I'd like to hash a file using php's hash_file(), but obfuscate it so it is not easily detected by a text string search in a text editor. Any advice? Possible?
You could use base64_encode/base64_decode to mask the name of the command being executed.
$command = "hash_file";
$encodedcommand = base64_encode($command); //aGFzaF9maWxl
Now you know that the base64 encoding of 'hash_file' is aGFzaF9maWxl.
So in your real script, just decode and execute that string:
$maskedcommand = base64_decode("aGFzaF9maWxl");
print $maskedcommand("md5",$filename);
So the string 'hash_file' isn't in the two lines of code above, but it still executes the 'hash_file' command.
Related
I have the following code in PHP:
$text = gzcompress($text);
// send $text to a python server
Then in python I have the following code:
text = request.POST.get('text', '')
new_text = zlib.decompress(text)
But this fails because the decompress function needs bytes and I am passing it a string. Does anyone know how to decompress a string in python that was compressed in php?
PS: I am not particularly interested in a specific algorithm or function.
Take the output of gzdeflate(), for example:
$a = gzdeflate('..........');
echo $a . "\n" . strlen($a);
I get output like:
?Ӄ
5
So I've got a 5 byte string that contains characters which cannot be outputted properly, and hence cannot be copy and pasted.
Obviously, echo gzinflate('?Ӄ'); doesn't work, but echo gzinflate($a) does.
Is there any way to get the actual contents of $a onto my clipboard or output it in such a way that I could copy and paste it into gzinflate() to retrieve the original string? The only workaround I've found is something like:
$a = base64_encode(gzdeflate('..........'));
echo $a;
Which gives me:
09ODAQA=
That's friendly enough to do echo gzinflate(base64_decode('09ODAQA=')); and get .........., but I'd like to skip the base64 functions if possible.
The problem is that you're channeling binary data through a text medium. If you require the data to be printed out on your screen where you will select and copy it, there's no way to transport binary data like that.
If this is happening on the command line, you could do it programatically without displaying the actual contents. Take OS X's pbcopy and pbpaste commands:
$ php test.php | pbcopy
$ pbpaste | someotherprogram
If you do require a visible textual representation, you need to ensure that the output is ASCII-safe (or at least "Unicode safe") and not raw binary data. For that you will need to base 64 or hex encode your binary data.
I guess your browser or console just eat some special chars like break line and other.
You can put this string to any file (file_put_contents()), and open this file throw notepad++ for example. and you will see these special chars in this file.
I am using PHP to read in a tab delimited CSV file and a pipe delimited TXT file. Unfortunately, I cannot get a string comparsion to work even though the characters (appear) to be exactly the same. I used trim to make sure to clean up hidden characters and I even tried type-casting to string.
Var dump shows they are clearly different but I am not sure how to make them the same?
// read in CSV file
$fh = fopen($mapping_date, 'r');
$mapping_data = fread($fh, filesize($mapping_date));
...
// use str_getcsv to put each line into an array
// get values out that I want to compare
$this_strategy = (string)trim($strategy_name);
$row_strategy = (string)trim($row3[_Strategy_Name]);
if($this_strategy == $row_strategy) { // do something }
var_dump($this_strategy);
Vardump: string(16) "Low Spend ($0.2)"
var_dump($row_strategy);
Vardump: string(31) "Low Spend ($0.2)"
Can't figure out for the life of me how to make this work.
Looks like you have the database encoded in UCS2 (assuming it's MySQL). http://dev.mysql.com/doc/refman/5.1/en/charset-unicode-ucs2.html
You can use possibly use iconv to convert the format - but there's an example in the comments on that page (but it doesn't use iconv - http://php.net/manual/en/function.iconv.php#49171 ). I've not tested it.
Alternatively, change the database field encoding to utf8_generic or ASCII or whatever the file is encoded as?
Edit: Found the actual PHP function you want: mb_convert_encoding - UCS2 is one of the supported encodings, so enable that in php ini and you're good to go.
Due to reasons that are have nothing to do with the actual question, I need to call and use an external script via PHP to perform a string replacement on a complete html document. The replacement strings and the source code need to be passded to this script via php exec(). For this example, I have used a simple python script to take over the replacement.
PHP script looks like this:
$source = file_get_contents("somehtmlfile.html");
$replaceString = "Some text in the HTML doc";
$replaceTo = "Some other text";
$parsedString = system("python replace.py $replaceString $replaceTo $source", $retval);
print ("Done:" .$mystring);
Then the Python script will do the following:
import sys
import string
dataFrom = sys.argv[1];
dataTo = sys.argv[2];
dataSourceCode = sys.argv[3];
rep = dataSourceCode.replace(dataFrom, dataTo);
print rep;
The problem is that I can't pass the complete html source as an argument to the shell, at least not in the way shown above. From what I understood, while the html code gets passed to the shell it interpretes some sections as commands (multiline could be an issue here I suppose).
The output I receive from the script :
sh: cannot open !DOCTYPE: No such file
sh: cannot open html: No such file
sh: cannot open head: No such file
sh: cannot open title: No such file
... (this goes on)
Any suggestions?
It is not working because there are spaces and quotes in the html text that you pass as an argument, so it is seen as multiple arguments. To solve this, you have to put quotes around the arguments.
The correct code is $parsedString = system("python replace.py '$replaceString' '$replaceTo' '$source'", $retval);
My script uses openssl_private_decrypt() to decrypt a string encrypted with RSA in another program. Currently it writes to a file. But when I try to open it up in a text editor, it says it can't detect the encoding. If I try to echo it, nothing appears. If I output it's length, I get 256, instead of the correct 3.
I know the decryption is done right because using the cat terminal command on the output file gives the correct data.
$ cat decrypted.txt
It looks like this is a character encoding problem, a problem I hear can give a lot of pain in PHP. I even tried utf8_encode(). What might the problem be?
Here's the code:
$results = '';
openssl_private_decrypt(
base64_decode(
<<<EOS
QWlG+AZIt9GE0hw0wwcPRtUWueMLBxj3YWpa5zQBoz1ttnt7TvlxDtYWZcvaUL/qr2CJCADE2iTR
G72FhAwew2fhqlqmsxL7Nns3yegflTTMXyilVM3mPU4Cx94ylLfa+ZrqrNEepaRorNJ/js5iTq9i
avegO/kYOv4zhEsZirlk/Mj0vVv6irWo8WyZoCDC2SwfGWeSUI8F4pq4FUkRh9V/0zAUZ+3P0A7Z
SrA80dSa6U/J+poRcmE1vRLQXvM8dBtFRKmb0zfltLUBMcMhcglzAhcpemJ99OCZmUuynFRcRNkj
CkOLsO+lSHntcbmXqsKE+of78gnU3tp5hHSHIg==
EOS
),
$results,
openssl_pkey_get_private(
// load private key
),
OPENSSL_NO_PADDING
);
echo $results;
The fact that you're getting decrypted data exactly the length of a single block instead of the length of your expected data is really, really pointing towards a padding problem.
Make sure you're using the same padding flag on both sides.
I'm not familiar with openssl_private_decrypt, but it seems logical to me that you would provide base64_encode()'d data to openssl_private_encrypt().
In such case, you're mangling your data by running in the wrong order on decrypt.
Seems like you would want to decrypt the string first, then run base64_decode() on the unencrypted string.