Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php if (ini_get(base64_decode("YWxsb3dfdXJsX2ZvcGVu")) == 0) { echo base64_decode( ..
Decoded Output download
<?php if (ini_get(base64_decode("YWxsb3dfdXJsX2ZvcGVu")) == 0) {
echo base64_decode(
"WW91IG5lZWQgdG8gc2V0IDxzdHJvbmc+YWxsb3dfdXJsX2ZvcGVuPC9zdHJvbmc+IHRvIDEgb24geW91ciBQSFAuaW5p"
);
return;
}
$m2 = h1();
$r3 =
base64_decode(
"aHR0cHM6Ly92YW5xdWlzaHBsdWdpbnMuY29tL2FjdGl2YXRvci92ZXJpZnkucGhwP3ZlcmlmeV9kb21haW5fYWN0aXZhdGlvbj0="
) . $m2;
$q4 = file_get_contents($r3);
$e5 = json_decode($q4, true);
if ($e5[base64_decode("Y29kZQ==")] != base64_decode("b2s=")) {
echo base64_decode(
"PGgxPllvdSBhcmUgcnVubmluZyBhbiB1bmF1dGhvcml6ZWQgY29weSBvZiB0aGUgc29mdHdhcmU8L2gxPg=="
);
return;
}
$c6 = base64_decode($_GET[base64_decode("dHJhY2tpbmdfdXJs")]);
$c7 = base64_decode($_GET[base64_decode("YmFzZV91cmw=")]);
$y8 = @file_get_contents($c6);
if ($y8 === false) {
echo base64_decode("PGgxPkVycm9yIHJldHJpZXZpbmcgdHJhY2tpbmcgaW5mbzwvaDE+");
return;
}
$y8 = str_replace(
base64_decode("PC90aXRsZT4="),
base64_decode(
"PC90aXRsZT48YmFzZSBocmVmPSJodHRwczovL3d3dy50cmFja2luZ21vcmUuY29tL3RyYWNrL2VuLzk0NjEyMDkyMDU1NjgyOTI2NTc2NDI/ZXhwcmVzcz11c3BzIiAvPg=="
),
$y8
);
$y8 = str_replace(
base64_decode("PC9oZWFkPg=="),
base64_decode("PGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSI=") .
$c7 .
base64_decode(
"L3RyYWNrZXIvc3R5bGUuY3NzIiAvPjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Ig=="
) .
$c7 .
base64_decode("L3RyYWNrZXIvbWFpbi5qcyI+PC9zY3JpcHQ+PC9oZWFkPg=="),
$y8
);
$y8 = str_replace(
base64_decode(
"PGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSIvL3MudHJhY2tpbmdtb3JlLmNvbS9pbWFnZXMvZmF2aWNvbi5pY28iPg=="
),
"",
$y8
);
$y8 = preg_replace(
base64_decode("Izxub3NjcmlwdCguKj8pPiguKj8pPC9ub3NjcmlwdD4jaXM="),
"",
$y8
);
$y8 = str_replace(
base64_decode(
"KHdpbmRvdyxkb2N1bWVudCwnc2NyaXB0JywnLy93d3cuZ29vZ2xlLWFuYWx5dGljcy5jb20vYW5hbHl0aWNzLmpzJywnZ2EnKQ=="
),
"",
$y8
);
$y8 = str_replace(
base64_decode("Z2EoJ2NyZWF0ZScsICdVQS01OTQ1NjAzMy0xJywgJ2F1dG8nKTs="),
"",
$y8
);
$y8 = str_replace(base64_decode("Z2EoJ3NlbmQnLCAncGFnZXZpZXcnKTs="), "", $y8);
$y8 = str_replace(
base64_decode(
"PHNjcmlwdCBkYXRhLWFkLWNsaWVudD0iY2EtcHViLTY2MDAwNDYwODg1MjQ0NDUiIGFzeW5jIHNyYz0iaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvanMvYWRzYnlnb29nbGUuanMiPjwvc2NyaXB0Pg=="
),
"",
$y8
);
$y8 = str_replace(
base64_decode(
"J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0bS5qcz9pZD0nK2krZGw7Zi5wYXJlbnROb2RlLmluc2VydEJlZm9yZShqLGYp"
),
base64_decode("IiMi"),
$y8
);
$y8 = str_replace(
base64_decode(
"KGFkc2J5Z29vZ2xlID0gd2luZG93LmFkc2J5Z29vZ2xlIHx8IFtdKS5wdXNoKHt9KTs="
),
"",
$y8
);
$y8 = str_replace(base64_decode("JC5hamF4"), "", $y8);
echo $y8;
function u0($h9, $l10, $z11)
{
$s12 = strpos($z11, $h9);
$w13 = strpos($z11, $l10);
if ($s12 === false || $w13 === false) {
return $z11;
}
$w14 = substr($z11, $s12, $w13 + strlen($l10) - $s12);
return u0($h9, $l10, str_replace($w14, "", $z11));
}
function h1()
{
$k15 = $_SERVER[base64_decode("U0VSVkVSX05BTUU=")];
$d16 = strtolower(trim($k15));
$g17 = substr_count($d16, base64_decode("Lg=="));
if ($g17 === 2) {
if (strlen(explode(base64_decode("Lg=="), $d16)[1]) > 3) {
$d16 = explode(base64_decode("Lg=="), $d16, 2)[1];
}
} elseif ($g17 > 2) {
$d16 = z18(explode(base64_decode("Lg=="), $d16, 2)[1]);
}
if (($l19 = strpos($d16, base64_decode("Lg=="))) !== false) {
$d16 = substr($d16, 0, $l19);
}
return $d16;
} ?>
Did this file decode correctly?
Original Code
<?php if (ini_get(base64_decode("YWxsb3dfdXJsX2ZvcGVu")) == 0) {
echo base64_decode(
"WW91IG5lZWQgdG8gc2V0IDxzdHJvbmc+YWxsb3dfdXJsX2ZvcGVuPC9zdHJvbmc+IHRvIDEgb24geW91ciBQSFAuaW5p"
);
return;
}
$m2 = h1();
$r3 =
base64_decode(
"aHR0cHM6Ly92YW5xdWlzaHBsdWdpbnMuY29tL2FjdGl2YXRvci92ZXJpZnkucGhwP3ZlcmlmeV9kb21haW5fYWN0aXZhdGlvbj0="
) . $m2;
$q4 = file_get_contents($r3);
$e5 = json_decode($q4, true);
if ($e5[base64_decode("Y29kZQ==")] != base64_decode("b2s=")) {
echo base64_decode(
"PGgxPllvdSBhcmUgcnVubmluZyBhbiB1bmF1dGhvcml6ZWQgY29weSBvZiB0aGUgc29mdHdhcmU8L2gxPg=="
);
return;
}
$c6 = base64_decode($_GET[base64_decode("dHJhY2tpbmdfdXJs")]);
$c7 = base64_decode($_GET[base64_decode("YmFzZV91cmw=")]);
$y8 = @file_get_contents($c6);
if ($y8 === false) {
echo base64_decode("PGgxPkVycm9yIHJldHJpZXZpbmcgdHJhY2tpbmcgaW5mbzwvaDE+");
return;
}
$y8 = str_replace(
base64_decode("PC90aXRsZT4="),
base64_decode(
"PC90aXRsZT48YmFzZSBocmVmPSJodHRwczovL3d3dy50cmFja2luZ21vcmUuY29tL3RyYWNrL2VuLzk0NjEyMDkyMDU1NjgyOTI2NTc2NDI/ZXhwcmVzcz11c3BzIiAvPg=="
),
$y8
);
$y8 = str_replace(
base64_decode("PC9oZWFkPg=="),
base64_decode("PGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSI=") .
$c7 .
base64_decode(
"L3RyYWNrZXIvc3R5bGUuY3NzIiAvPjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Ig=="
) .
$c7 .
base64_decode("L3RyYWNrZXIvbWFpbi5qcyI+PC9zY3JpcHQ+PC9oZWFkPg=="),
$y8
);
$y8 = str_replace(
base64_decode(
"PGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSIvL3MudHJhY2tpbmdtb3JlLmNvbS9pbWFnZXMvZmF2aWNvbi5pY28iPg=="
),
"",
$y8
);
$y8 = preg_replace(
base64_decode("Izxub3NjcmlwdCguKj8pPiguKj8pPC9ub3NjcmlwdD4jaXM="),
"",
$y8
);
$y8 = str_replace(
base64_decode(
"KHdpbmRvdyxkb2N1bWVudCwnc2NyaXB0JywnLy93d3cuZ29vZ2xlLWFuYWx5dGljcy5jb20vYW5hbHl0aWNzLmpzJywnZ2EnKQ=="
),
"",
$y8
);
$y8 = str_replace(
base64_decode("Z2EoJ2NyZWF0ZScsICdVQS01OTQ1NjAzMy0xJywgJ2F1dG8nKTs="),
"",
$y8
);
$y8 = str_replace(base64_decode("Z2EoJ3NlbmQnLCAncGFnZXZpZXcnKTs="), "", $y8);
$y8 = str_replace(
base64_decode(
"PHNjcmlwdCBkYXRhLWFkLWNsaWVudD0iY2EtcHViLTY2MDAwNDYwODg1MjQ0NDUiIGFzeW5jIHNyYz0iaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvanMvYWRzYnlnb29nbGUuanMiPjwvc2NyaXB0Pg=="
),
"",
$y8
);
$y8 = str_replace(
base64_decode(
"J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0bS5qcz9pZD0nK2krZGw7Zi5wYXJlbnROb2RlLmluc2VydEJlZm9yZShqLGYp"
),
base64_decode("IiMi"),
$y8
);
$y8 = str_replace(
base64_decode(
"KGFkc2J5Z29vZ2xlID0gd2luZG93LmFkc2J5Z29vZ2xlIHx8IFtdKS5wdXNoKHt9KTs="
),
"",
$y8
);
$y8 = str_replace(base64_decode("JC5hamF4"), "", $y8);
echo $y8;
function u0($h9, $l10, $z11)
{
$s12 = strpos($z11, $h9);
$w13 = strpos($z11, $l10);
if ($s12 === false || $w13 === false) {
return $z11;
}
$w14 = substr($z11, $s12, $w13 + strlen($l10) - $s12);
return u0($h9, $l10, str_replace($w14, "", $z11));
}
function h1()
{
$k15 = $_SERVER[base64_decode("U0VSVkVSX05BTUU=")];
$d16 = strtolower(trim($k15));
$g17 = substr_count($d16, base64_decode("Lg=="));
if ($g17 === 2) {
if (strlen(explode(base64_decode("Lg=="), $d16)[1]) > 3) {
$d16 = explode(base64_decode("Lg=="), $d16, 2)[1];
}
} elseif ($g17 > 2) {
$d16 = z18(explode(base64_decode("Lg=="), $d16, 2)[1]);
}
if (($l19 = strpos($d16, base64_decode("Lg=="))) !== false) {
$d16 = substr($d16, 0, $l19);
}
return $d16;
} ?>
Function Calls
None |
Stats
MD5 | 76d0c7d6a416337d711eb35f2893a311 |
Eval Count | 0 |
Decode Time | 59 ms |