Finding entry points Branch analysis from position: 0 2 jumps found. (Code = 77) Position 1 = 61, Position 2 = 186 Branch analysis from position: 61 2 jumps found. (Code = 78) Position 1 = 62, Position 2 = 186 Branch analysis from position: 62 2 jumps found. (Code = 43) Position 1 = 65, Position 2 = 66 Branch analysis from position: 65 1 jumps found. (Code = 42) Position 1 = 61 Branch analysis from position: 61 Branch analysis from position: 66 2 jumps found. (Code = 43) Position 1 = 92, Position 2 = 94 Branch analysis from position: 92 1 jumps found. (Code = 42) Position 1 = 180 Branch analysis from position: 180 2 jumps found. (Code = 44) Position 1 = 185, Position 2 = 95 Branch analysis from position: 185 1 jumps found. (Code = 42) Position 1 = 61 Branch analysis from position: 61 Branch analysis from position: 95 2 jumps found. (Code = 43) Position 1 = 102, Position 2 = 103 Branch analysis from position: 102 1 jumps found. (Code = 42) Position 1 = 180 Branch analysis from position: 180 Branch analysis from position: 103 2 jumps found. (Code = 43) Position 1 = 135, Position 2 = 137 Branch analysis from position: 135 1 jumps found. (Code = 42) Position 1 = 152 Branch analysis from position: 152 2 jumps found. (Code = 46) Position 1 = 160, Position 2 = 163 Branch analysis from position: 160 2 jumps found. (Code = 43) Position 1 = 164, Position 2 = 170 Branch analysis from position: 164 1 jumps found. (Code = 42) Position 1 = 177 Branch analysis from position: 177 2 jumps found. (Code = 44) Position 1 = 185, Position 2 = 95 Branch analysis from position: 185 Branch analysis from position: 95 Branch analysis from position: 170 2 jumps found. (Code = 44) Position 1 = 185, Position 2 = 95 Branch analysis from position: 185 Branch analysis from position: 95 Branch analysis from position: 163 Branch analysis from position: 137 2 jumps found. (Code = 46) Position 1 = 160, Position 2 = 163 Branch analysis from position: 160 Branch analysis from position: 163 Branch analysis from position: 94 Branch analysis from position: 186 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 186 filename: /in/b2W1u function name: (null) number of ops: 188 compiled vars: !0 = $imei, !1 = $source_id, !2 = $source_key, !3 = $host, !4 = $argv, !5 = $port, !6 = $c_request, !7 = $enc_c_request, !8 = $url, !9 = $response, !10 = $result, !11 = $session_data, !12 = $session_id, !13 = $session_key, !14 = $time, !15 = $dataFiles, !16 = $dataFile, !17 = $reqData, !18 = $file_name, !19 = $sleepTime, !20 = $line, !21 = $d_request_data, !22 = $enc_d_request, !23 = $request, !24 = $uncompressed, !25 = $decrypted, !26 = $stripped, !27 = $d_response line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 4 0 E > ASSIGN !0, '000999999999999999' 5 1 ASSIGN !1, '0000000099' 6 2 ASSIGN !2, '%24s%AB%7F%88OK%2F' 8 3 FETCH_DIM_R ~31 !4, 1 4 ASSIGN !3, ~31 9 5 FETCH_DIM_R ~33 !4, 2 6 ASSIGN !5, ~33 12 7 CONCAT ~35 !0, '' 8 CONCAT ~36 ~35, !1 9 ASSIGN !6, ~36 14 10 INIT_STATIC_METHOD_CALL 'Crypt', 'encrypt' 11 SEND_VAR_EX !6 12 FETCH_CLASS_CONSTANT ~38 'Crypt', 'COMMON_KEY' 13 SEND_VAL_EX ~38 14 DO_FCALL 0 $39 15 ASSIGN !7, $39 16 16 CONCAT ~41 'http%3A%2F%2F', !3 17 CONCAT ~42 ~41, '%3A' 18 CONCAT ~43 ~42, !5 19 CONCAT ~44 ~43, '%2Fsw-system%2Fsloc8r%2Fpublic%2Fc.php' 20 ASSIGN !8, ~44 18 21 INIT_FCALL_BY_NAME 'send_request' 22 SEND_VAR_EX !8 23 SEND_VAR_EX !7 24 DO_FCALL 0 $46 25 ASSIGN !9, $46 20 26 INIT_FCALL_BY_NAME 'split' 27 SEND_VAL_EX '%2C' 28 SEND_VAR_EX !9 29 SEND_VAL_EX 3 30 DO_FCALL 0 $48 31 ASSIGN !10, $48 22 32 INIT_FCALL_BY_NAME 'split' 33 SEND_VAL_EX '%2C' 34 INIT_STATIC_METHOD_CALL 'Crypt', 'decrypt' 35 CHECK_FUNC_ARG 36 FETCH_DIM_FUNC_ARG $50 !10, 2 37 SEND_FUNC_ARG $50 38 SEND_VAR_EX !2 39 DO_FCALL 0 $51 40 SEND_VAR_NO_REF_EX $51 41 SEND_VAL_EX 2 42 DO_FCALL 0 $52 43 ASSIGN !11, $52 24 44 INIT_FCALL 'sprintf' 45 SEND_VAL '%25020d' 46 FETCH_DIM_R ~54 !11, 0 47 SEND_VAL ~54 48 DO_ICALL $55 49 ASSIGN !12, $55 25 50 FETCH_DIM_R ~57 !11, 1 51 ASSIGN !13, ~57 29 52 INIT_FCALL 'time' 53 DO_ICALL $59 54 ASSIGN !14, $59 31 55 INIT_FCALL 'scandir' 56 FETCH_DIM_R ~61 !4, 3 57 SEND_VAL ~61 58 DO_ICALL $62 59 ASSIGN !15, $62 33 60 > FE_RESET_R $64 !15, ->186 61 > > FE_FETCH_R $64, !16, ->186 34 62 > STRLEN ~65 !16 63 IS_SMALLER ~65, 5 64 > JMPZ ~66, ->66 65 > > JMP ->61 35 66 > INIT_FCALL 'print_r' 67 SEND_VAR !16 68 DO_ICALL 69 ECHO '%0A' 39 70 INIT_FCALL 'fopen' 71 FETCH_DIM_R ~68 !4, 3 72 CONCAT ~69 ~68, '%2F' 73 CONCAT ~70 ~69, !16 74 SEND_VAL ~70 75 SEND_VAL 'r' 76 DO_ICALL $71 77 ASSIGN !17, $71 40 78 INIT_FCALL 'preg_replace' 79 SEND_VAL '%2F%5B%5E0-9%5D%2F' 80 SEND_VAL '' 81 SEND_VAR !16 82 DO_ICALL $73 83 ASSIGN !18, $73 43 84 CONCAT ~75 'http%3A%2F%2F', !3 85 CONCAT ~76 ~75, '%3A' 86 CONCAT ~77 ~76, !5 87 CONCAT ~78 ~77, '%2Fsw-system%2Fsloc8r%2Fpublic%2Fd.php' 88 ASSIGN !8, ~78 45 89 ASSIGN !19, 3 47 90 ISSET_ISEMPTY_DIM_OBJ 0 !4, 4 91 > JMPZ ~81, ->94 48 92 > FETCH_DIM_R ~82 !4, 4 93 ASSIGN !19, ~82 51 94 > > JMP ->180 52 95 > INIT_FCALL 'fgets' 96 SEND_VAR !17 97 DO_ICALL $84 98 ASSIGN !20, $84 53 99 STRLEN ~86 !20 100 IS_SMALLER ~86, 120 101 > JMPZ ~87, ->103 102 > > JMP ->180 55 103 > INIT_FCALL 'explode' 104 SEND_VAL '%2C' 105 SEND_VAR !20 106 SEND_VAL 3 107 DO_ICALL $88 108 ASSIGN !20, $88 57 109 FETCH_DIM_R ~90 !20, 2 110 ASSIGN !21, ~90 60 111 INIT_STATIC_METHOD_CALL 'Crypt', 'encrypt' 112 INIT_FCALL 'gzencode' 113 SEND_VAR !21 114 DO_ICALL $92 115 SEND_VAR_NO_REF_EX $92 116 SEND_VAR_EX !13 117 DO_FCALL 0 $93 118 ASSIGN !22, $93 62 119 CONCAT ~95 !12, !22 120 ASSIGN !23, ~95 64 121 INIT_FCALL 'file_put_contents' 122 SEND_VAL '%2Ftmp%2Frequest.post' 123 SEND_VAR !23 124 DO_ICALL 68 125 INIT_FCALL_BY_NAME 'send_request' 126 SEND_VAR_EX !8 127 SEND_VAR_EX !23 128 DO_FCALL 0 $98 129 ASSIGN !9, $98 74 130 INIT_FCALL 'preg_match' 131 SEND_VAL '%2F%5E%5C%24UP%2F' 132 SEND_VAR !9 133 DO_ICALL $100 134 > JMPZ $100, ->137 75 135 > ASSIGN !24, !9 136 > JMP ->152 78 137 > INIT_STATIC_METHOD_CALL 'Crypt', 'decrypt' 138 SEND_VAR_EX !9 139 SEND_VAR_EX !13 140 DO_FCALL 0 $102 141 ASSIGN !25, $102 79 142 INIT_FCALL 'substr' 143 SEND_VAR !25 144 SEND_VAL 10 145 SEND_VAL -8 146 DO_ICALL $104 147 ASSIGN !26, $104 80 148 INIT_FCALL 'gzinflate' 149 SEND_VAR !26 150 DO_ICALL $106 151 ASSIGN !24, $106 84 152 > INIT_FCALL_BY_NAME 'split' 153 SEND_VAL_EX '%2C' 154 SEND_VAR_EX !24 155 DO_FCALL 0 $108 156 ASSIGN !27, $108 87 157 FETCH_DIM_R ~110 !27, 0 158 IS_EQUAL ~111 ~110, '%24UP' 159 > JMPZ_EX ~111 ~111, ->163 160 > FETCH_DIM_R ~112 !27, 1 161 IS_EQUAL ~113 ~112, '1' 162 BOOL ~111 ~113 163 > > JMPZ ~111, ->170 88 164 > ROPE_INIT 3 ~115 '%2C' 165 ROPE_ADD 1 ~115 ~115, !24 166 ROPE_END 2 ~114 ~115, '%0A' 167 CONCAT ~117 !18, ~114 168 ECHO ~117 169 > JMP ->177 90 170 > INIT_FCALL 'implode' 171 SEND_VAL '%2C' 172 SEND_VAR !27 173 DO_ICALL $118 174 CONCAT ~119 'response%3A+', $118 175 CONCAT ~120 ~119, '%0A' 176 ECHO ~120 94 177 > INIT_FCALL 'sleep' 178 SEND_VAR !19 179 DO_ICALL 51 180 > INIT_FCALL 'feof' 181 SEND_VAR !17 182 DO_ICALL $122 183 BOOL_NOT ~123 $122 184 > JMPNZ ~123, ->95 33 185 > > JMP ->61 186 > FE_FREE $64 154 187 > RETURN 1 Function printstrhex: Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 42) Position 1 = 13 Branch analysis from position: 13 2 jumps found. (Code = 44) Position 1 = 16, Position 2 = 4 Branch analysis from position: 16 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 4 2 jumps found. (Code = 44) Position 1 = 16, Position 2 = 4 Branch analysis from position: 16 Branch analysis from position: 4 filename: /in/b2W1u function name: printStrHex number of ops: 18 compiled vars: !0 = $string, !1 = $i line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 104 0 E > RECV !0 106 1 ECHO 'begin+hex+dump%0A' 107 2 ASSIGN !1, 0 3 > JMP ->13 108 4 > INIT_FCALL 'dechex' 5 INIT_FCALL 'ord' 6 FETCH_DIM_R ~3 !0, !1 7 SEND_VAL ~3 8 DO_ICALL $4 9 SEND_VAR $4 10 DO_ICALL $5 11 ECHO $5 107 12 PRE_INC !1 13 > STRLEN ~7 !0 14 IS_SMALLER !1, ~7 15 > JMPNZ ~8, ->4 110 16 > ECHO '%0AEnd+hex+dump%0A' 111 17 > RETURN null End of function printstrhex Function send_request: Finding entry points Branch analysis from position: 0 2 jumps found. (Code = 43) Position 1 = 22, Position 2 = 24 Branch analysis from position: 22 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 24 1 jumps found. (Code = 79) Position 1 = -2 filename: /in/b2W1u function name: send_request number of ops: 32 compiled vars: !0 = $url, !1 = $request, !2 = $options, !3 = $context, !4 = $result line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 113 0 E > RECV !0 1 RECV !1 118 2 STRLEN ~5 !1 3 CONCAT ~6 'Content-type%3A+application%2Fx-www-form-urlencoded%0D%0AContent-Length%3A+', ~5 4 CONCAT ~7 ~6, '%0D%0A' 119 5 CONCAT ~8 ~7, 'Expect%3A+%0D%0A' 6 INIT_ARRAY ~9 ~8, 'header' 120 7 ADD_ARRAY_ELEMENT ~9 'POST', 'method' 121 8 ADD_ARRAY_ELEMENT ~9 !1, 'content' 9 INIT_ARRAY ~10 ~9, 'http' 115 10 ASSIGN !2, ~10 124 11 INIT_FCALL 'stream_context_create' 12 SEND_VAR !2 13 DO_ICALL $12 14 ASSIGN !3, $12 126 15 INIT_FCALL 'file_get_contents' 16 SEND_VAR !0 17 SEND_VAL <false> 18 SEND_VAR !3 19 DO_ICALL $14 20 ASSIGN ~15 !4, $14 21 > JMPZ ~15, ->24 127 22 > > RETURN !4 23* JMP ->31 129 24 > ROPE_INIT 5 ~17 'Couldnt+conenct+to+' 25 ROPE_ADD 1 ~17 ~17, !0 26 ROPE_ADD 2 ~17 ~17, '+%28' 27 ROPE_ADD 3 ~17 ~17, !4 28 ROPE_END 4 ~16 ~17, '%29%0A' 29 ECHO ~16 130 30 > EXIT 2 133 31* > RETURN null End of function send_request Class Crypt: Function decrypt: Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 62) Position 1 = -2 filename: /in/b2W1u function name: decrypt number of ops: 28 compiled vars: !0 = $str, !1 = $key, !2 = $pad, !3 = $len line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 139 0 E > RECV !0 1 RECV !1 141 2 INIT_FCALL_BY_NAME 'mcrypt_decrypt' 3 FETCH_CONSTANT ~4 'MCRYPT_RIJNDAEL_128' 4 SEND_VAL_EX ~4 5 SEND_VAR_EX !1 6 SEND_VAR_EX !0 7 FETCH_CONSTANT ~5 'MCRYPT_MODE_ECB' 8 SEND_VAL_EX ~5 9 DO_FCALL 0 $6 10 ASSIGN !0, $6 142 11 INIT_FCALL 'ord' 12 STRLEN ~8 !0 13 ASSIGN ~9 !3, ~8 14 SUB ~10 ~9, 1 15 FETCH_DIM_R ~11 !0, ~10 16 SEND_VAL ~11 17 DO_ICALL $12 18 ASSIGN !2, $12 143 19 INIT_FCALL 'substr' 20 SEND_VAR !0 21 SEND_VAL 0 22 STRLEN ~14 !0 23 SUB ~15 ~14, !2 24 SEND_VAL ~15 25 DO_ICALL $16 26 > RETURN $16 144 27* > RETURN null End of function decrypt Function encrypt: Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 62) Position 1 = -2 filename: /in/b2W1u function name: encrypt number of ops: 29 compiled vars: !0 = $str, !1 = $key, !2 = $block, !3 = $pad line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 146 0 E > RECV !0 1 RECV !1 148 2 INIT_FCALL_BY_NAME 'mcrypt_get_block_size' 3 SEND_VAL_EX 'rijndael_128' 4 SEND_VAL_EX 'ecb' 5 DO_FCALL 0 $4 6 ASSIGN !2, $4 149 7 STRLEN ~6 !0 8 MOD ~7 ~6, !2 9 SUB ~8 !2, ~7 10 ASSIGN !3, ~8 150 11 INIT_FCALL 'str_repeat' 12 INIT_FCALL 'chr' 13 SEND_VAR !3 14 DO_ICALL $10 15 SEND_VAR $10 16 SEND_VAR !3 17 DO_ICALL $11 18 ASSIGN_OP 8 !0, $11 151 19 INIT_FCALL_BY_NAME 'mcrypt_encrypt' 20 FETCH_CONSTANT ~13 'MCRYPT_RIJNDAEL_128' 21 SEND_VAL_EX ~13 22 SEND_VAR_EX !1 23 SEND_VAR_EX !0 24 FETCH_CONSTANT ~14 'MCRYPT_MODE_ECB' 25 SEND_VAL_EX ~14 26 DO_FCALL 0 $15 27 > RETURN $15 152 28* > RETURN null End of function encrypt End of class Crypt.
Generated using Vulcan Logic Dumper, using php 8.0.0