PHP Decode

class HunterObfuscator { private $code; private $mask; private $interval; private $option = 0; private $expireTime = 0; private $domainNames = array(); function __construct($Code, $html = false) { if ($html) { $Code = $this->cleanHtml($Code); $this->code = $this->html2Js($Code); } else { $Code = $this->cleanJS($Code); $this->code = $Code; } $this->mask = $this->getMask(); $this->interval = rand(1, 50); $this->option = rand(2, 8); } private function getMask() { $charset = str_shuffle("\141\x62\x63\x64\x65\146\147\x68\151\152\153\154\155\x6e\x6f\x70\x71\x72\163\x74\x75\166\x77\x78\x79\x7a\101\x42\x43\104\105\x46\107\x48\111\112\x4b\x4c\x4d\116\x4f\x50\121\x52\x53\124\x55\x56\127\130\131\x5a"); return substr($charset, 0, 9); } private function hashIt($s) { for ($i = 0; $i < strlen($this->mask); ++$i) { $s = str_replace("{$i}", $this->mask[$i], $s); } return $s; } private function prepare() { if (count($this->domainNames) > 0) { $code = "\x69\x66\50\167\x69\156\x64\x6f\x77\56\154\x6f\143\141\x74\151\x6f\156\56\x68\157\163\164\x6e\x61\155\145\x3d\x3d\x3d\x27" . $this->domainNames[0] . "\47\x20"; for ($i = 1; $i < count($this->domainNames); $i++) { $code .= "\174\x7c\x20\167\151\156\x64\x6f\167\x2e\154\157\x63\141\164\x69\157\156\56\150\x6f\x73\164\x6e\x61\x6d\x65\x3d\75\x3d\47" . $this->domainNames[$i] . "\x27\x20"; } $this->code = $code . "\51\x7b" . $this->code . "\x7d"; } if ($this->expireTime > 0) { $this->code = "\151\146\x28\x28\x4d\x61\164\x68\x2e\x72\x6f\165\x6e\x64\x28\53\156\145\x77\40\x44\x61\x74\x65\x28\51\57\x31\60\x30\60\51\x29\x20\x3c\x20" . $this->expireTime . "\x29\x7b" . $this->code . "\175"; } } private function encodeIt() { $this->prepare(); $str = ''; for ($i = 0; $i < strlen($this->code); ++$i) { $str .= $this->hashIt(base_convert(ord($this->code[$i]) + $this->interval, 10, $this->option)) . $this->mask[$this->option]; } return $str; } public function Obfuscate() { $rand = rand(0, 99); $rand1 = rand(0, 99); return "\x76\x61\x72\40\137\60\x78\x63{$rand}\x65\75\x5b\42\x22\54\42\x73\160\154\x69\164\42\x2c\x22\x30\61\62\63\x34\65\66\67\70\x39\141\142\143\x64\145\x66\x67\150\151\152\153\x6c\155\156\x6f\x70\161\x72\163\164\165\166\167\x78\171\172\101\x42\103\104\105\106\107\110\111\112\x4b\x4c\115\x4e\117\120\121\x52\123\x54\125\x56\x57\130\131\x5a\x2b\x2f\x22\x2c\42\x73\x6c\x69\143\145\x22\54\x22\x69\x6e\x64\x65\170\x4f\x66\42\x2c\x22\x22\54\42\x22\x2c\42\56\42\x2c\42\160\157\167\42\54\x22\162\145\144\165\x63\x65\42\x2c\42\x72\x65\x76\145\162\163\145\42\x2c\x22\60\x22\x5d\73\x66\x75\x6e\143\x74\151\157\x6e\40\x5f\x30\170\x65{$rand1}\x63\50\144\54\145\54\x66\51\x7b\166\x61\x72\x20\x67\75\137\x30\x78\x63{$rand}\145\133\x32\x5d\x5b\x5f\60\x78\143{$rand}\145\133\x31\x5d\x5d\x28\x5f\x30\x78\143{$rand}\145\133\x30\x5d\x29\x3b\x76\x61\x72\x20\150\75\x67\x5b\x5f\x30\x78\143{$rand}\x65\x5b\63\x5d\x5d\x28\x30\x2c\145\x29\73\166\141\x72\40\151\75\x67\133\137\60\170\x63{$rand}\145\x5b\x33\x5d\135\x28\60\x2c\146\51\73\x76\141\x72\x20\152\75\144\x5b\137\x30\x78\x63{$rand}\145\133\61\135\x5d\x28\x5f\60\170\143{$rand}\145\133\60\135\51\133\x5f\x30\170\x63{$rand}\x65\133\x31\x30\135\x5d\50\51\x5b\137\x30\170\x63{$rand}\x65\x5b\x39\135\x5d\x28\146\x75\156\x63\x74\151\x6f\x6e\50\x61\x2c\x62\54\x63\x29\x7b\x69\x66\50\150\133\137\60\170\x63{$rand}\145\x5b\64\135\x5d\50\142\x29\41\75\x3d\x2d\x31\51\162\x65\x74\x75\162\x6e\40\x61\x2b\75\150\133\137\60\170\143{$rand}\x65\133\x34\135\135\x28\142\51\52\x28\x4d\x61\x74\150\133\x5f\x30\x78\143{$rand}\x65\x5b\x38\x5d\135\50\145\x2c\143\51\x29\x7d\x2c\x30\51\73\166\141\162\40\x6b\75\137\x30\x78\x63{$rand}\x65\x5b\x30\135\x3b\167\x68\151\x6c\145\x28\152\76\60\51\173\x6b\x3d\x69\x5b\x6a\45\146\x5d\x2b\x6b\73\152\75\50\x6a\x2d\x28\x6a\45\x66\x29\51\x2f\146\x7d\x72\145\x74\165\x72\x6e\x20\153\174\174\137\60\x78\x63{$rand}\x65\133\61\x31\135\175\145\x76\x61\154\x28\146\x75\x6e\143\x74\151\157\156\50\x68\54\165\x2c\156\54\x74\x2c\x65\54\x72\x29\173\162\75\42\42\x3b\x66\157\x72\50\x76\x61\162\x20\x69\x3d\x30\x2c\154\x65\x6e\x3d\150\56\x6c\x65\156\147\x74\x68\x3b\x69\74\154\145\156\73\x69\53\53\x29\x7b\x76\x61\162\x20\x73\x3d\x22\42\x3b\x77\150\151\x6c\x65\x28\x68\133\x69\x5d\x21\75\75\156\133\145\135\x29\173\163\x2b\75\x68\133\151\135\x3b\151\x2b\53\x7d\x66\x6f\162\50\166\141\x72\x20\152\x3d\60\73\x6a\x3c\x6e\56\154\x65\156\147\x74\150\73\x6a\53\x2b\x29\x73\75\x73\x2e\x72\145\x70\154\141\143\145\50\156\x65\x77\40\x52\145\x67\x45\170\x70\50\x6e\133\x6a\135\54\42\147\42\x29\x2c\152\x29\73\x72\x2b\75\x53\x74\x72\x69\156\147\56\x66\162\x6f\x6d\x43\x68\x61\162\103\157\x64\145\50\137\x30\x78\x65{$rand1}\x63\50\163\54\145\54\x31\x30\x29\55\164\51\x7d\x72\x65\164\x75\162\x6e\x20\144\145\x63\x6f\x64\145\x55\x52\x49\x43\x6f\x6d\x70\x6f\x6e\145\x6e\164\50\145\163\143\141\160\145\x28\x72\x29\51\175\50\x22" . $this->encodeIt() . "\42\x2c" . rand(1, 100) . "\x2c\42" . $this->mask . "\x22\x2c" . $this->interval . "\54" . $this->option . "\54" . rand(1, 60) . "\51\x29"; } public function setExpiration($expireTime) { if (strtotime($expireTime)) { $this->expireTime = strtotime($expireTime); return true; } return false; } public function addDomainName($domainName) { if ($this->isValidDomain($domainName)) { $this->domainNames[] = $domainName; return true; } return false; } private function isValidDomain($domain_name) { return preg_match("\x2f\136\50\133\x61\x2d\x7a\x5c\144\135\x28\x2d\x2a\133\x61\55\x7a\134\x64\x5d\x29\x2a\51\x28\134\56\50\133\x61\55\172\x5c\x64\x5d\50\55\52\x5b\141\x2d\x7a\x5c\x64\x5d\x29\52\51\x29\x2a\x24\x2f\151", $domain_name) && preg_match("\57\x5e\x2e\173\61\54\x32\65\x33\x7d\x24\x2f", $domain_name) && preg_match("\x2f\136\x5b\x5e\134\56\135\x7b\x31\54\x36\x33\175\50\x5c\x2e\133\x5e\x5c\x2e\135\x7b\x31\54\x36\63\x7d\x29\52\44\x2f", $domain_name); } private function html2Js($code) { $search = array("\57\134\x3e\133\136\134\x53\40\135\x2b\x2f\163", "\x2f\133\x5e\134\x53\40\x5d\53\134\74\x2f\163", "\57\50\x5c\x73\51\53\x2f\x73", "\x2f\74\x21\55\55\50\56\174\x5c\163\x29\52\77\55\55\76\57"); $replace = array("\x3e", "\x3c", "\x5c\61", ''); $code = preg_replace($search, $replace, $code); $code = "\x64\x6f\x63\x75\x6d\x65\x6e\x74\56\167\x72\151\x74\145\x28\47" . addslashes($code . "\x20") . "\x27\51\x3b"; return $code; } private function cleanHtml($code) { return preg_replace("\57\x3c\41\x2d\x2d\50\56\x7c\134\163\51\x2a\x3f\55\55\76\57", '', $code); } private function cleanJS($code) { $pattern = "\x2f\50\77\72\50\x3f\x3a\134\57\134\52\x28\x3f\72\x5b\136\x2a\x5d\174\50\x3f\x3a\134\52\53\x5b\x5e\52\x5c\57\x5d\51\x29\52\134\52\53\134\x2f\x29\174\x28\x3f\x3a\x28\x3f\74\x21\x5c\x3a\174\x5c\x5c\x7c\x27\x29\x5c\57\134\57\56\52\x29\x29\x2f"; $code = preg_replace($pattern, '', $code); $search = array("\x2f\x5c\76\133\136\134\123\40\135\x2b\57\163", "\57\133\136\x5c\x53\40\x5d\53\x5c\x3c\x2f\x73", "\57\50\134\163\x29\x2b\57\163", "\57\74\x21\55\x2d\x28\x2e\174\134\x73\51\52\77\x2d\55\x3e\x2f"); $replace = array("\x3e", "\x3c", "\x5c\x31", ''); return preg_replace($search, $replace, $code); } }