Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /* Dev By Hoang Skyht 18-06-2024 */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72..

Decoded Output download

 
error_reporting(0);
include('config.php');
$con = new mysqli("$ip_db","$db_username","$db_password","$db_name");
if ($con->connect_error) {
die("Kt ni tht bi: ".$conn->connect_error);
}
$HoangSkyht = new SQLTruyVan($con);
$getFullInfo = file_get_contents(__DIR__ .'/ThongTinBank/DuLieuBanking.log');
if (empty($getFullInfo)) {
exit();
}
list($LinkHOOK,$NganHang,$BankID,$TaiLieuAPI,$NoiDung,$STK,$CTK) = explode('|',$getFullInfo);
$ch = curl_init("https://api.4gsieure.net/api/".$TaiLieuAPI ."/".CONFIG['GATE']['BANK']['TOKENBANK']);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
$response = curl_exec($ch);
curl_close($ch);
$repo = json_decode($response);
foreach ($repo->transactions as $item) {
$NoiDungChuyenTien = str_replace(' ','',$item->description);
if (stripos($NoiDungChuyenTien,$NoiDung) !== false) {
$SoTien = (int)$item->amount;
$IDBank = $item->transactionID;
$re = '/'.$NoiDung.'\d+/m';
$str = strtolower($NoiDungChuyenTien);
preg_match($re,$str,$matches);
if (isset($matches[0])) {
$comment = trim($matches[0]);
$order_id = preg_replace("/[^0-9]/","",$comment);
$KiemTraOrderID = $HoangSkyht->select("v2_order",array("id"=>$order_id));
if ($KiemTraOrderID) {
$Status = (int)$KiemTraOrderID[0]['status'];
if ($Status == 0 ||$Status == 2) {
$total_amount = (int)($KiemTraOrderID[0]["total_amount"]/100);
if ($SoTien >= $total_amount) {
$Token = "".CONFIG['TOKEN'] ."";
$curl = curl_init();
curl_setopt_array(
$curl,
array(
CURLOPT_URL =>"".$LinkHOOK ."",
CURLOPT_RETURNTRANSFER =>true,
CURLOPT_FOLLOWLOCATION =>true,
CURLOPT_SSL_VERIFYHOST =>false,
CURLOPT_SSL_VERIFYPEER =>false,
CURLOPT_CUSTOMREQUEST =>"POST",
CURLOPT_POSTFIELDS =>'{
                                                "Bankid": "'.$IDBank.'",
            			                        "amount": "'.$SoTien.'",
            				                    "comment": "'.$comment.'",
            				                	"tranId": "'.$IDBank.'",
            				                	"order_id": "'.$order_id.'",
            				                	"tokenconnect": "'.$Token.'"
            			                      }',
CURLOPT_HTTPHEADER =>array(
"Connection:  close",
"Accept:  application/json",
"User-Agent:  Mozilla/5.0 (Linux; Android 7.1.2; IM-A870S Build/N2G47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/55.0.2883.105 Mobile Safari/537.36",
"Content-Type:  application/json",
"Accept-Language:  vi-VN,en-US;q=0.8",
)
)
);
$con->close();
print_r($tranId);
$response = curl_exec($curl);
curl_close($curl);
}
}
}
}
}
}
;

Did this file decode correctly?

Original Code

<?php /* Dev By Hoang Skyht 18-06-2024 */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000O0=$OOO000000[4].$OOO000000[9].$OOO000000[3].$OOO000000[5];$OOO0000O0.=$OOO000000[2].$OOO000000[10].$OOO000000[13].$OOO000000[16];$OOO0000O0.=$OOO0000O0[3].$OOO000000[11].$OOO000000[12].$OOO0000O0[7].$OOO000000[5];$OOO000O00=$OOO000000[0].$OOO000000[12].$OOO000000[7].$OOO000000[5].$OOO000000[15];$O0O000O00=$OOO000000[0].$OOO000000[1].$OOO000000[5].$OOO000000[14];$O0O000O0O=$O0O000O00.$OOO000000[11];$O0O000O00=$O0O000O00.$OOO000000[3];$O0O00OO00=$OOO000000[0].$OOO000000[8].$OOO000000[5].$OOO000000[9].$OOO000000[16];$OOO00000O=$OOO000000[3].$OOO000000[14].$OOO000000[8].$OOO000000[14].$OOO000000[8];$OOO0O0O00=__FILE__;$OO00O0000=0xd58;eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NDk5KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==wEplFmkvFl9ZcbnvFmOpdMFPHtL7tMlVC2x1coAPk2YvdMcpcZ5XDuEmhTShkoYvdJE9wo5lfZnsGbYxdoLPwJOpFy9LCJwSwJOLCl91F2aZdMyscUwSwJOLCl9XCbYzf29ZctwSwJOLCl9VCB1lwJL7tMlMwtILC29VRT5jd25VcBY0b2aZFM9ZhUn7tMOpcUIJU+o6v3WIdVo7LBLIfojiVQa0woRiVQypKJEJRJOjd25VRT5jd25VcBY0b2aZFM9ZhTShgWPLUo9idMfTD3lPftE9wo5lfZnTAAxAFma5aMyVhtOjd24pKXPLc2a0OmaSdrlVcM8INUnMDBxlb2flfy9jd250cB50FZigb0OkAl9gwt4mR1OPd25maolVWMyVDZ9rfAxpcbatCB5qDB5mRMxvcZFpKXppcJEPcB1XfuLPkoflfrc1doxkdMcvhULIGXplGol0htL7tm0hdolzftILTolVD0iNT0SSkr5mCB5wCB5mRtOtCB5qUAWSkyOiDAxpcbanArLSkr5vDAO1dMFSkyYAUZXLW1ORhUE9woa4FoxvcoAPk3XmRtOmcbOofBxSUB5MdZL7tJOjDtE9woY1FMxgDB5pftIJDuO0FuH6RZ9iFoLVYofzDBa1FMAVdMa0R2yXDU8JRJOACBlHDBa1Wankwt4JRZwVW09KOLluBZfuWaOyk11dk0knTLSmbaSmar9ROA5tWA5Rk10pKXpjfbkSb3Ylfo9XftILC2ISW1aUTr9Way9UOaOaAL5AALyKA0cyAJx0FmalhTShC3aZdy9zcbOvFuWPkoYPRrYaALxNAyOgA1YHb1cyALloBanyOawScMySF2ApKXPLFMazFo9VF2AINUnjfbkSb2a4cBHPkoYPhTShC3aZdy9jdo9zcUILC2IpKXPLFMaXdZE9wopzd25gcoajd2OlhtOZcbYXd25zcUL7tMcvFMaiC2IIhtOZcbnvRT50FMyVF2yjfolvdmHICbHIkol0cB0pwuShkr5vDAO1dMfeDua5cB5ADBaVwe0IF3OZb3klFoxiC2APkZEmRtFmRtOpfoasRT5LcbYjFMlXfolvdJL7tMlMwtizfukpFo9zhtOKd2lrfB5mW2i1GBaVaolldJXLTM9pOuaVcZLIwT09wociduYlhUn7tJOTd1OpcB4INUEPDB50hUOpfoasRT5idB91dmW7tJOkOrkidMSINUELDbOldU0+fukidmYiC3Opd25kOeShkuklwe0IkZ8mRJOKd2lrfB5mRJfFctSvdUF7tJOzfuwINUnzfuk0d2xvf2aZhtOKd2lrfB5mW2i1GBaVaolldJL7tmnZcBfgdBy0C2IPkuklRtOzfuwSko1ifoYPcbHpKXppcJEPDbYzcbWPko1ifoYPcbYdHy0phUn7tJOjd21scB50we0IfukpdUILdBy0C2ilF1SXbUL7tJOvFMOlFl9pctE9wunZcBfgFMaXdoyjcUIJR1sGHt05bU8JRtwJRtOjd21scB50hTShkrspcB1AFMyNFMOlFLlrwe0IkrivCB5mA2s5DuWsNmYldoajftIJfjkgd3kLcbwJRoyZFMy5htkpctw9NJOvFMOlFl9pctLpKXppcJEPkrspcB1AFMyNFMOlFLlrhUn7tJOTfoy0fbHINUEPDB50hUORDBasaukiT3kLcbkkOySXbaSmF3Oifuazk107tMlMwtILA3Oifuazwe09weEIguXLA3Oifuazwe09wewpwuShkuOvfoySb2ysd3aVftE9wtipdmWphtORDBasaukiT3kLcbkkOySXbaSJfo90CBxgCB1vfB50wl0vHTEXhTShDBCIhtOTd1OpcB4INj0IkuOvfoySb2ysd3aVftLIGXPLao9qcB4INUEJwJ5eT05oUAfdk1ONU0aKk10IRJwJKXPLC3aZdtE9woY1FMxgDB5pftIpKXpjfbkSb3Ylfo9Xfy9iFmkiGUIhkoY1FMXStMyZFMy5hEpeaakHT1nAb1aUTtE9NJwJRJOHDB5qUr9NUZEVwJwStLYaALxNAyOgALaAaakKayknTlYoOawINT50FmalREpeaakHT1nAb0cNTrxNa0xNW0yAUA9Kwe0+fuk1cUXhW1aUTr9Way9TA0xgaLaUUAccUr9TatE9NMciduYlREpeaakHT1nAb1YTTy9BOakkOllWOAaUwe0+cMySF2AStLYaALxNAyOgW1aTar9YALaOaAaTatE9NJkWT1YAwJXhW1aUTr9Way9WT1YAOLlyTrOTwe0+k3ShwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwLkidMspctw6wtwmRJOkOrkidMSVkZwStJEIwtEIwtEIwtEIwELktUEIwtEIwtEIwtEIwtEIwtEIwtEIwtEIwtkidB91dmWJKJEJkZ4LA29ADBaVRJFJREPIwtEIwtEIwtEIwtEktWLkwtEIwtEIwtEIwtEIwtEIwtEIwtEJC29sdBaVftw6wtwmRJOjd21scB50RJFJREPIwtEIwtEIwtEIwtEktWLkwtEIwtEIwtEIwtEIwtEIwELJfukidLlLwjPIwJFVkrlrWMyVDZ4mwJXhwtEIwtEIwtEIwtEItWLktUEIwtEIwtEIwtEIwtEIwtEkwM9ZcoaZb2lLwjPIwJFVko9ZcoaZb2lLRJFJREPIwtEIwtEIwtEIwtEktWLkwtEIwtEIwtEIwtEIwtEIwELJfo9qcB5jd25VcBY0wjPIwJFVkyOvD2aVRJFJtJEIwtEIwtEIwtEIwELktUEIwtEIwtEIwtEIwtEIwtEIwtEIwtn9kZXhW1aUTr9Way9wayOWUranOraUwe0+CbkZCbLPtJked25VcBY0DB9VKJEIC2xvF2AJREPJWBYjcbn0KJEICbnXdoljCbOpd24vDmYvdJwStJkaF2aZRAymcB50KJEITB96DBxSCU81RjEIhrxpdma4KZnndMOZd2lLweFVHU4ZKZnkTU1nKeFXAZntfBlSct9KHLF0Y0A7wuf2hUnnFunScaflCLspft81HzFVHzCIhrswar1HRtnSDBslwrflC2svhUnBcbkzDB9VRzWVHtneDukvdBAvYTAVHt4ZKeIzRjrXYUnYd2kpdoAIA2yMCbkpRzAzYZ4zYJwStJked250cB50RaO5FoA6wtniFunSDBYifolvdJ9QF29VwJXhwLyjC2aXft1HCB5mfBymcTPIwucpRacKRoaVRaaTK3r9Ht44wJXhhWPptJL7tJOjd24sNMYSd3YlhtL7tmnZDB50b3wPkuOZCB5kctL7tJOZcbYXd25zcUE9woY1FMxgcbilCZILC3aZdtL7tMY1FMxgC2xvF2APkoY1FMXpKXp9tm0hgWp9tm0hgWP7alVnRPIq

Function Calls

fopen 1
fread 3
strtr 2
fclose 1
urldecode 1
str_replace 1
base64_decode 3

Variables

$O000O0O00 True
$O0O000O00 fgets
$O0O000O0O fgetc
$O0O00OO00 fread
$OO00O0000 3416
$OO00O00O0 error_reporting(0); include('config.php'); $con = new mysq..
$OOO000000 fg6sbehpra4co_tnd
$OOO00000O strtr
$OOO0000O0 base64_decode
$OOO000O00 fopen
$OOO0O0O00 index.php

Stats

MD5 2ea25cf5a778c0647fd6ab319ce915f7
Eval Count 3
Decode Time 81 ms