Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 9, Position 2 = 20
Branch analysis from position: 9
2 jumps found. (Code = 43) Position 1 = 16, Position 2 = 20
Branch analysis from position: 16
2 jumps found. (Code = 43) Position 1 = 30, Position 2 = 31
Branch analysis from position: 30
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 31
Branch analysis from position: 20
Branch analysis from position: 20
filename: /in/qTKEp
function name: (null)
number of ops: 36
compiled vars: !0 = $defaultdata, !1 = $data
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
1 0 E > ECHO '%3Chtml%3E%0A%3Chead%3E%0A%3C%21--+This+stuff+in+the+header+has+nothing+to+do+with+the+level+--%3E%0A%3Clink+rel%3D%22stylesheet%22+type%3D%22text%2Fcss%22+href%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fcss%2Flevel.css%22%3E%0A%3Clink+rel%3D%22stylesheet%22+href%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fcss%2Fjquery-ui.css%22+%2F%3E%0A%3Clink+rel%3D%22stylesheet%22+href%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fcss%2Fwechall.css%22+%2F%3E%0A%3Cscript+src%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fjs%2Fjquery-1.9.1.js%22%3E%3C%2Fscript%3E%0A%3Cscript+src%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fjs%2Fjquery-ui.js%22%3E%3C%2Fscript%3E%0A%3Cscript+src%3Dhttp%3A%2F%2Fnatas.labs.overthewire.org%2Fjs%2Fwechall-data.js%3E%3C%2Fscript%3E%3Cscript+src%3D%22http%3A%2F%2Fnatas.labs.overthewire.org%2Fjs%2Fwechall.js%22%3E%3C%2Fscript%3E%0A%3Cscript%3Evar+wechallinfo+%3D+%7B+%22level%22%3A+%22natas11%22%2C+%22pass%22%3A+%22%3Ccensored%3E%22+%7D%3B%3C%2Fscript%3E%3C%2Fhead%3E%0A'
13 1 ASSIGN !0, <array>
47 2 INIT_FCALL 'loaddata'
3 SEND_VAR !0
4 DO_FCALL 0 $3
5 ASSIGN !1, $3
49 6 FETCH_R global ~5 '_REQUEST'
7 ARRAY_KEY_EXISTS 'bgcolor', ~5
8 > JMPZ ~6, ->20
50 9 > INIT_FCALL 'preg_match'
10 SEND_VAL '%2F%5E%23%28%3F%3A%5Ba-f%5Cd%5D%7B6%7D%29%24%2Fi'
11 FETCH_R global ~7 '_REQUEST'
12 FETCH_DIM_R ~8 ~7, 'bgcolor'
13 SEND_VAL ~8
14 DO_ICALL $9
15 > JMPZ $9, ->20
51 16 > FETCH_R global ~11 '_REQUEST'
17 FETCH_DIM_R ~12 ~11, 'bgcolor'
18 ASSIGN_DIM !1, 'bgcolor'
19 OP_DATA ~12
55 20 > INIT_FCALL 'savedata'
21 SEND_VAR !1
22 DO_FCALL 0
60 23 ECHO '%0A%3Ch1%3Enatas11%3C%2Fh1%3E%0A%3Cdiv+id%3D%22content%22%3E%0A%3Cbody+style%3D%22background%3A+'
63 24 FETCH_DIM_R ~14 !1, 'bgcolor'
25 ECHO ~14
26 ECHO '%3B%22%3E%0ACookies+are+protected+with+XOR+encryption%3Cbr%2F%3E%3Cbr%2F%3E%0A%0A'
67 27 FETCH_DIM_R ~15 !1, 'showpassword'
28 IS_EQUAL ~15, 'yes'
29 > JMPZ ~16, ->31
68 30 > ECHO 'The+password+for+natas12+is+%3Ccensored%3E%3Cbr%3E'
72 31 > ECHO '%0A%3Cform%3E%0ABackground+color%3A+%3Cinput+name%3Dbgcolor+value%3D%22'
74 32 FETCH_DIM_R ~17 !1, 'bgcolor'
33 ECHO ~17
34 ECHO '%22%3E%0A%3Cinput+type%3Dsubmit+value%3D%22Set+color%22%3E%0A%3C%2Fform%3E%0A%0A%3Cdiv+id%3D%22viewsource%22%3E%3Ca+href%3D%22index-source.html%22%3EView+sourcecode%3C%2Fa%3E%3C%2Fdiv%3E%0A%3C%2Fdiv%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E'
81 35 > RETURN 1
Function xor_encrypt:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 42) Position 1 = 13
Branch analysis from position: 13
2 jumps found. (Code = 44) Position 1 = 16, Position 2 = 6
Branch analysis from position: 16
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 6
2 jumps found. (Code = 44) Position 1 = 16, Position 2 = 6
Branch analysis from position: 16
Branch analysis from position: 6
filename: /in/qTKEp
function name: xor_encrypt
number of ops: 18
compiled vars: !0 = $in, !1 = $key, !2 = $text, !3 = $outText, !4 = $i
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
15 0 E > RECV !0
16 1 ASSIGN !1, '%3Ccensored%3E'
17 2 ASSIGN !2, !0
18 3 ASSIGN !3, ''
21 4 ASSIGN !4, 0
5 > JMP ->13
22 6 > FETCH_DIM_R ~9 !2, !4
7 STRLEN ~10 !1
8 MOD ~11 !4, ~10
9 FETCH_DIM_R ~12 !1, ~11
10 BW_XOR ~13 ~9, ~12
11 ASSIGN_OP 8 !3, ~13
21 12 PRE_INC !4
13 > STRLEN ~16 !2
14 IS_SMALLER !4, ~16
15 > JMPNZ ~17, ->6
25 16 > > RETURN !3
26 17* > RETURN null
End of function xor_encrypt
Function loaddata:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 8, Position 2 = 41
Branch analysis from position: 8
2 jumps found. (Code = 46) Position 1 = 23, Position 2 = 25
Branch analysis from position: 23
2 jumps found. (Code = 46) Position 1 = 26, Position 2 = 28
Branch analysis from position: 26
2 jumps found. (Code = 43) Position 1 = 29, Position 2 = 41
Branch analysis from position: 29
2 jumps found. (Code = 43) Position 1 = 35, Position 2 = 41
Branch analysis from position: 35
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 41
Branch analysis from position: 41
Branch analysis from position: 28
Branch analysis from position: 25
Branch analysis from position: 41
filename: /in/qTKEp
function name: loadData
number of ops: 43
compiled vars: !0 = $def, !1 = $mydata, !2 = $tempdata
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
28 0 E > RECV !0
29 1 FETCH_W global lock $3 '_COOKIE'
2 FETCH_W global $4 '_COOKIE'
3 ASSIGN_REF $4, $3
30 4 ASSIGN !1, !0
31 5 FETCH_R global ~6 '_COOKIE'
6 ARRAY_KEY_EXISTS 'data', ~6
7 > JMPZ ~7, ->41
32 8 > INIT_FCALL 'json_decode'
9 INIT_FCALL 'xor_encrypt'
10 INIT_FCALL 'base64_decode'
11 FETCH_R global ~8 '_COOKIE'
12 FETCH_DIM_R ~9 ~8, 'data'
13 SEND_VAL ~9
14 DO_ICALL $10
15 SEND_VAR $10
16 DO_FCALL 0 $11
17 SEND_VAR $11
18 SEND_VAL <true>
19 DO_ICALL $12
20 ASSIGN !2, $12
33 21 TYPE_CHECK 128 ~14 !2
22 > JMPZ_EX ~14 ~14, ->25
23 > ARRAY_KEY_EXISTS ~15 'showpassword', !2
24 BOOL ~14 ~15
25 > > JMPZ_EX ~14 ~14, ->28
26 > ARRAY_KEY_EXISTS ~16 'bgcolor', !2
27 BOOL ~14 ~16
28 > > JMPZ ~14, ->41
34 29 > INIT_FCALL 'preg_match'
30 SEND_VAL '%2F%5E%23%28%3F%3A%5Ba-f%5Cd%5D%7B6%7D%29%24%2Fi'
31 FETCH_DIM_R ~17 !2, 'bgcolor'
32 SEND_VAL ~17
33 DO_ICALL $18
34 > JMPZ $18, ->41
35 35 > FETCH_DIM_R ~20 !2, 'showpassword'
36 ASSIGN_DIM !1, 'showpassword'
37 OP_DATA ~20
36 38 FETCH_DIM_R ~22 !2, 'bgcolor'
39 ASSIGN_DIM !1, 'bgcolor'
40 OP_DATA ~22
40 41 > > RETURN !1
41 42* > RETURN null
End of function loaddata
Function savedata:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/qTKEp
function name: saveData
number of ops: 15
compiled vars: !0 = $d
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
43 0 E > RECV !0
44 1 INIT_FCALL 'setcookie'
2 SEND_VAL 'data'
3 INIT_FCALL 'base64_encode'
4 INIT_FCALL 'xor_encrypt'
5 INIT_FCALL 'json_encode'
6 SEND_VAR !0
7 DO_ICALL $1
8 SEND_VAR $1
9 DO_FCALL 0 $2
10 SEND_VAR $2
11 DO_ICALL $3
12 SEND_VAR $3
13 DO_ICALL
45 14 > RETURN null
End of function savedata
Generated using Vulcan Logic Dumper, using php 8.0.0