Skip to content

Instantly share code, notes, and snippets.

@MasterEx

MasterEx/Code.java

Created August 26, 2011 16:07
Show Gist options
  • Save MasterEx/1173762 to your computer and use it in GitHub Desktop.
Save MasterEx/1173762 to your computer and use it in GitHub Desktop.
Download ZIP
A source code encoder and a demonstration using it with PHP as a proof of concept
Raw
README.md

Create the encoded.java and the key like that:

java -jar Coder.jar -en original_code.php > encoded.txt

Raw
Code.java
package coder;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Scanner;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
/**
*
* @author periklis master_ex ntanasis - pntanasis@gmail.com
*/
public class Coder {
// @see http://download.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html#PBE
//found here: http://www.exampledepot.com/egs/javax.crypto/DesString.html
public static class DesEncrypter {
Cipher ecipher;
Cipher dcipher;
DesEncrypter(SecretKey key) {
try {
ecipher = Cipher.getInstance("DES");
dcipher = Cipher.getInstance("DES");
ecipher.init(Cipher.ENCRYPT_MODE, key);
dcipher.init(Cipher.DECRYPT_MODE, key);
} catch (javax.crypto.NoSuchPaddingException e) {
} catch (java.security.NoSuchAlgorithmException e) {
} catch (java.security.InvalidKeyException e) {
}
}
public String encrypt(String str) {
try {
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes("UTF8");
// Encrypt
byte[] enc = ecipher.doFinal(utf8);
// Encode bytes to base64 to get a string
return new sun.misc.BASE64Encoder().encode(enc);
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
} catch (java.io.IOException e) {
}
return null;
}
public String decrypt(String str) {
try {
// Decode base64 to get bytes
byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str);
// Decrypt
byte[] utf8 = dcipher.doFinal(dec);
// Decode using utf-8
return new String(utf8, "UTF8");
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
} catch (java.io.IOException e) {
}
return null;
}
}
/** Save the specified TripleDES SecretKey to the specified file */
public static void writeKey(SecretKey key, File f) throws IOException,
NoSuchAlgorithmException, InvalidKeySpecException {
// Convert the secret key to an array of bytes like this
SecretKeyFactory keyfactory = SecretKeyFactory.getInstance("DES");
DESKeySpec keyspec = (DESKeySpec) keyfactory.getKeySpec(key,
DESKeySpec.class);
byte[] rawkey = keyspec.getKey();
// Write the raw key to the file
FileOutputStream out = new FileOutputStream(f);
out.write(rawkey);
out.close();
}
/** Read a TripleDES secret key from the specified file */
public static SecretKey readKey(File f) throws IOException,
NoSuchAlgorithmException, InvalidKeyException,
InvalidKeySpecException {
// Read the raw bytes from the keyfile
DataInputStream in = new DataInputStream(new FileInputStream(f));
byte[] rawkey = new byte[(int) f.length()];
in.readFully(rawkey);
in.close();
// Convert the raw bytes to a secret key like this
DESKeySpec keyspec = new DESKeySpec(rawkey);
SecretKeyFactory keyfactory = SecretKeyFactory.getInstance("DES");
SecretKey key = keyfactory.generateSecret(keyspec);
return key;
}
public static void main(String[] args) throws FileNotFoundException,
NoSuchAlgorithmException, NoSuchPaddingException, IOException,
InvalidKeySpecException, InvalidKeyException {
if (args[0].equalsIgnoreCase("-en")) {
Scanner in = new Scanner(new File(args[1]));
String code = "";
while (in.hasNext()) {
code += in.nextLine() + "\n";
}
code = "?>" + code + "<?php";
SecretKey key = KeyGenerator.getInstance("DES").generateKey();
DesEncrypter encrypter = new DesEncrypter(key);
writeKey(key, new File("key"));
String encrypted = encrypter.encrypt(code);
System.out.println(encrypted);
} else if (args[0].equalsIgnoreCase("-de")) {
Scanner in = new Scanner(new File(args[1]));
String code = "";
while (in.hasNext()) {
code += in.nextLine() + "\n";
}
SecretKey key = readKey(new File(args[2]));
DesEncrypter encrypter = new DesEncrypter(key);
String decrypted = encrypter.decrypt(code);
System.out.println(decrypted);
}
}
}
Raw
demo.php
<?php
eval(shell_exec("java -jar Coder.jar -de encoded.txt key"));
?>
Raw
encoded.txt
w4P0PI0T9jf6059bbRIAlPqz77hlj5CRmZ4Gz/c3ZSETU3bLO/+WbDYTx9YW3RXkUWjnglCXBIIr
QwnqUpsDfPkhCx2Fg9lNBJyN5cGkKCCMud5+BBB8sTwNFpPUsH2OVPUfhmKjdFea7q2SX0PcThJC
1KW1XCtClIoRAvVgxfK58rT0VsqWtrwiLy1ghlGeSGgS3TUoVguT9IiNLm9Njq3tIe0Dk5l9nOpp
9pW4s8GfGUZQ3WzRENxBAAGb9Y+uFI5lympQfwUG9iz2IZPJFygX4EBfIzIfMIDlyz9uECgYhmuC
bZPw8EyjArf7+m15sKCSALMy/24OTy6dQD5a/t5gFZUa1T2UtChRe/ofna+2ax1vLXx3ToEG9GyC
Kddhck6KwEZMHvgGyBa3dYlyogh6dRcPuvTQTcewa/ESG0MVTW56asbzGBlJn0PYc3WOM6JM+GDO
qusHmJS+Env0+V6scgDZ9p8odDL66776CTJBn3z4rL6laxdtlm76HGiw0QjULVCFcAmrc7i9Gxrs
l2vhMhKYH3AvBGmKOlFlf8kwvWqokfGmRtPMTiZ9dSa+MaivRUxJUD10MvrrvvoJMkxmLFUa7NJf
foobOb33hDbSyPl8i8GMSw==
Raw
key
¢Ë#˞T€Œ
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment