• MRAB (unregistered)

    VW01S2NHTXpVV2c9

  • (nodebb)

    I laughed out loud at reversing the name of base64.

    You can't make this up!!

  • Fordom Greenman (unregistered)

    PHP is super slow by itself, I wonder how much slower the code runs because of this

  • COB666 (unregistered) in reply to MRAB

    Best comment so far...

  • Mark W (unregistered) in reply to MRAB

    That’s frickin’ hilarious

  • Mark W (unregistered)

    The true WTF is that they think that someone who figured out one layer of reversed decode would stop there!

  • Pauller (unregistered)

    Ya got me! Hahahaha!

  • WTFGuy (unregistered)

    The devs know something about cryto. Not much, but something. They know hashes and some crypto systems repeat the hashing/encryption process multiple times to improve security. So clearly 3 base-64 encodings are far more secure than 1. I fear what'll happen when some HPC points out that as processors get faster, they need more iterations to retain teh same degree of security. Some current legit crypto systems really do use 80 iterations.

    Some of us are old enough to remember when original DES was the new hotness, quickly superceded by, yep, triple-DES, which is, roughly speaking, just 3 iterations of basic DES.

    A scarier possibility is that this is the result of running the whole codebase through multiple rounds of obfuscation. And different numbers of rounds in different areas of that codebase. Soon they'll lose the unobfuscated version in their non-source control and the whole outfit will collapse in a cloud of self-referential obfuscation.

    IOW, it's obfuscation all the way down.

  • Argle Bargle (unregistered)

    This whole thing reminds me of Amazon. I have some friends who sell on their own website, eBay and Amazon alike. For reasons I won't go into here (but might make an interesting WTF in its own right) I needed to write a scraper for my friends' pages on Amazon. In the process, I was stunned to find that a lot of what appears to be static text and graphics on a page would actually be encoded in a way very similar to the story's add-on. Base-64 encrypted, reversed, eval'ed into more text to be decoded, and only applied to portions of a page randomly. About the only thing missing was use of JSFuck and Double Rot-13 encryption. To this day I'm not sure if I should be appalled or impressed.

  • Stuart (unregistered)

    I can see absolutely no way that this could negatively impact on website performance, whether it be in terms of download time or time to execute the code.

    No way whatsoever.

    Reminds me of a TV station in Australia that used to(?) do essentially the same thing to its TV schedule on its website. It took forever to load, and I reckon that this sort of "trickery" was the reason for that.

  • löchlein deluxe (unregistered)
    Comment held for moderation.
  • (nodebb)

    Obfuscation is usually just a clear indicator that something in the code is super fishy and they want to hide it. Nothing more, nothing less. It's literally doesn't matter what the source code is, if you want to reverse engineer it, you can do it easily these days whatever it is and 99% of code is usually made out of so easy and well understood patterns, there is no point at all to hide anything in the first place.

  • Thomas (unregistered)

    This brings back memories. Many years ago, at a former employer, one of our servers got infected with a PHP exploit kit. It was obfuscated in the exact same way as this plugin...

  • (nodebb) in reply to WTFGuy
    They know hashes and some crypto systems repeat the hashing/encryption process multiple times to improve security.

    The problem is that they don't know why repeating the hashing process improves security. All it does is increase the time it takes for the algorithm to run. When you want to prevent brute-force attacks on passwords, that's a good thing. When you want to display a web page, not so much.

  • (nodebb) in reply to WTFGuy

    superceded by, yep, triple-DES, which is, roughly speaking, just 3 iterations of basic DES

    Except it turns out that doing DES three times isn't cryptographically sound, so 3DES runs the text through the encryption algorithm once, then decrypts with a second key, then encrypts with a third. They are 56 bit keys, but the algorithm is only rated at 112 bits of strength (2 keys) because the second pass does nothing but fix the weakness of "doing the same thing several times in a row hoping it gets better". So, it turns out that your comparison of this monstrosity to 3DES isn't really fair since 3DES exhibits none of the stupidity seen here.

  • Meir (unregistered) in reply to MaxiTB
    Comment held for moderation.
  • Fordom Greenman (unregistered) in reply to Jaime
    Comment held for moderation.
  • ymdhis (unregistered) in reply to Thomas
    Comment held for moderation.
  • Officer Johnny Holzkopf (unregistered)
    Comment held for moderation.
  • HonkHonk (unregistered)

    TRWTF is Magento :/

  • Jessica (unregistered)

    So glad that when I decoded the Easy Reader it went where I thought it would!

Leave a comment on “edoced_46esab”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article