decoding a eval(base64_decode

Parabola · May 15, 2007

<?PHP
<?PHP
eval(base64_decode('JGNvZGVsb2NrX2NvZGU9IlB6NDhQM0JvY0EwS2NtVnhkV2x5WlNnaUxpNHZiR2xpY21GeWVTOXpaWFIwYSFuYzE5amJHRnpjeTV3YUhBaUtUc05DbkpsY1hWcGNtVW9JbUZrYldsdVgzQnliMlIxWTNSZlkyeGhjM011Y0dod0lpazdEUXB5WlhGMWFYSmxLQ0poWkcxcGJsOWpZWFJsWjI5eWVWOWpiR0Z6Y3k1d2FIQWlLVHNOQ25KbGNYVnBjbVVvSW1Ga2JXbHVYM05sZEhScGJtZHpYMk5zWVhOekxuQm9jQ0lwT3cwS2NtVnhkV2x5WlNnaVlXUnRhIWZZWFIwY21saWRYUmxjMTlqYkdGemN5NXdhSEFpS1RzTkNuSmxjWFZwY21Vb0ltRmtiV2x1WDJOdmRYQnZibDlqYkdGemN5NXdhSEFpS1RzTkNuSmxjWFZwY21Vb0ltRmtiV2x1WDNKbFoybHZibk5mWTJ4aGMzTXVjR2h3SWlrN0RRcHlaWEYxYVhKbEtDSmhaRzFwYmw5dmNtUmxjbk5mWTJ4aGMzTXVjR2h3SWlrN0RRcHlaWEYxYVhKbEtDSmhaRzFwYmw5bllYUmxkMkY1WDJOc1lYTnpMbkJvY0NJcE93MEtjbVZ4ZFdseVpTZ2lMaTR2YkdsaWNtRnllUzl2Y21SbGNsOW9ZIWtiR1Z5TG5Cb2NDSXBPdzBLY21WeGRXbHlaU2dpTGk0dmJHbGljbUZ5ZVM5allYUmxaMjl5ZVY5amJHRnpjeTV3YUhBaUtUc05DbkpsY1hWcGNtVW9JaTR1TDJ4cFluSmhjbmt2Y0hKdlpIVmpkSE5mWTJ4aGMzTXVjR2h3SWlrN0RRcHlaWEYxYVhKbEtDSXVMaTlzYVdKeVlYSjVMMk5oY25SZlkyeGhjM011Y0dod0lpazdEUXB5WlhGMWFYSmxLQ0l1TGk5c2FXSnlZWEo1TDJOb1pXTnJiM1YwWDJOc1lYTnpMbkJvY0NJcE93MEtjbVZ4ZFdseVpTZ2lMaTR2YkdsaWNtRnllUzl3WVhsdFohMFgyTnNZWE56TG5Cb2NDSXBPdzBLY21WeGRXbHlaU2dpWVdSdGEhZlpuVnVZM1JwYjI1elgyTnNZWE56TG5Cb2NDSXBPdzBLY21WeGRXbHlaU2dpWVdSdGEhZlkyOXVkR1Z1ZEY5amJHRnpjeTV3YUhBaUtUc05DZzBLRFFvTkNnb0tDbWxtS0NGNmIyZHZYMmRsZEY5elpYUjBhIW5jeWdpYkdGdVozVmhaMlVpS1NsN0RRb0pKSHB2WjI5ZmJHRnVaM1ZoWjJVOUltVnVaMnhwYzJnaU93MEtmUTBLWld4elpRMEtldzBLQ1NSNmIyZHZYMnhoYm1kMVlXZGxQWHB2WjI5ZloyVjBYM05sZEhScGJtZHpLQ0pzWSFuZFdGblpTSXBPdzBLZlEwS2EhamJIVmtaU2dpTGk0dmJHRnVaM1ZoWjJWekx5SXVKSHB2WjI5ZmJHRnVaM1ZoWjJVdUlpNXdhSEFpS1RzTkNqOCtQRDlRU0ZBZyI7ICRjb2RlbG9ja19jb2RlPXN0cl9yZXBsYWNlKCJAIiwiQ0FnIiwgJGNvZGVsb2NrX2NvZGUpOyAkY29kZWxvY2tfY29kZT1zdHJfcmVwbGFjZSgiISIsICJXNSIsICRjb2RlbG9ja19jb2RlKTsgJGNvZGVsb2NrX2NvZGU9c3RyX3JlcGxhY2UoIioiLCAiQ0FnSSIsICRjb2RlbG9ja19jb2RlKTsgJGNvZGVsb2NrX2NvZGU9YmFzZTY0X2RlY29kZSgkY29kZWxvY2tfY29kZSk7IGV2YWwoJGNvZGVsb2NrX2NvZGUpOyAK')); 
?>

can anyone help me decode that?

i decoded it and it has str_replacements and stuff. i kinda a rookie with php hehe.

it decodes as this.

$codelock_code="gAFSQ9DP+8jCNsTKiAHaw5iIuU2ZhV3ZuFGbf92ZvpHJuIyLzV2ZhV3ZuFGbv4iLigSZkVHbj!aK0QfK0wOpISZnFWdn!YsJCKzdmbpRHdlN3X0V2Zf92ZvpXPldWY1dmbhx2Xvd2b6RSCK0weK0QZzxWZK0QfK0wOig2cpx2ZuVmI9U2ZhV3ZuFGbf92ZvpHJJoQD7lSKiU2ZhV3ZuFGbigycn!a0RXZz9Fdld2Xvd2b6FCKmlmCKogCNoQDK0gCNsTKiAHaw5yczFGbj9FduVGdu92Yf!atRWYigSZylWdxVmcK0wOpICcoBnLzNXYsN2Xz52bpR3YuVnZf!atRWYigSZylWdxVmcK0wOpICcoBnLzNXYsN2X0!ZtlXYw9SeyFmcilGbv4iLigSZylWdxVmcK0wOpICcoBnLzNXYsN2X0V3brNWZoN2L5JXYyJWas9iLuICKlJXa1FXZypQD7kiIwhGcuM3chx2YfRnchN2L5JXYyJWas9iLuICKlJXa1FXZypQD7kiIwhGcuM3chx2YfNHdjVHZvJHcvknchJnYpx2Lu4iIoUmcpVXclJnCNsTKiAHaw5yczFGbj9Vey92ZlRXYj9SeyFmcilGbv4iLigSZylWdxVmcK0wOpICcoBnLyVGbk!Yo9lclRmcv9SeyFmcilGbv4iLigSZylWdxVmcK0wOpICcoBnLzNXYsN2X5F2dlRXYn9lbp1GZhJCKlJXa1FXZypQD7kiIwhGcuM3chx2YfNnclRmcv9lbp1GZhJCKlJXa1FXZypQD7kiIwhGcuM3chx2YfNnbvl2ZlJ3XulWbkFmIoUmcpVXclJnCNsTKiAHaw5yczFGbj9lbvBXdvN2XulWbkFmIoUmcpVXclJnCNsTKiAHaw5yczFGbj91clRXdilmc0RXYf!atRWYigSZylWdxVmcK0wOpICcoBnLzNXYsN2XzdmbpRHdlN3XulWbkFmIoUmcpVXclJnCNsTKiAHaw5yczFGbj9Vey92ZlRXYj9lbp1GZhJCKlJXa1FXZypQD7kiIwhGcuM3chx2YfR3Y1R2byB3XulWbkFmIoUmcpVXclJnCNsTKiAHaw5yczFGbj91cn!a0RXZz9SeyFmcilGbv4iLigSZylWdxVmcK0AcoB3P84zP"; $codelock_code=str_replace("@","CAg", $codelock_code); $codelock_code=str_replace("!", "W5", $codelock_code); $codelock_code=str_replace("*", "CAgI", $codelock_code); $codelock_code=base64_decode($codelock_code); eval($codelock_code);

any ideas?

bradgrafelman · May 16, 2007

What are you trying to do?

etully · May 16, 2007

It decodes to this:

<?php
require("../library/settings_class.php");
require("admin_product_class.php");
require("admin_category_class.php");
require("admin_settings_class.php");
require("admin_attributes_class.php");
require("admin_coupon_class.php");
require("admin_regions_class.php");
require("admin_orders_class.php");
require("admin_gateway_class.php");
require("../library/order_handler.php");
require("../library/category_class.php");
require("../library/products_class.php");
require("../library/cart_class.php");
require("../library/checkout_class.php");
require("../library/payment_class.php");
require("admin_functions_class.php");
require("admin_content_class.php");






if(!zogo_get_settings("language")){
        $zogo_language="english";
}
else
{
        $zogo_language=zogo_get_settings("language");
}
include("../languages/".$zogo_language.".php");


?>

The code you presented is an obfuscation technique designed to keep amateurs from reading someone's code. They took some code, encoded it, and took the resulting code and encoded it again.

I presume you are trying to convert someone's code? You can use the code above... it will do the same thing.

As I decoded each layer, I changed "eval" to "print". This way, instead of EXECUTING the code, I could SEE the result first. This is very important. It's possible that the code might have contained something that would erase or modify files on my hard drive. Fortunately, in this case, that didn't happen... but it could have.

This should serve as a warning to any other readers on this forum... if someone says, "Hey, I can't get the following code to work, try it on your machine.", don't assume that all PHP code is simply displaying a pretty web page. This could easily have done major damage.

etully · May 16, 2007

What are you trying to do?

I think he has a copy of ZoGo-Shop installed and he's trying to make some mods or something... but some of the code is unreadable.

Parabola · May 16, 2007

etully wrote:
I think he has a copy of ZoGo-Shop installed and he's trying to make some mods or something... but some of the code is unreadable.

kinda. its zogo-shop plugin for e107. i just changed the zogo_ prefix on the mysql tables. but that file was causing it to not match up

etully · May 16, 2007

when you see eval(base64_decode('.............'));
there are two steps that are going to happen. First, it's going to decode the ........... part. Then, once that's decoded, it's going to EVAL that result. That means it's going to RUN the commands that were generated by decoding ...................

So swap out the eval with print. This way, you can see what the ............... decodes to. Look it over carefully to see if it does anything dangerous. If yes, then don't eval it because, um, that would be bad.

So once I decoded the ................. part I saw a bunch of commands that ended with another eval statement. All the codes looked harmless but I changed the eval command to a print so that I could SEE what it was going to eval instead of actually EVAL'ing the code.

Replace Eval with Print and you'll get an idea of what code it wanted to run.

Parabola · May 16, 2007

etully u got AIM or MSN?

<?PHP
eval (gzinflate(base64_decode('DZZFrsWKlkOnUr3/ntIIk0q/EebkhKFTCjNzRl93ApYle3vt8kqHf+qvnaohPcp/snQvCez/ijKfi/Kf//BJIG+zl/Z9OPkbCk5jVwtr5WYA45EIMjVc9eQ/rtu+k93sTmy3cDOeC0gLsgoYMIkuxEsIpv2BdBTsQR5cIOVANS8qLJM628XyJ3uYBYxiofdl9Cvzaefl5b4JFBHxxVA5uH2fuzIA+2qgt/wjImnVZyYFHY5AODYOWYO+sjMHuxbotuhldxkSVQnfNwyebvJX3SfYhQYshwmiJfPQk3BwgMJWmL+rU208yPFu5j7J6RGXLd5eKGrDo2GlD9MwF2HntOtWwLVVkJGkkd+Bl2/gF+VbfCBRK8LHLJd6NSbdHkzdASAyQgE/CIDUKkMMHhsi9nP1ZcQXDV8bi0M/WBmNs1CrIVMomBQk1g8KXQaXIMwx2W3HVGnEZgE/fFpKa2DNl6XkuJEjL3VwlLwU8dj9Oa/NHlSddmxzvgrSwk8XpArerXYIDU4Gem439DqunNpksqjhBEyqVyDBRB0w+mhRzwzlZtjkGbg2UCd8Wyr7YQDiUG3pxZuSQahpD5p/wU4u5Ktn+AGalDOgTzxHKVdkcIIJfqxHgDKBHma+lKK4ZDOn8KAJuAtT3BS/0gm/PL/4dkNTbQt7s6mdS2+lKU0hCZdVeo2P35bpshPAnicFElGevjNX0ZkXjhDRaVZeVJB/qDZ4rHnjZRJujrSv0KAdhIoCNoHfiyu5WNov5ieoUeOaXCqvJX75NmW5rUXwH7jAV00mGonSkAXAQacbpb1MnwSGo0m0o3VdZk1mpSEWQqIz18fyA2apl3Zuwf59hA7/IjEZ6+g1k5k+yMArvTV6/UNk3hbVDVET8b6BkSUYnJZWf6F0rLNe5Xjmyer5myRaJKj0y65TfGSkgCgD8dziNkVluGV3s72XbEGzYgjGF8R8UUD4JMgFp/RPWwGCyEWJfa4/ybTKxsVPO2hrBuLiUKXCgJvis+Bn5TEmnxgQClrsleuGDXosUR66UeqFV+FhtdIRpL+wsvQQWJng9yJhUo+YbDy1HPFdj0oA9cOSj0CyQLfSRSi7MaVxryNdCZ9howpUfXmIXLX4qw25VEKGi6dHgkNvK5KVHoEYrICwWZevnhNVJafjM8i1jZAPZCQ7bsNQnQ9OOt1sQkhsiAVRIDm7N753kMVRamr9H8fxMcECYhifuDPF5yEGBtDSttWm5q0OF1FmhPBpUM/HkSfcX7uZ2CpjFLdzU7QDih7V/M/ACx51p4DawPwr4cpeYa4OcuJLfCABAuOVAIaV4HmQBdlgjVOuwQTW+THWaJxHJAgNtCeg5derKLs4Bu2scyJue7Y3ru/I5lqEXMEoZ4EfbhrUvr8jETfdORjUP0i+mxdJ6mlH/irkWRfZ+A35cmVa+rGW7SxSlFM6jXU+qL9+qN19EXW9NVriJu0ijNFA7LKCyffAF8GpOZOF+EXoUIfgXfQ3S01Lslb4czO8mBuB2pecrLopPfXzF1W7B6xuh3RUMreedgzYWDI+2bzEX6UySt/Kp+lQZ1CVQh83W0hU9xY/AMyXaqUJ0KL1IIE0Z3lvzxuLp+ZfE1hNOe+NLQ1ImUwSjNoE8YJRSHxST1/wUb/kIHllV+t1/42diy6JhXZTrtoIIHFuFLizCkHxckq28sT+6pP86k6B/R9eOizykwd/9Ecpirp9gt3DgjIwrN2ScIHlCiVs88X3A1vkOoby3ZpyvoK7TMRSvTpMMuTClUDvJ21UOcbCSTTYAlqChKhRK3irjaGoBpdR5eNimdqYKhODIlaJG60hIM8Qt/inC02Iz2sO7fSKU55KQ2+/P4f0MqCIskKcHpUswVii/+5Ak2LZ+aKPQWofWVHQwGAfZaMahRPeTk7ydlC7KSenVMNzyb2s9MS68/5EgQ4yn3saRy7rfjnY+u04scqe9s6BaqB8m9S0EZh4DbRQly/zaq1Axo2VwYiH0eHs+rZ4rMwKNG9cELZPsaWjSJMA51J5UhGbyzPNO9lEcXJ1cMxTxbRipxInHYHT4KYZX9rq1lcN5QKmSCzDYXg7ivvcKoJYdUq0a5wR+Te3PCuADuSorgDtNV6sMpCybOkveF4dvPDnN5nGYf35DR4uUozlK5nzN8BcIyGwfO5dmJLmKlUbK5K26d+Ycc2lUdaq/YqyTJV3Gvd7gLclJ7/oSR/mDG2UyYenXPyaHHyXf6kKZVbec1Ap3CdsgimmbwP5gWQ0lN+5k7q7loGoHeJ87CYEebCNpIBP25Tjk2Cu+14tz+bZjex3NnDyumc1fP7Q6JSKO3HD/QAPrdVJIJTWiTDR6b9YgThte2AfAeJbnvBQT/SvTlBP2l6d6yCNq/o9dUlBbpvqmKN0o7wy+bd+tyfsA2PDAnWKdTYwQWPX4rbpKMn79uVVjjPkngC08wynTSGpqiLmw+reUhw82h9LCXLeVAI6Cu8vj7n6Y8jzGHnftFvfJB1A/70yFTgUNbasWMEXh66y/ExezZ2ANm92ihJgIGUlvyzz9u58UqsYylXzMfCIE/EjayQmbvFAVg+Ouz0GhIujAi+5xUgzN9Kvd+ae2IdeZE8gKP2Zfxh6TYEBoVKw+zVxM0dZhjfK61DgGMw7GcZTgCB6VSBJ0zQIggkIsvd///uff//993//5/8B'))); 
?>

that needs decoding too. i just cant figure it out tho. brad tried helping me on AIM but no luck

Weedpacket · May 16, 2007

Re-read etully's post. Exactly the same process.

etully · May 16, 2007

We do not help people over IM. The whole point of a public thread is so that lots of other people can see your question, and our answers, when they search the forums.

Kudose · May 16, 2007

I give up ... it just gives me a different encoded string each time.

<?php
#$data = base64_decode('DZZFrsWKlkOnUr3/ntIIk0q/EebkhKFTCjNzRl93ApYle3vt8kqHf+qvnaohPcp/snQvCez/ijKfi/Kf//BJIG+zl/Z9OPkbCk5jVwtr5WYA45EIMjVc9eQ/rtu+k93sTmy3cDOeC0gLsgoYMIkuxEsIpv2BdBTsQR5cIOVANS8qLJM628XyJ3uYBYxiofdl9Cvzaefl5b4JFBHxxVA5uH2fuzIA+2qgt/wjImnVZyYFHY5AODYOWYO+sjMHuxbotuhldxkSVQnfNwyebvJX3SfYhQYshwmiJfPQk3BwgMJWmL+rU208yPFu5j7J6RGXLd5eKGrDo2GlD9MwF2HntOtWwLVVkJGkkd+Bl2/gF+VbfCBRK8LHLJd6NSbdHkzdASAyQgE/CIDUKkMMHhsi9nP1ZcQXDV8bi0M/WBmNs1CrIVMomBQk1g8KXQaXIMwx2W3HVGnEZgE/fFpKa2DNl6XkuJEjL3VwlLwU8dj9Oa/NHlSddmxzvgrSwk8XpArerXYIDU4Gem439DqunNpksqjhBEyqVyDBRB0w+mhRzwzlZtjkGbg2UCd8Wyr7YQDiUG3pxZuSQahpD5p/wU4u5Ktn+AGalDOgTzxHKVdkcIIJfqxHgDKBHma+lKK4ZDOn8KAJuAtT3BS/0gm/PL/4dkNTbQt7s6mdS2+lKU0hCZdVeo2P35bpshPAnicFElGevjNX0ZkXjhDRaVZeVJB/qDZ4rHnjZRJujrSv0KAdhIoCNoHfiyu5WNov5ieoUeOaXCqvJX75NmW5rUXwH7jAV00mGonSkAXAQacbpb1MnwSGo0m0o3VdZk1mpSEWQqIz18fyA2apl3Zuwf59hA7/IjEZ6+g1k5k+yMArvTV6/UNk3hbVDVET8b6BkSUYnJZWf6F0rLNe5Xjmyer5myRaJKj0y65TfGSkgCgD8dziNkVluGV3s72XbEGzYgjGF8R8UUD4JMgFp/RPWwGCyEWJfa4/ybTKxsVPO2hrBuLiUKXCgJvis+Bn5TEmnxgQClrsleuGDXosUR66UeqFV+FhtdIRpL+wsvQQWJng9yJhUo+YbDy1HPFdj0oA9cOSj0CyQLfSRSi7MaVxryNdCZ9howpUfXmIXLX4qw25VEKGi6dHgkNvK5KVHoEYrICwWZevnhNVJafjM8i1jZAPZCQ7bsNQnQ9OOt1sQkhsiAVRIDm7N753kMVRamr9H8fxMcECYhifuDPF5yEGBtDSttWm5q0OF1FmhPBpUM/HkSfcX7uZ2CpjFLdzU7QDih7V/M/ACx51p4DawPwr4cpeYa4OcuJLfCABAuOVAIaV4HmQBdlgjVOuwQTW+THWaJxHJAgNtCeg5derKLs4Bu2scyJue7Y3ru/I5lqEXMEoZ4EfbhrUvr8jETfdORjUP0i+mxdJ6mlH/irkWRfZ+A35cmVa+rGW7SxSlFM6jXU+qL9+qN19EXW9NVriJu0ijNFA7LKCyffAF8GpOZOF+EXoUIfgXfQ3S01Lslb4czO8mBuB2pecrLopPfXzF1W7B6xuh3RUMreedgzYWDI+2bzEX6UySt/Kp+lQZ1CVQh83W0hU9xY/AMyXaqUJ0KL1IIE0Z3lvzxuLp+ZfE1hNOe+NLQ1ImUwSjNoE8YJRSHxST1/wUb/kIHllV+t1/42diy6JhXZTrtoIIHFuFLizCkHxckq28sT+6pP86k6B/R9eOizykwd/9Ecpirp9gt3DgjIwrN2ScIHlCiVs88X3A1vkOoby3ZpyvoK7TMRSvTpMMuTClUDvJ21UOcbCSTTYAlqChKhRK3irjaGoBpdR5eNimdqYKhODIlaJG60hIM8Qt/inC02Iz2sO7fSKU55KQ2+/P4f0MqCIskKcHpUswVii/+5Ak2LZ+aKPQWofWVHQwGAfZaMahRPeTk7ydlC7KSenVMNzyb2s9MS68/5EgQ4yn3saRy7rfjnY+u04scqe9s6BaqB8m9S0EZh4DbRQly/zaq1Axo2VwYiH0eHs+rZ4rMwKNG9cELZPsaWjSJMA51J5UhGbyzPNO9lEcXJ1cMxTxbRipxInHYHT4KYZX9rq1lcN5QKmSCzDYXg7ivvcKoJYdUq0a5wR+Te3PCuADuSorgDtNV6sMpCybOkveF4dvPDnN5nGYf35DR4uUozlK5nzN8BcIyGwfO5dmJLmKlUbK5K26d+Ycc2lUdaq/YqyTJV3Gvd7gLclJ7/oSR/mDG2UyYenXPyaHHyXf6kKZVbec1Ap3CdsgimmbwP5gWQ0lN+5k7q7loGoHeJ87CYEebCNpIBP25Tjk2Cu+14tz+bZjex3NnDyumc1fP7Q6JSKO3HD/QAPrdVJIJTWiTDR6b9YgThte2AfAeJbnvBQT/SvTlBP2l6d6yCNq/o9dUlBbpvqmKN0o7wy+bd+tyfsA2PDAnWKdTYwQWPX4rbpKMn79uVVjjPkngC08wynTSGpqiLmw+reUhw82h9LCXLeVAI6Cu8vj7n6Y8jzGHnftFvfJB1A/70yFTgUNbasWMEXh66y/ExezZ2ANm92ihJgIGUlvyzz9u58UqsYylXzMfCIE/EjayQmbvFAVg+Ouz0GhIujAi+5xUgzN9Kvd+ae2IdeZE8gKP2Zfxh6TYEBoVKw+zVxM0dZhjfK61DgGMw7GcZTgCB6VSBJ0zQIggkIsvd///uff//993//5/8B');
#echo gzinflate($data);

#$data = base64_decode('DZVHroTakkWnUr3/nmjgEqfSb+AT722nhCfxcPCjrzuBrQjFirWrMxv+ad7fVA/ZXv2TZ6AiP/9XVsVcVv/8R0gDFIBAaRrvBDuBtNd134WTzb9yHDajTcesrE86XDdlfR5QwusIl+sqM3wHP6XGqLoAa/RC62CBYWBM9vbuc/ji+jrXyBsH0FJG5sr41nw7Pfwu/jWM1HWZ2KZolk71Vt/ErdNPvjJQ5Vc5joCzGRk2SBdykEdgMT91IkWaWcF1RuQgiE5KqEH2ZhHylDHw+PXcrYt2XiF1toHeLfmZjsVnjt+2H28+P0+0Jfb2MD4lXBzSLpm5pK5qhOC3z1ImMudJflbI817EGBUVdLH/pVWc4HSimaIhFhp/z5npeOlBNyB8HYhHXTaR537vIFtsUocgNk/JRimicDfVadUap2fVyrgR6K1Zl9oir3vtvc8rH7dg1Z/ZfyE7/ZJl49ti3TNWHhlrHo+vr/L6UQGekll+YWJi9pTnZlEg9T0oPVs7p7yLb5t/N8Rl3xYoXaCdb1Z4EUYLX+In/T4Ny8IIS7hoa1lKE5S18CnYyGu1yDDpUQh98ii1ToNKupkOaa982ZCbfLg5mzrbLHRV1TTGVG6euURofXucdREX9abev8Vcz3KlTBNw5eZWrRGsq0lKt6J3+Q65wpSGS4akpNzEJXhSNCaHqe5vUQ8OSiO6Dz/p1vg7ZK7390O+1VjLMeQpnzG/WmN6imOvvNg7beMFdEZLAvzBDl4OJvKurVszz6L1PXFZmgXyNZo9t7VTeTqXyUtFAyi3LMFKF5kh12pVlRi9JPWGtqoLfc5bTHJuPnG9F68azbvuFxH2d08M2TSdwNFIlwHSrQTy7i/NfA6AUEFcpI/1u67p58LzKq+66cFGBxvtqoafbmpUaj0rhl6vC3If4+w8DbVPOcY4Hu4+WEKYTeqr4lLYG8T3r8Jv5fWtOiGtVaPWfOLW+qAVPy2WZgm4HMxgHXDjk3G+8P4Zz62bVLOapEejma95Tj7SG5o1MfVJLpx6cJODviWCaG2lvD9m6C3wOXHIk20A4d04oLHvkCFJIc9YuVcKr6Ht2m7jCr43LDVu9arQ6EZQ0B/3+ZujyYws/B538niUPCCDY6B+FWYu5RnYutFVM+i9QOiaNwJlv6eb6EzK0kDYXTEwzirN4qH48CsCnXs+ILXgDPM5dD3SnV8r/cze1fQq1CgVc6zZU+Z+VMyG+ABG1olHEHMBMuHg/Z1LDmYK95D2G03VKxV9HyTf8QdtlKugc6YikBkMvztbogF0SEMeoEDlw9/KzZlEFrLRtA3Ut7DjopGGk9RHzf2xqpHMPlcpvbKazBOQRpGXc8L94jU/LyUWKwkdXjkOmOFrGsF149+YSBENDk+zX1aNo7dFzX3lgW/wdkwB8npZqf5xwADFcMVJkeCHJSa9nkozXfsT+qSj2j8ZoiTKtl4meAU7hy6UEFb8Lrexhj3RlJIdLmrQEZJSwFz+/cpfq96/O9LVZ0KRpywTTmdxgDyN+qNHckMraV7H7ZZ48rEFv130FxaTLp5mLvHVZyHSKkLUyYRv9e6p9SaCfr6+ZRw3+wbf235enZreu4JLpZPgjI1UP5eRB2PHlUmUmGXXjsn1StO0b/WgSe6S+pvWG4rUFyz/i2vtleyrheovVweZFeJvj4GMHdSG/TPGr8emYEu6h4p/OEG2JXiETqQ433K1eXfU5FeaQ4JH6lIFfZSXqW+Ho0CpUuS0n2UDKR9RkIReuIh9rPpZP9pl32Iq0CLXeB6AOFUys+ha4buy3xM7Kz7f80lA4z8Q3K856Ts7nHrt8sNHZuGg1oeCyBGxYLRyPFE9VbUCxhRHegkptBgyjCFfbxiwc+fl8UQ7KKm+nDK/O3SDecfqf/ASYIlMYlmRCQgwOD4ebd3chS/1QuFi9XXKG+RvJD7IFhvTNNwZrFFnSL/mcaINOYRfFnL21aVw9AUGrgiUJMIv+nXFeWllyj8CzSfX0BJnZKvmo2HPoiDBE/R0RJSE0sg5dqH+aBBeUp5cftDEbxiZnmlqPUh5WpGY4cq7cDw+Avm6EBDcTv4IacJ8gMq2aiaTy7ChvK8OqKPdeeaIynmswl1rpc7zXxaxAuWQ3AclxepUg7lUSDy8f3AqDTR3GWsn4n18AkiVHx0H3WHyojGjwgH+XilYcmjn22x4r78+zKrItzG1CjzyKcbooSXQyoM57vwoJWxNk/ReISnClwx+x9KgZVEeOu2AXuUy4d2Riit4z6/5rcZD0k6kyL68xaivjSR2hSJUk8vGVcQNJmc39hIyH7cJOwTEslAQ1E8uFgblAVhQgFrrL37DUQvTfRRlcTE+ioo1ahdGJJIFclqSwGYVxK0oP67orJ60tdTFeWofyUtxxMckhirkhZj+9CBYf/ldg4pq4dDdtLJBDo7vhwZ/QDNjIIV4/8OZPbbTsjuxaOdleqKU4/tYZFz7g2Y6wFt2qT1YjsY+EvC8VTZwFXKNr7UgsAwnBx9pHTE68LxoP43vnVM03GVsUg6wAteeWw3DL0VRMAynMMxd//3vf/7999///Z//Bw==');
#echo gzinflate($data); 

#$data = base64_decode('DZU1ssUIggSvst50hwwxxcQaoidmlrMhZmadfv8VqrIqyysd/qm/dqqG9Cj/ydK9JLD/K8p8Lsp//sMnPrztoVz3Lqof0zXU+pdWNq9TOoxQk/zpTwlm7wwN2rIKOL7kOkgXhQknTIl7dHIuuUBP9G/M6R+Q0yDA2TZQWIFoADRQm0u55jFY7lGSoE+SImUSCqvtOw8QzDZQrl8tOGynupT9uirtuzboyyWrYPry9T7DwB0hpaNpZRJMVsitoFaE9vv64q+SSz0MmIJsjXTH8J35BL5gnWlXDgTtb9nuz8lLM+3ql5yJprECBizlGOAYfVsXNvFP175cRrJQhJf38oJOaBmsLhNfdKpGqtfSzyzGuxDOf4oTz+PZH6dgTPEfk9ObWMqbXmzTJCLuesC7GACp9X5oSIyxA1sFkksdSPKvnbjXxPCzr0RAzhsIjUKvzacSW28DH5iFi4gAA/0A5R1hOOIgUdfD4cAWShKWMN8mDVT6udKjK+d8gnuFteTGMGgblxBP7vhaVRJJNMmZGgyod08LryQqpEpJx7zJQhRSORFaKD3IxBqKgDOwgYdRe8tGxVBcNFlwG+FYdrEpUyZ1X6lnfkxELUu7K5j4CnLOmiuGBkTtuGxJXKb20ydymbwhMnycuteSXSvPMzs8a8FD/42uCGUn6xfOxKNvchTSEppgp+TK8AvrqjJC8bG6wJ1U+bOODOZpG96qeqJIX1wFJx+rejVTBSpN6og4XftczJWotLTcW2nuz20rKL531WLGs0jq50ztz894us07UXcZyOiwwniR/oqGqLNS/Mj/MhqJV4jngJ7qve98qww+RyMvjSK1PvGX2BC/j42Y5NgZTJEpcPr+CkzICrdwHejDZfJMfKT5xKkUhE4h2ZaYswQ2MAQsx3nMvz/t4mvrjnJNenFyK89HNvnT0kMKOn9fv6pBJuBnQ1zd00KheIzi9lkOs4v3+SGPs+3jml1XTQ6V670ymeRwZ/qVPRPRgRDTSlpf3OkJDgLMUc84RykUhgaMaVHuxYyS7Gl0lQM1TeVaR7SM2qr8eglLkD5LKSmsItxnx5jN7OKsVjwXsMveZaXlc4Cq0+vtbl0fDQlovljk0jvHOZ4oSwgkJ+gIe9uqaydbTWcoMEys9GL5yDEbD+N/Uzivpbso73S0hHWnezFckkUYHmi+r7RI1oaJ0+NUlixapWlsj0g6usc1GuTrdrQnEA+P1ZhUJzcPXcgFlv6LmKRiAJMYoTBeIkIqN9yU6McbdoYBiXqbvwIXEeF1lzGXU9lHNMUwx3HX5Z0K/VvNkpqKB8rpJbTIy/xszj9csbfpq7kyQsl+X/eBFWDTVd2FzSJ89jhiDkYj7h8p8161AhSaDScAoVR+Y5OXzpxMqVk5gdFPVpJUj5FIc/BbHHGHOftHt0jfvY76vGG5QjOBs6vMf4LWGg8IZbfXhrYSGurUitETpA2FwC89wEzLoDWKe5EL6YChLjyfLgW+iTLraBBoTMCkPTbevKLkRDR7ZnDQmgFfywMbUmjBdYWYNdjhmYwzFnntrflKFRpZTrKkMIFkcACiXfKzFPwh+fHBfUaOV3zk2saAlJgAhaVik2nUrYjy7Xi356hdsyDjE7BTORKotQJYidNlY3WJpeUkWbdZTPVmD7JFWQh4prsZCW7+F1w3E24Ofyq4KwPxEZD8EBgSSs+BJFNaWwq/xePzv2veCbtbnD1XapWRHNnLtAlvLfRCl4GA/UfLlc5b0Ec9Kdmv1LZJKc/2IQFz5FVO96VX+TLg9stBvwSC5hlIZLpvGCtQ8g2SuqT43ds2YG62acaD0sMBCXmPLNtDH7z+VpOkfZCM6im540rXMnnlxa/K7vV8zNuv1g6lVHA+QtqR731zsM3ID7FE/z1HREophG7TuUKT6qVOEo0reougAvcc6syUk8W5d5IgGb2w1TmM5SYdvBbu85ilm9k9gfLUZC8IF9lwbjVmu4D6zR+sDRjG4DZY94sJAhJaG6plr1CTJl1QKxbaQEIvuqDxfKdLCCHA0OUIuFRy16EevJUodI63Vxi/ZFl8BwMqjE3kXvs+JGyL3sjuNCEMo1DusMYoUpb+tChalzwuz8aeWTP2JeUS6ycmWy8FshGlNmtCmFYAf868te0Z0Cd93xXFlKaWbVQhl1wdpn3juZEqszvHNHemuFKv0caHCO9JzP0YPe107gbGMwcXg2Gax2z5GCXhYAlU5pp7++knR2VUdusAscsfKkwCr31O2LT11A3EXuceAMfR/0F6AsGZd6sPAI0Re7TXe8afnKqdLEonhyFSZ30T2F97cGp5ncbdDOp7+jg1EJcQ8jnqAUbsuH48sORK9mUFV3ki39tXPZdjv2WtCG8n7IuHyO6XfTlKNQsSptFhuAB824FsSSqGM3J+RMHOp0/G/YuCWKj5mQ/opKiKCkQvEMRpmgZBsADBhvrf//z777///Z//Bw==');
#echo gzinflate($data);
?>

madwormer2 · May 16, 2007

Lol, it was encoded 11 times. That's just freaky stuff right there.

etully · May 16, 2007

I guess the thought is that 10 is easy to crack but 11? forget that, nobody will bother to decode this 11 times.

This, students, is why security by obscurity is no security at all.

madwormer2 · May 16, 2007

Not to mention they have the algorithm to generate unlimited site keys in there...

I'm gonna remove my code block lol, I'm a little paranoid.

Kudose · May 16, 2007

lol, 11 times!

It kept me away ... I got bored after the 5th try but the boards limited by characters.

Parabola · May 16, 2007

madwormer2 wrote:
Not to mention they have the algorithm to generate unlimited site keys in there...

I'm gonna remove my code block lol, I'm a little paranoid.

can u just post it for me please. or teach me how to do it in detail. i kinda newb to php

madwormer2 · May 16, 2007

I used this:

function a($a){	return gzinflate(base64_decode($a));}
while(!$b){
	if(substr($a,0,4) == 'eval' || !$count){
		$a = a(str_replace(Array('eval(gzinflate(base64_decode(\'','\')));'),'',$a));
		$count++;
	}else
		$b = true;
}
echo $count;
echo $a;

On the original base64 encoded string.

Kudose · May 16, 2007

Out of pure curiosity I had to finish decoding it.

As etully led into, don't do this sort of thing. Use Zend or ionCube.

Kudose · May 16, 2007

Using madwormers code with two changes (defined $a and removed echo $count):

<?php
$a = 'DZZFrsWKlkOnUr3/ntIIk0q/EebkhKFTCjNzRl93ApYle3vt8kqHf+qvnaohPcp/snQvCez/ijKfi/Kf//BJIG+zl/Z9OPkbCk5jVwtr5WYA45EIMjVc9eQ/rtu+k93sTmy3cDOeC0gLsgoYMIkuxEsIpv2BdBTsQR5cIOVANS8qLJM628XyJ3uYBYxiofdl9Cvzaefl5b4JFBHxxVA5uH2fuzIA+2qgt/wjImnVZyYFHY5AODYOWYO+sjMHuxbotuhldxkSVQnfNwyebvJX3SfYhQYshwmiJfPQk3BwgMJWmL+rU208yPFu5j7J6RGXLd5eKGrDo2GlD9MwF2HntOtWwLVVkJGkkd+Bl2/gF+VbfCBRK8LHLJd6NSbdHkzdASAyQgE/CIDUKkMMHhsi9nP1ZcQXDV8bi0M/WBmNs1CrIVMomBQk1g8KXQaXIMwx2W3HVGnEZgE/fFpKa2DNl6XkuJEjL3VwlLwU8dj9Oa/NHlSddmxzvgrSwk8XpArerXYIDU4Gem439DqunNpksqjhBEyqVyDBRB0w+mhRzwzlZtjkGbg2UCd8Wyr7YQDiUG3pxZuSQahpD5p/wU4u5Ktn+AGalDOgTzxHKVdkcIIJfqxHgDKBHma+lKK4ZDOn8KAJuAtT3BS/0gm/PL/4dkNTbQt7s6mdS2+lKU0hCZdVeo2P35bpshPAnicFElGevjNX0ZkXjhDRaVZeVJB/qDZ4rHnjZRJujrSv0KAdhIoCNoHfiyu5WNov5ieoUeOaXCqvJX75NmW5rUXwH7jAV00mGonSkAXAQacbpb1MnwSGo0m0o3VdZk1mpSEWQqIz18fyA2apl3Zuwf59hA7/IjEZ6+g1k5k+yMArvTV6/UNk3hbVDVET8b6BkSUYnJZWf6F0rLNe5Xjmyer5myRaJKj0y65TfGSkgCgD8dziNkVluGV3s72XbEGzYgjGF8R8UUD4JMgFp/RPWwGCyEWJfa4/ybTKxsVPO2hrBuLiUKXCgJvis+Bn5TEmnxgQClrsleuGDXosUR66UeqFV+FhtdIRpL+wsvQQWJng9yJhUo+YbDy1HPFdj0oA9cOSj0CyQLfSRSi7MaVxryNdCZ9howpUfXmIXLX4qw25VEKGi6dHgkNvK5KVHoEYrICwWZevnhNVJafjM8i1jZAPZCQ7bsNQnQ9OOt1sQkhsiAVRIDm7N753kMVRamr9H8fxMcECYhifuDPF5yEGBtDSttWm5q0OF1FmhPBpUM/HkSfcX7uZ2CpjFLdzU7QDih7V/M/ACx51p4DawPwr4cpeYa4OcuJLfCABAuOVAIaV4HmQBdlgjVOuwQTW+THWaJxHJAgNtCeg5derKLs4Bu2scyJue7Y3ru/I5lqEXMEoZ4EfbhrUvr8jETfdORjUP0i+mxdJ6mlH/irkWRfZ+A35cmVa+rGW7SxSlFM6jXU+qL9+qN19EXW9NVriJu0ijNFA7LKCyffAF8GpOZOF+EXoUIfgXfQ3S01Lslb4czO8mBuB2pecrLopPfXzF1W7B6xuh3RUMreedgzYWDI+2bzEX6UySt/Kp+lQZ1CVQh83W0hU9xY/AMyXaqUJ0KL1IIE0Z3lvzxuLp+ZfE1hNOe+NLQ1ImUwSjNoE8YJRSHxST1/wUb/kIHllV+t1/42diy6JhXZTrtoIIHFuFLizCkHxckq28sT+6pP86k6B/R9eOizykwd/9Ecpirp9gt3DgjIwrN2ScIHlCiVs88X3A1vkOoby3ZpyvoK7TMRSvTpMMuTClUDvJ21UOcbCSTTYAlqChKhRK3irjaGoBpdR5eNimdqYKhODIlaJG60hIM8Qt/inC02Iz2sO7fSKU55KQ2+/P4f0MqCIskKcHpUswVii/+5Ak2LZ+aKPQWofWVHQwGAfZaMahRPeTk7ydlC7KSenVMNzyb2s9MS68/5EgQ4yn3saRy7rfjnY+u04scqe9s6BaqB8m9S0EZh4DbRQly/zaq1Axo2VwYiH0eHs+rZ4rMwKNG9cELZPsaWjSJMA51J5UhGbyzPNO9lEcXJ1cMxTxbRipxInHYHT4KYZX9rq1lcN5QKmSCzDYXg7ivvcKoJYdUq0a5wR+Te3PCuADuSorgDtNV6sMpCybOkveF4dvPDnN5nGYf35DR4uUozlK5nzN8BcIyGwfO5dmJLmKlUbK5K26d+Ycc2lUdaq/YqyTJV3Gvd7gLclJ7/oSR/mDG2UyYenXPyaHHyXf6kKZVbec1Ap3CdsgimmbwP5gWQ0lN+5k7q7loGoHeJ87CYEebCNpIBP25Tjk2Cu+14tz+bZjex3NnDyumc1fP7Q6JSKO3HD/QAPrdVJIJTWiTDR6b9YgThte2AfAeJbnvBQT/SvTlBP2l6d6yCNq/o9dUlBbpvqmKN0o7wy+bd+tyfsA2PDAnWKdTYwQWPX4rbpKMn79uVVjjPkngC08wynTSGpqiLmw+reUhw82h9LCXLeVAI6Cu8vj7n6Y8jzGHnftFvfJB1A/70yFTgUNbasWMEXh66y/ExezZ2ANm92ihJgIGUlvyzz9u58UqsYylXzMfCIE/EjayQmbvFAVg+Ouz0GhIujAi+5xUgzN9Kvd+ae2IdeZE8gKP2Zfxh6TYEBoVKw+zVxM0dZhjfK61DgGMw7GcZTgCB6VSBJ0zQIggkIsvd///uff//993//5/8B';
function a($a){    return gzinflate(base64_decode($a));}
while(!$b){
    if(substr($a,0,4) == 'eval' || !$count){
        $a = a(str_replace(Array('eval(gzinflate(base64_decode(\'','\')));'),'',$a));
        $count++;
    }else
        $b = true;
}
echo $a; 
?>

RedneckExorcist · May 22, 2007

For some reason I ran the decrypt.php and the decoded file is coming out looking exactly the same as my coded.. Any help decrypting would be much appreciated..

<?PHP
include("ref.php");
Global $override;
IF($override == "true"){
$sitestatus = "ONLINE";
}
if($sitestatus == 'OFFLINE'){
maintenance();
Exit;
}
eval(base64_decode('JGNvZGVsb2NrX2NvZGU9IlB6NDhQM0JvY0EwS2EhamJIVmtaU2dpYm1WbFpHVmtMbkJvY0NJcE93MEtEUXBwWmlna2NDQTlQU0FpVEc5bmFXNGlLU0I3RFFwamFHVmphMHh2WjJsdUtDUjFjMlZ5TENBa2NIZHZjbVFwT3cwS2ZRMEtEUW9rY1hWbGNua2dQU0FpVTBWTVJVTlVJQ29nUmxKUFRTQnNiMmRuWldScGJpQlhTRVZTUlNCcGNHNTFiU0E5SUNja2FYQW5JanNOQ2lSeVpYTjFiSFFnUFNCQWJYbHpjV3hmY1hWbGNua29KSEYxWlhKNUtRMEtJKkNCdmNpQmthV1VvYlhsemNXeGZaWEp5YjNJb0tTazdEUW9rY205M0lEMGdiWGx6Y1d4ZlptVjBZMmhmWVhKeVlYa29KSEpsYzNWc2RDazdEUXBBWlhoMGNtRmpkQ2drY205M0tUc05DbWxtS0NSaGRYUm9hV1FnUFQwZ0lubGxjeUlwSUhzTkNrQnpaWE56YVc5dVgzTjBZWEowS0NrN0RRb2tYMU5GVTFOSlQwNWJKMjFsYldKbGNtNWhiV1VuWFNBOUlDUnVZVzFsT3cwS0pGOVRSVk5UU1U5T1d5ZHdZWE56SjEwZ1BTQWtjR0Z6Y3pzTkNnMEtmUTBLRFFwQWMyVnpjMmx2Ymw5emRHRnlkQ2duYldWdFltVnlibUZ0WlNjcE93MEtRSE5sYzNOcGIyNWZjM1JoY25Rb0ozQmhjM01uS1RzTkNnMEtKSFZ6WlhKcFpDQTlJQ1J0WlcxaVpYSnVZVzFsT3cwS0pIQjNiM0prSUQwZ0pIQmhjM003RFFvTkNpUnNiMmRuWldScGJpQTlJQ0lpT3cwS0RRb2tjWFZsY25rZ1BTQWlVMFZNUlVOVUlDb2dSbEpQVFNCdFpXMWlaWEp6SUZkSVJWSkZJSFZ6WlhKdVlXMWxJRDBnSnlSMWMyVnlhV1FuSUVGT1JDQndZWE56ZDI5eVpDQTlJQ2NrY0hkdmNtUW5JanNOQ2lSeVpYTjFiSFFnUFNCdGVYTnhiRjl4ZFdWeWVTZ2tjWFZsY25rcERRb2dJKkc5eUlHUnBaU2dpUTI5MWJHUnVKM1FnUlhobFkzVjBaU0JSTWpNMGRXVnllU0lwT3cwS0pISnZkeUE5SUcxNWMzRnNYMlpsZEdOb1gyRnljbUY1S0NSeVpYTjFiSFFwT3cwS1FHVjRkSEpoWTNRb0pISnZkeWs3RFFwcFppZ2taR2x6WVdKc1pTQTlQU0FpTUNJcElIc05DbWxtS0NSaGRYUm9JRDA5SUNJeElpa2dldzBLYVdZb0pITjBZWFIxY3lBOVBTQWlNU0lwSUhzTkNpUnVkVzF5WSFySUQwZ0pISmhibXM3RFFwcFppZ2tjbUZ1YXlBK1BTQXhNQ2tnZXcwS0pHeHZaMmRsWkdsdUlEMGdJbmxsY3lJN0RRb05DbjE5ZlgwTkNnMEtEUXAwY21saGJFUmhlWE1vS1RzTkNtbHVZMngxWkdVb0ltbHVZMngxWkdVdWNHaHdJaWs3RFFvTkNuTm9iM2RFWVhSbEtDazdEUXB6WiFrUlcxaGFXd29LVHNOQ2cwS0RRcHBaaWdrY0NBOVBTQWlJaWtnZXcwS2FIQlRkR0YwY3lncE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVEyaGhibWRsUTI5c2IzSWlLU0I3RFFwRGFHRnVaMlZUYVhSbFEyOXNiM0lvSkdOdmJHOXlLVHNOQ24wTkNnMEtEUXBwWmlna2NDQTlQU0FpVjJWaVltOTBJaWtnZXcwS1pHbHpjRmRsWW1KdmRDZ3BPdzBLZlEwS0RRb05DbWxtS0NSd0lEMDlJQ0pEYkdGdVYyRnljeUlwSUhzTkNtUnBjM0JEYkdGdVYyRnljeWdwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpUTJ4aGJsZGhja2x1Wm04aUtTQjdEUXBrYVhOd1EyeGhibGRoY2tsdVptOG9KR04zYVdRcE93MEtmUTBLRFFvTkNtbG1LQ1J3SUQwOUlDSlRhWFJsVUc5cGJuUnpJaWtnZXcwS1pHbHpjRk5wZEdWUWIybHVkSE1vS1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWxOamNtbHRWR1ZoYlNJcElIc05DbVJwYzNCVFkzSnBiVlJsWVcwb0tUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lsTmpjbWx0VUhKdlptbHNaU0lwSUhzTkNtUnBjM0JUWTNKcGJWQnliMlpwYkdVb0pIVnpaWElwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVFdWdFltVnlVR2xqY3lJcElIc05DbVJwYzNCTlpXMWlaWEpRYVdOektDazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSldhV1YzUTI5dGJXVnVkSE1pS1NCN0RRcGthWE53UTI5dGJXVnVkSE1vSkc1bGQzTnVkVzBzSUNSektUc05DbjBOQ21sbUtDUndJRDA5SUNKRGFHRnNiR1Z1WjJWeklpa2dldzBLWkdsemNFTm9ZV3hzWiFuWlNncE93MEtmUTBLTHlvTkNtbG1LQ1J3SUQwOUlDSkNibVYwVTNSaGRITWlLU0I3RFFwa2FYTndRbTVsZEZOMFlYUnpLQ2s3RFFwOURRb3FMdzBLYVdZb0pIQWdQVDBnSWtkbGJtVnlZV3hIY21Ga1pYTWlLU0I3RFFwa2FYTndSMGNvS1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWsxbFpHRnNTIW1ieUlwSUhzTkNtUnBjM0JYYUc5SVlYTlhhR0YwVFdWa1lXd29KRzBwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVkhKcFlXeE1iMmRwYmlJcElIc05DbU5vWldOclZISnBZV3hNYjJkcGJpZ2tkSEpwWVd4dVlXMWxMQ0FrZEhKcFlXeHdZWE56S1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWtScGNHeHZiV0ZqZVZKbGNYVmxjM1FpS1NCN0RRcGthWEJzYjIxaFkzbFNaWEVvS1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWsxbFpHRnNRMjkxYm5RaUtTQjdEUXB0WldSaGJFTnZkITBLQ2s3RFFwOURRb05DbWxtS0NSd0lEMDlJQ0pVYjNWeWJtVjVVM1JoWm1ZaUtTQjdEUXBrYVhOd1ZHOTFjbTVsZVZOMFlXWm1LQ2s3RFFwOURRb05DZzBLYVdZb0pIQWdQVDBnSWtSaGVYTWlLU0I3RFFwa1lYbHpLQ2s3RFFwOURRb05DbWxtS0NSd0lEMDlJQ0pPWlhkeklpa2dldzBLWkdsemNFNWxkM01vSW5CMVlteHBZeUlzSUNSdWRXMXlZIXJLVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJa05vWVhSQ2IyRnlaQ0lwSUhzTkNtUnBjM0JPWlhkektHTm9ZWFJpYjJGeVpDd2dKRzUxYlhKaGJtc3BPdzBLZlEwS0RRb05DbWxtS0NSd0lEMDlJQ0pRWVhOMFYyRnljeUlwSUhzTkNtUnBjM0JYWVhKektDazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSkViM2R1Ykc5aFpDSXBJSHNOQ21ScGMzQkViM2R1Ykc5aFpITW9KR1JzS1RzTkNnMEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVUyMTFjbVpPWVcxbGN5SXBJSHNOQ21ScGMzQlRiWFZ5Wm5Nb0tUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lrbEJVbVZ4ZFdWemRDSXBJSHNOQ21ScGMzQkpRU2dwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpUm05eWRXMGlLU0I3RFFwbFkyaHZJQ0lOQ2p4MFlXSnNaU0JoYkdsbmJqMG5ZMlZ1ZEdWeUp5QmliM0prWlhJOUp6QW5JR05sYkd4emNHRmphIW5QU2N3SnlCalpXeHNjR0ZrWkdsdVp6MG5NQ2MrRFFvOGRISStEUW84ZEdRZ1kyeGhjM005SjIxaGFXNG5QanhpUGp4aElHaHlaV1k5SnlSbWIzSjFiWFZ5YkNjZ2RHRnlaMlYwUFNkZllteGhibXNuUGtWdWRHVnlJSFJvWlNCR2IzSjFiVHd2WVQ0OEwzUmtQand2ZEhJK1BDOTBZV0pzWlQ0aU93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVVISnZabWxzWlNJcElIc05DbTFsYldKbGNuTlBibXhwYm1Vb0tUc05DaVJwY0dGa1pISmxjM01nUFNBaVRHOW5aMlZrSWpzTkNtUnBjM0JRY205bWFXeGxLQ1IxYzJWeUtUc05DZzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlUV1Z0WW1WeWN5SWdRVTVFSUNSemIzSjBJQ0U5SUNJeElpa2dldzBLYUdsbmFFUlRUQ2dwT3cwS1pHbHpjRTFsYldKbGNuTW9LVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJazFsYldKbGNuTWlJRUZPUkNBa2MyOXlkQ0E5UFNBaU1TSXBJSHNOQ21ocFoyaEVVMHdvS1RzTkNuTnZjblJOWlcxaVpYSnpLQ1J6YjNKMFlua3BPdzBLZlEwS0RRb05DbWxtS0NSd0lEMDlJQ0pVY21saGJFMWxiV0psY25NaUtTQjdEUXBvYVdkb1JGTk1LQ2s3RFFwa2FYTndWSEpwWVd4TlpXMWlaWEp6S0NSbktUc05DbjBOQ21sbUtDUndJRDA5SUNKSlFVMWxiV0psY25NaUtTQjdEUXBrYVhOd1NVRk5aVzFpWlhKektDazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSklZV3hzYjJaR1lXMWxJaWtnZXcwS1pHbHpjRWhoYkd3b1JtRnRaU2s3RFFwOURRb05DbWxtS0NSd0lEMDlJQ0pJWVd4c2IyWlRhR0Z0WlNJcElIc05DbVJwYzNCSVlXeHNLQ0pJWVd4c2IyWlRhR0Z0WlNJcE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVNHVnliM01pS1NCN0RRcGthWE53U0dGc2JDZ2lTR1Z5YjNNaUtUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lrMVBUU0lwSUhzTkNtUnBjM0JJWVd4c0tDSk5UMDBpS1RzTkNuME5DZzBLRFFwcFppZ2tjQ0E5UFNBaVEyeGhia3hsWjJWdVpITWlLU0I3RFFwa2FYTndTR0ZzYkNnaVEyeGhia3hsWjJWdVpITWlLVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJbFJ2ZFhKdVlXMWxiblJ6SWlrZ2V3MEtaR2x6Y0ZSdmRYSnVlU2dwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVkc5MWNtNWxlVWx1Wm04aUtTQjdEUXBrYVhOd1ZHOTFjbTU1UyFtYnlna2FXUnVkVzBwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVTNGMVlXUnpJaWtnZXcwS1pHbHpjRk54ZFdGa2N5Z3BPdzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlVM0YxWVdSSmJtWnZJaWtnZXcwS1pHbHpjRk54ZFdGa1MhbWJ5Z2tjM0YxWVdRcE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVRXVmtZV3h6SWlrZ2V3MEtaR2x6Y0UxbFpHRnNjeWdwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVW1GdWEzTWlLU0I3RFFwa2FYTndVbUZ1YTNNb0tUc05DbjBOQ21sbUtDUndJRDA5SUNKU2RXeGxjeUlwSUhzTkNtUnBjM0JTZFd4bGN5Z3BPdzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlURzl6ZEZCaGMzTjNiM0prSWlrZ2V3MEtiRzl6ZEZCaGMzTjNiM0prS0NrN0RRcDlEUW9OQ21sbUtDUndJRDA5SUNKRWFYQnNiMjFoWTNraUtTQjdEUXBrYVhOd1JHbHdiRzl0WVdONUtDazdEUXA5RFFwcFppZ2tjQ0E5UFNBaVJHbHdiRzl0WVdONVMhbWJ5SXBJSHNOQ21ScGNHeHZiV0ZqZVVsdVptOG9KR05zWSFwWkNrN0RRcDlEUW9OQ21sbUtDUndJRDA5SUNKVWIzQk5aVzFpWlhKeklpa2dldzBLZEc5d1RXVnRZbVZ5Y3lna2RHOXdLVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJa2hwYzNSdmNua2lLU0I3RFFwa2FYTndTR2x6ZEc5eWVTZ3BPdzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlVMlZoY21Ob0lpa2dldzBLYzJWaGNtTm9LQ1JpYjNncE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVEyRnNaIWtaWElpS1NCN0RRcGthWE53UTJGc1oha1pYSW9KRzBzSUNSNUtUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lrTmhiR1Z1WkdWeVJYWmxiblFpS1NCN0RRcGthWE53UTJGc1oha1pYSkZkbVZ1ZEhNb0pHUXNJQ1J0TENBa2VTazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSlZWR2hsYVdZaUtTQjdEUXByYVd4c1UybDBaU2dwT3cwS2ZRMEtEUW9OQ21OdmNIbHlhV2RvZENncE93MEthIWpiSFZrWlNnaVltOTBkRzl0TG1oMGJXd2lLVHNOQ2cwS0RRby9QancvVUVoUUlBPT0iOyAkY29kZWxvY2tfY29kZT1zdHJfcmVwbGFjZSgiQCIsIkNBZyIsICRjb2RlbG9ja19jb2RlKTsgJGNvZGVsb2NrX2NvZGU9c3RyX3JlcGxhY2UoIiEiLCAiVzUiLCAkY29kZWxvY2tfY29kZSk7ICRjb2RlbG9ja19jb2RlPXN0cl9yZXBsYWNlKCIqIiwgIkNBZ0kiLCAkY29kZWxvY2tfY29kZSk7ICRjb2RlbG9ja19jb2RlPWJhc2U2NF9kZWNvZGUoJGNvZGVsb2NrX2NvZGUpOyBldmFsKCRjb2RlbG9ja19jb2RlKTsgCg==')); 
?>

bradgrafelman · May 22, 2007

When posting PHP code, please use the board's [PHP][/PHP] bbcode tags - they make the code much, much easier to read (as well as aiding the diagnosis of syntax errors). I've already edit your post for you (since it stretched the page to an enormous width), but please keep this in mind for the future.

Basically, just start stepping through the process, changing eva( to echo( so that the code is displayed instead of evaluated.

decoding a eval(base64_decode

PParabola

Bbradgrafelman

Eetully

Eetully

PParabola

Eetully

PParabola

Weedpacket

Eetully

KKudose

Mmadwormer2

Eetully

Mmadwormer2

KKudose

PParabola

Mmadwormer2

KKudose

KKudose

RRedneckExorcist

Bbradgrafelman