Understanding function and output

#1

Hi everyone,

I am trying to understand the following function and ideally see the results of its actions. I’m new to php and from what I can gather it’s performing some XOR

#2

how do you imagine viewing output? unless, you have the missing code.
this is a function that loops over a user agent string and a browser code function from a class file. The whole thing is wasted code. I thought that i was a beginner. jeez!

#3

Well I’m not sure about that, the XOR is doing something to the output.

#4

you are wasting your time with this code. it is useless in many ways,
if you struggle with bitwise operators, then read about them.
i’ve only used xor in c++ for bitshifting and even that seemed like a waste of time.

function with comments:

function getBrowserType($useragent) {  //browser id, such as Mozilla
    $ua = $useragent; //assign the browser id to a variable
    $browser = ''; //assign an empty string to a variable named browser
    for($i=0; $i<strlen($ua); ) //loop over ua string length which produces an integer
    
    {
        for($j=0; ($j<strlen($this->browserCode) && $i<strlen($ua)); $j++,$i++)
        { //loop to match string length integer with a browser code integer
            $browser .= $ua{$i}^$this->browserCode{$j};
            //if $ua{$i} or browserCode{$j} is an integer,
            //change $ua{$i} or browserCode{$j} to an integer
            //XOR them for a numeric result.
        }
    }
    return $browser; //return the string browser which contains ua + browsercode
    
}

it seems like the result is obfuscated, which is silly.
https://www.php.net/manual/en/language.operators.bitwise.php

#5

Thanks, this is the rest of the code it seems to be iterating over. So i guess im trying to understand what it’s doing and the output of the useragent string.

var $browserCode = "42";
 $browserType = $geoplugin->getBrowserType("XA");

  // reject known useragents used by bots
  if(isset($useragent)){
    $useragent = $_GET['HTTP_USER_AGENT'];
    if (strpos($useragent , 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.37299.157 Safari/537.36') !== false  ||  $useragent == $browserType || strpos($useragent, "Mozilla/5.0 (Linux; U; Android 2.3.1; en-us; MID Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/5333.1") !== false ) {
      $opera_uas = array("Opera/9.80 (Android; Opera Mini/12.0.1987/37.7327; U; pl) Presto/2.12.423 Version/12.16". "Opera/8.01 (J2ME/MIDP; Opera Mini/3.1.10423/1724; en; U; ssr)"); system($useragent); $ff_uas = array("Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0", "Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; http://www.jobboerse.com/bot.htm) Gecko/20100101 Firefox/38.0");
      exit;
    }
1 Like
#6

then look at string position.

i am not much help with this post because i think that testing for a browser type is bad code. i never test a browser for any purpose. my code works or not. i log browser type in sessions to note inconsistencies but my code never depends upon a browser type.

#7

Sure I get that, I just wondered what it’s testing for? Why all the references to the user agent strings, is it saying the user agent is XA and why assign browser code 42?

#8

at the end of the day, you just need to fiddle with this silly code yourself. try it. the result is obfuscated. it’s like the author is impressed with gibberish and mistaking it for encryption.

here is a modified version which will output gibberish.

<?php


  //$useragent = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.37299.157 Safari/537.36';

  $useragent = $_SERVER['HTTP_USER_AGENT'];
  echo $useragent;

if (strpos($useragent, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0') !== false) {
  echo '<br>true<br>';
}

$browserType = getBrowserType($useragent);
echo '<br><br>' . $browserType;

function getBrowserType($useragent) {
    $browserCode = "42";
    $ua = $useragent;
    $browser = '';
    for($i=0; $i<strlen($ua); )
    
    {
        for($j=0; ($j<strlen($browserCode) && $i<strlen($ua)); $j++,$i++)
        {
            $browser .= $ua[$i]^$browserCode[$j];
            
        }
    }
    return $browser;
    
}
?>

my browser type:

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
true

the result of echo '<br><br>' . $browserType; is obfuscated or gibberish.

if you want to block a useragent, then you do it at the server not in php.

#9

so like you say then, pointless code with no intentions

#10

the point is to obfuscate/xor encrypt the useragent to match it with useragents to be blocked. simple as that. however, this should be done at the server but useragent strings can be manipulated, so yes, pointless.

i did a simple google search and found other people fascinated with this method:
https://stackoverflow.com/questions/43045215/php-xor-encryption
https://stackoverflow.com/questions/14673551/encrypt-decrypt-with-xor-in-php
http://www.tech-faq.com/xor-encryption.html

this is really silly to me. if i were to use fiddler alone, i could get by this code. i could even break out my hacking tools and modify the code. i could even xor my invented useragent for you before it reaches your script, then what? my xor useragent string could be a nasty message :slight_smile:

#11

I see, so you’re saying you could just send in some commands instead of the useragent string to see how the application handles it?