Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

goto IZm3a; b2jeA: function aes_cbc(&$in, &$key) { $iv = hex2bin("\60\60\x30\x30\60\60\60\..

Decoded Output download

<?  goto IZm3a; b2jeA: function aes_cbc(&$in, &$key) { $iv = hex2bin("00000000000000000000000000000000"); $cipher = "AES-128-CBC"; $message_padded = $in; if (strlen($message_padded) % 16) { $message_padded = str_pad($message_padded, strlen($message_padded) + 16 - strlen($message_padded) % 16, "\xcc"); } $mac = aes_cmac($message_padded, $key); return substr(openssl_encrypt($message_padded, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv), 0, -16) . $mac; } goto E31N6; wEq7c: function padname(&$in) { $len = strlen($in); while ($len < 15) { $in .= " "; $len++; } return $in; } goto wA_Zh; iuWO3: function hexdump(&$in) { $val = ''; for ($i = 0; $i < strlen($in); $i++) { $val .= bin2hex($in[$i]) . " "; if ($i % 16 == 15) { $val .= "
"; } } return $val . "

"; } goto pGrD3; wA_Zh: function prehexbyte($in) { $out = ''; for ($i = 0; $i < 2 - strlen($in); $i++) { $out .= "0"; } return $out . $in; } goto b2jeA; E1q3i: function aes_cmac(&$in, &$key) { $hasher = new CryptLib\MAC\Implementation\CMAC(); $cmac = $hasher->generate($in, $key); return $cmac; } goto iuWO3; t3n4A: function parse(&$in) { $ch_setup = 1; $ch_test = 2; $ch_status = 3; $ch_close = 4; $ch_error = 5; $str_setup = 257; $cw_prov = 513; $data = unpack("Cver/ntyp/nlen/C*", $in); $len = sizeof((array) $data); $val = 0; for ($i = 1; $i < $len - 2; $i++) { $val = $val << 8 & 65535; $val = ($val | $data[$i]) & 65535; if ($val == 14) { $i = $i + 3; $chid = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 1) { $i = $i + 3; $casid = chr($data[$i]) . chr($data[$i + 1]) . chr($data[$i + 2]) . chr($data[$i + 3]); $i + 2; } if ($val == 15) { $i = $i + 3; $strid = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 25) { $i = $i + 3; $ecmid = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 16) { $i = $i + 3; $dura = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 18) { $i = $i + 3; $cpnum = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 13) { $acc = ''; $i++; $acclen = $data[$i] << 8 | $data[$i + 1] & 65535; $i = $i + 2; for ($j = 0; $j < 4 - $acclen; $j++) { $acc .= chr(0); } for ($j = 0; $j < $acclen; $j++) { $acc = $acc . chr($data[$i]); $i++; } $i--; } if ($val == 20) { $cw = ''; $i = $i + 3; $odd = $data[$i] << 8 | $data[$i + 1] & 65535; $i = $i + 2; for ($j = 0; $j < 8; $j++) { $cw = $cw . chr($data[$i]); $i++; } if ($odd % 2 == 0) { $cw0 = $cw; } else { $cw1 = $cw; } $i--; } } if ($data["typ"] === $ch_setup) { return hex2bin("0200030051000E0002") . $chid . hex2bin("00020001010016000200C80017000200C80003000200C80004000200C800050002FE0C00060002000000070002006400080002000000090002000A000A000101000B000102000C00020064"); } if ($data["typ"] === $str_setup) { return hex2bin("0201030017000E0002") . $chid . hex2bin("000f0002") . $strid . hex2bin("00190002") . $ecmid . hex2bin("0011000100"); } if ($data["typ"] == $cw_prov) { ecco("Channel-ID:    " . bin2hex($chid) . "
"); ecco("Stream-ID:     " . bin2hex($strid) . "
"); ecco("Access-crit.:  " . bin2hex($acc) . "
"); ecco("CP-No:         " . bin2hex($cpnum) . "
"); ecco("CW0:           " . bin2hex($cw0) . "
"); ecco("CW1:           " . bin2hex($cw1) . "\xa"); ecco("Used enc-key:  " . bin2hex($GLOBALS["key"]) . "
"); $cw64mask = hex2bin("80000000"); $pairingmask = hex2bin("40000000"); if (($acc & $cw64mask) == $cw64mask) { ecco("64bit CW "); } else { ecco("48bit CW "); } if (($acc & $pairingmask) == $pairingmask) { ecco("/ with Pairing using Key:\xa" . bin2hex($GLOBALS["pairkey"]) . "

"); } else { ecco("

"); } return hex2bin("02020200D2") . hex2bin("000E0002") . $chid . hex2bin("000F0002") . $strid . hex2bin("00120002") . $cpnum . hex2bin("001500BC475FFF1000") . get_ecm($chid, $cw0, $cw1, $acc, $cpnum); } if ($data["typ"] == 260) { return hex2bin("020105000C000E0002") . $chid . hex2bin("000F0002") . $strid; } if ($data["typ"] == 4) { return "close_ch"; } ecco("\xa"); } goto fos4q; yFGwd: function bin2dec($in) { return hexdec(bin2hex($in[0])); } goto LqZAb; cVg4P: function emm_unique(&$socket) { global $config; $syskey = $GLOBALS["syskey"]; $servername = $config["servername"]; $username = $config["dbusername"]; $password = $config["dbpass"]; $dbname = $config["dbname"]; $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } $sql = "\xa\x9\x9SELECT abo.ppua, abo.`bos`, abo.`eos`,abo.acc, providers.providername, cards.ppsa, cards.paired, cards.boxident, providers.chid FROM {$dbname}.providers\xa\x9\x9join {$dbname}.abo\xa	\x9join {$dbname}.cards\xa	        ON providers.chid = abo.chid and cards.ppua = abo.ppua and cards.deleted = 0;
	"; $result = $conn->query($sql); while ($row = $result->fetch_assoc()) { $ts = hex2bin(date("is")); $ppua = hex2bin(predec($row["ppua"])); $bos = emm_date($row["bos"]); $eos = emm_date($row["eos"]); $acc = hex2bin(prehex($row["acc"])); $name = padname($row["providername"]); $ppsa = hex2bin(predec($row["ppsa"])); $chid = hex2bin($row["chid"]); $paired = $row["paired"]; $boxident = hex2bin(predec($row["boxident"])); ecco("Unique EMM:
"); ecco("PPUA:               " . prehex($row["ppua"]) . "
"); ecco("Subscription start: " . $row["bos"] . "\xa"); ecco("Subscription end:   " . $row["eos"] . "
"); ecco("Access Criteria:    " . prehex($row["acc"]) . "\xa"); ecco("Provider:           " . $row["providername"] . "\xa"); ecco("Shared Address:     " . prehex($row["ppsa"]) . "\xa"); ecco("Channel-ID:         " . $row["chid"] . "\xa"); ecco("Paired:             " . $row["paired"] . "\xa"); if (prehex($row["boxident"]) != "00000000") { ecco("Boxident:           " . prehex($row["boxident"]) . "
"); ecco("crypted boxident:   " . bin2hex(aes_cmac($boxident, $syskey)) . "
"); } $emm = $ts . "\240\x0" . $ppua . "\240\3" . $bos . $eos . "\240\4" . $acc . "\240\20" . $name . "\240\x2" . $ppsa . "\xa0\1" . $chid; $uniquepairkey = ''; if ($paired == "1") { $uniquepairkey = aes_cmac($boxident, $syskey) ^ $GLOBALS["pairkey"]; $emm = $emm . "\2400" . $uniquepairkey; ecco("UNIQUE PAIRING-KEY  " . bin2hex($uniquepairkey) . "
"); } $key = aes_cmac($ppua, $syskey); $emm = aes_cbc($emm, $key); $emmg_string = hex2bin("02021100DA0003000200010004000200010001000400000000000800020000000500BC475FFF1000"); $header1 = hex2bin("827000000000"); $header2 = hex2bin("70006410"); $header1[2] = hex2bin(dechex(strlen($emm) + 11)); $header2[1] = hex2bin(dechex(strlen($emm) + 2)); $emm = $emmg_string . $header1 . $ppua . $header2 . $emm; $emm = str_pad($emm, 223, "\377"); ecco("------------------------------------------------
"); ecco(hexdump($emm)); socket_write($socket, $emm, strlen($emm)); } mysqli_close($conn); } goto nTu_F; LqZAb: function get_ecm(&$chid, &$cw0, &$cw1, &$acc, &$cpnum) { global $config; if (hexdec(bin2hex($cpnum)) & 1) { $header = hex2bin("817000700064"); } else { $header = hex2bin("807000700064"); } if (date("n") % 2) { $header .= hex2bin("21"); $key = $GLOBALS["key21"]; } else { $header .= hex2bin("20"); $key = $GLOBALS["key20"]; } $GLOBALS["key"] = $key; $dcw = $cw0 . $cw1; $mask64 = hex2bin("80000000"); if (($acc & $mask64) != $mask64) { $dcw[3] = hex2bin(prehexbyte(dechex((bin2dec($dcw[0]) + bin2dec($dcw[1]) + bin2dec($dcw[2])) % 256))); $dcw[7] = hex2bin(prehexbyte(dechex((bin2dec($dcw[4]) + bin2dec($dcw[5]) + bin2dec($dcw[6])) % 256))); $dcw[11] = hex2bin(prehexbyte(dechex((bin2dec($dcw[8]) + bin2dec($dcw[9]) + bin2dec($dcw[10])) % 256))); $dcw[15] = hex2bin(prehexbyte(dechex((bin2dec($dcw[12]) + bin2dec($dcw[13]) + bin2dec($dcw[14])) % 256))); } $iv = hex2bin("00000000000000000000000000000000"); $cipher = "AES-128-CBC"; $pairingmask = hex2bin("40000000"); if (($acc & $pairingmask) == $pairingmask) { $dcw = substr(openssl_encrypt($dcw, $cipher, $GLOBALS["pairkey"], $options = OPENSSL_RAW_DATA, $iv), 0, -16); } $ecm = hex2bin("2004") . get_date(0) . hex2bin("400f") . $dcw . hex2bin("2102") . $chid . hex2bin("2204") . $acc; if ($config["preview"] != "0") { $ecm = $ecm . hex2bin("2302") . get_date($config["preview"]); } $ecm = aes_cbc($ecm, $key); $header[2] = hex2bin(dechex(strlen($ecm) + 4)); $header[4] = hex2bin(dechex(strlen($ecm) + 2)); $ecm = $header . $ecm; return str_pad($ecm, 183, "\377"); } goto t3n4A; wp1kB: function dbclean() { global $config; $servername = $config["servername"]; $username = $config["dbusername"]; $password = $config["dbpass"]; $dbname = $config["dbname"]; $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } $sql = "
		DELETE FROM {$dbname}.abo WHERE abo.eos < (NOW() - INTERVAL 2 MONTH);\xa	"; $result = $conn->query($sql); $sql = "
\x9	UPDATE {$dbname}.ecmg_keys SET ecmg_keys.ecmkey = md5(rand()*1001), ecmg_keys.modified = (NOW() + INTERVAL 1 MONTH)\xa        WHERE ecmg_keys.modified < (NOW() - INTERVAL 1 MONTH);\xa		"; $result = $conn->query($sql); mysqli_close($conn); } goto vxHoV; E31N6: function get_date($in) { $time = strtotime(date("Y-m-d", strtotime("+{$in} week"))); $cnxdate = floor((date("Y", $time) - 1990) / 10); $cnxdate = $cnxdate << 5; $cnxdate = $cnxdate | date("j", $time); $cnxdate = $cnxdate << 4; $cnxdate = $cnxdate | (date("Y", $time) - 1990) % 10; $cnxdate = $cnxdate << 4; $cnxdate = $cnxdate | date("n", $time); if ($in == "0") { return hex2bin(dechex($cnxdate) . date("is")); } else { return hex2bin(dechex($cnxdate)); } } goto N0zSb; pGrD3: function predec(&$in) { $in = dechex($in); $out = ''; for ($i = 0; $i < 8 - strlen($in); $i++) { $out .= "0"; } return $out . $in; } goto wymwZ; nTu_F: function emm_shared(&$socket) { global $config; $syskey = $GLOBALS["syskey"]; $servername = $config["servername"]; $username = $config["dbusername"]; $password = $config["dbpass"]; $dbname = $config["dbname"]; $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } $sql = "\xa		SELECT DISTINCT ppsa FROM {$dbname}.cards JOIN {$dbname}.abo WHERE cards.deleted = 0 AND cards.ppua = abo.ppua;
	"; $result = $conn->query($sql); while ($row = $result->fetch_assoc()) { $ts = hex2bin(date("is")); $ppsa = hex2bin(predec($row["ppsa"])); $emm = $ts . "\xa0\x2" . $ppsa . "\240 " . $GLOBALS["key20"] . "\xa0!" . $GLOBALS["key21"]; $key = aes_cmac($ppsa, $syskey); $emm = aes_cbc($emm, $key); $emmg_string = hex2bin("02021100DA0003000200010004000200010001000400000000000800020000000500BC475FFF1000"); $header1 = hex2bin("827000000000"); $header2 = hex2bin("70006410"); $header1[2] = hex2bin(dechex(strlen($emm) + 11)); $header2[1] = hex2bin(dechex(strlen($emm) + 2)); $emm = $emmg_string . $header1 . $ppsa . $header2 . $emm; $emm = str_pad($emm, 223, "\377"); ecco("Shared EMM:\xa"); ecco("PPSA:   " . prehex($row["ppsa"]) . "\xa"); ecco("Key20:  " . bin2hex($GLOBALS["key20"]) . "\xa"); ecco("Key21:  " . bin2hex($GLOBALS["key21"]) . "\xa"); ecco("------------------------------------------------\xa"); ecco(hexdump($emm)); socket_write($socket, $emm, strlen($emm)); } mysqli_close($conn); } goto wp1kB; N0zSb: function emm_date(&$in) { $time = strtotime($in); $cnxdate = floor((date("Y", $time) - 1990) / 10); $cnxdate = $cnxdate << 5; $cnxdate = $cnxdate | date("j", $time); $cnxdate = $cnxdate << 4; $cnxdate = $cnxdate | (date("Y", $time) - 1990) % 10; $cnxdate = $cnxdate << 4; $cnxdate = $cnxdate | date("n", $time); return hex2bin(dechex($cnxdate)); } goto yFGwd; u6kGz: function readkeys() { global $config; $servername = $config["servername"]; $username = $config["dbusername"]; $password = $config["dbpass"]; $dbname = $config["dbname"]; $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } $sql = "SELECT ecmkey FROM ecmg_keys where id = 20"; $result = $conn->query($sql); $row = $result->fetch_assoc(); $GLOBALS["key20"] = hex2bin($row["ecmkey"]); $sql = "SELECT ecmkey FROM ecmg_keys where id = 21"; $result = $conn->query($sql); $row = $result->fetch_assoc(); $GLOBALS["key21"] = hex2bin($row["ecmkey"]); $sql = "SELECT ecmkey FROM ecmg_keys where id = 2"; $result = $conn->query($sql); $row = $result->fetch_assoc(); $GLOBALS["pairkey"] = hex2bin($row["ecmkey"]); $sql = "SELECT systemkey FROM emmg_systemkey where id=1"; $result = $conn->query($sql); $row = $result->fetch_assoc(); $GLOBALS["syskey"] = hex2bin($row["systemkey"]); mysqli_close($conn); ecco("Keys from Database loaded\xa\xa"); } goto E1q3i; IZm3a: require_once "lib/CryptLib/bootstrap.php"; goto z_9z0; z_9z0: function ecco($in) { global $config; $echo = $config["echo"]; if ($echo) { echo $in; } } goto u6kGz; wymwZ: function prehex(&$in) { $out = ''; for ($i = 0; $i < 8 - strlen($in); $i++) { $out .= "0"; } return $out . $in; } goto wEq7c; fos4q: function emm_setup(&$socket) { ecco("Stream-Setup:\xaSend:\xa"); $out = hex2bin("020011001300030002000100010004000000000002000101"); ecco(hexdump($out)); socket_write($socket, $out, strlen($out)); $out = socket_read($socket, 2048); ecco("Received:\xa"); ecco(hexdump($out)); ecco("Send:
"); $out = hex2bin("020111001F00030002000100040002000100010004000000000008000200000007000100"); ecco(hexdump($out)); socket_write($socket, $out, strlen($out)); $out = socket_read($socket, 2048); ecco("Received:
"); ecco(hexdump($out)); ecco("Send:
"); $out = hex2bin("020117001A0003000200010004000200010001000400000000000600020064"); ecco(hexdump($out)); socket_write($socket, $out, strlen($out)); $out = socket_read($socket, 2048); ecco("Received:
"); ecco(hexdump($out)); } goto cVg4P; vxHoV: ?>

Did this file decode correctly?

Original Code

goto IZm3a; b2jeA: function aes_cbc(&$in, &$key) { $iv = hex2bin("\60\60\x30\x30\60\60\60\60\60\60\60\60\x30\60\x30\60\60\60\60\60\60\60\x30\60\x30\60\x30\60\x30\x30\x30\60"); $cipher = "\101\x45\123\x2d\x31\62\x38\x2d\103\x42\103"; $message_padded = $in; if (strlen($message_padded) % 16) { $message_padded = str_pad($message_padded, strlen($message_padded) + 16 - strlen($message_padded) % 16, "\xcc"); } $mac = aes_cmac($message_padded, $key); return substr(openssl_encrypt($message_padded, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv), 0, -16) . $mac; } goto E31N6; wEq7c: function padname(&$in) { $len = strlen($in); while ($len < 15) { $in .= "\40"; $len++; } return $in; } goto wA_Zh; iuWO3: function hexdump(&$in) { $val = ''; for ($i = 0; $i < strlen($in); $i++) { $val .= bin2hex($in[$i]) . "\40"; if ($i % 16 == 15) { $val .= "\12"; } } return $val . "\12\12"; } goto pGrD3; wA_Zh: function prehexbyte($in) { $out = ''; for ($i = 0; $i < 2 - strlen($in); $i++) { $out .= "\x30"; } return $out . $in; } goto b2jeA; E1q3i: function aes_cmac(&$in, &$key) { $hasher = new CryptLib\MAC\Implementation\CMAC(); $cmac = $hasher->generate($in, $key); return $cmac; } goto iuWO3; t3n4A: function parse(&$in) { $ch_setup = 1; $ch_test = 2; $ch_status = 3; $ch_close = 4; $ch_error = 5; $str_setup = 257; $cw_prov = 513; $data = unpack("\x43\x76\x65\x72\57\x6e\x74\171\x70\57\156\154\x65\x6e\x2f\103\x2a", $in); $len = sizeof((array) $data); $val = 0; for ($i = 1; $i < $len - 2; $i++) { $val = $val << 8 & 65535; $val = ($val | $data[$i]) & 65535; if ($val == 14) { $i = $i + 3; $chid = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 1) { $i = $i + 3; $casid = chr($data[$i]) . chr($data[$i + 1]) . chr($data[$i + 2]) . chr($data[$i + 3]); $i + 2; } if ($val == 15) { $i = $i + 3; $strid = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 25) { $i = $i + 3; $ecmid = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 16) { $i = $i + 3; $dura = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 18) { $i = $i + 3; $cpnum = chr($data[$i]) . chr($data[$i + 1]); $i++; } if ($val == 13) { $acc = ''; $i++; $acclen = $data[$i] << 8 | $data[$i + 1] & 65535; $i = $i + 2; for ($j = 0; $j < 4 - $acclen; $j++) { $acc .= chr(0); } for ($j = 0; $j < $acclen; $j++) { $acc = $acc . chr($data[$i]); $i++; } $i--; } if ($val == 20) { $cw = ''; $i = $i + 3; $odd = $data[$i] << 8 | $data[$i + 1] & 65535; $i = $i + 2; for ($j = 0; $j < 8; $j++) { $cw = $cw . chr($data[$i]); $i++; } if ($odd % 2 == 0) { $cw0 = $cw; } else { $cw1 = $cw; } $i--; } } if ($data["\164\171\160"] === $ch_setup) { return hex2bin("\x30\62\x30\x30\x30\63\60\x30\x35\x31\60\60\60\105\x30\x30\60\62") . $chid . hex2bin("\x30\x30\x30\x32\x30\60\x30\61\x30\x31\x30\x30\x31\66\60\60\x30\62\x30\x30\x43\x38\x30\60\61\x37\60\x30\x30\62\x30\60\x43\x38\x30\x30\x30\x33\x30\60\x30\62\60\x30\103\70\x30\x30\x30\64\60\60\x30\62\x30\60\x43\x38\60\60\60\65\60\60\60\x32\x46\105\x30\103\60\x30\x30\66\x30\60\x30\x32\x30\60\x30\x30\60\60\x30\x37\60\x30\60\x32\60\60\x36\64\60\60\60\70\60\x30\x30\x32\x30\60\60\x30\60\60\x30\71\x30\x30\60\x32\60\60\60\x41\60\60\60\101\60\x30\60\61\x30\x31\60\x30\x30\102\x30\60\60\x31\60\x32\60\60\60\x43\x30\60\60\x32\60\x30\x36\x34"); } if ($data["\x74\171\x70"] === $str_setup) { return hex2bin("\x30\x32\x30\x31\60\x33\60\60\x31\67\x30\60\x30\105\60\x30\60\62") . $chid . hex2bin("\60\x30\60\x66\60\60\x30\62") . $strid . hex2bin("\x30\60\x31\71\x30\x30\60\x32") . $ecmid . hex2bin("\60\60\x31\61\x30\60\x30\x31\x30\x30"); } if ($data["\164\171\x70"] == $cw_prov) { ecco("\x43\x68\x61\x6e\156\x65\154\55\111\104\x3a\40\40\x20\x20" . bin2hex($chid) . "\12"); ecco("\x53\164\x72\145\x61\155\55\x49\x44\x3a\x20\x20\x20\x20\x20" . bin2hex($strid) . "\12"); ecco("\x41\143\143\145\163\x73\x2d\143\x72\x69\x74\x2e\72\x20\x20" . bin2hex($acc) . "\12"); ecco("\x43\x50\x2d\x4e\x6f\72\40\40\x20\x20\40\40\x20\40\40" . bin2hex($cpnum) . "\12"); ecco("\x43\127\60\x3a\x20\x20\x20\40\x20\40\x20\40\40\x20\40" . bin2hex($cw0) . "\12"); ecco("\103\127\x31\x3a\x20\x20\x20\x20\x20\x20\40\40\x20\x20\x20" . bin2hex($cw1) . "\xa"); ecco("\x55\x73\145\144\x20\145\x6e\143\x2d\153\145\x79\x3a\40\40" . bin2hex($GLOBALS["\x6b\145\x79"]) . "\12"); $cw64mask = hex2bin("\70\60\60\60\x30\60\60\60"); $pairingmask = hex2bin("\64\60\x30\x30\60\60\60\x30"); if (($acc & $cw64mask) == $cw64mask) { ecco("\66\x34\x62\x69\164\40\x43\127\x20"); } else { ecco("\64\x38\142\x69\164\x20\103\x57\x20"); } if (($acc & $pairingmask) == $pairingmask) { ecco("\57\40\x77\x69\x74\150\40\120\141\x69\162\x69\156\x67\40\165\x73\x69\x6e\147\40\113\x65\x79\x3a\xa" . bin2hex($GLOBALS["\160\141\x69\x72\x6b\145\171"]) . "\12\12"); } else { ecco("\12\12"); } return hex2bin("\60\x32\60\x32\x30\62\x30\60\104\62") . hex2bin("\x30\x30\x30\x45\60\x30\60\x32") . $chid . hex2bin("\x30\60\x30\106\60\60\60\62") . $strid . hex2bin("\60\60\61\x32\60\x30\60\62") . $cpnum . hex2bin("\x30\60\x31\65\x30\60\x42\x43\x34\x37\x35\106\x46\106\x31\60\60\60") . get_ecm($chid, $cw0, $cw1, $acc, $cpnum); } if ($data["\164\x79\x70"] == 260) { return hex2bin("\x30\x32\x30\61\x30\65\x30\60\60\103\x30\60\x30\105\x30\60\x30\x32") . $chid . hex2bin("\60\x30\x30\x46\x30\x30\x30\62") . $strid; } if ($data["\x74\171\160"] == 4) { return "\143\154\x6f\x73\x65\137\143\150"; } ecco("\xa"); } goto fos4q; yFGwd: function bin2dec($in) { return hexdec(bin2hex($in[0])); } goto LqZAb; cVg4P: function emm_unique(&$socket) { global $config; $syskey = $GLOBALS["\x73\171\163\153\x65\x79"]; $servername = $config["\163\x65\x72\166\x65\162\156\141\x6d\145"]; $username = $config["\144\142\165\163\x65\x72\x6e\x61\x6d\145"]; $password = $config["\x64\x62\160\x61\x73\x73"]; $dbname = $config["\144\142\x6e\141\155\x65"]; $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { die("\x43\157\x6e\x6e\145\x63\164\151\157\156\40\x66\x61\151\x6c\x65\144\72\40" . mysqli_connect_error()); } $sql = "\xa\x9\x9\x53\105\114\105\103\124\40\x61\142\x6f\56\x70\x70\165\141\x2c\x20\x61\x62\x6f\56\140\x62\x6f\x73\140\x2c\x20\x61\142\157\x2e\140\x65\x6f\x73\x60\x2c\141\142\157\56\x61\143\x63\54\x20\x70\162\x6f\166\x69\144\145\162\163\x2e\160\162\157\x76\x69\x64\x65\162\x6e\x61\155\145\54\40\143\x61\x72\144\163\x2e\160\160\x73\x61\54\x20\x63\x61\x72\x64\163\x2e\160\141\x69\x72\145\x64\x2c\40\x63\141\x72\x64\163\x2e\x62\157\170\151\x64\145\156\x74\x2c\x20\x70\162\157\166\151\144\x65\x72\163\x2e\x63\150\x69\144\40\x46\x52\117\115\x20{$dbname}\56\x70\x72\157\x76\151\144\145\162\x73\xa\x9\x9\152\157\151\x6e\x20{$dbname}\x2e\141\x62\x6f\xa\11\x9\x6a\x6f\x69\156\x20{$dbname}\56\x63\x61\162\x64\163\xa\11\40\x20\40\x20\x20\40\x20\40\117\116\x20\x70\162\x6f\166\x69\144\x65\162\x73\x2e\143\x68\151\x64\40\75\40\x61\142\x6f\x2e\x63\150\151\x64\x20\141\x6e\144\x20\143\x61\162\144\x73\56\160\160\165\141\40\75\x20\x61\x62\x6f\56\x70\x70\165\x61\x20\x61\x6e\x64\40\x63\x61\x72\x64\163\56\144\x65\x6c\145\x74\145\144\40\75\40\60\x3b\12\11"; $result = $conn->query($sql); while ($row = $result->fetch_assoc()) { $ts = hex2bin(date("\x69\x73")); $ppua = hex2bin(predec($row["\160\x70\x75\x61"])); $bos = emm_date($row["\142\x6f\x73"]); $eos = emm_date($row["\x65\x6f\x73"]); $acc = hex2bin(prehex($row["\141\143\x63"])); $name = padname($row["\x70\x72\157\166\x69\144\145\162\156\x61\x6d\x65"]); $ppsa = hex2bin(predec($row["\160\160\163\x61"])); $chid = hex2bin($row["\x63\x68\x69\x64"]); $paired = $row["\x70\141\x69\162\x65\144"]; $boxident = hex2bin(predec($row["\142\x6f\x78\151\x64\145\156\x74"])); ecco("\125\156\151\x71\x75\x65\x20\x45\115\x4d\x3a\12"); ecco("\x50\120\125\x41\72\x20\40\x20\40\x20\x20\40\x20\x20\x20\40\x20\40\x20\x20" . prehex($row["\160\160\165\141"]) . "\12"); ecco("\123\165\x62\163\143\x72\151\x70\x74\151\x6f\156\x20\x73\x74\141\x72\x74\72\x20" . $row["\142\x6f\163"] . "\xa"); ecco("\123\x75\142\x73\143\x72\x69\160\x74\x69\x6f\156\x20\x65\156\x64\x3a\40\x20\40" . $row["\145\157\x73"] . "\12"); ecco("\101\143\143\145\x73\x73\x20\x43\162\151\164\x65\162\x69\141\x3a\x20\40\x20\x20" . prehex($row["\x61\143\143"]) . "\xa"); ecco("\x50\162\157\x76\x69\x64\x65\162\72\40\x20\x20\x20\40\40\x20\x20\x20\x20\x20" . $row["\x70\162\x6f\x76\x69\x64\x65\x72\x6e\141\x6d\x65"] . "\xa"); ecco("\123\x68\x61\162\x65\144\40\101\x64\144\x72\x65\163\163\x3a\40\40\40\40\40" . prehex($row["\160\x70\x73\x61"]) . "\xa"); ecco("\x43\150\141\156\x6e\145\154\x2d\x49\x44\x3a\40\x20\40\x20\40\40\x20\40\x20" . $row["\x63\150\x69\x64"] . "\xa"); ecco("\x50\141\x69\162\x65\x64\x3a\40\x20\40\40\x20\x20\x20\40\40\x20\x20\40\40" . $row["\x70\x61\151\x72\145\144"] . "\xa"); if (prehex($row["\142\x6f\170\x69\x64\145\156\164"]) != "\60\60\60\x30\60\60\60\60") { ecco("\102\x6f\170\151\144\145\x6e\164\72\40\x20\x20\40\40\40\x20\40\x20\40\x20" . prehex($row["\142\157\x78\151\144\145\156\x74"]) . "\12"); ecco("\x63\x72\x79\x70\x74\145\x64\x20\x62\x6f\x78\151\x64\145\156\164\72\x20\40\40" . bin2hex(aes_cmac($boxident, $syskey)) . "\12"); } $emm = $ts . "\240\x0" . $ppua . "\240\3" . $bos . $eos . "\240\4" . $acc . "\240\20" . $name . "\240\x2" . $ppsa . "\xa0\1" . $chid; $uniquepairkey = ''; if ($paired == "\x31") { $uniquepairkey = aes_cmac($boxident, $syskey) ^ $GLOBALS["\x70\x61\151\x72\153\145\x79"]; $emm = $emm . "\240\x30" . $uniquepairkey; ecco("\125\116\x49\x51\125\105\x20\x50\x41\111\122\x49\x4e\107\x2d\113\105\131\x20\x20" . bin2hex($uniquepairkey) . "\12"); } $key = aes_cmac($ppua, $syskey); $emm = aes_cbc($emm, $key); $emmg_string = hex2bin("\x30\x32\x30\62\61\61\x30\x30\x44\x41\60\60\x30\63\60\60\60\62\60\x30\60\x31\x30\x30\60\x34\60\x30\x30\62\x30\x30\60\61\x30\60\x30\x31\60\x30\60\64\x30\x30\x30\x30\60\60\60\60\60\60\60\x38\60\60\x30\62\x30\60\x30\60\60\x30\60\x35\60\60\x42\x43\64\x37\x35\106\106\106\61\60\x30\x30"); $header1 = hex2bin("\x38\x32\67\60\x30\60\x30\x30\x30\x30\60\x30"); $header2 = hex2bin("\x37\60\60\60\x36\64\x31\60"); $header1[2] = hex2bin(dechex(strlen($emm) + 11)); $header2[1] = hex2bin(dechex(strlen($emm) + 2)); $emm = $emmg_string . $header1 . $ppua . $header2 . $emm; $emm = str_pad($emm, 223, "\377"); ecco("\x2d\x2d\x2d\x2d\55\x2d\x2d\55\55\55\55\x2d\55\55\x2d\x2d\55\55\x2d\x2d\55\55\55\x2d\55\x2d\x2d\55\x2d\55\55\x2d\x2d\55\55\x2d\x2d\x2d\55\55\55\x2d\55\x2d\x2d\x2d\x2d\x2d\12"); ecco(hexdump($emm)); socket_write($socket, $emm, strlen($emm)); } mysqli_close($conn); } goto nTu_F; LqZAb: function get_ecm(&$chid, &$cw0, &$cw1, &$acc, &$cpnum) { global $config; if (hexdec(bin2hex($cpnum)) & 1) { $header = hex2bin("\70\61\x37\x30\60\x30\x37\x30\60\x30\x36\64"); } else { $header = hex2bin("\x38\x30\x37\x30\60\x30\x37\60\x30\60\x36\64"); } if (date("\156") % 2) { $header .= hex2bin("\x32\x31"); $key = $GLOBALS["\153\145\171\x32\61"]; } else { $header .= hex2bin("\62\60"); $key = $GLOBALS["\153\145\x79\62\60"]; } $GLOBALS["\x6b\x65\x79"] = $key; $dcw = $cw0 . $cw1; $mask64 = hex2bin("\70\60\x30\x30\x30\60\60\60"); if (($acc & $mask64) != $mask64) { $dcw[3] = hex2bin(prehexbyte(dechex((bin2dec($dcw[0]) + bin2dec($dcw[1]) + bin2dec($dcw[2])) % 256))); $dcw[7] = hex2bin(prehexbyte(dechex((bin2dec($dcw[4]) + bin2dec($dcw[5]) + bin2dec($dcw[6])) % 256))); $dcw[11] = hex2bin(prehexbyte(dechex((bin2dec($dcw[8]) + bin2dec($dcw[9]) + bin2dec($dcw[10])) % 256))); $dcw[15] = hex2bin(prehexbyte(dechex((bin2dec($dcw[12]) + bin2dec($dcw[13]) + bin2dec($dcw[14])) % 256))); } $iv = hex2bin("\x30\x30\x30\x30\60\60\x30\x30\x30\60\60\x30\60\x30\x30\60\60\60\x30\60\60\60\60\x30\60\60\60\60\x30\60\x30\60"); $cipher = "\x41\105\x53\x2d\61\x32\70\55\103\102\103"; $pairingmask = hex2bin("\64\60\x30\60\x30\60\x30\x30"); if (($acc & $pairingmask) == $pairingmask) { $dcw = substr(openssl_encrypt($dcw, $cipher, $GLOBALS["\160\x61\x69\x72\x6b\x65\171"], $options = OPENSSL_RAW_DATA, $iv), 0, -16); } $ecm = hex2bin("\x32\60\x30\x34") . get_date(0) . hex2bin("\64\60\60\146") . $dcw . hex2bin("\x32\x31\60\x32") . $chid . hex2bin("\x32\62\x30\64") . $acc; if ($config["\x70\x72\145\x76\151\145\167"] != "\x30") { $ecm = $ecm . hex2bin("\x32\x33\60\x32") . get_date($config["\x70\162\x65\x76\151\145\x77"]); } $ecm = aes_cbc($ecm, $key); $header[2] = hex2bin(dechex(strlen($ecm) + 4)); $header[4] = hex2bin(dechex(strlen($ecm) + 2)); $ecm = $header . $ecm; return str_pad($ecm, 183, "\377"); } goto t3n4A; wp1kB: function dbclean() { global $config; $servername = $config["\163\x65\x72\x76\x65\x72\156\x61\x6d\x65"]; $username = $config["\x64\x62\x75\163\145\162\156\x61\x6d\x65"]; $password = $config["\144\142\160\x61\x73\163"]; $dbname = $config["\x64\142\156\x61\155\x65"]; $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { die("\x43\157\156\156\145\x63\164\151\157\156\x20\x66\141\151\154\145\144\x3a\x20" . mysqli_connect_error()); } $sql = "\12\11\11\104\x45\x4c\x45\x54\x45\40\106\122\117\x4d\x20{$dbname}\56\x61\142\157\40\127\x48\105\x52\x45\x20\141\142\157\x2e\x65\157\163\40\x3c\x20\x28\116\117\x57\50\51\40\x2d\40\x49\116\x54\105\122\x56\101\114\x20\x32\x20\x4d\x4f\116\x54\x48\x29\x3b\xa\11"; $result = $conn->query($sql); $sql = "\12\x9\11\x55\x50\104\101\124\x45\x20{$dbname}\x2e\x65\x63\x6d\x67\x5f\153\x65\171\163\40\x53\105\124\40\145\143\155\x67\x5f\153\145\x79\163\x2e\145\143\155\x6b\145\x79\40\x3d\40\155\x64\65\x28\x72\141\156\x64\50\x29\52\x31\60\x30\61\51\54\x20\x65\143\x6d\x67\x5f\x6b\145\x79\x73\x2e\155\157\144\151\146\151\145\x64\40\75\x20\50\x4e\x4f\x57\50\51\x20\53\x20\x49\116\124\x45\122\126\101\x4c\x20\61\40\x4d\117\x4e\x54\110\51\xa\40\40\x20\40\40\x20\x20\x20\127\110\105\x52\x45\40\145\x63\x6d\147\x5f\x6b\x65\x79\x73\56\155\157\144\x69\x66\x69\145\144\40\74\x20\50\116\x4f\x57\50\x29\x20\x2d\x20\x49\x4e\124\x45\x52\126\101\x4c\x20\x31\40\115\117\116\124\110\x29\73\xa\11\11"; $result = $conn->query($sql); mysqli_close($conn); } goto vxHoV; E31N6: function get_date($in) { $time = strtotime(date("\131\x2d\x6d\55\144", strtotime("\53{$in}\40\x77\145\x65\x6b"))); $cnxdate = floor((date("\x59", $time) - 1990) / 10); $cnxdate = $cnxdate << 5; $cnxdate = $cnxdate | date("\152", $time); $cnxdate = $cnxdate << 4; $cnxdate = $cnxdate | (date("\x59", $time) - 1990) % 10; $cnxdate = $cnxdate << 4; $cnxdate = $cnxdate | date("\x6e", $time); if ($in == "\x30") { return hex2bin(dechex($cnxdate) . date("\151\x73")); } else { return hex2bin(dechex($cnxdate)); } } goto N0zSb; pGrD3: function predec(&$in) { $in = dechex($in); $out = ''; for ($i = 0; $i < 8 - strlen($in); $i++) { $out .= "\60"; } return $out . $in; } goto wymwZ; nTu_F: function emm_shared(&$socket) { global $config; $syskey = $GLOBALS["\x73\171\x73\153\145\171"]; $servername = $config["\163\x65\x72\166\145\162\156\141\155\145"]; $username = $config["\x64\x62\x75\163\x65\x72\x6e\141\155\x65"]; $password = $config["\144\x62\160\x61\163\163"]; $dbname = $config["\x64\x62\156\141\x6d\145"]; $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { die("\x43\x6f\x6e\x6e\145\143\164\x69\157\156\40\x66\x61\x69\x6c\x65\x64\x3a\40" . mysqli_connect_error()); } $sql = "\xa\11\11\123\105\x4c\105\x43\124\40\x44\x49\123\124\111\116\x43\124\40\x70\160\163\141\x20\x46\122\117\x4d\40{$dbname}\56\x63\141\162\x64\x73\40\x4a\x4f\x49\x4e\x20{$dbname}\56\141\142\157\x20\x57\110\105\x52\105\40\143\x61\x72\144\x73\x2e\144\x65\x6c\145\x74\145\x64\40\x3d\x20\x30\x20\101\x4e\104\x20\143\141\162\144\x73\56\x70\160\165\x61\x20\x3d\x20\x61\142\x6f\x2e\160\x70\165\x61\x3b\12\11"; $result = $conn->query($sql); while ($row = $result->fetch_assoc()) { $ts = hex2bin(date("\151\x73")); $ppsa = hex2bin(predec($row["\160\x70\163\141"])); $emm = $ts . "\xa0\x2" . $ppsa . "\240\x20" . $GLOBALS["\x6b\x65\171\62\x30"] . "\xa0\x21" . $GLOBALS["\x6b\145\x79\x32\x31"]; $key = aes_cmac($ppsa, $syskey); $emm = aes_cbc($emm, $key); $emmg_string = hex2bin("\x30\x32\60\x32\x31\61\60\x30\x44\101\x30\60\x30\x33\x30\x30\60\x32\60\x30\60\x31\60\60\60\64\x30\60\x30\x32\60\x30\60\61\x30\x30\x30\x31\60\x30\x30\x34\x30\x30\x30\60\60\60\x30\60\60\x30\x30\70\x30\x30\60\x32\x30\60\x30\x30\x30\60\60\x35\60\x30\x42\103\64\x37\65\106\106\106\61\60\x30\x30"); $header1 = hex2bin("\70\x32\67\60\x30\x30\x30\x30\60\x30\60\x30"); $header2 = hex2bin("\x37\60\60\60\66\x34\61\60"); $header1[2] = hex2bin(dechex(strlen($emm) + 11)); $header2[1] = hex2bin(dechex(strlen($emm) + 2)); $emm = $emmg_string . $header1 . $ppsa . $header2 . $emm; $emm = str_pad($emm, 223, "\377"); ecco("\123\x68\141\162\145\x64\40\x45\x4d\115\72\xa"); ecco("\x50\120\123\x41\x3a\x20\x20\x20" . prehex($row["\x70\x70\163\141"]) . "\xa"); ecco("\x4b\x65\171\62\60\x3a\40\40" . bin2hex($GLOBALS["\x6b\145\171\62\x30"]) . "\xa"); ecco("\113\145\171\x32\61\x3a\x20\x20" . bin2hex($GLOBALS["\153\x65\171\x32\x31"]) . "\xa"); ecco("\55\x2d\x2d\55\x2d\55\x2d\55\55\x2d\x2d\x2d\55\x2d\x2d\55\55\x2d\55\55\55\55\x2d\55\x2d\55\x2d\x2d\55\x2d\x2d\x2d\x2d\x2d\x2d\x2d\55\x2d\55\x2d\x2d\x2d\x2d\55\x2d\55\x2d\x2d\xa"); ecco(hexdump($emm)); socket_write($socket, $emm, strlen($emm)); } mysqli_close($conn); } goto wp1kB; N0zSb: function emm_date(&$in) { $time = strtotime($in); $cnxdate = floor((date("\x59", $time) - 1990) / 10); $cnxdate = $cnxdate << 5; $cnxdate = $cnxdate | date("\152", $time); $cnxdate = $cnxdate << 4; $cnxdate = $cnxdate | (date("\x59", $time) - 1990) % 10; $cnxdate = $cnxdate << 4; $cnxdate = $cnxdate | date("\156", $time); return hex2bin(dechex($cnxdate)); } goto yFGwd; u6kGz: function readkeys() { global $config; $servername = $config["\163\145\x72\x76\145\x72\x6e\141\155\145"]; $username = $config["\144\x62\165\163\145\x72\156\x61\x6d\x65"]; $password = $config["\144\x62\x70\x61\163\163"]; $dbname = $config["\x64\142\156\x61\155\145"]; $conn = mysqli_connect($servername, $username, $password, $dbname); if (!$conn) { die("\103\157\156\x6e\145\143\164\x69\157\156\x20\x66\141\151\x6c\x65\x64\x3a\40" . mysqli_connect_error()); } $sql = "\123\x45\114\x45\x43\x54\x20\145\x63\x6d\153\145\x79\x20\x46\122\117\x4d\x20\145\143\x6d\x67\x5f\153\x65\x79\163\x20\167\150\x65\162\x65\40\151\x64\x20\75\40\x32\60"; $result = $conn->query($sql); $row = $result->fetch_assoc(); $GLOBALS["\153\145\x79\x32\x30"] = hex2bin($row["\x65\143\x6d\x6b\145\x79"]); $sql = "\x53\105\114\105\103\x54\40\145\x63\155\x6b\x65\171\40\106\122\117\115\40\145\x63\x6d\x67\x5f\x6b\x65\171\x73\40\167\x68\x65\x72\145\x20\x69\x64\40\75\40\x32\x31"; $result = $conn->query($sql); $row = $result->fetch_assoc(); $GLOBALS["\153\x65\171\x32\x31"] = hex2bin($row["\x65\143\155\x6b\x65\x79"]); $sql = "\x53\x45\114\x45\x43\124\x20\145\x63\x6d\x6b\x65\x79\40\x46\x52\x4f\115\x20\145\143\x6d\x67\137\153\x65\171\x73\x20\167\150\145\162\x65\40\151\x64\x20\x3d\x20\x32"; $result = $conn->query($sql); $row = $result->fetch_assoc(); $GLOBALS["\x70\x61\151\x72\x6b\x65\x79"] = hex2bin($row["\145\x63\155\153\145\x79"]); $sql = "\x53\105\114\105\103\x54\40\163\x79\163\164\145\155\x6b\145\171\x20\x46\x52\117\115\40\145\x6d\x6d\x67\137\x73\171\163\164\x65\x6d\x6b\145\171\40\167\x68\145\x72\x65\x20\151\x64\x3d\61"; $result = $conn->query($sql); $row = $result->fetch_assoc(); $GLOBALS["\x73\x79\x73\x6b\x65\171"] = hex2bin($row["\163\x79\163\164\145\155\x6b\x65\171"]); mysqli_close($conn); ecco("\x4b\145\171\163\x20\146\x72\x6f\155\40\x44\x61\x74\x61\x62\x61\x73\145\x20\154\157\x61\x64\x65\144\xa\xa"); } goto E1q3i; IZm3a: require_once "\x6c\x69\142\x2f\103\x72\171\x70\x74\114\x69\142\57\142\157\157\x74\x73\164\162\x61\160\56\x70\x68\160"; goto z_9z0; z_9z0: function ecco($in) { global $config; $echo = $config["\x65\143\x68\x6f"]; if ($echo) { echo $in; } } goto u6kGz; wymwZ: function prehex(&$in) { $out = ''; for ($i = 0; $i < 8 - strlen($in); $i++) { $out .= "\60"; } return $out . $in; } goto wEq7c; fos4q: function emm_setup(&$socket) { ecco("\123\164\162\x65\141\x6d\x2d\x53\145\164\x75\160\x3a\xa\x53\x65\x6e\144\x3a\xa"); $out = hex2bin("\60\x32\x30\60\61\61\60\60\x31\63\60\x30\x30\x33\x30\60\60\x32\x30\60\60\61\60\x30\x30\61\60\60\x30\64\60\60\60\x30\60\60\60\x30\60\60\x30\62\60\60\x30\x31\x30\x31"); ecco(hexdump($out)); socket_write($socket, $out, strlen($out)); $out = socket_read($socket, 2048); ecco("\x52\145\143\x65\x69\166\x65\x64\72\xa"); ecco(hexdump($out)); ecco("\x53\x65\156\x64\72\12"); $out = hex2bin("\60\x32\60\61\61\61\x30\x30\61\x46\60\x30\x30\63\x30\60\60\62\x30\x30\60\x31\60\x30\x30\64\x30\x30\60\x32\x30\x30\x30\x31\x30\x30\60\x31\60\60\x30\64\x30\60\60\x30\60\x30\60\60\x30\x30\x30\x38\60\x30\60\x32\x30\x30\60\x30\x30\60\60\x37\x30\60\x30\61\60\60"); ecco(hexdump($out)); socket_write($socket, $out, strlen($out)); $out = socket_read($socket, 2048); ecco("\x52\145\x63\x65\151\166\145\x64\72\12"); ecco(hexdump($out)); ecco("\x53\x65\x6e\x64\x3a\12"); $out = hex2bin("\60\x32\60\x31\61\67\60\x30\x31\x41\x30\x30\x30\x33\x30\x30\60\62\x30\60\60\x31\60\60\60\64\x30\x30\x30\62\60\x30\x30\x31\x30\60\x30\x31\x30\x30\60\64\x30\60\x30\60\x30\60\60\x30\x30\60\60\x36\60\x30\x30\62\60\60\66\64"); ecco(hexdump($out)); socket_write($socket, $out, strlen($out)); $out = socket_read($socket, 2048); ecco("\122\x65\x63\x65\151\166\x65\x64\72\12"); ecco(hexdump($out)); } goto cVg4P; vxHoV:

Function Calls

None

Variables

None

Stats

MD5 6d5e83d25be60a5644279a4ad5def556
Eval Count 0
Decode Time 65 ms