sh4dowb

## untitled.php
<?php
$file = 'file.php';

// this script deobfuscates php files that start like this:
// <?php /* İoncube Copyright © */ eval(base64_decode(...
// overrides "hash check" function before including the script, so we can modify the code
// then last "eval" is modified with another function with same length, "eeer", which writes the result to a file
// function name has to be same length because it parses the obfuscated code with substring
//
// to use, edit $file variable and run this script. it will output  file.php.deobfuscated.php

## fix.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                sh4dowb
                / fix.md
            
            
              Last active Jun 19, 2020
            
              
                python3 gettext ascii codec can't decode - even after headers - pygettext and msgfmt
              
          
      View fix.md
  
    
    getting this error while using gettext on python?
Traceback (most recent call last):
   ..
  File "/usr/lib/python3.8/gettext.py", line 613, in translation
    t = _translations.setdefault(key, class_(fp))
  File "/usr/lib/python3.8/gettext.py", line 261, in __init__
    self._parse(fp)


## goupload
#!/bin/bash

#Simple test/help
if [[ "$#"  ==  '0' ]]
then
echo  -e '\nPlease Select File\n'

#Great, file selected.. Lets upload that..
elif [[ "$#"  ==  '1' ]]
then

## multipleevent.py
def press_or_text(user_id):
  return events.Raw(func=lambda e: (type(e) == UpdateNewMessage and e.message.from_id == user_id) or (type(e) == UpdateBotCallbackQuery and e.user_id == user_id and e.data != b'cancel'))

whatever = await conv.wait_event(press_or_text(sender))
if type(whatever) == UpdateBotCallbackQuery and whatever.data in [b'create', b'list']:
  # button clicked
  # not actual event like "CallbackQuery", you can't use .edit() etc. directly
  print(whatever.data)
else:
  # message sent

## gist:861934f2d0472400c6f9a764b4b7589d
from telethon.tl.types import ChannelParticipantCreator, ChannelParticipantAdmin
from telethon.tl.functions.channels import GetParticipantRequest

#..

@client.on(events.NewMessage)
async def handler(event):
  participant = await client(GetParticipantRequest(channel=event.original_update.message.to_id.channel_id,user_id=event.original_update.message.from_id))
  isadmin = (type(participant.participant) == ChannelParticipantAdmin)
  iscreator = (type(participant.participant) == ChannelParticipantCreator)

## eba-canli-ders.js
/*
EBA canlı dersleri Zoom kullanıyor.
Bağlantı için kendi uygulamalarını kullanıyorlar, fakat Linux (ve muhtemelen Mac) için destekleri yok.

Çok basit bir şekilde Zoom uygulamasını başlatmak yerine kendi Zoom uygulamalarına yönlendirip,
ordan Zoom'u başlatıyorlar. Bunun yerine id ve token'i alıp direk Zoom'u başlatan bir script yazdım
ki Linux ve Mac kullanıcıları da bundan yararlanabilsin.

1- Zoom uygulamasını cihazınıza kurun.
2- https://www.eba.gov.tr/ders/ adresine gidin, gerekli girişleri yapın, Canlı Dersler sayfasına gelin

## spotify-media-key-fix.sh
dbus-monitor  | grep --line-buffered interface=org.mpris.MediaPlayer2.Player | grep --line-buffered -v spotify | awk -W interactive -F'member=' '{print $2}' | xargs -L1 -I {} dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.{}

# when you play another media, and restart spotify, media keys get sent to another destination.
# in my case, it was VLC. output from dbus-monitor:
#
# method call time=1586780292.910122 sender=:1.58 -> destination=org.mpris.MediaPlayer2.vlc serial=1878 path=/org/mpris/MediaPlayer2; interface=org.mpris.MediaPlayer2.Player; member=PlayPause
# so I piped together a few commands, which got the wrong dbus output, and forwarded it to spotify.
# run:
# bash spotify-media-key-fix.sh &

## selenium-save-profile-session.py
#   Selenium does not use the given profile, but copies it, and uses a temporary profile.
#   As a result, new cookies and sessions etc. are not saved.
#   To fix it, we get the actual profile firefox is using, kill firefox manually so geckodriver
#   doesn't delete profile data. Copying the profile when it's being used is generally not a good idea.
#   After killing firefox profile and databases are unlocked, we copy the "temporary" profile
#   to our old profile.
#
#   driver.profile doesn't provide the actual temporary profile, but another copy of it. And firefox
#   does not use that one. that's why I got it from process list.
#

## phpkoru.deobfuscate.php
<?php
$input = file_get_contents("untitled.php");
//edit this filename


$fge_ebg13 = "str_rot13";
$onfr64_qrpbqr = "base64_decode";
$eha_pbqr = "cnVuX2NvZGU=";

## format_btc.php
<?php
function formatBtc($val){
  $val = number_format($val, 8); // round to 8 decimal points
  $rtval = rtrim($val, "0"); // get rid of zeroes at the end
  $x = strlen($val) - strlen($rtval); // get how many zeroes were deleted
  if($x > 0){
    $rtval .= '<span style="color:#ffffff6f;">'; // start a "faded" <span>
    // or try class="text-muted" for bootstrap
    for($i = 0;$i < $x;$i++) // add deleted zeroes back
      $rtval .= "0";
	<?php
	$file = 'file.php';

	// this script deobfuscates php files that start like this:
	// <?php /* İoncube Copyright © */ eval(base64_decode(...
	// overrides "hash check" function before including the script, so we can modify the code
	// then last "eval" is modified with another function with same length, "eeer", which writes the result to a file
	// function name has to be same length because it parses the obfuscated code with substring
	//
	// to use, edit $file variable and run this script. it will output file.php.deobfuscated.php
	#!/bin/bash

	#Simple test/help
	if [[ "$#" == '0' ]]
	then
	echo -e '\nPlease Select File\n'

	#Great, file selected.. Lets upload that..
	elif [[ "$#" == '1' ]]
	then
	def press_or_text(user_id):
	return events.Raw(func=lambda e: (type(e) == UpdateNewMessage and e.message.from_id == user_id) or (type(e) == UpdateBotCallbackQuery and e.user_id == user_id and e.data != b'cancel'))

	whatever = await conv.wait_event(press_or_text(sender))
	if type(whatever) == UpdateBotCallbackQuery and whatever.data in [b'create', b'list']:
	# button clicked
	# not actual event like "CallbackQuery", you can't use .edit() etc. directly
	print(whatever.data)
	else:
	# message sent
	from telethon.tl.types import ChannelParticipantCreator, ChannelParticipantAdmin
	from telethon.tl.functions.channels import GetParticipantRequest

	#..

	@client.on(events.NewMessage)
	async def handler(event):
	participant = await client(GetParticipantRequest(channel=event.original_update.message.to_id.channel_id,user_id=event.original_update.message.from_id))
	isadmin = (type(participant.participant) == ChannelParticipantAdmin)
	iscreator = (type(participant.participant) == ChannelParticipantCreator)
	/*
	EBA canlı dersleri Zoom kullanıyor.
	Bağlantı için kendi uygulamalarını kullanıyorlar, fakat Linux (ve muhtemelen Mac) için destekleri yok.

	Çok basit bir şekilde Zoom uygulamasını başlatmak yerine kendi Zoom uygulamalarına yönlendirip,
	ordan Zoom'u başlatıyorlar. Bunun yerine id ve token'i alıp direk Zoom'u başlatan bir script yazdım
	ki Linux ve Mac kullanıcıları da bundan yararlanabilsin.

	1- Zoom uygulamasını cihazınıza kurun.
	2- https://www.eba.gov.tr/ders/ adresine gidin, gerekli girişleri yapın, Canlı Dersler sayfasına gelin
	dbus-monitor \| grep --line-buffered interface=org.mpris.MediaPlayer2.Player \| grep --line-buffered -v spotify \| awk -W interactive -F'member=' '{print $2}' \| xargs -L1 -I {} dbus-send --print-reply --dest=org.mpris.MediaPlayer2.spotify /org/mpris/MediaPlayer2 org.mpris.MediaPlayer2.Player.{}

	# when you play another media, and restart spotify, media keys get sent to another destination.
	# in my case, it was VLC. output from dbus-monitor:
	#
	# method call time=1586780292.910122 sender=:1.58 -> destination=org.mpris.MediaPlayer2.vlc serial=1878 path=/org/mpris/MediaPlayer2; interface=org.mpris.MediaPlayer2.Player; member=PlayPause
	# so I piped together a few commands, which got the wrong dbus output, and forwarded it to spotify.
	# run:
	# bash spotify-media-key-fix.sh &
	# Selenium does not use the given profile, but copies it, and uses a temporary profile.
	# As a result, new cookies and sessions etc. are not saved.
	# To fix it, we get the actual profile firefox is using, kill firefox manually so geckodriver
	# doesn't delete profile data. Copying the profile when it's being used is generally not a good idea.
	# After killing firefox profile and databases are unlocked, we copy the "temporary" profile
	# to our old profile.
	#
	# driver.profile doesn't provide the actual temporary profile, but another copy of it. And firefox
	# does not use that one. that's why I got it from process list.
	#
	<?php
	$input = file_get_contents("untitled.php");
	//edit this filename




	$fge_ebg13 = "str_rot13";
	$onfr64_qrpbqr = "base64_decode";
	$eha_pbqr = "cnVuX2NvZGU=";
	<?php
	function formatBtc($val){
	$val = number_format($val, 8); // round to 8 decimal points
	$rtval = rtrim($val, "0"); // get rid of zeroes at the end
	$x = strlen($val) - strlen($rtval); // get how many zeroes were deleted
	if($x > 0){
	$rtval .= '<span style="color:#ffffff6f;">'; // start a "faded" <span>
	// or try class="text-muted" for bootstrap
	for($i = 0;$i < $x;$i++) // add deleted zeroes back
	$rtval .= "0";