PHP nonalpha tutorial

My first post on PHP non-alpha numeric code was a bit brief, in the excitement of the discovery I failed to detail in depth the process. I’ve decided to follow up with a tutorial and hopefully explain the process better for anyone wanting to learn or improve the technique.

The basis of PHP non-alphanumeric code is to take advantage of the fact that PHP automatically converts Arrays into a string “Array” when using in a string context. A simple example would be:


$x = array(1,2,3);
echo $x;//output Array


$x is now the string “Array”. But you will notice we used alphanumeric characters, we can also create an array without using array() like the following:


$_="";
$_[+""]='';
echo $_;//output Array


The first part creates a variable “$_” the second part references 0 by using the prefix operator on a blank string to convert to 0, the assignment creates the array. This was a first attempt to hack together an array when I first wrote it but all sorts of tricks can be used for example you don’t need the “0” part.


$_="";
$_[+$_]++;
echo $_;//output Array


I’ll leave you to experiment for ways to create arrays but you get the idea. Right we have the characters “A”, “r”, “r” and so on now we need to access them and fortunately PHP is very similar to JavaScript in that respect. The first step is to force our array into an actual string by concatenating it with a blank string like so:


$_=$_."";//$_ contains our array previously and forces it into a string


The next step is to actually access a letter and PHP conveniently provides the same accessor method as JavaScript. To do that we need zero, as I showed before using the prefix operator with a blank string can convert to zero (also like JavaScript).


echo +"";// output 0


Using the 0 we can now access our letter “A” from the converted array.


echo $_[+""]// output "A"


Now originally because I was just discovering the technique I did some crazy math operations on multiple characters to obtain other characters than Array but this wasn’t necessary as Stefan Esser pointed out you can simply increment/decrement strings. But anyway I figured the letters out by doing nested for loops of all the characters, I’ll post the script if I’ve still got it later. For now though we’ll simply increment/decrement the characters we need. I’ll show you how to get the letter “B” first.


$_="";//we need a blank string to start
$_[+$_]++;//access part of the string to convert to an array
$_=$_."";//convert the array into a string of "Array"
$_=$_[+""];//access the 0 index of the string "Array" which is "A"
echo ++$_;//increment "A" to "B"


That is the basis of how it works, we just need to construct a string that calls a function such as “chr” or generate characters manually and then an eval based function to call our code. The original post used GET but since that is already documented I’ll show you how to generate different code. We’ll use the PHP function “assert” since it evaluates code and it is allowed to be called using string references of it’s name. For example:


$_="assert";
$_("print 1+1;")//output 2


We therefore need to generate “assert” and our code to call. Using the template from before were we generated “Array” we simply create new references and increment the characters we need.


$_="";//we need a blank string to start
$_[+$_]++;//access part of the string to convert to an array
$_=$_."";//convert the array into a string of "Array"
$__=+"";//make zero
$__++;//increment to 1
$___=$_[+""];//access the 0 index of the string "Array" which is "A"
$____=$____=$_[$__];//access the 1 index of the string "Array" which is "r"
$_____=$____;// assign "r" to a new variable
$_____++;//increment to "s"
$______=$___;//new variable for "e"
$______++;$______++;$______++;$______++;//increment to "e"
$_=$___.$_____.$_____.$______.$____.++$_____;//concat the strings to form "AssErt"
$_("p".$____."in".$_____." $__+$__");//call print 1+1


You will notice there are missing characters at the end “p”, “i” and “n” are alpha those are for you to generate using the techniques described. There are separate challenges to do after that for example a question to ask yourself is “How many characters are the minimum required to generate non-alphanumeric code?” another challenge is “What is the smallest amount of characters need to create a generator of non-alphanumeric code. Hope you enjoyed the write up and enjoy creating and finding new things with non-alpha php!

Challenges

1. Complete the “print 1+1” code at the end of the last example (Basic)
2. Find the minimum number of characters to generate required to generate non-alpha code e.g. using only $_ + etc (Hard).
3. Create a PHP non-alpha generator in the smallest amount of code possible such as: The Hackvertor non-alpha tag (Hard)

Challenge leaderboard

1. @insertScript
Challenge 1 – done
Challenge 2 – done (using $_()[]+=.;)