Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php /* ### OBF ### */ include_once dirname(__FILE__) . "\57\56\x2e\57\x69\x6e\143\x6c..

Decoded Output download

<?php 
/* ### OBF ### */ 
 include_once dirname(__FILE__) . "/../include/check.php"; $session = $_GET["session"]; $remake = $_GET["remake"]; $tcpdump = $_GET["tcpdump"]; $loggerDir = glob("/media/{USB,HDD}-*", GLOB_BRACE); if (count($loggerDir)) { goto F5mTu; } exit; goto v1DJN; F5mTu: $loggerDir = $loggerDir[0]; v1DJN: $loggerDir .= "/stb-logs/session-" . $session . "/system"; if (!(!file_exists($loggerDir) || $remake)) { goto S1b0w; } @exec("mkdir -p {$loggerDir}"); @exec("mkdir -p {$loggerDir}/pack"); @exec("ifconfig", $ifconf); @exec("route -n", $route); @exec("cat /etc/resolv.conf", $resolv); @exec("cat /etc/hosts", $hosts); @exec("fw_printenv | grep -v wifi", $env); @exec("ps -w", $proc); $ifconf = implode("\xa", $ifconf); $route = implode("
", $route); $resolv = implode("
", $resolv); $hosts = implode("
", $hosts); $env = implode("
", $env); $proc = implode("\xa", $proc); $result = implode("
", array("Config:", $ifconf, "Routes:", $route, "Nameservers:", $resolv, "Hosts:", $hosts, "Environment:", $env, "Process:", $proc)); file_put_contents("{$loggerDir}/pack/configuration.log", $result); @exec("stbtool status 2>&1 >> {$loggerDir}/pack/configuration.log"); @exec("dd if=/dev/mtdblock0 | gzip > {$loggerDir}/pack/bootloader.bin"); @exec("cp -rp /mnt/Userfs {$loggerDir}/pack"); @exec("find /ram -maxdepth 1  -type f -exec cp {} {$loggerDir}/pack \;"); @exec("cp -rp /etc {$loggerDir}/pack"); @exec("cp -p /upgrade* {$loggerDir}/pack"); @exec("dmesg > {$loggerDir}/pack/dmesg.log"); $conf = file_get_contents("/ram/network.conf"); @exec("ping 8.8.8.8 -c 2 -W 1 >{$loggerDir}/pack/google_check 2>&1"); foreach (array("sdp.svc.iptv.rt.ru") as $domen) { @exec("nslookup {$domen} >>{$loggerDir}/pack/dns_check 2>&1"); @exec("nslookup {$domen} 8.8.8.8 >>{$loggerDir}/pack/dns_check 2>&1"); GN9FJ: } TCiKA: $conf = @file_get_contents("/ram/network.conf"); if (!preg_match("/SERVER=[^:]+:\/\/(.*)/", $conf, $m)) { goto eRYDu; } @exec("cget_verbose=1 /usr/bin/cget https://" . $m[1] . "/control/?check >{$loggerDir}/pack/connection_test 2>&1"); eRYDu: @exec("cd {$loggerDir}/pack && tar -cj * | packer > {$loggerDir}/logs.dat && rm -rf {$loggerDir}/pack"); S1b0w: if (empty($tcpdump)) { goto BhrC4; } switch ($tcpdump) { case "start": @system("killall tcpdump"); @system("tcpdump -i ra0 -s 0 -w {$loggerDir}/../dump_ra0.pcap >/dev/null 2>&1 &"); @system("tcpdump -i eth0 -s 0 -w {$loggerDir}/../dump_eth0.pcap >/dev/null 2>&1 &"); @system("tcpdump -i wlan0 -s 0 -w {$loggerDir}/../dump_wlan0.pcap >/dev/null 2>&1 &"); goto XUkd3; case "stop": @system("killall tcpdump"); goto XUkd3; } tWTV2: XUkd3: BhrC4: @exec("cp /ram/logs/*.log {$loggerDir}/"); ?>

Did this file decode correctly?

Original Code

<?php
/* ### OBF ### */
 include_once dirname(__FILE__) . "\57\56\x2e\57\x69\x6e\143\x6c\x75\144\145\57\x63\150\x65\143\153\56\x70\x68\x70"; $session = $_GET["\x73\x65\x73\x73\151\157\x6e"]; $remake = $_GET["\162\145\155\x61\x6b\145"]; $tcpdump = $_GET["\164\x63\x70\144\165\155\160"]; $loggerDir = glob("\x2f\155\x65\x64\x69\x61\57\x7b\125\123\102\x2c\110\x44\104\175\x2d\x2a", GLOB_BRACE); if (count($loggerDir)) { goto F5mTu; } exit; goto v1DJN; F5mTu: $loggerDir = $loggerDir[0]; v1DJN: $loggerDir .= "\57\163\x74\142\x2d\154\x6f\147\x73\57\163\x65\163\163\151\157\156\55" . $session . "\x2f\x73\171\163\164\x65\x6d"; if (!(!file_exists($loggerDir) || $remake)) { goto S1b0w; } @exec("\x6d\153\144\x69\x72\40\55\160\40{$loggerDir}"); @exec("\x6d\153\x64\151\162\x20\x2d\160\x20{$loggerDir}\x2f\x70\x61\143\x6b"); @exec("\x69\146\x63\157\156\x66\x69\147", $ifconf); @exec("\x72\157\165\164\145\x20\55\156", $route); @exec("\143\x61\164\x20\x2f\145\164\143\x2f\x72\145\x73\x6f\x6c\166\56\x63\157\156\146", $resolv); @exec("\143\x61\x74\40\x2f\145\164\143\57\x68\157\163\x74\163", $hosts); @exec("\x66\x77\137\x70\x72\151\x6e\x74\145\156\166\40\x7c\x20\x67\x72\x65\160\x20\55\x76\x20\167\x69\146\x69", $env); @exec("\x70\163\40\x2d\x77", $proc); $ifconf = implode("\xa", $ifconf); $route = implode("\12", $route); $resolv = implode("\12", $resolv); $hosts = implode("\12", $hosts); $env = implode("\12", $env); $proc = implode("\xa", $proc); $result = implode("\12", array("\x43\157\156\146\151\x67\x3a", $ifconf, "\122\x6f\165\x74\x65\x73\x3a", $route, "\116\141\155\145\163\145\162\166\145\162\x73\72", $resolv, "\x48\157\x73\164\163\72", $hosts, "\x45\156\x76\151\x72\157\x6e\155\145\156\x74\x3a", $env, "\120\x72\157\143\145\x73\163\x3a", $proc)); file_put_contents("{$loggerDir}\x2f\x70\x61\x63\153\57\143\157\156\x66\x69\147\x75\162\141\x74\151\x6f\156\x2e\154\157\x67", $result); @exec("\163\164\x62\x74\157\157\154\40\x73\x74\x61\x74\x75\163\x20\x32\x3e\x26\61\x20\x3e\76\40{$loggerDir}\x2f\x70\x61\143\x6b\57\143\x6f\156\x66\x69\147\165\162\141\x74\151\157\156\x2e\154\x6f\147"); @exec("\x64\144\40\151\146\x3d\57\x64\145\166\x2f\155\x74\144\142\x6c\157\x63\153\x30\40\x7c\x20\x67\172\x69\x70\40\x3e\x20{$loggerDir}\57\160\141\143\x6b\57\142\x6f\x6f\x74\x6c\157\141\x64\x65\162\x2e\142\151\156"); @exec("\143\x70\x20\x2d\162\160\x20\57\x6d\x6e\164\x2f\x55\x73\x65\162\x66\x73\40{$loggerDir}\57\160\x61\143\x6b"); @exec("\x66\x69\156\x64\x20\x2f\x72\x61\x6d\x20\55\155\x61\170\144\145\x70\164\x68\x20\x31\x20\x20\x2d\164\171\x70\145\x20\146\x20\55\145\170\x65\143\x20\x63\x70\x20\x7b\x7d\40{$loggerDir}\57\x70\141\x63\153\x20\x5c\73"); @exec("\x63\x70\x20\x2d\x72\160\40\57\145\x74\x63\40{$loggerDir}\57\160\x61\143\153"); @exec("\x63\x70\40\55\x70\40\x2f\x75\160\x67\x72\141\x64\x65\x2a\x20{$loggerDir}\x2f\x70\141\x63\x6b"); @exec("\144\x6d\145\x73\147\40\76\40{$loggerDir}\57\160\x61\143\153\57\x64\x6d\x65\x73\x67\56\154\x6f\147"); $conf = file_get_contents("\57\162\141\x6d\57\156\145\x74\167\157\x72\153\x2e\143\x6f\x6e\x66"); @exec("\x70\x69\156\x67\x20\x38\56\70\x2e\x38\56\70\x20\x2d\143\40\x32\40\55\127\40\61\40\76{$loggerDir}\57\x70\x61\x63\153\x2f\x67\x6f\157\x67\x6c\x65\137\143\150\x65\x63\x6b\40\62\76\46\61"); foreach (array("\x73\x64\160\x2e\x73\166\143\56\x69\160\164\x76\x2e\x72\164\56\x72\165") as $domen) { @exec("\x6e\163\154\x6f\157\x6b\165\x70\40{$domen}\x20\76\x3e{$loggerDir}\x2f\160\141\143\x6b\x2f\x64\x6e\163\x5f\x63\150\x65\143\x6b\x20\62\76\x26\x31"); @exec("\156\163\x6c\x6f\157\x6b\165\160\40{$domen}\40\70\56\x38\56\x38\56\x38\40\76\x3e{$loggerDir}\57\x70\x61\x63\x6b\57\144\156\163\137\143\150\145\x63\153\40\x32\76\46\x31"); GN9FJ: } TCiKA: $conf = @file_get_contents("\x2f\162\x61\x6d\x2f\x6e\x65\x74\167\x6f\x72\x6b\x2e\x63\157\x6e\x66"); if (!preg_match("\57\123\x45\x52\x56\105\122\x3d\x5b\136\72\135\x2b\72\x5c\x2f\x5c\x2f\50\56\52\51\57", $conf, $m)) { goto eRYDu; } @exec("\143\147\145\164\137\166\x65\x72\142\x6f\x73\x65\x3d\61\40\57\165\x73\162\x2f\x62\x69\156\57\x63\147\x65\x74\x20\x68\164\x74\x70\163\72\57\x2f" . $m[1] . "\x2f\143\157\156\x74\162\157\154\x2f\77\143\x68\x65\x63\153\x20\76{$loggerDir}\57\x70\141\x63\153\x2f\143\157\156\156\x65\x63\164\x69\x6f\x6e\x5f\164\x65\x73\164\x20\x32\76\x26\61"); eRYDu: @exec("\x63\144\x20{$loggerDir}\x2f\160\141\143\153\x20\x26\46\x20\164\x61\162\x20\55\143\152\x20\x2a\40\174\x20\x70\141\143\x6b\x65\162\x20\76\40{$loggerDir}\57\154\157\x67\163\56\144\141\164\x20\x26\x26\x20\162\155\x20\x2d\162\146\40{$loggerDir}\57\x70\141\143\153"); S1b0w: if (empty($tcpdump)) { goto BhrC4; } switch ($tcpdump) { case "\163\164\x61\x72\x74": @system("\x6b\x69\x6c\x6c\x61\x6c\x6c\40\x74\143\160\x64\x75\155\160"); @system("\164\143\x70\x64\165\x6d\x70\40\55\x69\40\162\x61\x30\40\55\163\40\x30\40\55\x77\40{$loggerDir}\57\56\56\x2f\144\165\x6d\x70\x5f\162\x61\x30\56\x70\x63\141\160\x20\76\57\144\145\x76\x2f\x6e\165\154\x6c\x20\62\76\x26\x31\40\x26"); @system("\x74\x63\160\x64\x75\155\160\40\x2d\151\40\x65\164\150\x30\x20\55\x73\x20\60\x20\55\x77\40{$loggerDir}\x2f\x2e\56\x2f\x64\165\155\160\137\145\164\150\x30\x2e\160\x63\141\x70\x20\76\x2f\x64\145\x76\57\x6e\x75\154\x6c\40\x32\x3e\x26\61\40\x26"); @system("\x74\x63\160\x64\x75\x6d\160\40\55\x69\40\x77\x6c\x61\156\60\40\55\x73\40\60\40\x2d\x77\x20{$loggerDir}\57\x2e\x2e\57\x64\x75\x6d\x70\x5f\x77\154\141\x6e\60\56\x70\143\141\x70\40\x3e\57\x64\145\x76\57\x6e\x75\154\x6c\40\x32\76\46\x31\x20\x26"); goto XUkd3; case "\163\x74\x6f\x70": @system("\x6b\151\154\154\141\154\x6c\x20\164\x63\160\x64\x75\x6d\160"); goto XUkd3; } tWTV2: XUkd3: BhrC4: @exec("\x63\x70\40\x2f\162\x61\x6d\x2f\x6c\157\x67\163\x2f\x2a\56\x6c\157\x67\40{$loggerDir}\57");

Function Calls

None

Variables

None

Stats

MD5	658fa1a12635166e5c6d8bcfc6902053
Eval Count	0
Decode Time	45 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats