WordPress.org

Ready to get started?Download WordPress

Forums

Cannot decrypt encrypted PHP code for Plug-in (8 posts)

  1. Chris
    Member
    Posted 8 months ago #

    First day ever using the WordPress.org forums, so please forgive me if this is in the wrong category.

    I have the following code, which I need to modify for a plug-in:

    [code removed]

    But, as you can see, it is encrypted. I have tried several decrytion sites, but nothing worked. Please help.

  2. WPyogi
    Volunteer Moderator
    Posted 8 months ago #

    Where is that code from? You can't post that much code on these forums - see: http://codex.wordpress.org/Forum_Welcome#Posting_Code

    You need to use a pastebin for that much and that kind of code.

  3. Chris
    Member
    Posted 8 months ago #

    Oh ok sorry and thank you.

    Here we go:
    http://pastebin.com/b3iw2RWv

  4. catacaustic
    Member
    Posted 8 months ago #

    I'd also ask (again) where the code is from? Most times any plugin/theme that uses encryption it's because there's some propriitary code that's not GPL-licensed and they want to keep it "hidden". BUT, I don't think that's the case here because what they've done doesn't look liek encryption, just obfuscation where they've changed function and variable names to be nonsense. The aprt that would worry me with this is that there's references to files, and that's normally where something malicious comes into it. If it was me, I'd get rid of that code, and whatever plugin/theme/whatever it came in. Seeing something like that makes me 99.999% sure that something nasty is being attempted under the covers.

  5. Chris
    Member
    Posted 8 months ago #

    Really? It is from the plug-in called "WishList Member" which is a professional plug-in that I believe you have to purchase. We hired a consultant who suggested it and gave it to our company. I can't imagine that it would be malicious.

    But this scares me now lol..

    Specifically, this code was from the "Shortcodes.php" file I found when viewing the WishList plug-in code edit area (Plugins > Editor > WishList Member).

  6. bcworkz
    Member
    Posted 8 months ago #

    In that case it is probably not malicious, but being proprietary code, it was obfuscated precisely to prevent what you are trying to do. Where proprietary code is involved, there is not anything anyone here can help you with, we can only advise on open source code, sorry.

  7. catacaustic
    Member
    Posted 8 months ago #

    Got to agree with bcworkz there. If it's in a "commercial" plugin the chances of it being malicious are less, so it's not as great a concern as it could be.

    The times that I've seen this before it's been either tracking code that does call-backs to the companies servers, or it's been to add in links that you don't realise are there. Either way I don't like having something like that on a site of mine. :)

  8. catacaustic
    Member
    Posted 8 months ago #

    After some playing around, I've been able to decrypt a bit of it. Most of what I got was helper code, but the main telling part was the first real line that I got back:

    class WishListMemberShortcode {

    Looking at that and the rest that I got (I didn't get anywhere near the whole lot) it doesn't look like it's meant ot do anything bad. There's still a chance as I didn't go through the whole thing, but that possibility is pretty small.

    The only question that's left is just why the developer decided to go to that much trouble to "hide" their code? I guess they're just a bit too paranoid about it getting stolen. Although, from what I've seen I think that it's quicker to decrypt it then it would be to write it myself. ;)

Reply

You must log in to post.

About this Topic