Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $getflag = false; class GetMessage { function __construct($receive) { ..
Decoded Output download
<?php
$getflag = false;
class GetMessage {
function __construct($receive) {
if ($receive === "HelloBooooooy") {
die("[FRIEND]: Ahahah you get fooled by my security my friend!<br>");
} else {
$this->receive = $receive;
}
}
function __toString() {
return $this->receive;
}
function __destruct() {
global $getflag;
if ($this->receive !== "HelloBooooooy") {
die("[FRIEND]: Hm.. you don't seem to be the friend I was waiting for..<br>");
} else {
if ($getflag) {
include("flag.php");
echo "[FRIEND]: Oh ! Hi! Let me show you my secret: ".$FLAG."<br>";
}
}
}
}
class WakyWaky {
function __wakeup() {
echo "[YOU]: ".$this->msg."<br>";
}
function __toString() {
global $getflag;
$getflag = true;
return (new GetMessage($this->msg))->receive;
}
}
if (isset($_GET['source'])) {
highlight_file(__FILE__);
die();
}
if (isset($_POST["data"]) && !empty($_POST["data"])) {
unserialize($_POST["data"]);
}
?>
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="UTF-8">
<title>PHP - Unserialize Pop Chain</title>
</head>
<body>
<h1>PHP - Unserialize Pop Chain</h1>
<hr>
<br>
<p>
Can you bypass the security your friend put in place to access the flag?
</p>
<br>
<form class="" action="index.php" method="post">
<textarea name="data" rows="5" cols="33" style="width:35%"></textarea>
<br>
<br>
<button type="submit" name="button" style="width:35%">Submit</button>
</form>
<br>
<p>
You can also <a href="?source">View the source</a>
</p>
</body>
</html>Did this file decode correctly?
Original Code
<?php
$getflag = false;
class GetMessage {
function __construct($receive) {
if ($receive === "HelloBooooooy") {
die("[FRIEND]: Ahahah you get fooled by my security my friend!<br>");
} else {
$this->receive = $receive;
}
}
function __toString() {
return $this->receive;
}
function __destruct() {
global $getflag;
if ($this->receive !== "HelloBooooooy") {
die("[FRIEND]: Hm.. you don't seem to be the friend I was waiting for..<br>");
} else {
if ($getflag) {
include("flag.php");
echo "[FRIEND]: Oh ! Hi! Let me show you my secret: ".$FLAG."<br>";
}
}
}
}
class WakyWaky {
function __wakeup() {
echo "[YOU]: ".$this->msg."<br>";
}
function __toString() {
global $getflag;
$getflag = true;
return (new GetMessage($this->msg))->receive;
}
}
if (isset($_GET['source'])) {
highlight_file(__FILE__);
die();
}
if (isset($_POST["data"]) && !empty($_POST["data"])) {
unserialize($_POST["data"]);
}
?>
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="UTF-8">
<title>PHP - Unserialize Pop Chain</title>
</head>
<body>
<h1>PHP - Unserialize Pop Chain</h1>
<hr>
<br>
<p>
Can you bypass the security your friend put in place to access the flag?
</p>
<br>
<form class="" action="index.php" method="post">
<textarea name="data" rows="5" cols="33" style="width:35%"></textarea>
<br>
<br>
<button type="submit" name="button" style="width:35%">Submit</button>
</form>
<br>
<p>
You can also <a href="?source">View the source</a>
</p>
</body>
</html>Function Calls
| None |
Stats
| MD5 | cf11f4857622e3025c3cef8fb2fe98d9 |
| Eval Count | 0 |
| Decode Time | 82 ms |