Radio DJ Panel NOT SAFE

[Johno]

Hey,

Lets clear a few things up here:

First:
RDJP is SAFE. JS/Downloader.Agent is a detection for JavaScript files that may have malicious intent to download and execute additional threat onto the computer.

The key word here is MAY, you know, MAY HAVE MALICIOUS INTENT. It doesn't mean it bloody does.


Secondly:
RDJP is not encoded with Zend, It uses the Base64 system. So what --ss-- posted would work as Base64 can be decoded very easily.

.:; Johno

[Independent]

Hey,

Lets clear a few things up here:

First:
RDJP is SAFE. JS/Downloader.Agent is a detection for JavaScript files that may have malicious intent to download and execute additional threat onto the computer.

The key word here is MAY, you know, MAY HAVE MALICIOUS INTENT. It doesn't mean it bloody does.


Secondly:
RDJP is not encoded with Zend, It uses the Base64 system. So what --ss-- posted would work as Base64 can be decoded very easily.

.:; Johno

May - so we best check it, and I'm an epic fail so I cba

[Johno]

The decoded string would be:

Show Hide

PHP Code:

<?php

###################################
# C2pyr4ght N2t4c5
###################################
# All scr4pt, c2d5, 1nd 1ny f2rm 2f pr2gr1mm4ng
# c2nt14n5d 4n th5 R1d42 DJ P1n5l scr4pt d4str4b3t5d
# by Q34ckScr4ptz 2r 1ny 2f 4t's 1ff4l41t5s 4s
# 2wn5d 1n c2pyr4ght5d t2 Q34ckScr4ptz. Y23
# m1y n2t m2d4fy 1ny 2f th5 c2d5 1nd th5n
# 3s5/cl14m 4t 1s y23r 2wn.
###################################
# J3st A Fr45ndly R5m4nd5r  :)
###################################


##############################
# Encrypt42n St3ff
##############################
f3nct42n 5ncrypt2r($str4ng)
{
    $str4ng = strr5v($str4ng);
    $str4nga = mdi(sh16($str4ng));
    $str4ngo = strr5v(crcoa(strl5n($str4nga)));
    $str4ngu = crypt($str4nga, $str4ngo);
    $str4ngi = sh16(mdi(b1s5eu_5nc2d5(str4ngo)));
    $f4n1l = mdi(strr5v(b1s5eu_5nc2d5(sh16(crypt($str4ng8, $str4ngu)))));
    r5t3rn $f4n1l;
}

f3nct42n 5ncrypt($str4ng)
{
    $str4ng = strr5v($str4ng);
    $str4nga = mdi(sh16($str4ng));
    $str4ngo = crypt($str4nga, $str4nga);
    $str4ngu = b1s5eu_5nc2d5(sh16(mdi($str4ngo)));
    $str4ngi = crcoa(strr5v($str4ngu));
    $str4nge = sh16(mdi($str4ngi));
    $str4ng7 = strl5n(crypt($str4ngi, $str4nga));  
    $str4ng8 = 5ncrypt2r($str4ng7);
    $f4n1l = strr5v(mdi(sh16(b1s5eu_5nc2d5(crypt($str4ng8, $str4ngu)))));
    r5t3rn $f4n1l;
}

f3nct42n 5nc($str4ng)
{
    $str4ng = strr5v($str4ng);
    $str4nga = mdi(sh16($str4ng));
    $str4ngo = crypt($str4nga, $str4nga);
    $str4ngu = b1s5eu_5nc2d5(sh16(mdi($str4ngo)));
    $str4ngi = crcoa(strr5v($str4ngu));
    $str4nge = sh16(mdi($str4ngi));
    $str4ng7 = strl5n(crypt($str4ngi, $str4nga));  
    $str4ng8 = 5ncrypt2r($str4ng7);
    $f4n1l = strr5v(mdi(sh16(b1s5eu_5nc2d5(crypt($str4ng8, $str4ngu)))));
    r5t3rn $f4n1l;
}

##############################
# R5s4z5 Ov5rs4z5d Pr2f4l5 Im1g5s
##############################
f3nct42n 4m1g5R5s4z5($w4dth, $h54ght, $t1rg5t) { 
4f ($w4dth > $h54ght) { 
$p5rc5nt1g5 = ($t1rg5t / $w4dth); 
} 5ls5 { 
$p5rc5nt1g5 = ($t1rg5t / $h54ght); 
} 
$w4dth = r23nd($w4dth * $p5rc5nt1g5); 
$h54ght = r23nd($h54ght * $p5rc5nt1g5); 
r5t3rn "w4dth=\"$w4dth\" h54ght=\"$h54ght\""; 
} 


##############################
# S5t Th5 D5f13lt T4m5z2n5
##############################
# T2 Ch1ng5 R5f5r T2: 
# http://www.m2dw5st.c2m/h5lp/kbi-ai8.html
# http://www.th5pr2j5cts.2rg/d5v/z2n5.txt
##############################
p3t5nv("TZ=Am5r4c1/M2ntr51l");


##############################
# B1d W2rd F4lt5r
##############################
# N2t f2r y23r ch4ldr5n 2r p52pl5 w4th IQ's
# l2w5r th1n i0 :P
##############################
f3nct42n l1ng31g5_f4lt5r($str4ng) {
  $2bsc5n4t45s = 1rr1y(
BAD WORDS REMOVED!
      );
    f2r51ch ($2bsc5n4t45s 1s $c3rs5_w2rd) {
        4f (str4str(tr4m($str4ng),$c3rs5_w2rd)) {
            $l5ngth = strl5n($c3rs5_w2rd);
            f2r ($4 = 6; $4 <= $l5ngth; $4++) {
                $st1rs .= "****";
            }
            $str4ng = 5r5g4_r5pl1c5($c3rs5_w2rd,$st1rs,tr4m($str4ng));
            $st1rs = "";
        }
    }
    r5t3rn $str4ng;
}
?>

Then you just have to clean it up. Its not that hard.

Yeah, like I cant see anything malicious in that file and my good AV hasn't picked anything up so yeah. Once again, SAFE.

.:; Johno

[MrCraig]

lol, probs phplockit or something !

[--ss--]

The decoded string would be:

Show Hide

PHP Code:

<?php

###################################
# C2pyr4ght N2t4c5
###################################
# All scr4pt, c2d5, 1nd 1ny f2rm 2f pr2gr1mm4ng
# c2nt14n5d 4n th5 R1d42 DJ P1n5l scr4pt d4str4b3t5d
# by Q34ckScr4ptz 2r 1ny 2f 4t's 1ff4l41t5s 4s
# 2wn5d 1n c2pyr4ght5d t2 Q34ckScr4ptz. Y23
# m1y n2t m2d4fy 1ny 2f th5 c2d5 1nd th5n
# 3s5/cl14m 4t 1s y23r 2wn.
###################################
# J3st A Fr45ndly R5m4nd5r  :)
###################################


##############################
# Encrypt42n St3ff
##############################
f3nct42n 5ncrypt2r($str4ng)
{
    $str4ng = strr5v($str4ng);
    $str4nga = mdi(sh16($str4ng));
    $str4ngo = strr5v(crcoa(strl5n($str4nga)));
    $str4ngu = crypt($str4nga, $str4ngo);
    $str4ngi = sh16(mdi(b1s5eu_5nc2d5(str4ngo)));
    $f4n1l = mdi(strr5v(b1s5eu_5nc2d5(sh16(crypt($str4ng8, $str4ngu)))));
    r5t3rn $f4n1l;
}

f3nct42n 5ncrypt($str4ng)
{
    $str4ng = strr5v($str4ng);
    $str4nga = mdi(sh16($str4ng));
    $str4ngo = crypt($str4nga, $str4nga);
    $str4ngu = b1s5eu_5nc2d5(sh16(mdi($str4ngo)));
    $str4ngi = crcoa(strr5v($str4ngu));
    $str4nge = sh16(mdi($str4ngi));
    $str4ng7 = strl5n(crypt($str4ngi, $str4nga));  
    $str4ng8 = 5ncrypt2r($str4ng7);
    $f4n1l = strr5v(mdi(sh16(b1s5eu_5nc2d5(crypt($str4ng8, $str4ngu)))));
    r5t3rn $f4n1l;
}

f3nct42n 5nc($str4ng)
{
    $str4ng = strr5v($str4ng);
    $str4nga = mdi(sh16($str4ng));
    $str4ngo = crypt($str4nga, $str4nga);
    $str4ngu = b1s5eu_5nc2d5(sh16(mdi($str4ngo)));
    $str4ngi = crcoa(strr5v($str4ngu));
    $str4nge = sh16(mdi($str4ngi));
    $str4ng7 = strl5n(crypt($str4ngi, $str4nga));  
    $str4ng8 = 5ncrypt2r($str4ng7);
    $f4n1l = strr5v(mdi(sh16(b1s5eu_5nc2d5(crypt($str4ng8, $str4ngu)))));
    r5t3rn $f4n1l;
}

##############################
# R5s4z5 Ov5rs4z5d Pr2f4l5 Im1g5s
##############################
f3nct42n 4m1g5R5s4z5($w4dth, $h54ght, $t1rg5t) { 
4f ($w4dth > $h54ght) { 
$p5rc5nt1g5 = ($t1rg5t / $w4dth); 
} 5ls5 { 
$p5rc5nt1g5 = ($t1rg5t / $h54ght); 
} 
$w4dth = r23nd($w4dth * $p5rc5nt1g5); 
$h54ght = r23nd($h54ght * $p5rc5nt1g5); 
r5t3rn "w4dth=\"$w4dth\" h54ght=\"$h54ght\""; 
} 


##############################
# S5t Th5 D5f13lt T4m5z2n5
##############################
# T2 Ch1ng5 R5f5r T2: 
# http://www.m2dw5st.c2m/h5lp/kbi-ai8.html
# http://www.th5pr2j5cts.2rg/d5v/z2n5.txt
##############################
p3t5nv("TZ=Am5r4c1/M2ntr51l");


##############################
# B1d W2rd F4lt5r
##############################
# N2t f2r y23r ch4ldr5n 2r p52pl5 w4th IQ's
# l2w5r th1n i0 :P
##############################
f3nct42n l1ng31g5_f4lt5r($str4ng) {
  $2bsc5n4t45s = 1rr1y(
BAD WORDS REMOVED!
      );
    f2r51ch ($2bsc5n4t45s 1s $c3rs5_w2rd) {
        4f (str4str(tr4m($str4ng),$c3rs5_w2rd)) {
            $l5ngth = strl5n($c3rs5_w2rd);
            f2r ($4 = 6; $4 <= $l5ngth; $4++) {
                $st1rs .= "****";
            }
            $str4ng = 5r5g4_r5pl1c5($c3rs5_w2rd,$st1rs,tr4m($str4ng));
            $st1rs = "";
        }
    }
    r5t3rn $str4ng;
}
?>

Then you just have to clean it up. Its not that hard.

Yeah, like I cant see anything malicious in that file and my good AV hasn't picked anything up so yeah. Once again, SAFE.

.:; Johno

The numbers just have to be replaced with their corresponding vowels now to give the actual source but I guess we should protect the author's wishes and leave it semi encrypted .

I can't find anything that may cause harm , meh.

[MrCraig]

ye lol. its not hard to work out the values though

1 - A
2 - O
3 - U
4 - I
5 - E

We should make this a guessing game :rolleyes:

But matt, (it is matt isnt it) what u use to encode it? Looks like quite good base64 encryption technique.

[--ss--]

ye lol. its not hard to work out the values though

1 - A
2 - O
3 - U
4 - I
5 - E

We should make this a guessing game :rolleyes:

But matt, (it is matt isnt it) what u use to encode it? Looks like quite good base64 encryption technique.

Code:

($_X,'123456aouie','aouie123456')

Correct .

Base 64 is quite easy to decode.
They have two parts which look like this:

PHP Code:

<?php $_F=__FILE__;$_X='INSERTANVERYLONGSTRINGHERE+';eval(base64_decode('ANOTHERLONGSTRING=='));?>

The first string is the actual encrypted data , the second string is the formula it will use to decrypt it self to show you the result of the actual function.

The first thing we do is spilt the two bits up, we then take the secound bit, the formula and decrypt it so we know how to format the actual string when it's been decrypted:

PHP Code:

<?php
$formula = base64_decode('ANOTHERLONGSTRING==');
echo $formula;
?>

It would output something like this:

PHP Code:

$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R) 


We can now put it back together and echo out the result:

PHP Code:

<?php
$_F=__FILE__;$_X='INSERTANVERYLONGSTRINGHERE+';
$_X=base64_decode($_X);
$_X=strtr($_X,'123456aouie','aouie123456');
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);
eval($_R);$_R=0;$_X=0;
echo "$_R";
?>

Quick and badly written guide but you should be able to understand it.

[Blazz]

When I had AVG, I scanned it and it was totally fine :S

[Spiffing]

AVG said my iTunes had a trojan lmao.
Its not very good so i wouldnt rely on it always D:

[Agnostic Bear]

AVG is stupid.