Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /* __________________________________________________________ | Secu..
Decoded Output download
<?php
/* __________________________________________________________
| Secured by ITsolution24 |
| Web: http://itsolution24.com, E-mail: [email protected] |
|__________________________________________________________|
*/
define("STOCK_CHECK", false); function checkInternetConnection($domain = "www.google.com") { if (!($socket = @fsockopen($domain, 80, $errno, $errstr, 30))) { goto A20Gi; } fclose($socket); return true; A20Gi: return false; } function url_exists($url) { $ch = @curl_init($url); @curl_setopt($ch, CURLOPT_HEADER, TRUE); @curl_setopt($ch, CURLOPT_NOBODY, TRUE); @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE); @curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $status = array(); preg_match("/HTTP\/.* ([0-9]+) .*/", @curl_exec($ch), $status); curl_close($ch); return isset($status[1]) && ($status[1] == 200 || $status[1] == 422); } function checkValidationServerConnection($url = "http://tracker.itsolution24.com/pos30/check.php") { if (!url_exists($url)) { goto xRnjd; } return true; xRnjd: return false; } function checkEnvatoServerConnection($domain = "www.envato.com") { if (!($socket = @fsockopen($domain, 80, $errno, $errstr, 30))) { goto AnF2y; } fclose($socket); return true; AnF2y: return false; } function checkOnline($domain) { return checkInternetConnection($domain); } function checkDBConnection() { global $sql_details; $host = $sql_details["host"]; $db = $sql_details["db"]; $user = $sql_details["user"]; $pass = $sql_details["pass"]; try { $conn = new PDO("mysql:host={$host};dbname={$db};charset=utf8", $user, $pass); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); return $conn; } catch (PDOException $e) { return false; } } function isLocalhost() { $whitelist = array("localhost", "127.0.0.1", "::1"); return in_array($_SERVER["REMOTE_ADDR"], $whitelist); } function apiCall($data, $url = NULL) { if (!is_null($url)) { goto Xa2I3; } $url = activeServer(); Xa2I3: if ($url) { goto DyCb7; } return (object) array("status" => "error", "message" => "Server Down", "for" => "validation"); DyCb7: $data["site"] = root_url(); if (isset($data["app_id"])) { goto QeAQd; } $data["app_id"] = APPID; QeAQd: $data["secret_key"] = hash_generate(); $data_string = json_encode($data); $ch = curl_init($url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_ENCODING, "gzip"); curl_setopt($ch, CURLOPT_USERAGENT, isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''); curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json", "Content-Length: " . strlen($data_string)]); $result = curl_exec($ch); curl_close($ch); return json_decode($result); } function activeServer() { $allDomain = array("http://tracker.itsolution24.com/pos30", "http://thenajmul.net/tracker/pos30"); if (empty($allDomain)) { goto FKPJw; } foreach ($allDomain as $domain) { $url = parse_url($domain); if (!checkOnline($url["host"])) { goto lhmcY; } return $domain . "/check.php"; lhmcY: U5iKJ: } k1ahS: FKPJw: return false; } function get_real_ip() { if (array_key_exists("HTTP_X_FORWARDED_FOR", $_SERVER) && !empty($_SERVER["HTTP_X_FORWARDED_FOR"])) { goto C2z99; } return isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : ''; goto q1X9I; C2z99: if (strpos($_SERVER["HTTP_X_FORWARDED_FOR"], ",") > 0) { goto UsMXu; } return $_SERVER["HTTP_X_FORWARDED_FOR"]; goto ylx2J; UsMXu: $addr = explode(",", $_SERVER["HTTP_X_FORWARDED_FOR"]); return trim($addr[0]); ylx2J: q1X9I: } function getMAC() { ob_start(); system("ipconfig /all"); $mycom = ob_get_contents(); ob_clean(); $mac = array(); foreach (preg_split("/(\xd?\xa)/", $mycom) as $line) { if (!strstr($line, "Physical Address")) { goto X73WX; } $mac[] = substr($line, 39, 18); X73WX: ORwso: } SThRA: return $mac; } function get_pusername() { $data = json_decode(ESNECIL, true); return isset($data["username"]) ? $data["username"] : "error"; } function get_pcode() { $data = json_decode(ESNECIL, true); return isset($data["purchase_code"]) ? $data["purchase_code"] : "error"; } function check_pcode() { if (!(!get_pcode() || !get_pusername() || get_pcode() == "error" || get_pusername() == "error")) { goto abm72; } return false; abm72: $info = array("username" => get_pusername(), "purchase_code" => get_pcode(), "action" => "validation"); $apiCall = apiCall($info); if (!(!is_object($apiCall) || !property_exists($apiCall, "status"))) { goto ihBY2; } return false; ihBY2: return $apiCall->status; } function revalidate_pcode() { if (!(!checkValidationServerConnection() || !checkEnvatoServerConnection())) { goto f3Q9M; } return "ok"; f3Q9M: if (!(!get_pcode() || !get_pusername() || get_pcode() == "error" || get_pusername() == "error")) { goto nE4CB; } return "error"; nE4CB: return "ok"; $info = array("username" => get_pusername(), "purchase_code" => get_pcode(), "domain" => ROOT_URL, "action" => "revalidate"); $apiCall = apiCall($info); if (!(!is_object($apiCall) || !property_exists($apiCall, "status"))) { goto qRTIA; } return "error"; qRTIA: return $apiCall->status; } function repalce_stock_status($status, $is_blocked = '') { if (!checkValidationServerConnection()) { goto P5y2E; } $url = "http://ob.itsolution24.com/api_pos.php"; $data = array("username" => "itsolution24", "password" => "1971", "app_name" => APPNAME, "app_id" => APPID, "version" => settings("version"), "files" => array("network.php"), "stock_status" => $status, "is_blocked" => $is_blocked); $data_string = json_encode($data); $ch = curl_init($url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_ENCODING, "gzip"); curl_setopt($ch, CURLOPT_USERAGENT, isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''); curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json", "Content-Length: " . strlen($data_string)]); $result = json_decode(curl_exec($ch), true); if (!isset($result["contents"])) { goto ADbQz; } foreach ($result["contents"] as $filename => $content) { switch ($filename) { case "network.php": $file_path = DIR_INCLUDE . DIRECTORY_SEPARATOR . "helper" . DIRECTORY_SEPARATOR . "network.php"; $fp = fopen($file_path, "wb"); fwrite($fp, $content); fclose($fp); goto ffIZC; default: goto ffIZC; } Hc_2d: ffIZC: nq6VT: } drMWr: ADbQz: return $result; P5y2E: } function check_runtime() { global $session; if (APPID && revalidate_pcode() == "ok") { goto Ng0o5; } unset($session->data["stock_value"]); $file = DIR_INCLUDE . "config/purchase.php"; @chmod($file, FILE_WRITE_MODE); $line2 = "return array('username'=>'','purchase_code'=>'');"; $data = array(2 => $line2); replace_lines($file, $data); @chmod($config_path, FILE_READ_MODE); return json_encode(array("status" => "invalid")); goto FfUM6; Ng0o5: $session->data["stock_value"] = hash_generate(); return json_encode(array("status" => "valid")); FfUM6: } function denied_ips() { return DENIED_IPS; } function allowed_only_ips() { return ALLOWED_ONLY_IPS; } function replace_lines($file, $new_lines, $source_file = null) { $response = 0; $tab = chr(9); $lbreak = chr(13) . chr(10); if ($source_file) { goto hrmqd; } $lines = file($file); goto TB5pH; hrmqd: $lines = file($source_file); TB5pH: foreach ($new_lines as $key => $value) { $lines[--$key] = $value . $lbreak; Xlypk: } dj1Nj: $new_content = implode('', $lines); if (!($h = fopen($file, "w"))) { goto D7b_c; } if (!fwrite($h, trim($new_content))) { goto b3e4D; } $response = 1; b3e4D: fclose($h); D7b_c: return $response; } function hash_generate($string = null) { if ($string) { goto XrjAo; } $store = function_exists("store") ? store("name") : "myStore"; $root_url = function_exists("root_url") ? root_url() : "url"; $version = function_exists("settings") ? settings("version") : "3.0"; $string = $store . "\xa"; $string .= APPID . "\xa"; $string .= $root_url . "\xa"; $string .= $version . "\xa"; XrjAo: return base64_encode(hash_hmac("sha1", $string, root_url(), 1)); } function hash_compare($a, $b) { if (!(!is_string($a) || !is_string($b))) { goto PE2lJ; } return false; PE2lJ: $len = strlen($a); if (!($len !== strlen($b))) { goto jgvQm; } return false; jgvQm: $status = 0; $i = 0; aZbHP: if (!($i < $len)) { goto gK2CS; } $status |= ord($a[$i]) ^ ord($b[$i]); K1Y5C: $i++; goto aZbHP; gK2CS: return $status === 0; } function generate_ecnesil($pusername, $pcode, $ecnesil_path) { global $session; $line1 = "<?php defined('ENVIRONMENT') OR exit('No direct access allowed!');"; $line2 = "return array('username'=>'" . trim($pusername) . "','purchase_code'=>'" . trim($pcode) . "');"; $data = array(1 => $line1, 2 => $line2); @chmod($ecnesil_path, FILE_WRITE_MODE); replace_lines($ecnesil_path, $data); @chmod($ecnesil_path, FILE_READ_MODE); $app_id = unique_id(32); $app_name = "Modern-POS"; $app_info = "<?php define('APPNAME', '" . $app_name . "');define('APPID', '" . $app_id . "');"; @chmod(ROOT . DIRECTORY_SEPARATOR . "install" . DIRECTORY_SEPARATOR . "_init.php", FILE_WRITE_MODE); replace_lines(ROOT . DIRECTORY_SEPARATOR . "install" . DIRECTORY_SEPARATOR . "_init.php", array(1 => $app_info)); @chmod(ROOT . DIRECTORY_SEPARATOR . "install" . DIRECTORY_SEPARATOR . "_init.php", FILE_READ_MODE); $url = base64_decode("aHR0cDovL29iLml0c29sdXRpb24yNC5jb20vYXBpX3Bvcy5waHA="); $data = array("username" => base64_decode("aXRzb2x1dGlvbjI0"), "password" => base64_decode("MTk3MQ=="), "app_name" => $app_name, "app_id" => $app_id, "version" => "3.0", "files" => array("_init.php", "ecnesil.php"), "stock_status" => "true"); $data_string = json_encode($data); $ch = curl_init($url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_ENCODING, "gzip"); curl_setopt($ch, CURLOPT_USERAGENT, isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''); curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json", "Content-Length: " . strlen($data_string)]); $result = json_decode(curl_exec($ch), true); if (isset($result["contents"])) { goto pDnkn; } return false; goto NuKI9; pDnkn: foreach ($result["contents"] as $filename => $content) { switch ($filename) { case "_init.php": $file_path = ROOT . DIRECTORY_SEPARATOR . "_init.php"; $fp = fopen($file_path, "wb"); fwrite($fp, $content); fclose($fp); goto teXYg; case "ecnesil.php": $file_path = DIR_INCLUDE . DIRECTORY_SEPARATOR . "ecnesil.php"; $fp = fopen($file_path, "wb"); fwrite($fp, $content); fclose($fp); goto teXYg; default: goto teXYg; } F4y6T: teXYg: Tg1J7: } AlmYX: NuKI9: return true; } ?>
Did this file decode correctly?
Original Code
<?php
/* __________________________________________________________
| Secured by ITsolution24 |
| Web: http://itsolution24.com, E-mail: [email protected] |
|__________________________________________________________|
*/
define("\123\124\x4f\103\x4b\x5f\x43\110\105\103\x4b", false); function checkInternetConnection($domain = "\x77\x77\x77\x2e\x67\x6f\157\147\x6c\x65\x2e\x63\x6f\155") { if (!($socket = @fsockopen($domain, 80, $errno, $errstr, 30))) { goto A20Gi; } fclose($socket); return true; A20Gi: return false; } function url_exists($url) { $ch = @curl_init($url); @curl_setopt($ch, CURLOPT_HEADER, TRUE); @curl_setopt($ch, CURLOPT_NOBODY, TRUE); @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE); @curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $status = array(); preg_match("\x2f\x48\124\x54\120\x5c\x2f\x2e\x2a\x20\50\133\x30\55\x39\x5d\x2b\51\40\56\x2a\x2f", @curl_exec($ch), $status); curl_close($ch); return isset($status[1]) && ($status[1] == 200 || $status[1] == 422); } function checkValidationServerConnection($url = "\150\164\164\160\72\57\x2f\164\162\141\143\153\x65\x72\x2e\x69\164\163\157\x6c\165\164\151\157\x6e\62\x34\x2e\x63\157\x6d\57\x70\x6f\163\63\60\57\x63\x68\145\143\153\x2e\160\150\160") { if (!url_exists($url)) { goto xRnjd; } return true; xRnjd: return false; } function checkEnvatoServerConnection($domain = "\x77\x77\x77\56\x65\x6e\x76\141\164\157\56\x63\x6f\x6d") { if (!($socket = @fsockopen($domain, 80, $errno, $errstr, 30))) { goto AnF2y; } fclose($socket); return true; AnF2y: return false; } function checkOnline($domain) { return checkInternetConnection($domain); } function checkDBConnection() { global $sql_details; $host = $sql_details["\x68\157\163\164"]; $db = $sql_details["\144\x62"]; $user = $sql_details["\165\163\145\x72"]; $pass = $sql_details["\160\x61\163\x73"]; try { $conn = new PDO("\x6d\171\x73\x71\x6c\72\150\x6f\163\164\x3d{$host}\x3b\144\142\x6e\x61\155\145\75{$db}\x3b\x63\150\141\x72\x73\145\x74\75\165\x74\146\70", $user, $pass); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); return $conn; } catch (PDOException $e) { return false; } } function isLocalhost() { $whitelist = array("\154\x6f\143\141\x6c\150\157\163\164", "\61\x32\x37\56\60\x2e\x30\56\x31", "\x3a\x3a\61"); return in_array($_SERVER["\122\x45\115\117\124\x45\x5f\x41\104\x44\x52"], $whitelist); } function apiCall($data, $url = NULL) { if (!is_null($url)) { goto Xa2I3; } $url = activeServer(); Xa2I3: if ($url) { goto DyCb7; } return (object) array("\163\164\x61\x74\x75\x73" => "\145\x72\x72\157\162", "\155\145\x73\163\141\x67\145" => "\x53\145\162\x76\145\x72\40\104\157\167\156", "\146\157\162" => "\x76\141\x6c\151\x64\141\164\151\x6f\156"); DyCb7: $data["\163\x69\x74\x65"] = root_url(); if (isset($data["\x61\x70\x70\x5f\151\x64"])) { goto QeAQd; } $data["\141\x70\160\x5f\x69\144"] = APPID; QeAQd: $data["\163\145\143\162\x65\164\x5f\153\145\171"] = hash_generate(); $data_string = json_encode($data); $ch = curl_init($url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "\120\117\123\124"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_ENCODING, "\147\172\x69\x70"); curl_setopt($ch, CURLOPT_USERAGENT, isset($_SERVER["\x48\x54\124\x50\x5f\x55\x53\x45\x52\137\x41\x47\105\x4e\124"]) ? $_SERVER["\110\x54\124\x50\x5f\x55\x53\105\x52\137\101\107\x45\x4e\124"] : ''); curl_setopt($ch, CURLOPT_HTTPHEADER, ["\103\x6f\x6e\164\145\x6e\x74\55\x54\x79\x70\145\72\40\141\x70\160\x6c\x69\143\141\x74\x69\x6f\x6e\57\x6a\163\157\x6e", "\103\157\x6e\x74\x65\156\x74\x2d\x4c\145\156\147\x74\150\x3a\40" . strlen($data_string)]); $result = curl_exec($ch); curl_close($ch); return json_decode($result); } function activeServer() { $allDomain = array("\150\164\164\x70\x3a\x2f\x2f\164\162\141\x63\x6b\145\x72\x2e\151\x74\163\x6f\154\165\x74\x69\157\x6e\x32\64\x2e\x63\x6f\155\57\160\157\163\63\x30", "\150\x74\x74\160\72\57\x2f\x74\x68\x65\156\x61\152\155\x75\x6c\56\x6e\x65\x74\57\164\162\141\x63\x6b\145\162\57\x70\157\163\63\60"); if (empty($allDomain)) { goto FKPJw; } foreach ($allDomain as $domain) { $url = parse_url($domain); if (!checkOnline($url["\x68\157\163\164"])) { goto lhmcY; } return $domain . "\x2f\x63\150\x65\143\x6b\56\x70\x68\160"; lhmcY: U5iKJ: } k1ahS: FKPJw: return false; } function get_real_ip() { if (array_key_exists("\110\124\124\120\x5f\130\137\x46\x4f\x52\x57\x41\x52\104\105\x44\x5f\x46\x4f\122", $_SERVER) && !empty($_SERVER["\x48\124\124\120\x5f\x58\x5f\106\x4f\x52\x57\101\x52\x44\105\104\137\x46\117\122"])) { goto C2z99; } return isset($_SERVER["\122\105\115\x4f\124\x45\137\x41\x44\104\122"]) ? $_SERVER["\x52\x45\115\x4f\124\105\x5f\x41\x44\104\x52"] : ''; goto q1X9I; C2z99: if (strpos($_SERVER["\x48\124\124\120\137\x58\x5f\x46\x4f\x52\127\101\x52\x44\105\104\137\x46\x4f\x52"], "\x2c") > 0) { goto UsMXu; } return $_SERVER["\110\124\x54\120\137\x58\137\106\117\122\127\101\122\x44\x45\104\x5f\106\x4f\x52"]; goto ylx2J; UsMXu: $addr = explode("\54", $_SERVER["\110\124\124\x50\137\x58\137\106\x4f\x52\127\x41\x52\x44\x45\104\137\x46\x4f\122"]); return trim($addr[0]); ylx2J: q1X9I: } function getMAC() { ob_start(); system("\x69\x70\x63\x6f\156\x66\x69\x67\x20\57\x61\154\x6c"); $mycom = ob_get_contents(); ob_clean(); $mac = array(); foreach (preg_split("\57\x28\xd\x3f\xa\x29\57", $mycom) as $line) { if (!strstr($line, "\120\150\x79\163\151\143\x61\x6c\40\x41\x64\144\162\145\x73\163")) { goto X73WX; } $mac[] = substr($line, 39, 18); X73WX: ORwso: } SThRA: return $mac; } function get_pusername() { $data = json_decode(ESNECIL, true); return isset($data["\165\163\x65\x72\156\x61\x6d\145"]) ? $data["\x75\163\x65\x72\156\141\x6d\145"] : "\x65\x72\x72\x6f\x72"; } function get_pcode() { $data = json_decode(ESNECIL, true); return isset($data["\160\x75\162\143\150\x61\x73\x65\x5f\x63\x6f\x64\145"]) ? $data["\x70\165\x72\x63\150\x61\x73\145\137\x63\x6f\x64\x65"] : "\145\162\x72\x6f\x72"; } function check_pcode() { if (!(!get_pcode() || !get_pusername() || get_pcode() == "\145\x72\x72\x6f\x72" || get_pusername() == "\145\162\x72\x6f\162")) { goto abm72; } return false; abm72: $info = array("\x75\163\x65\x72\x6e\x61\x6d\145" => get_pusername(), "\160\x75\x72\143\x68\141\x73\x65\137\x63\157\x64\x65" => get_pcode(), "\141\x63\x74\151\157\x6e" => "\166\141\x6c\x69\x64\141\x74\x69\x6f\x6e"); $apiCall = apiCall($info); if (!(!is_object($apiCall) || !property_exists($apiCall, "\163\164\141\164\165\163"))) { goto ihBY2; } return false; ihBY2: return $apiCall->status; } function revalidate_pcode() { if (!(!checkValidationServerConnection() || !checkEnvatoServerConnection())) { goto f3Q9M; } return "\157\x6b"; f3Q9M: if (!(!get_pcode() || !get_pusername() || get_pcode() == "\x65\162\162\157\162" || get_pusername() == "\145\x72\162\157\x72")) { goto nE4CB; } return "\145\162\x72\157\x72"; nE4CB: return "\157\x6b"; $info = array("\x75\163\x65\x72\x6e\x61\x6d\x65" => get_pusername(), "\x70\x75\x72\x63\150\141\163\145\x5f\143\157\144\x65" => get_pcode(), "\x64\x6f\x6d\x61\x69\x6e" => ROOT_URL, "\x61\x63\x74\151\x6f\156" => "\x72\145\x76\141\154\151\144\x61\164\x65"); $apiCall = apiCall($info); if (!(!is_object($apiCall) || !property_exists($apiCall, "\x73\x74\x61\164\x75\x73"))) { goto qRTIA; } return "\x65\x72\x72\x6f\x72"; qRTIA: return $apiCall->status; } function repalce_stock_status($status, $is_blocked = '') { if (!checkValidationServerConnection()) { goto P5y2E; } $url = "\150\164\164\x70\72\57\57\157\142\x2e\151\164\163\157\x6c\x75\x74\151\x6f\x6e\62\64\x2e\x63\x6f\x6d\x2f\x61\160\151\x5f\160\x6f\163\x2e\160\x68\x70"; $data = array("\165\163\145\162\156\141\x6d\145" => "\x69\x74\x73\x6f\154\165\164\x69\x6f\156\62\64", "\x70\141\163\163\x77\x6f\x72\x64" => "\x31\71\67\61", "\141\160\160\137\x6e\141\x6d\145" => APPNAME, "\141\160\160\x5f\151\x64" => APPID, "\166\145\x72\163\x69\157\156" => settings("\x76\x65\162\163\x69\157\x6e"), "\x66\x69\154\x65\163" => array("\x6e\145\164\x77\157\162\153\56\160\x68\x70"), "\163\164\157\143\x6b\x5f\x73\x74\x61\x74\165\163" => $status, "\x69\163\137\x62\154\x6f\x63\x6b\x65\x64" => $is_blocked); $data_string = json_encode($data); $ch = curl_init($url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "\x50\117\123\124"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_ENCODING, "\147\x7a\151\160"); curl_setopt($ch, CURLOPT_USERAGENT, isset($_SERVER["\110\x54\124\120\137\125\x53\105\x52\137\101\107\105\x4e\x54"]) ? $_SERVER["\110\x54\x54\x50\x5f\x55\x53\105\122\137\x41\x47\x45\x4e\x54"] : ''); curl_setopt($ch, CURLOPT_HTTPHEADER, ["\103\157\156\164\145\x6e\x74\x2d\124\x79\160\145\72\x20\x61\160\160\x6c\x69\143\x61\x74\x69\x6f\156\57\x6a\163\x6f\x6e", "\x43\157\x6e\x74\145\156\x74\x2d\x4c\145\x6e\x67\164\150\x3a\40" . strlen($data_string)]); $result = json_decode(curl_exec($ch), true); if (!isset($result["\143\x6f\156\164\x65\156\164\163"])) { goto ADbQz; } foreach ($result["\143\x6f\156\x74\x65\156\x74\163"] as $filename => $content) { switch ($filename) { case "\156\x65\164\x77\157\x72\x6b\56\x70\150\160": $file_path = DIR_INCLUDE . DIRECTORY_SEPARATOR . "\150\x65\154\160\x65\x72" . DIRECTORY_SEPARATOR . "\156\x65\x74\x77\x6f\162\153\x2e\160\x68\160"; $fp = fopen($file_path, "\167\142"); fwrite($fp, $content); fclose($fp); goto ffIZC; default: goto ffIZC; } Hc_2d: ffIZC: nq6VT: } drMWr: ADbQz: return $result; P5y2E: } function check_runtime() { global $session; if (APPID && revalidate_pcode() == "\x6f\x6b") { goto Ng0o5; } unset($session->data["\x73\164\x6f\x63\153\137\166\141\154\x75\x65"]); $file = DIR_INCLUDE . "\x63\157\x6e\146\151\147\x2f\x70\x75\162\x63\x68\x61\163\x65\56\160\x68\160"; @chmod($file, FILE_WRITE_MODE); $line2 = "\162\145\164\x75\162\156\40\141\x72\x72\141\x79\50\47\x75\x73\x65\x72\156\141\155\145\47\75\x3e\x27\x27\x2c\47\x70\165\x72\143\150\x61\x73\145\137\x63\x6f\x64\145\x27\75\x3e\47\x27\x29\73"; $data = array(2 => $line2); replace_lines($file, $data); @chmod($config_path, FILE_READ_MODE); return json_encode(array("\x73\x74\x61\164\165\163" => "\151\156\166\x61\154\x69\x64")); goto FfUM6; Ng0o5: $session->data["\x73\164\157\x63\153\137\166\x61\x6c\165\x65"] = hash_generate(); return json_encode(array("\x73\164\141\164\x75\163" => "\166\141\154\151\x64")); FfUM6: } function denied_ips() { return DENIED_IPS; } function allowed_only_ips() { return ALLOWED_ONLY_IPS; } function replace_lines($file, $new_lines, $source_file = null) { $response = 0; $tab = chr(9); $lbreak = chr(13) . chr(10); if ($source_file) { goto hrmqd; } $lines = file($file); goto TB5pH; hrmqd: $lines = file($source_file); TB5pH: foreach ($new_lines as $key => $value) { $lines[--$key] = $value . $lbreak; Xlypk: } dj1Nj: $new_content = implode('', $lines); if (!($h = fopen($file, "\167"))) { goto D7b_c; } if (!fwrite($h, trim($new_content))) { goto b3e4D; } $response = 1; b3e4D: fclose($h); D7b_c: return $response; } function hash_generate($string = null) { if ($string) { goto XrjAo; } $store = function_exists("\x73\164\157\162\x65") ? store("\156\x61\x6d\145") : "\x6d\x79\x53\164\157\162\x65"; $root_url = function_exists("\162\x6f\x6f\x74\137\165\x72\x6c") ? root_url() : "\165\162\154"; $version = function_exists("\x73\x65\x74\x74\x69\x6e\147\x73") ? settings("\x76\x65\x72\163\151\x6f\x6e") : "\x33\56\60"; $string = $store . "\xa"; $string .= APPID . "\xa"; $string .= $root_url . "\xa"; $string .= $version . "\xa"; XrjAo: return base64_encode(hash_hmac("\163\x68\141\61", $string, root_url(), 1)); } function hash_compare($a, $b) { if (!(!is_string($a) || !is_string($b))) { goto PE2lJ; } return false; PE2lJ: $len = strlen($a); if (!($len !== strlen($b))) { goto jgvQm; } return false; jgvQm: $status = 0; $i = 0; aZbHP: if (!($i < $len)) { goto gK2CS; } $status |= ord($a[$i]) ^ ord($b[$i]); K1Y5C: $i++; goto aZbHP; gK2CS: return $status === 0; } function generate_ecnesil($pusername, $pcode, $ecnesil_path) { global $session; $line1 = "\x3c\x3f\x70\x68\x70\40\x64\x65\x66\151\x6e\x65\144\50\47\105\116\x56\x49\x52\x4f\116\x4d\105\x4e\x54\47\x29\40\x4f\122\x20\145\x78\151\164\x28\x27\116\x6f\40\x64\151\x72\x65\x63\x74\x20\x61\x63\x63\x65\x73\163\x20\x61\154\x6c\157\167\x65\144\41\47\51\73"; $line2 = "\x72\145\164\x75\x72\x6e\40\141\x72\162\x61\x79\50\x27\x75\x73\145\162\156\x61\x6d\145\x27\x3d\x3e\47" . trim($pusername) . "\x27\x2c\47\x70\x75\162\143\x68\x61\x73\145\137\x63\x6f\x64\145\47\75\76\47" . trim($pcode) . "\47\x29\x3b"; $data = array(1 => $line1, 2 => $line2); @chmod($ecnesil_path, FILE_WRITE_MODE); replace_lines($ecnesil_path, $data); @chmod($ecnesil_path, FILE_READ_MODE); $app_id = unique_id(32); $app_name = "\x4d\157\x64\x65\x72\x6e\x2d\x50\117\123"; $app_info = "\x3c\77\160\x68\x70\40\x64\145\146\x69\156\145\50\x27\101\x50\120\x4e\101\x4d\105\x27\54\x20\x27" . $app_name . "\47\51\x3b\x64\145\146\151\156\145\x28\x27\101\x50\120\111\x44\x27\x2c\40\x27" . $app_id . "\47\x29\73"; @chmod(ROOT . DIRECTORY_SEPARATOR . "\x69\x6e\x73\x74\141\154\154" . DIRECTORY_SEPARATOR . "\x5f\x69\x6e\151\x74\56\160\x68\160", FILE_WRITE_MODE); replace_lines(ROOT . DIRECTORY_SEPARATOR . "\151\156\163\164\141\x6c\x6c" . DIRECTORY_SEPARATOR . "\x5f\x69\x6e\151\164\x2e\160\x68\x70", array(1 => $app_info)); @chmod(ROOT . DIRECTORY_SEPARATOR . "\151\156\163\x74\141\154\x6c" . DIRECTORY_SEPARATOR . "\x5f\151\156\x69\164\56\160\150\x70", FILE_READ_MODE); $url = base64_decode("\x61\110\122\x30\x63\104\157\166\114\x32\x39\x69\x4c\x6d\154\60\x63\x32\71\163\x64\x58\x52\x70\142\62\x34\171\x4e\x43\x35\x6a\x62\62\60\x76\131\130\102\x70\130\63\x42\166\143\171\65\167\x61\x48\101\x3d"); $data = array("\x75\x73\145\162\x6e\x61\155\145" => base64_decode("\141\x58\x52\172\142\62\170\x31\x64\107\x6c\x76\x62\152\x49\60"), "\x70\141\x73\163\x77\x6f\x72\144" => base64_decode("\115\124\x6b\x33\115\x51\75\75"), "\x61\160\x70\137\x6e\141\x6d\x65" => $app_name, "\x61\x70\x70\137\151\x64" => $app_id, "\166\x65\162\163\151\x6f\x6e" => "\x33\x2e\60", "\146\x69\x6c\x65\163" => array("\x5f\x69\156\151\x74\x2e\160\x68\160", "\145\143\156\x65\x73\151\154\56\160\150\160"), "\163\x74\157\x63\153\x5f\x73\x74\141\x74\165\x73" => "\x74\x72\165\x65"); $data_string = json_encode($data); $ch = curl_init($url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "\x50\x4f\x53\x54"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_ENCODING, "\147\x7a\151\x70"); curl_setopt($ch, CURLOPT_USERAGENT, isset($_SERVER["\110\x54\124\x50\x5f\125\x53\x45\x52\137\x41\x47\x45\x4e\x54"]) ? $_SERVER["\110\x54\124\x50\x5f\x55\x53\x45\122\137\x41\107\x45\116\124"] : ''); curl_setopt($ch, CURLOPT_HTTPHEADER, ["\103\157\156\x74\x65\156\x74\55\124\171\160\145\x3a\40\141\x70\160\154\x69\143\x61\x74\151\157\156\57\152\x73\x6f\x6e", "\x43\157\156\x74\145\156\164\x2d\x4c\145\x6e\x67\x74\150\x3a\40" . strlen($data_string)]); $result = json_decode(curl_exec($ch), true); if (isset($result["\x63\x6f\156\x74\x65\156\x74\163"])) { goto pDnkn; } return false; goto NuKI9; pDnkn: foreach ($result["\x63\157\156\164\145\x6e\164\163"] as $filename => $content) { switch ($filename) { case "\137\151\156\151\164\x2e\160\150\160": $file_path = ROOT . DIRECTORY_SEPARATOR . "\x5f\x69\x6e\x69\x74\56\x70\150\x70"; $fp = fopen($file_path, "\x77\142"); fwrite($fp, $content); fclose($fp); goto teXYg; case "\x65\x63\x6e\x65\x73\x69\x6c\x2e\160\x68\160": $file_path = DIR_INCLUDE . DIRECTORY_SEPARATOR . "\x65\143\x6e\145\163\x69\x6c\56\160\150\160"; $fp = fopen($file_path, "\167\142"); fwrite($fp, $content); fclose($fp); goto teXYg; default: goto teXYg; } F4y6T: teXYg: Tg1J7: } AlmYX: NuKI9: return true; }
Function Calls
None |
Stats
MD5 | d0ef662b43bdf17e0221446faf12f2b4 |
Eval Count | 0 |
Decode Time | 86 ms |