{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 唯我独甜 的问题《How is this PHP encoded?》','https://www.manongdao.com/q-375667.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Does anybody know how this PHP code is encoded? I don't know whether it's Zend, ionCube or something else.
<?php
if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) {
function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E) {
$TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E);
$T7FC56270E7A70FA81A5935B72EACBE29 = 0;
$T9D5ED678FE57BCCA610140957AFAB571 = 0;
$T0D61F8370CAD1D412F80B84D143E1257 = 0;
$TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]);
$T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3;
$T800618943025315F869E4E1F09471012 = 0;
$TDFCF28D0734569A6A693BC8194DE62BF = 16;
$TC1D9F50F86825A1A2302EC2449C17196 = "";
$TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E);
?>
My guess is that this code uses
Obfuscation.To obfuscate a code is to transform its source to a virtually unreadable analog. It's exactly the same functionality, but variable and function names are changed in a way which would make it very hard to read.
It's a usual practice used for code which can be disassembled (like .NET or any interpreted language like PHP, Ruby, Perl), to protect it as an intellectual property.
Check this question for details: Is there a code obfuscator for PHP?
It's automatically generated code, and it's damn ugly. I don't think it's encoded - I just think the generator just threw a load of GUIDs into the code to use as function names.
It's just obfuscated code. I'm guessing that it was generated by http://www.truebug.com/, judging by this cached Google page, but it could be from any similar product.