_key, !3 = $host, !4 = $argv, !5 = $port, !6 = $c_request, !7 = $enc_c_request, !8 = $url, !9 = $response, !10 = $result, !11 = $session_data, !12 = $session_id, !13 = $session_key, !14 = $time, !15 = $dataFiles, !16 = $dataFile, !17 = $reqData, !18 = $file_name, !19 = $sleepTime, !20 = $line, !21 = $d_request_data, !22 = $enc_d_request, !23 = $request, !24 = $uncompressed, !25 = $decrypted, !26 = $stripped, !27 = $d_response
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
4 0 E > ASSIGN !0, '000999999999999999'
5 1 ASSIGN !1, '0000000099'
6 2 ASSIGN !2, '%24s%AB%7F%88OK%2F'
8 3 FETCH_DIM_R ~31 !4, 1
4 ASSIGN !3, ~31
9 5 FETCH_DIM_R ~33 !4, 2
6 ASSIGN !5, ~33
12 7 CONCAT ~35 !0, ''
8 CONCAT ~36 ~35, !1
9 ASSIGN !6, ~36
14 10 INIT_STATIC_METHOD_CALL 'Crypt', 'encrypt'
11 SEND_VAR_EX !6
12 FETCH_CLASS_CONSTANT ~38 'Crypt', 'COMMON_KEY'
13 SEND_VAL_EX ~38
14 DO_FCALL 0 $39
15 ASSIGN !7, $39
16 16 CONCAT ~41 'http%3A%2F%2F', !3
17 CONCAT ~42 ~41, '%3A'
18 CONCAT ~43 ~42, !5
19 CONCAT ~44 ~43, '%2Fsw-system%2Fsloc8r%2Fpublic%2Fc.php'
20 ASSIGN !8, ~44
18 21 INIT_FCALL_BY_NAME 'send_request'
22 SEND_VAR_EX !8
23 SEND_VAR_EX !7
24 DO_FCALL 0 $46
25 ASSIGN !9, $46
20 26 INIT_FCALL_BY_NAME 'split'
27 SEND_VAL_EX '%2C'
28 SEND_VAR_EX !9
29 SEND_VAL_EX 3
30 DO_FCALL 0 $48
31 ASSIGN !10, $48
22 32 INIT_FCALL_BY_NAME 'split'
33 SEND_VAL_EX '%2C'
34 INIT_STATIC_METHOD_CALL 'Crypt', 'decrypt'
35 CHECK_FUNC_ARG
36 FETCH_DIM_FUNC_ARG $50 !10, 2
37 SEND_FUNC_ARG $50
38 SEND_VAR_EX !2
39 DO_FCALL 0 $51
40 SEND_VAR_NO_REF_EX $51
41 SEND_VAL_EX 2
42 DO_FCALL 0 $52
43 ASSIGN !11, $52
24 44 INIT_FCALL 'sprintf'
45 SEND_VAL '%25020d'
46 FETCH_DIM_R ~54 !11, 0
47 SEND_VAL ~54
48 DO_ICALL $55
49 ASSIGN !12, $55
25 50 FETCH_DIM_R ~57 !11, 1
51 ASSIGN !13, ~57
29 52 INIT_FCALL 'time'
53 DO_ICALL $59
54 ASSIGN !14, $59
31 55 INIT_FCALL 'scandir'
56 FETCH_DIM_R ~61 !4, 3
57 SEND_VAL ~61
58 DO_ICALL $62
59 ASSIGN !15, $62
33 60 > FE_RESET_R $64 !15, ->186
61 > > FE_FETCH_R $64, !16, ->186
34 62 > STRLEN ~65 !16
63 IS_SMALLER ~65, 5
64 > JMPZ ~66, ->66
65 > > JMP ->61
35 66 > INIT_FCALL 'print_r'
67 SEND_VAR !16
68 DO_ICALL
69 ECHO '%0A'
39 70 INIT_FCALL 'fopen'
71 FETCH_DIM_R ~68 !4, 3
72 CONCAT ~69 ~68, '%2F'
73 CONCAT ~70 ~69, !16
74 SEND_VAL ~70
75 SEND_VAL 'r'
76 DO_ICALL $71
77 ASSIGN !17, $71
40 78 INIT_FCALL 'preg_replace'
79 SEND_VAL '%2F%5B%5E0-9%5D%2F'
80 SEND_VAL ''
81 SEND_VAR !16
82 DO_ICALL $73
83 ASSIGN !18, $73
43 84 CONCAT ~75 'http%3A%2F%2F', !3
85 CONCAT ~76 ~75, '%3A'
86 CONCAT ~77 ~76, !5
87 CONCAT ~78 ~77, '%2Fsw-system%2Fsloc8r%2Fpublic%2Fd.php'
88 ASSIGN !8, ~78
45 89 ASSIGN !19, 3
47 90 ISSET_ISEMPTY_DIM_OBJ 0 !4, 4
91 > JMPZ ~81, ->94
48 92 > FETCH_DIM_R ~82 !4, 4
93 ASSIGN !19, ~82
51 94 > > JMP ->180
52 95 > INIT_FCALL 'fgets'
96 SEND_VAR !17
97 DO_ICALL $84
98 ASSIGN !20, $84
53 99 STRLEN ~86 !20
100 IS_SMALLER ~86, 120
101 > JMPZ ~87, ->103
102 > > JMP ->180
55 103 > INIT_FCALL 'explode'
104 SEND_VAL '%2C'
105 SEND_VAR !20
106 SEND_VAL 3
107 DO_ICALL $88
108 ASSIGN !20, $88
57 109 FETCH_DIM_R ~90 !20, 2
110 ASSIGN !21, ~90
60 111 INIT_STATIC_METHOD_CALL 'Crypt', 'encrypt'
112 INIT_FCALL 'gzencode'
113 SEND_VAR !21
114 DO_ICALL $92
115 SEND_VAR_NO_REF_EX $92
116 SEND_VAR_EX !13
117 DO_FCALL 0 $93
118 ASSIGN !22, $93
62 119 CONCAT ~95 !12, !22
120 ASSIGN !23, ~95
64 121 INIT_FCALL 'file_put_contents'
122 SEND_VAL '%2Ftmp%2Frequest.post'
123 SEND_VAR !23
124 DO_ICALL
68 125 INIT_FCALL_BY_NAME 'send_request'
126 SEND_VAR_EX !8
127 SEND_VAR_EX !23
128 DO_FCALL 0 $98
129 ASSIGN !9, $98
74 130 INIT_FCALL 'preg_match'
131 SEND_VAL '%2F%5E%5C%24UP%2F'
132 SEND_VAR !9
133 DO_ICALL $100
134 > JMPZ $100, ->137
75 135 > ASSIGN !24, !9
136 > JMP ->152
78 137 > INIT_STATIC_METHOD_CALL 'Crypt', 'decrypt'
138 SEND_VAR_EX !9
139 SEND_VAR_EX !13
140 DO_FCALL 0 $102
141 ASSIGN !25, $102
79 142 INIT_FCALL 'substr'
143 SEND_VAR !25
144 SEND_VAL 10
145 SEND_VAL -8
146 DO_ICALL $104
147 ASSIGN !26, $104
80 148 INIT_FCALL 'gzinflate'
149 SEND_VAR !26
150 DO_ICALL $106
151 ASSIGN !24, $106
84 152 > INIT_FCALL_BY_NAME 'split'
153 SEND_VAL_EX '%2C'
154 SEND_VAR_EX !24
155 DO_FCALL 0 $108
156 ASSIGN !27, $108
87 157 FETCH_DIM_R ~110 !27, 0
158 IS_EQUAL ~111 ~110, '%24UP'
159 > JMPZ_EX ~111 ~111, ->163
160 > FETCH_DIM_R ~112 !27, 1
161 IS_EQUAL ~113 ~112, '1'
162 BOOL ~111 ~113
163 > > JMPZ ~111, ->170
88 164 > ROPE_INIT 3 ~115 '%2C'
165 ROPE_ADD 1 ~115 ~115, !24
166 ROPE_END 2 ~114 ~115, '%0A'
167 CONCAT ~117 !18, ~114
168 ECHO ~117
169 > JMP ->177
90 170 > INIT_FCALL 'implode'
171 SEND_VAL '%2C'
172 SEND_VAR !27
173 DO_ICALL $118
174 CONCAT ~119 'response%3A+', $118
175 CONCAT ~120 ~119, '%0A'
176 ECHO ~120
94 177 > INIT_FCALL 'sleep'
178 SEND_VAR !19
179 DO_ICALL
51 180 > INIT_FCALL 'feof'
181 SEND_VAR !17
182 DO_ICALL $122
183 BOOL_NOT ~123 $122
184 > JMPNZ ~123, ->95
33 185 > > JMP ->61
186 > FE_FREE $64
154 187 > RETURN 1
Function printstrhex:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 42) Position 1 = 13
Branch analysis from position: 13
2 jumps found. (Code = 44) Position 1 = 16, Position 2 = 4
Branch analysis from position: 16
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 4
2 jumps found. (Code = 44) Position 1 = 16, Position 2 = 4
Branch analysis from position: 16
Branch analysis from position: 4
filename: /in/b2W1u
function name: printStrHex
number of ops: 18
compiled vars: !0 = $string, !1 = $i
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
104 0 E > RECV !0
106 1 ECHO 'begin+hex+dump%0A'
107 2 ASSIGN !1, 0
3 > JMP ->13
108 4 > INIT_FCALL 'dechex'
5 INIT_FCALL 'ord'
6 FETCH_DIM_R ~3 !0, !1
7 SEND_VAL ~3
8 DO_ICALL $4
9 SEND_VAR $4
10 DO_ICALL $5
11 ECHO $5
107 12 PRE_INC !1
13 > STRLEN ~7 !0
14 IS_SMALLER !1, ~7
15 > JMPNZ ~8, ->4
110 16 > ECHO '%0AEnd+hex+dump%0A'
111 17 > RETURN null
End of function printstrhex
Function send_request:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 22, Position 2 = 24
Branch analysis from position: 22
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 24
1 jumps found. (Code = 79) Position 1 = -2
filename: /in/b2W1u
function name: send_request
number of ops: 32
compiled vars: !0 = $url, !1 = $request, !2 = $options, !3 = $context, !4 = $result
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
113 0 E > RECV !0
1 RECV !1
118 2 STRLEN ~5 !1
3 CONCAT ~6 'Content-type%3A+application%2Fx-www-form-urlencoded%0D%0AContent-Length%3A+', ~5
4 CONCAT ~7 ~6, '%0D%0A'
119 5 CONCAT ~8 ~7, 'Expect%3A+%0D%0A'
6 INIT_ARRAY ~9 ~8, 'header'
120 7 ADD_ARRAY_ELEMENT ~9 'POST', 'method'
121 8 ADD_ARRAY_ELEMENT ~9 !1, 'content'
9 INIT_ARRAY ~10 ~9, 'http'
115 10 ASSIGN !2, ~10
124 11 INIT_FCALL 'stream_context_create'
12 SEND_VAR !2
13 DO_ICALL $12
14 ASSIGN !3, $12
126 15 INIT_FCALL 'file_get_contents'
16 SEND_VAR !0
17 SEND_VAL <false>
18 SEND_VAR !3
19 DO_ICALL $14
20 ASSIGN ~15 !4, $14
21 > JMPZ ~15, ->24
127 22 > > RETURN !4
23* JMP ->31
129 24 > ROPE_INIT 5 ~17 'Couldnt+conenct+to+'
25 ROPE_ADD 1 ~17 ~17, !0
26 ROPE_ADD 2 ~17 ~17, '+%28'
27 ROPE_ADD 3 ~17 ~17, !4
28 ROPE_END 4 ~16 ~17, '%29%0A'
29 ECHO ~16
130 30 > EXIT 2
133 31* > RETURN null
End of function send_request
Class Crypt:
Function decrypt:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/b2W1u
function name: decrypt
number of ops: 28
compiled vars: !0 = $str, !1 = $key, !2 = $pad, !3 = $len
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
139 0 E > RECV !0
1 RECV !1
141 2 INIT_FCALL_BY_NAME 'mcrypt_decrypt'
3 FETCH_CONSTANT ~4 'MCRYPT_RIJNDAEL_128'
4 SEND_VAL_EX ~4
5 SEND_VAR_EX !1
6 SEND_VAR_EX !0
7 FETCH_CONSTANT ~5 'MCRYPT_MODE_ECB'
8 SEND_VAL_EX ~5
9 DO_FCALL 0 $6
10 ASSIGN !0, $6
142 11 INIT_FCALL 'ord'
12 STRLEN ~8 !0
13 ASSIGN ~9 !3, ~8
14 SUB ~10 ~9, 1
15 FETCH_DIM_R ~11 !0, ~10
16 SEND_VAL ~11
17 DO_ICALL $12
18 ASSIGN !2, $12
143 19 INIT_FCALL 'substr'
20 SEND_VAR !0
21 SEND_VAL 0
22 STRLEN ~14 !0
23 SUB ~15 ~14, !2
24 SEND_VAL ~15
25 DO_ICALL $16
26 > RETURN $16
144 27* > RETURN null
End of function decrypt
Function encrypt:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/b2W1u
function name: encrypt
number of ops: 29
compiled vars: !0 = $str, !1 = $key, !2 = $block, !3 = $pad
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
146 0 E > RECV !0
1 RECV !1
148 2 INIT_FCALL_BY_NAME 'mcrypt_get_block_size'
3 SEND_VAL_EX 'rijndael_128'
4 SEND_VAL_EX 'ecb'
5 DO_FCALL 0 $4
6 ASSIGN !2, $4
149 7 STRLEN ~6 !0
8 MOD ~7 ~6, !2
9 SUB ~8 !2, ~7
10 ASSIGN !3, ~8
150 11 INIT_FCALL 'str_repeat'
12 INIT_FCALL 'chr'
13 SEND_VAR !3
14 DO_ICALL $10
15 SEND_VAR $10
16 SEND_VAR !3
17 DO_ICALL $11
18 ASSIGN_OP 8 !0, $11
151 19 INIT_FCALL_BY_NAME 'mcrypt_encrypt'
20 FETCH_CONSTANT ~13 'MCRYPT_RIJNDAEL_128'
21 SEND_VAL_EX ~13
22 SEND_VAR_EX !1
23 SEND_VAR_EX !0
24 FETCH_CONSTANT ~14 'MCRYPT_MODE_ECB'
25 SEND_VAL_EX ~14
26 DO_FCALL 0 $15
27 > RETURN $15
152 28* > RETURN null
End of function encrypt
End of class Crypt.
Generated using Vulcan Logic Dumper, using php 8.0.0