很难找出这段代码的含义？答案

【问题标题】：Difficulty to find out meaning of this block of code?很难找出这段代码的含义？
【发布时间】：2019-02-13 13:55:46
【问题描述】：

我正在解密一个恶意软件，之后，我在 PHP 代码中发现了一个数组块，我无法理解它是如何工作的，我需要您对此问题的专家意见。

$s=array("w"=>"e","t"=>"c","l"=>"a","r"=>"m","q"=>".","@"=>"t","e"=>"s","c"=>"@","v"=>"g","h"=>"i","y"=>"l","u"=>"o");
$dash=$s['e'].$s['t'].$s['l'].$s['r'].$s['q'].$s['@'].$s['w'].$s['l'].$s['r'].$s['c'].$s['v'].$s['r'].$s['l'].$s['h'].$s['y'].$s['q'].$s['t'].$s['u'].$s['r'];

总代码块为：

<?php
$s=array("w"=>"e","t"=>"c","l"=>"a","r"=>"m","q"=>".","@"=>"t","e"=>"s","c"=>"@","v"=>"g","h"=>"i","y"=>"l","u"=>"o");
$dash=$s['e'].$s['t'].$s['l'].$s['r'].$s['q'].$s['@'].$s['w'].$s['l'].$s['r'].$s['c'].$s['v'].$s['r'].$s['l'].$s['h'].$s['y'].$s['q'].$s['t'].$s['u'].$s['r'];
if ($action=="send"){
  if (!$from && !$subject && !$message && !$emaillist){
    print "Please complete all fields before sending your message.";
    exit;

这是附加到“联系我们”页面的代码块的一部分。

【问题讨论】：

它比你想象的要简单......它只是定义一个数组，然后使用字符串连接来创建$dash 字符串。这个似乎编码了一个电子邮件地址“scam.team@gmail.com”。

标签： php obfuscation

【解决方案1】：

<?php

$s=array("w"=>"e","t"=>"c","l"=>"a","r"=>"m","q"=>".","@"=>"t","e"=>"s","c"=>"@","v"=>"g","h"=>"i","y"=>"l","u"=>"o");
$dash=$s['e'].$s['t'].$s['l'].$s['r'].$s['q'].$s['@'].$s['w'].$s['l'].$s['r'].$s['c'].$s['v'].$s['r'].$s['l'].$s['h'].$s['y'].$s['q'].$s['t'].$s['u'].$s['r'];


print_r($s);
print_r($dash);
?>

如果您尝试打印 print_r($s); 将打印

Array
(
    [w] => e
    [t] => c
    [l] => a
    [r] => m
    [q] => .
    [@] => t
    [e] => s
    [c] => @
    [v] => g
    [h] => i
    [y] => l
    [u] => o
)

print_r($dash); 行将打印

scam.team@gmail.com

在 $dash 变量中，他们正在访问与键关联的数据的值。

【讨论】：