Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto W42RA; W42RA: error_reporting(E_ALL); goto c2R7a; c2R7a: ini_set("\x64\x69\163\..
Decoded Output download
<?php goto W42RA; W42RA: error_reporting(E_ALL); goto c2R7a; c2R7a: ini_set("display_errors", 1); goto gESFo; AfpXP: if ($_SERVER["REQUEST_METHOD"] === "POST") { if (!isset($_SERVER["HTTP_USER_AGENT"]) || $_SERVER["HTTP_USER_AGENT"] !== "HI-TOPUPGAME-XDNVC") { rt(false, "Unauthorized"); } if (isset($_POST["ktuser"]) and isset($_POST["ktpass"])) { $ktuser = $_POST["ktuser"]; $ktpass = $_POST["ktpass"]; if (isset($_POST["buyid"]) and isset($_POST["userid"])) { $buyid = $_POST["buyid"]; $userid = $_POST["userid"]; $loginUrl = "https://www.khanthep.in.th/api/v1/login"; $loginData = array("Username" => $ktuser, "Password" => $ktpass, "g-recaptcha-response" => "\340\270\252\xe0\xb9\x88\xe0\xb8\x87 \340\271\201\xe0\xb8\x9a\xe0\270\232 data \340\xb9\x84\340\270\241\340\xb9\x88\xe0\xb9\203\340\xb8\212\340\xb9\x88\xe0\270\xaa\xe0\271\210\340\270\x87\xe0\xb9\x81\xe0\270\232\xe0\270\232 Json"); $loginHeaders = array("Host: www.khanthep.in.th", "Content-Type: application/x-www-form-urlencoded; charset=UTF-8", "User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Mobile Safari/537.36", "Origin: https://www.khanthep.in.th", "Referer: https://www.khanthep.in.th/login"); $loginContext = stream_context_create(array("http" => array("method" => "POST", "header" => implode("
\xa", $loginHeaders), "content" => http_build_query($loginData)))); $loginResponse = file_get_contents($loginUrl, false, $loginContext); $phpsessid = ''; foreach ($http_response_header as $header) { if (strpos($header, "Set-Cookie: PHPSESSID=") !== false) { $phpsessid = str_replace("Set-Cookie: PHPSESSID=", '', $header); $phpsessid = strtok($phpsessid, ";"); break; } } $apiUrl = "https://www.khanthep.in.th/api/v1/termgame/zepeto"; $apiData = array("BuyId" => $buyid, "Ref1" => $userid, "Ref2" => "NO_SERVER", "Ref3" => "zepeto"); $apiContext = stream_context_create(array("http" => array("method" => "POST", "header" => "Content-type: application/x-www-form-urlencoded\xd
" . "Cookie: PHPSESSID={$phpsessid}
", "content" => http_build_query($apiData)))); $apiResponse = file_get_contents($apiUrl, false, $apiContext); $responseData = json_decode($apiResponse, true); $statusCode = $responseData["Code"]; $dkdkkxx = $responseData["Message"]; if ($statusCode == 200) { rt(true, "\340\271\200\xe0\270\x95\340\xb8\264\xe0\xb8\241\340\270\225\340\270\xa3\340\xb8\207 Zepeto \340\271\x80\340\270\x82\340\xb9\x89\340\xb8\xb2\xe0\271\x84\340\xb8\xad\xe0\270\224\xe0\270\xb5 {$userid} \xe0\270\252\xe0\270\xb3\340\xb9\200\340\xb8\xa3\340\xb9\207\340\270\210 (\xe0\xb8\243\xe0\270\xad 1 - 15 \340\xb8\x99\xe0\270\xb2\340\xb8\227\340\xb8\265)"); } else { rt(false, "\340\xb9\200\xe0\xb8\x81\340\xb8\264\xe0\270\224\340\270\202\340\xb9\x89\340\xb8\xad\xe0\270\234\340\270\xb4\xe0\xb8\224\xe0\270\236\xe0\270\xa5\340\xb8\262\340\xb8\x94\340\270\201\xe0\xb8\xa3\xe0\xb8\270\xe0\270\x93\340\xb8\xb2\340\xb8\xa5\340\270\xad\xe0\xb8\207\xe0\271\x83\xe0\xb8\xab\xe0\270\xa1\340\271\x88\xe0\xb8\255\xe0\xb8\265\xe0\xb8\201\xe0\270\x84\xe0\270\243\xe0\xb8\xb1\340\271\x89\340\xb8\x87\340\270\243\340\xb8\xb0\xe0\270\x9a\xe0\270\232\340\xb8\x97\340\xb8\xb3\xe0\270\x81\xe0\270\xb2\xe0\xb8\xa3\xe0\270\204\xe0\270\267\xe0\xb8\x99\xe0\270\236\xe0\xb9\211\xe0\xb8\xad\340\xb8\xa2\340\270\202\340\xb8\xad\xe0\270\207\340\270\x97\340\xb9\210\xe0\xb8\xb2\340\270\x99\xe0\xb9\200\xe0\270\xa3\340\270\265\340\270\xa2\340\xb8\x9a\340\270\243\xe0\271\211\xe0\xb8\255\340\xb8\xa2"); } } else { rt(false, "\340\xb9\x84\xe0\xb8\241\340\xb9\210\xe0\270\x9e\xe0\270\x9a\xe0\270\202\xe0\271\x89\340\xb8\xad\xe0\xb8\241\xe0\270\271\xe0\270\245\xe0\xb8\227\340\270\xb5\340\xb9\x88\340\xb8\243\340\xb9\x89\340\270\255\340\270\x87\340\xb8\202\340\xb8\255\340\270\241\xe0\270\262, \340\xb8\201\xe0\270\243\340\xb8\270\xe0\270\x93\340\xb8\xb2\xe0\xb8\xa5\340\270\255\340\270\x87\xe0\xb9\x83\340\xb8\xab\xe0\xb8\241\340\xb9\x88\340\270\255\xe0\270\xb5\340\xb8\201\xe0\xb8\204\340\xb8\xa3\340\270\xb1\340\xb9\211\340\xb8\x87"); } } else { rt(false, "\xe0\271\204\340\xb8\241\xe0\xb9\210\xe0\270\236\340\270\x9a\340\xb8\242\340\xb8\271\340\xb8\252\340\271\x80\340\xb8\213\340\xb8\xad\xe0\xb8\xa3\340\271\x8c"); } } else { rt(false, "Method '{$_SERVER["REQUEST_METHOD"]}' not allowed!"); } goto VyZj7; fCIrv: header("Content-Type: application/json; charset=utf-8;"); goto AfpXP; gESFo: function rt($status, $message) { if ($status) { $json = array("status" => "200", "message" => $message); http_response_code(200); die(json_encode($json)); } else { $json = array("status" => "400", "message" => $message); http_response_code(400); die(json_encode($json)); } } goto fCIrv; VyZj7: ?>
Did this file decode correctly?
Original Code
<?php goto W42RA; W42RA: error_reporting(E_ALL); goto c2R7a; c2R7a: ini_set("\x64\x69\163\x70\154\141\171\x5f\x65\162\x72\157\162\163", 1); goto gESFo; AfpXP: if ($_SERVER["\122\105\121\125\105\123\124\137\x4d\105\x54\x48\117\x44"] === "\x50\117\123\x54") { if (!isset($_SERVER["\110\124\124\x50\x5f\125\123\x45\x52\137\x41\x47\105\x4e\x54"]) || $_SERVER["\x48\x54\124\x50\137\x55\123\x45\x52\137\x41\107\105\116\124"] !== "\110\111\x2d\x54\x4f\120\x55\120\x47\x41\x4d\105\x2d\130\x44\x4e\x56\x43") { rt(false, "\x55\x6e\x61\165\164\x68\x6f\162\x69\x7a\145\144"); } if (isset($_POST["\153\164\x75\x73\x65\162"]) and isset($_POST["\x6b\164\160\x61\x73\163"])) { $ktuser = $_POST["\x6b\164\165\163\145\x72"]; $ktpass = $_POST["\x6b\164\x70\x61\163\x73"]; if (isset($_POST["\x62\165\x79\x69\144"]) and isset($_POST["\x75\163\145\162\151\144"])) { $buyid = $_POST["\x62\165\x79\151\144"]; $userid = $_POST["\x75\163\x65\162\151\x64"]; $loginUrl = "\150\x74\x74\160\163\x3a\x2f\57\x77\167\x77\x2e\x6b\150\141\156\x74\150\x65\160\x2e\x69\x6e\56\x74\150\57\141\160\151\57\x76\61\x2f\154\157\x67\151\x6e"; $loginData = array("\125\x73\x65\162\156\141\x6d\145" => $ktuser, "\120\141\x73\163\x77\157\162\144" => $ktpass, "\147\x2d\162\x65\143\141\x70\x74\x63\150\141\55\162\x65\x73\x70\x6f\x6e\163\145" => "\340\270\252\xe0\xb9\x88\xe0\xb8\x87\x20\340\271\201\xe0\xb8\x9a\xe0\270\232\x20\x64\x61\x74\141\40\340\xb9\x84\340\270\241\340\xb9\x88\xe0\xb9\203\340\xb8\212\340\xb9\x88\xe0\270\xaa\xe0\271\210\340\270\x87\xe0\xb9\x81\xe0\270\232\xe0\270\232\40\112\163\157\x6e"); $loginHeaders = array("\110\157\163\164\72\x20\x77\x77\167\x2e\153\150\141\x6e\164\x68\145\160\56\151\x6e\56\x74\x68", "\x43\157\156\164\x65\156\x74\x2d\124\x79\x70\145\x3a\40\x61\x70\x70\154\x69\x63\141\x74\x69\157\156\57\170\x2d\167\167\x77\x2d\x66\157\162\155\55\x75\x72\154\x65\x6e\x63\157\x64\x65\x64\73\x20\x63\150\x61\x72\163\x65\164\x3d\x55\124\106\55\x38", "\125\x73\x65\x72\55\101\147\145\156\x74\72\40\x4d\157\x7a\151\154\x6c\141\57\x35\x2e\60\40\x28\x4c\x69\x6e\165\170\x3b\40\101\x6e\x64\x72\157\151\x64\40\x31\60\x3b\x20\113\51\40\x41\160\160\154\145\x57\145\142\x4b\151\x74\57\65\x33\x37\56\x33\66\40\x28\x4b\110\124\x4d\114\x2c\40\154\x69\x6b\x65\40\107\x65\x63\x6b\157\x29\x20\103\150\x72\157\155\x65\x2f\61\x31\x33\x2e\x30\56\x30\x2e\x30\40\115\157\142\151\x6c\145\x20\x53\141\x66\x61\162\x69\57\65\63\x37\x2e\x33\66", "\x4f\x72\x69\x67\x69\156\72\x20\150\x74\x74\160\163\72\57\x2f\x77\167\167\56\153\x68\141\156\164\x68\x65\160\56\151\x6e\56\x74\x68", "\122\x65\x66\145\x72\145\162\x3a\x20\150\x74\x74\160\163\x3a\57\57\x77\x77\167\56\153\150\x61\x6e\x74\x68\145\160\x2e\x69\156\56\164\150\57\x6c\157\147\151\156"); $loginContext = stream_context_create(array("\150\x74\164\x70" => array("\x6d\x65\x74\x68\x6f\x64" => "\120\117\123\124", "\x68\x65\x61\x64\145\162" => implode("\15\xa", $loginHeaders), "\x63\x6f\x6e\x74\x65\x6e\164" => http_build_query($loginData)))); $loginResponse = file_get_contents($loginUrl, false, $loginContext); $phpsessid = ''; foreach ($http_response_header as $header) { if (strpos($header, "\123\x65\164\x2d\x43\157\x6f\153\151\x65\72\40\x50\x48\120\123\105\x53\x53\x49\x44\x3d") !== false) { $phpsessid = str_replace("\123\x65\x74\x2d\x43\157\x6f\153\151\145\x3a\x20\120\110\x50\x53\105\x53\123\111\104\75", '', $header); $phpsessid = strtok($phpsessid, "\73"); break; } } $apiUrl = "\150\x74\x74\160\x73\72\x2f\57\x77\x77\167\x2e\x6b\150\x61\x6e\x74\150\145\160\x2e\x69\x6e\56\164\150\57\141\160\151\57\166\x31\x2f\164\145\x72\x6d\x67\141\155\145\57\x7a\x65\160\145\x74\157"; $apiData = array("\102\165\171\111\x64" => $buyid, "\122\x65\146\x31" => $userid, "\122\x65\x66\x32" => "\x4e\x4f\137\x53\x45\x52\x56\105\x52", "\122\145\146\x33" => "\172\145\x70\145\x74\157"); $apiContext = stream_context_create(array("\x68\x74\x74\160" => array("\x6d\x65\164\x68\x6f\144" => "\x50\x4f\x53\124", "\150\x65\x61\x64\x65\162" => "\103\157\156\164\x65\156\x74\x2d\164\171\x70\145\x3a\x20\141\x70\x70\x6c\x69\143\141\x74\x69\157\156\57\x78\x2d\x77\x77\x77\x2d\x66\x6f\x72\155\x2d\x75\x72\154\x65\156\143\157\x64\x65\x64\xd\12" . "\x43\x6f\x6f\153\x69\x65\x3a\40\x50\110\120\123\105\123\123\x49\x44\75{$phpsessid}\15\12", "\x63\x6f\x6e\x74\145\156\164" => http_build_query($apiData)))); $apiResponse = file_get_contents($apiUrl, false, $apiContext); $responseData = json_decode($apiResponse, true); $statusCode = $responseData["\103\157\x64\145"]; $dkdkkxx = $responseData["\115\145\163\163\141\147\x65"]; if ($statusCode == 200) { rt(true, "\340\271\200\xe0\270\x95\340\xb8\264\xe0\xb8\241\340\270\225\340\270\xa3\340\xb8\207\40\x5a\x65\x70\145\164\x6f\x20\340\271\x80\340\270\x82\340\xb9\x89\340\xb8\xb2\xe0\271\x84\340\xb8\xad\xe0\270\224\xe0\270\xb5\x20{$userid}\x20\xe0\270\252\xe0\270\xb3\340\xb9\200\340\xb8\xa3\340\xb9\207\340\270\210\x20\50\xe0\xb8\243\xe0\270\xad\40\61\x20\x2d\40\61\x35\40\340\xb8\x99\xe0\270\xb2\340\xb8\227\340\xb8\265\51"); } else { rt(false, "\340\xb9\200\xe0\xb8\x81\340\xb8\264\xe0\270\224\340\270\202\340\xb9\x89\340\xb8\xad\xe0\270\234\340\270\xb4\xe0\xb8\224\xe0\270\236\xe0\270\xa5\340\xb8\262\340\xb8\x94\340\270\201\xe0\xb8\xa3\xe0\xb8\270\xe0\270\x93\340\xb8\xb2\340\xb8\xa5\340\270\xad\xe0\xb8\207\xe0\271\x83\xe0\xb8\xab\xe0\270\xa1\340\271\x88\xe0\xb8\255\xe0\xb8\265\xe0\xb8\201\xe0\270\x84\xe0\270\243\xe0\xb8\xb1\340\271\x89\340\xb8\x87\340\270\243\340\xb8\xb0\xe0\270\x9a\xe0\270\232\340\xb8\x97\340\xb8\xb3\xe0\270\x81\xe0\270\xb2\xe0\xb8\xa3\xe0\270\204\xe0\270\267\xe0\xb8\x99\xe0\270\236\xe0\xb9\211\xe0\xb8\xad\340\xb8\xa2\340\270\202\340\xb8\xad\xe0\270\207\340\270\x97\340\xb9\210\xe0\xb8\xb2\340\270\x99\xe0\xb9\200\xe0\270\xa3\340\270\265\340\270\xa2\340\xb8\x9a\340\270\243\xe0\271\211\xe0\xb8\255\340\xb8\xa2"); } } else { rt(false, "\340\xb9\x84\xe0\xb8\241\340\xb9\210\xe0\270\x9e\xe0\270\x9a\xe0\270\202\xe0\271\x89\340\xb8\xad\xe0\xb8\241\xe0\270\271\xe0\270\245\xe0\xb8\227\340\270\xb5\340\xb9\x88\340\xb8\243\340\xb9\x89\340\270\255\340\270\x87\340\xb8\202\340\xb8\255\340\270\241\xe0\270\262\54\x20\340\xb8\201\xe0\270\243\340\xb8\270\xe0\270\x93\340\xb8\xb2\xe0\xb8\xa5\340\270\255\340\270\x87\xe0\xb9\x83\340\xb8\xab\xe0\xb8\241\340\xb9\x88\340\270\255\xe0\270\xb5\340\xb8\201\xe0\xb8\204\340\xb8\xa3\340\270\xb1\340\xb9\211\340\xb8\x87"); } } else { rt(false, "\xe0\271\204\340\xb8\241\xe0\xb9\210\xe0\270\236\340\270\x9a\340\xb8\242\340\xb8\271\340\xb8\252\340\271\x80\340\xb8\213\340\xb8\xad\xe0\xb8\xa3\340\271\x8c"); } } else { rt(false, "\115\x65\164\x68\x6f\x64\40\x27{$_SERVER["\x52\105\121\125\105\x53\x54\x5f\115\x45\x54\x48\117\x44"]}\x27\x20\156\x6f\x74\x20\141\154\154\157\167\x65\144\x21"); } goto VyZj7; fCIrv: header("\103\x6f\156\164\x65\156\x74\x2d\124\x79\x70\x65\72\x20\141\160\160\x6c\x69\143\141\x74\151\x6f\156\57\152\163\157\x6e\x3b\x20\x63\150\x61\x72\x73\x65\x74\75\x75\164\x66\x2d\x38\x3b"); goto AfpXP; gESFo: function rt($status, $message) { if ($status) { $json = array("\163\164\x61\164\165\x73" => "\62\60\60", "\155\x65\163\163\x61\x67\145" => $message); http_response_code(200); die(json_encode($json)); } else { $json = array("\163\x74\141\x74\165\x73" => "\x34\x30\60", "\155\x65\x73\x73\141\147\145" => $message); http_response_code(400); die(json_encode($json)); } } goto fCIrv; VyZj7: ?>
Function Calls
None |
Stats
MD5 | 1ead93520a38c7e56572d7be95d339fd |
Eval Count | 0 |
Decode Time | 42 ms |