Finding entry points Branch analysis from position: 0 2 jumps found. (Code = 43) Position 1 = 9, Position 2 = 20 Branch analysis from position: 9 2 jumps found. (Code = 43) Position 1 = 16, Position 2 = 20 Branch analysis from position: 16 2 jumps found. (Code = 43) Position 1 = 30, Position 2 = 31 Branch analysis from position: 30 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 31 Branch analysis from position: 20 Branch analysis from position: 20 filename: /in/qTKEp function name: (null) number of ops: 36 compiled vars: !0 = $defaultdata, !1 = $data line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 1 0 E > ECHO '%3Chtml%3E%0A%3Chead%3E%0A%3C%21--+This+stuff+in+the+header+has+nothing+to+do+with+the+level+--%3E%0A%3Clink+rel%3D%22stylesheet%22+type%3D%22text%2Fcss%22+href%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fcss%2Flevel.css%22%3E%0A%3Clink+rel%3D%22stylesheet%22+href%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fcss%2Fjquery-ui.css%22+%2F%3E%0A%3Clink+rel%3D%22stylesheet%22+href%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fcss%2Fwechall.css%22+%2F%3E%0A%3Cscript+src%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fjs%2Fjquery-1.9.1.js%22%3E%3C%2Fscript%3E%0A%3Cscript+src%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fjs%2Fjquery-ui.js%22%3E%3C%2Fscript%3E%0A%3Cscript+src%3Dhttp%3A%2F%2Fnatas.labs.overthewire.org%2Fjs%2Fwechall-data.js%3E%3C%2Fscript%3E%3Cscript+src%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fjs%2Fwechall.js%22%3E%3C%2Fscript%3E%0A%3Cscript%3Evar+wechallinfo+%3D+%7B+%22level%22%3A+%22natas11%22%2C+%22pass%22%3A+%22%3Ccensored%3E%22+%7D%3B%3C%2Fscript%3E%3C%2Fhead%3E%0A' 13 1 ASSIGN !0, <array> 47 2 INIT_FCALL 'loaddata' 3 SEND_VAR !0 4 DO_FCALL 0 $3 5 ASSIGN !1, $3 49 6 FETCH_R global ~5 '_REQUEST' 7 ARRAY_KEY_EXISTS 'bgcolor', ~5 8 > JMPZ ~6, ->20 50 9 > INIT_FCALL 'preg_match' 10 SEND_VAL '%2F%5E%23%28%3F%3A%5Ba-f%5Cd%5D%7B6%7D%29%24%2Fi' 11 FETCH_R global ~7 '_REQUEST' 12 FETCH_DIM_R ~8 ~7, 'bgcolor' 13 SEND_VAL ~8 14 DO_ICALL $9 15 > JMPZ $9, ->20 51 16 > FETCH_R global ~11 '_REQUEST' 17 FETCH_DIM_R ~12 ~11, 'bgcolor' 18 ASSIGN_DIM !1, 'bgcolor' 19 OP_DATA ~12 55 20 > INIT_FCALL 'savedata' 21 SEND_VAR !1 22 DO_FCALL 0 60 23 ECHO '%0A%3Ch1%3Enatas11%3C%2Fh1%3E%0A%3Cdiv+id%3D%22content%22%3E%0A%3Cbody+style%3D%22background%3A+' 63 24 FETCH_DIM_R ~14 !1, 'bgcolor' 25 ECHO ~14 26 ECHO '%3B%22%3E%0ACookies+are+protected+with+XOR+encryption%3Cbr%2F%3E%3Cbr%2F%3E%0A%0A' 67 27 FETCH_DIM_R ~15 !1, 'showpassword' 28 IS_EQUAL ~15, 'yes' 29 > JMPZ ~16, ->31 68 30 > ECHO 'The+password+for+natas12+is+%3Ccensored%3E%3Cbr%3E' 72 31 > ECHO '%0A%3Cform%3E%0ABackground+color%3A+%3Cinput+name%3Dbgcolor+value%3D%22' 74 32 FETCH_DIM_R ~17 !1, 'bgcolor' 33 ECHO ~17 34 ECHO '%22%3E%0A%3Cinput+type%3Dsubmit+value%3D%22Set+color%22%3E%0A%3C%2Fform%3E%0A%0A%3Cdiv+id%3D%22viewsource%22%3E%3Ca+href%3D%22index-source.html%22%3EView+sourcecode%3C%2Fa%3E%3C%2Fdiv%3E%0A%3C%2Fdiv%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E' 81 35 > RETURN 1 Function xor_encrypt: Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 42) Position 1 = 13 Branch analysis from position: 13 2 jumps found. (Code = 44) Position 1 = 16, Position 2 = 6 Branch analysis from position: 16 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 6 2 jumps found. (Code = 44) Position 1 = 16, Position 2 = 6 Branch analysis from position: 16 Branch analysis from position: 6 filename: /in/qTKEp function name: xor_encrypt number of ops: 18 compiled vars: !0 = $in, !1 = $key, !2 = $text, !3 = $outText, !4 = $i line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 15 0 E > RECV !0 16 1 ASSIGN !1, '%3Ccensored%3E' 17 2 ASSIGN !2, !0 18 3 ASSIGN !3, '' 21 4 ASSIGN !4, 0 5 > JMP ->13 22 6 > FETCH_DIM_R ~9 !2, !4 7 STRLEN ~10 !1 8 MOD ~11 !4, ~10 9 FETCH_DIM_R ~12 !1, ~11 10 BW_XOR ~13 ~9, ~12 11 ASSIGN_OP 8 !3, ~13 21 12 PRE_INC !4 13 > STRLEN ~16 !2 14 IS_SMALLER !4, ~16 15 > JMPNZ ~17, ->6 25 16 > > RETURN !3 26 17* > RETURN null End of function xor_encrypt Function loaddata: Finding entry points Branch analysis from position: 0 2 jumps found. (Code = 43) Position 1 = 8, Position 2 = 41 Branch analysis from position: 8 2 jumps found. (Code = 46) Position 1 = 23, Position 2 = 25 Branch analysis from position: 23 2 jumps found. (Code = 46) Position 1 = 26, Position 2 = 28 Branch analysis from position: 26 2 jumps found. (Code = 43) Position 1 = 29, Position 2 = 41 Branch analysis from position: 29 2 jumps found. (Code = 43) Position 1 = 35, Position 2 = 41 Branch analysis from position: 35 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 41 Branch analysis from position: 41 Branch analysis from position: 28 Branch analysis from position: 25 Branch analysis from position: 41 filename: /in/qTKEp function name: loadData number of ops: 43 compiled vars: !0 = $def, !1 = $mydata, !2 = $tempdata line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 28 0 E > RECV !0 29 1 FETCH_W global lock $3 '_COOKIE' 2 FETCH_W global $4 '_COOKIE' 3 ASSIGN_REF $4, $3 30 4 ASSIGN !1, !0 31 5 FETCH_R global ~6 '_COOKIE' 6 ARRAY_KEY_EXISTS 'data', ~6 7 > JMPZ ~7, ->41 32 8 > INIT_FCALL 'json_decode' 9 INIT_FCALL 'xor_encrypt' 10 INIT_FCALL 'base64_decode' 11 FETCH_R global ~8 '_COOKIE' 12 FETCH_DIM_R ~9 ~8, 'data' 13 SEND_VAL ~9 14 DO_ICALL $10 15 SEND_VAR $10 16 DO_FCALL 0 $11 17 SEND_VAR $11 18 SEND_VAL <true> 19 DO_ICALL $12 20 ASSIGN !2, $12 33 21 TYPE_CHECK 128 ~14 !2 22 > JMPZ_EX ~14 ~14, ->25 23 > ARRAY_KEY_EXISTS ~15 'showpassword', !2 24 BOOL ~14 ~15 25 > > JMPZ_EX ~14 ~14, ->28 26 > ARRAY_KEY_EXISTS ~16 'bgcolor', !2 27 BOOL ~14 ~16 28 > > JMPZ ~14, ->41 34 29 > INIT_FCALL 'preg_match' 30 SEND_VAL '%2F%5E%23%28%3F%3A%5Ba-f%5Cd%5D%7B6%7D%29%24%2Fi' 31 FETCH_DIM_R ~17 !2, 'bgcolor' 32 SEND_VAL ~17 33 DO_ICALL $18 34 > JMPZ $18, ->41 35 35 > FETCH_DIM_R ~20 !2, 'showpassword' 36 ASSIGN_DIM !1, 'showpassword' 37 OP_DATA ~20 36 38 FETCH_DIM_R ~22 !2, 'bgcolor' 39 ASSIGN_DIM !1, 'bgcolor' 40 OP_DATA ~22 40 41 > > RETURN !1 41 42* > RETURN null End of function loaddata Function savedata: Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 62) Position 1 = -2 filename: /in/qTKEp function name: saveData number of ops: 15 compiled vars: !0 = $d line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 43 0 E > RECV !0 44 1 INIT_FCALL 'setcookie' 2 SEND_VAL 'data' 3 INIT_FCALL 'base64_encode' 4 INIT_FCALL 'xor_encrypt' 5 INIT_FCALL 'json_encode' 6 SEND_VAR !0 7 DO_ICALL $1 8 SEND_VAR $1 9 DO_FCALL 0 $2 10 SEND_VAR $2 11 DO_ICALL $3 12 SEND_VAR $3 13 DO_ICALL 45 14 > RETURN null End of function savedata
Generated using Vulcan Logic Dumper, using php 8.0.0