DEV Community ๐Ÿ‘ฉโ€๐Ÿ’ป๐Ÿ‘จโ€๐Ÿ’ป

DEV Community ๐Ÿ‘ฉโ€๐Ÿ’ป๐Ÿ‘จโ€๐Ÿ’ป is a community of 964,423 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create account Log in
Cover image for A light challenge: Can you describe what this PHP code does?
Felippe Regazio
Felippe Regazio

Posted on • Updated on

A light challenge: Can you describe what this PHP code does?

I was writing things for fun yesterday and i made this peace of code. It it does one simple and dangerous task (kidding, thats not so dangerous, you can run it on you computer and see what happens).

So, the challenge is: can you describe what this code is really doing? Can you shine a light on it describing as many steps as possible?

<?php $ยง=(rawurldecode('%24__%3D%5B%22%3D%22%2C%22s%22%2C%22T%22%2C%22K%22%2C%22f%22%2C%22R%22%2C%22C%22%2C%22K%22%2C%22r%22%2C%225%22%2C%22W%22%2C%22a%22%2C%22s%22%2C%225%22%2C%22W%22%2C%22d%22%5D%3B'));assert($ยง);$_=__FILE__;assert(base64_decode(strrev(implode($__))));
Enter fullscreen mode Exit fullscreen mode

you can use ctrl+c + v, or use the string version below:

<?php $ยง=(rawurldecode('%24__%3D%5B%22%3D%22%2C%22s%22%2C%22T%22%2C%22K%22%2C%22f%22%2C%22R%22%2C%22C%22%2C%22K%22%2C%22r%22%2C%225%22%2C%22W%22%2C%22a%22%2C%22s%22%2C%225%22%2C%22W%22%2C%22d%22%5D%3B'));assert($ยง);$_=__FILE__;assert(base64_decode(strrev(implode($__))));

Is not big deal, but its not that easy too. Experienced developers maybe can find the answer fast, but i believe that can be specially fun to beginners.

Top comments (5)

Collapse
 
kip13 profile image
kip • Edited on

The code doesnt work in >= 7.2 versions.

The key here is assert, why ?

If the assertion is given as a string it will be evaluated as PHP code by assert().

With this in mind we can get the light to understand the behavior...

The argument to rawurldecode is just a variable declaration with an array as value:

'$__=["=","s","T","K","f","R","C","K","r","5","W","a","s","5","W","d"];'

But what is the content of the array ? Well, if you read the last statement you could get the answer...

Keep in mind we have the $__ declared, remember assert, so:

>>> $imploded = implode(["=","s","T","K","f","R","C","K","r","5","W","a","s","5","W","d"])
=> "=sTKfRCKr5Was5Wd"
>>> $reversed = strrev($imploded)
=> "dW5saW5rKCRfKTs="
>>> base64_decode($reversed)
=> "unlink($_);"
>>>

Yes, is a line of code, a call to unlink with $_ as parameter, but what is the value of $_ ?

$_=__FILE__

So you got it, the code delete the file where the code is called.

Collapse
 
felipperegazio profile image
Felippe Regazio Author

uowww exactly what is happening. kip, you rock! : )

Collapse
 
felipperegazio profile image
Felippe Regazio Author

about the assert() and 7.2 v. thats true, but using eval() would turn the code lesser funny.
do you have any suggestion?

Collapse
 
lautarolobo profile image
Lautaro Lobo

Thanks kip, I just read the array, and that's it, couldn't figure out what the other functs were doing... I'm a newbie on PHP hehe

Collapse
 
felipperegazio profile image
Felippe Regazio Author • Edited on

ANSWER: Here is a repository with this code, and a file called "decode.php" explaining it line by line, (or you can read Kip's answer on this post which is a perfect explanation about what is happening).

github.com/felippe-regazio/php-har...

๐ŸŒš Life is too short to browse without dark mode