Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /* ### OBF ### */ function getVUsbList() { $vusb_data = "\x2f\x6d\156\164\x2f\x55..
Decoded Output download
<?php
/* ### OBF ### */
function getVUsbList() { $vusb_data = "/mnt/Userfs/data/vusb_data"; if (!file_exists($vusb_data)) { goto mr9U7; } $vusb = @json_decode(file_get_contents($vusb_data), true); mr9U7: $devices = glob("/media/{USB,HDD}-*", GLOB_BRACE); $result = array(); foreach ($devices as $device) { $mountDir = basename($device); if (!array_key_exists($mountDir, $vusb)) { goto YFP0d; } $result[$mountDir] = $vusb[$mountDir]; YFP0d: kNn9x: } oW12G: return $result; } include_once dirname(__FILE__) . "/../include/check.php"; $tool = array_shift($ARGUMENTS); switch ($tool) { case "devinfo": $VUsb = getVUsbList(); $target = $ARGUMENTS[0]; $label = basename($target); if (!isset($VUsb[$label])) { goto Rw2eo; } $alive = trim(shell_exec("/bin/ping " . $VUsb[$label]["url"] . " -c 1 -W 1 >/dev/null 2>&1; echo $?")); if (!($alive != "0")) { goto RG0F7; } echo "{"alive":"0"}"; goto ph4vp; RG0F7: Rw2eo: $cmd = "ro=1; [ -n "$(mount | grep " . $VUsb[$label]["url"] . " |awk '{print $6}' | grep 'rw,')" ] && ro=0;"; $cmd .= "df -k | grep {$label} | awk "{ print \$1 \",\" \$3 \",$ro\" }""; $params = explode(",", trim(shell_exec($cmd))); $devSize = $params[0] * 1024; $devFree = $params[1] * 1024; $ro = $params[2]; echo "{"size":"{$devSize}","free":"{$devFree}","readonly":"{$ro}","alive":"1"}"; goto ph4vp; case "getfile": echo @file_get_contents($ARGUMENTS[0]); goto ph4vp; case "getVUSB": $result = getVUsbList(); $result = @json_encode($result, JSON_UNESCAPED_UNICODE); echo $result == "[]" ? "{}" : $result; goto ph4vp; case "ImgB64": $curl = curl_init(); $opts = array(CURLOPT_URL => $ARGUMENTS[0], CURLOPT_HEADER => false, CURLOPT_COOKIESESSION => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_MAXREDIRS => 5, CURLOPT_RETURNTRANSFER => true, CURLOPT_USERAGENT => "Mozilla/5.0", CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_CONNECTTIMEOUT => 15, CURLOPT_TIMEOUT => 15); curl_setopt_array($curl, $opts); $output = curl_exec($curl); $header = curl_getinfo($curl); curl_close($curl); if ($header["http_code"] != "200") { goto P8cVa; } echo "data:image/png;base64," . base64_encode($output); goto SM6Go; P8cVa: echo "false"; SM6Go: goto ph4vp; case "tsbuf2rec": $path = $ARGUMENTS[0]; $name = $ARGUMENTS[1]; $result = []; $info = "{$path}/{$name}/{$name}.tspinf"; $suffix = "p"; if (file_exists($info)) { goto nxsIO; } $info = "{$path}/{$name}.tspinf"; $suffix = ''; if (file_exists($info)) { goto LeOvc; } $info = false; LeOvc: nxsIO: if (!$info) { goto rLdom; } $tsbuf = file_get_contents($info); $tsbuf = json_decode($tsbuf, true); if (!($tsbuf["infoType"] == "TimeShiftInfo")) { goto wgqcG; } $tsDir = $tsbuf["dir"]; if (!file_exists($tsDir)) { goto si1U3; } foreach ($tsbuf["files"] as $file) { $source = str_replace("tsp/tsp", "tsp", $file["filename"] . $suffix); if (!file_exists($source)) { goto RntZC; } $target = "{$path}/" . preg_replace("/\.tsp$/", ".ts", basename($file["filename"])); if (!rename($source, $target)) { goto Rt1Za; } $result[] = $target; Rt1Za: RntZC: l8jOW: } tb4ro: if (empty($suffix)) { goto yHnXr; } @exec("rm -rf '{$path}/{$name}' >/dev/null 2>&1"); goto kTfJh; yHnXr: unlink($info); @exec("rmdir '{$path}/tsp' >/dev/null 2>&1"); kTfJh: si1U3: wgqcG: rLdom: echo json_encode($result); goto ph4vp; case "upnp-service": @exec("/etc/init.d/rc.upnp " . $ARGUMENTS[0] . " >/dev/null 2>&1 &"); goto ph4vp; case "rmVMStore": @unlink("/flash/Verimatrix.store"); goto ph4vp; case "changeNand": $nand = @exec("cat /proc/cmdline | grep mtdblock8"); if (empty($nand)) { goto bE1oD; } exec("rebootmng.sh flash"); goto z8x14; bE1oD: exec("rebootmng.sh flash2"); z8x14: goto ph4vp; case "setdate": shell_exec("date -s " . $ARGUMENTS[0]); goto ph4vp; case "crond": shell_exec("/etc/init.d/crond-daemon " . $ARGUMENTS[0]); goto ph4vp; default: goto ph4vp; } H0tx8: ph4vp: $processed = true; ?>
Did this file decode correctly?
Original Code
<?php
/* ### OBF ### */
function getVUsbList() { $vusb_data = "\x2f\x6d\156\164\x2f\x55\163\145\x72\146\163\57\x64\x61\x74\141\x2f\166\165\163\x62\x5f\144\141\164\x61"; if (!file_exists($vusb_data)) { goto mr9U7; } $vusb = @json_decode(file_get_contents($vusb_data), true); mr9U7: $devices = glob("\x2f\155\x65\144\x69\141\x2f\x7b\125\123\102\54\x48\104\x44\x7d\55\x2a", GLOB_BRACE); $result = array(); foreach ($devices as $device) { $mountDir = basename($device); if (!array_key_exists($mountDir, $vusb)) { goto YFP0d; } $result[$mountDir] = $vusb[$mountDir]; YFP0d: kNn9x: } oW12G: return $result; } include_once dirname(__FILE__) . "\57\56\x2e\57\x69\156\x63\x6c\x75\x64\x65\x2f\143\x68\x65\x63\153\56\x70\x68\160"; $tool = array_shift($ARGUMENTS); switch ($tool) { case "\x64\x65\x76\x69\x6e\x66\x6f": $VUsb = getVUsbList(); $target = $ARGUMENTS[0]; $label = basename($target); if (!isset($VUsb[$label])) { goto Rw2eo; } $alive = trim(shell_exec("\57\142\151\156\57\160\x69\x6e\147\40" . $VUsb[$label]["\x75\162\154"] . "\x20\55\x63\x20\x31\x20\x2d\x57\x20\x31\40\x3e\x2f\x64\145\166\x2f\x6e\165\x6c\x6c\40\x20\62\76\x26\x31\x3b\40\x65\143\x68\157\40\x24\77")); if (!($alive != "\60")) { goto RG0F7; } echo "\173\42\x61\x6c\151\166\145\x22\72\42\x30\42\175"; goto ph4vp; RG0F7: Rw2eo: $cmd = "\x72\x6f\x3d\x31\73\40\133\x20\55\156\x20\x22\44\x28\155\157\165\156\164\40\x7c\x20\x67\x72\145\x70\40" . $VUsb[$label]["\165\162\154"] . "\x20\174\x61\x77\x6b\40\x27\173\x70\x72\x69\156\164\x20\44\66\x7d\47\40\x7c\40\147\x72\145\x70\x20\47\162\167\54\47\51\42\x20\x5d\40\46\x26\40\162\x6f\75\60\73"; $cmd .= "\x64\146\x20\x2d\153\40\x7c\x20\x67\162\x65\x70\40{$label}\x20\x7c\40\141\x77\x6b\x20\42\x7b\40\160\x72\151\x6e\x74\40\x5c\44\x31\40\134\42\54\x5c\42\40\x5c\x24\63\x20\134\x22\54\44\162\157\134\42\40\175\42"; $params = explode("\54", trim(shell_exec($cmd))); $devSize = $params[0] * 1024; $devFree = $params[1] * 1024; $ro = $params[2]; echo "\x7b\42\x73\x69\x7a\x65\x22\72\42{$devSize}\x22\54\42\146\162\145\145\42\x3a\x22{$devFree}\42\x2c\x22\162\145\x61\144\x6f\x6e\x6c\x79\42\x3a\x22{$ro}\42\x2c\x22\141\154\x69\166\x65\x22\x3a\42\x31\x22\x7d"; goto ph4vp; case "\x67\145\x74\146\151\x6c\145": echo @file_get_contents($ARGUMENTS[0]); goto ph4vp; case "\x67\x65\x74\x56\x55\x53\102": $result = getVUsbList(); $result = @json_encode($result, JSON_UNESCAPED_UNICODE); echo $result == "\133\135" ? "\x7b\x7d" : $result; goto ph4vp; case "\x49\155\x67\x42\x36\64": $curl = curl_init(); $opts = array(CURLOPT_URL => $ARGUMENTS[0], CURLOPT_HEADER => false, CURLOPT_COOKIESESSION => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_MAXREDIRS => 5, CURLOPT_RETURNTRANSFER => true, CURLOPT_USERAGENT => "\x4d\x6f\x7a\151\x6c\x6c\x61\57\65\x2e\x30", CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_CONNECTTIMEOUT => 15, CURLOPT_TIMEOUT => 15); curl_setopt_array($curl, $opts); $output = curl_exec($curl); $header = curl_getinfo($curl); curl_close($curl); if ($header["\150\164\164\x70\137\143\157\x64\145"] != "\x32\x30\60") { goto P8cVa; } echo "\144\x61\164\141\x3a\151\155\x61\x67\x65\57\x70\156\147\73\142\141\163\145\66\x34\54" . base64_encode($output); goto SM6Go; P8cVa: echo "\146\141\x6c\x73\x65"; SM6Go: goto ph4vp; case "\x74\x73\142\165\146\x32\162\145\x63": $path = $ARGUMENTS[0]; $name = $ARGUMENTS[1]; $result = []; $info = "{$path}\57{$name}\x2f{$name}\x2e\x74\163\160\151\x6e\x66"; $suffix = "\x70"; if (file_exists($info)) { goto nxsIO; } $info = "{$path}\x2f{$name}\56\164\x73\160\151\156\146"; $suffix = ''; if (file_exists($info)) { goto LeOvc; } $info = false; LeOvc: nxsIO: if (!$info) { goto rLdom; } $tsbuf = file_get_contents($info); $tsbuf = json_decode($tsbuf, true); if (!($tsbuf["\x69\156\x66\157\x54\x79\160\145"] == "\124\x69\x6d\x65\123\x68\x69\x66\x74\x49\156\x66\x6f")) { goto wgqcG; } $tsDir = $tsbuf["\144\x69\x72"]; if (!file_exists($tsDir)) { goto si1U3; } foreach ($tsbuf["\x66\151\154\x65\163"] as $file) { $source = str_replace("\x74\x73\160\x2f\x74\163\160", "\x74\163\x70", $file["\x66\151\x6c\145\x6e\x61\155\x65"] . $suffix); if (!file_exists($source)) { goto RntZC; } $target = "{$path}\57" . preg_replace("\57\x5c\x2e\164\x73\x70\x24\57", "\56\x74\x73", basename($file["\146\151\154\x65\156\141\155\x65"])); if (!rename($source, $target)) { goto Rt1Za; } $result[] = $target; Rt1Za: RntZC: l8jOW: } tb4ro: if (empty($suffix)) { goto yHnXr; } @exec("\x72\155\x20\x2d\162\x66\40\x27{$path}\x2f{$name}\x27\40\76\x2f\144\145\166\57\x6e\x75\154\x6c\x20\62\x3e\x26\x31"); goto kTfJh; yHnXr: unlink($info); @exec("\162\x6d\144\x69\x72\x20\47{$path}\x2f\164\x73\x70\x27\40\x3e\57\144\145\x76\57\x6e\165\154\x6c\40\x32\76\46\x31"); kTfJh: si1U3: wgqcG: rLdom: echo json_encode($result); goto ph4vp; case "\165\160\x6e\x70\x2d\163\x65\x72\166\151\143\x65": @exec("\x2f\145\164\x63\57\151\x6e\x69\164\x2e\x64\57\x72\143\x2e\165\160\156\160\x20" . $ARGUMENTS[0] . "\x20\x3e\57\x64\x65\166\x2f\156\x75\154\x6c\x20\62\76\46\61\40\x26"); goto ph4vp; case "\x72\155\126\x4d\123\164\x6f\162\x65": @unlink("\57\x66\154\141\163\x68\57\126\145\x72\151\x6d\x61\x74\x72\151\x78\x2e\163\164\157\162\x65"); goto ph4vp; case "\143\150\141\156\x67\x65\116\141\x6e\144": $nand = @exec("\143\141\164\40\57\160\162\x6f\143\x2f\143\x6d\x64\x6c\x69\156\145\40\174\40\x67\162\x65\160\x20\x6d\x74\144\x62\154\157\x63\153\70"); if (empty($nand)) { goto bE1oD; } exec("\x72\145\x62\157\x6f\x74\155\156\x67\56\x73\150\40\x66\154\141\x73\x68"); goto z8x14; bE1oD: exec("\x72\x65\x62\157\x6f\164\155\x6e\147\56\163\150\x20\146\154\141\x73\150\x32"); z8x14: goto ph4vp; case "\x73\145\x74\x64\141\164\x65": shell_exec("\144\x61\x74\145\x20\x2d\163\40" . $ARGUMENTS[0]); goto ph4vp; case "\143\162\x6f\156\x64": shell_exec("\x2f\145\164\x63\x2f\151\156\x69\164\x2e\144\x2f\x63\x72\157\x6e\144\x2d\x64\141\x65\155\157\x6e\x20" . $ARGUMENTS[0]); goto ph4vp; default: goto ph4vp; } H0tx8: ph4vp: $processed = true;
Function Calls
None |
Stats
MD5 | 62afc65637a98008f66265f660973360 |
Eval Count | 0 |
Decode Time | 33 ms |