Published 13 years 5 months ago • Last updated March 22, 2025 • ⏱️ 2 min read
I started to try and break the 10 charset limit of PHP non-alpha after @InsertScript showed me that PHP Dev supports [] syntax for arrays. I wondered if it would be possible to break the limit within production PHP. At first I thought you could but then after some testing I found that there was no way to concat without "." and no way to call a string as a function without $ and =. However since I got into PHP Non-alpha again I thought why not try and improve it and make the code tweetable.
The first hack I found was that underscore is usable in PHP as a string since there is a function called "_". Therefore we can create 0 by simply doing:
echo +_;
You can also create numbers and arrays using undefined variable references like so:
echo ++$_[];//prints 1
You can also chain those together to form more numbers (useful for code generation)
echo (++$_[])+(++$_[]);//2
Lets create assert using these techniques.
First we create an array:
$_[]++;
Then we concat that array with a underscore to do a string conversion. I put the value in the next position of the array so we can reuse the 1 in the first position.
$_[]=$_._;
Here I reuse the 1 to extract the string "Array_" from the second element of the array.
$_=$_[$_[+_]];
I create one using a undefined variable reference ++$__[] and extract "r" from the string.
$___=$__=$_[++$__[]];
Then I extract "A" and reuse it for getting "e"
$____=$_=$_[+_];
Increment "A" a couple of times to get "D"
$_++;$_++;$_++;
Finally increment the other characters to form "assert".
$_=$____.++$___.$___.++$_.$__.++$___;$_
The final tweetable code:
$_[]++;$_[]=$_._;$_=$_[$_[+_]];$___=$__=$_[++$__[]];$____=$_=$_[+_];
$_++;$_++;$_++;$_=$____.++$___.$___.++$_.$__.++$___;$_('print "haha";');