Lol, it was encoded 11 times. That's just freaky stuff right there.
decoding a eval(base64_decode
I guess the thought is that 10 is easy to crack but 11? forget that, nobody will bother to decode this 11 times.
This, students, is why security by obscurity is no security at all.
Not to mention they have the algorithm to generate unlimited site keys in there...
I'm gonna remove my code block lol, I'm a little paranoid.
lol, 11 times!
It kept me away ... I got bored after the 5th try but the boards limited by characters.
madwormer2 wrote:Not to mention they have the algorithm to generate unlimited site keys in there...
I'm gonna remove my code block lol, I'm a little paranoid.
can u just post it for me please. or teach me how to do it in detail. i kinda newb to php
I used this:
function a($a){ return gzinflate(base64_decode($a));}
while(!$b){
if(substr($a,0,4) == 'eval' || !$count){
$a = a(str_replace(Array('eval(gzinflate(base64_decode(\'','\')));'),'',$a));
$count++;
}else
$b = true;
}
echo $count;
echo $a;
On the original base64 encoded string.
Out of pure curiosity I had to finish decoding it.
As etully led into, don't do this sort of thing. Use Zend or ionCube.
Using madwormers code with two changes (defined $a and removed echo $count):
<?php
$a = 'DZZFrsWKlkOnUr3/ntIIk0q/EebkhKFTCjNzRl93ApYle3vt8kqHf+qvnaohPcp/snQvCez/ijKfi/Kf//BJIG+zl/Z9OPkbCk5jVwtr5WYA45EIMjVc9eQ/rtu+k93sTmy3cDOeC0gLsgoYMIkuxEsIpv2BdBTsQR5cIOVANS8qLJM628XyJ3uYBYxiofdl9Cvzaefl5b4JFBHxxVA5uH2fuzIA+2qgt/wjImnVZyYFHY5AODYOWYO+sjMHuxbotuhldxkSVQnfNwyebvJX3SfYhQYshwmiJfPQk3BwgMJWmL+rU208yPFu5j7J6RGXLd5eKGrDo2GlD9MwF2HntOtWwLVVkJGkkd+Bl2/gF+VbfCBRK8LHLJd6NSbdHkzdASAyQgE/CIDUKkMMHhsi9nP1ZcQXDV8bi0M/WBmNs1CrIVMomBQk1g8KXQaXIMwx2W3HVGnEZgE/fFpKa2DNl6XkuJEjL3VwlLwU8dj9Oa/NHlSddmxzvgrSwk8XpArerXYIDU4Gem439DqunNpksqjhBEyqVyDBRB0w+mhRzwzlZtjkGbg2UCd8Wyr7YQDiUG3pxZuSQahpD5p/wU4u5Ktn+AGalDOgTzxHKVdkcIIJfqxHgDKBHma+lKK4ZDOn8KAJuAtT3BS/0gm/PL/4dkNTbQt7s6mdS2+lKU0hCZdVeo2P35bpshPAnicFElGevjNX0ZkXjhDRaVZeVJB/qDZ4rHnjZRJujrSv0KAdhIoCNoHfiyu5WNov5ieoUeOaXCqvJX75NmW5rUXwH7jAV00mGonSkAXAQacbpb1MnwSGo0m0o3VdZk1mpSEWQqIz18fyA2apl3Zuwf59hA7/IjEZ6+g1k5k+yMArvTV6/UNk3hbVDVET8b6BkSUYnJZWf6F0rLNe5Xjmyer5myRaJKj0y65TfGSkgCgD8dziNkVluGV3s72XbEGzYgjGF8R8UUD4JMgFp/RPWwGCyEWJfa4/ybTKxsVPO2hrBuLiUKXCgJvis+Bn5TEmnxgQClrsleuGDXosUR66UeqFV+FhtdIRpL+wsvQQWJng9yJhUo+YbDy1HPFdj0oA9cOSj0CyQLfSRSi7MaVxryNdCZ9howpUfXmIXLX4qw25VEKGi6dHgkNvK5KVHoEYrICwWZevnhNVJafjM8i1jZAPZCQ7bsNQnQ9OOt1sQkhsiAVRIDm7N753kMVRamr9H8fxMcECYhifuDPF5yEGBtDSttWm5q0OF1FmhPBpUM/HkSfcX7uZ2CpjFLdzU7QDih7V/M/ACx51p4DawPwr4cpeYa4OcuJLfCABAuOVAIaV4HmQBdlgjVOuwQTW+THWaJxHJAgNtCeg5derKLs4Bu2scyJue7Y3ru/I5lqEXMEoZ4EfbhrUvr8jETfdORjUP0i+mxdJ6mlH/irkWRfZ+A35cmVa+rGW7SxSlFM6jXU+qL9+qN19EXW9NVriJu0ijNFA7LKCyffAF8GpOZOF+EXoUIfgXfQ3S01Lslb4czO8mBuB2pecrLopPfXzF1W7B6xuh3RUMreedgzYWDI+2bzEX6UySt/Kp+lQZ1CVQh83W0hU9xY/AMyXaqUJ0KL1IIE0Z3lvzxuLp+ZfE1hNOe+NLQ1ImUwSjNoE8YJRSHxST1/wUb/kIHllV+t1/42diy6JhXZTrtoIIHFuFLizCkHxckq28sT+6pP86k6B/R9eOizykwd/9Ecpirp9gt3DgjIwrN2ScIHlCiVs88X3A1vkOoby3ZpyvoK7TMRSvTpMMuTClUDvJ21UOcbCSTTYAlqChKhRK3irjaGoBpdR5eNimdqYKhODIlaJG60hIM8Qt/inC02Iz2sO7fSKU55KQ2+/P4f0MqCIskKcHpUswVii/+5Ak2LZ+aKPQWofWVHQwGAfZaMahRPeTk7ydlC7KSenVMNzyb2s9MS68/5EgQ4yn3saRy7rfjnY+u04scqe9s6BaqB8m9S0EZh4DbRQly/zaq1Axo2VwYiH0eHs+rZ4rMwKNG9cELZPsaWjSJMA51J5UhGbyzPNO9lEcXJ1cMxTxbRipxInHYHT4KYZX9rq1lcN5QKmSCzDYXg7ivvcKoJYdUq0a5wR+Te3PCuADuSorgDtNV6sMpCybOkveF4dvPDnN5nGYf35DR4uUozlK5nzN8BcIyGwfO5dmJLmKlUbK5K26d+Ycc2lUdaq/YqyTJV3Gvd7gLclJ7/oSR/mDG2UyYenXPyaHHyXf6kKZVbec1Ap3CdsgimmbwP5gWQ0lN+5k7q7loGoHeJ87CYEebCNpIBP25Tjk2Cu+14tz+bZjex3NnDyumc1fP7Q6JSKO3HD/QAPrdVJIJTWiTDR6b9YgThte2AfAeJbnvBQT/SvTlBP2l6d6yCNq/o9dUlBbpvqmKN0o7wy+bd+tyfsA2PDAnWKdTYwQWPX4rbpKMn79uVVjjPkngC08wynTSGpqiLmw+reUhw82h9LCXLeVAI6Cu8vj7n6Y8jzGHnftFvfJB1A/70yFTgUNbasWMEXh66y/ExezZ2ANm92ihJgIGUlvyzz9u58UqsYylXzMfCIE/EjayQmbvFAVg+Ouz0GhIujAi+5xUgzN9Kvd+ae2IdeZE8gKP2Zfxh6TYEBoVKw+zVxM0dZhjfK61DgGMw7GcZTgCB6VSBJ0zQIggkIsvd///uff//993//5/8B';
function a($a){ return gzinflate(base64_decode($a));}
while(!$b){
if(substr($a,0,4) == 'eval' || !$count){
$a = a(str_replace(Array('eval(gzinflate(base64_decode(\'','\')));'),'',$a));
$count++;
}else
$b = true;
}
echo $a;
?> 5 days later
For some reason I ran the decrypt.php and the decoded file is coming out looking exactly the same as my coded.. Any help decrypting would be much appreciated..
<?PHP
include("ref.php");
Global $override;
IF($override == "true"){
$sitestatus = "ONLINE";
}
if($sitestatus == 'OFFLINE'){
maintenance();
Exit;
}
eval(base64_decode('JGNvZGVsb2NrX2NvZGU9IlB6NDhQM0JvY0EwS2EhamJIVmtaU2dpYm1WbFpHVmtMbkJvY0NJcE93MEtEUXBwWmlna2NDQTlQU0FpVEc5bmFXNGlLU0I3RFFwamFHVmphMHh2WjJsdUtDUjFjMlZ5TENBa2NIZHZjbVFwT3cwS2ZRMEtEUW9rY1hWbGNua2dQU0FpVTBWTVJVTlVJQ29nUmxKUFRTQnNiMmRuWldScGJpQlhTRVZTUlNCcGNHNTFiU0E5SUNja2FYQW5JanNOQ2lSeVpYTjFiSFFnUFNCQWJYbHpjV3hmY1hWbGNua29KSEYxWlhKNUtRMEtJKkNCdmNpQmthV1VvYlhsemNXeGZaWEp5YjNJb0tTazdEUW9rY205M0lEMGdiWGx6Y1d4ZlptVjBZMmhmWVhKeVlYa29KSEpsYzNWc2RDazdEUXBBWlhoMGNtRmpkQ2drY205M0tUc05DbWxtS0NSaGRYUm9hV1FnUFQwZ0lubGxjeUlwSUhzTkNrQnpaWE56YVc5dVgzTjBZWEowS0NrN0RRb2tYMU5GVTFOSlQwNWJKMjFsYldKbGNtNWhiV1VuWFNBOUlDUnVZVzFsT3cwS0pGOVRSVk5UU1U5T1d5ZHdZWE56SjEwZ1BTQWtjR0Z6Y3pzTkNnMEtmUTBLRFFwQWMyVnpjMmx2Ymw5emRHRnlkQ2duYldWdFltVnlibUZ0WlNjcE93MEtRSE5sYzNOcGIyNWZjM1JoY25Rb0ozQmhjM01uS1RzTkNnMEtKSFZ6WlhKcFpDQTlJQ1J0WlcxaVpYSnVZVzFsT3cwS0pIQjNiM0prSUQwZ0pIQmhjM003RFFvTkNpUnNiMmRuWldScGJpQTlJQ0lpT3cwS0RRb2tjWFZsY25rZ1BTQWlVMFZNUlVOVUlDb2dSbEpQVFNCdFpXMWlaWEp6SUZkSVJWSkZJSFZ6WlhKdVlXMWxJRDBnSnlSMWMyVnlhV1FuSUVGT1JDQndZWE56ZDI5eVpDQTlJQ2NrY0hkdmNtUW5JanNOQ2lSeVpYTjFiSFFnUFNCdGVYTnhiRjl4ZFdWeWVTZ2tjWFZsY25rcERRb2dJKkc5eUlHUnBaU2dpUTI5MWJHUnVKM1FnUlhobFkzVjBaU0JSTWpNMGRXVnllU0lwT3cwS0pISnZkeUE5SUcxNWMzRnNYMlpsZEdOb1gyRnljbUY1S0NSeVpYTjFiSFFwT3cwS1FHVjRkSEpoWTNRb0pISnZkeWs3RFFwcFppZ2taR2x6WVdKc1pTQTlQU0FpTUNJcElIc05DbWxtS0NSaGRYUm9JRDA5SUNJeElpa2dldzBLYVdZb0pITjBZWFIxY3lBOVBTQWlNU0lwSUhzTkNpUnVkVzF5WSFySUQwZ0pISmhibXM3RFFwcFppZ2tjbUZ1YXlBK1BTQXhNQ2tnZXcwS0pHeHZaMmRsWkdsdUlEMGdJbmxsY3lJN0RRb05DbjE5ZlgwTkNnMEtEUXAwY21saGJFUmhlWE1vS1RzTkNtbHVZMngxWkdVb0ltbHVZMngxWkdVdWNHaHdJaWs3RFFvTkNuTm9iM2RFWVhSbEtDazdEUXB6WiFrUlcxaGFXd29LVHNOQ2cwS0RRcHBaaWdrY0NBOVBTQWlJaWtnZXcwS2FIQlRkR0YwY3lncE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVEyaGhibWRsUTI5c2IzSWlLU0I3RFFwRGFHRnVaMlZUYVhSbFEyOXNiM0lvSkdOdmJHOXlLVHNOQ24wTkNnMEtEUXBwWmlna2NDQTlQU0FpVjJWaVltOTBJaWtnZXcwS1pHbHpjRmRsWW1KdmRDZ3BPdzBLZlEwS0RRb05DbWxtS0NSd0lEMDlJQ0pEYkdGdVYyRnljeUlwSUhzTkNtUnBjM0JEYkdGdVYyRnljeWdwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpUTJ4aGJsZGhja2x1Wm04aUtTQjdEUXBrYVhOd1EyeGhibGRoY2tsdVptOG9KR04zYVdRcE93MEtmUTBLRFFvTkNtbG1LQ1J3SUQwOUlDSlRhWFJsVUc5cGJuUnpJaWtnZXcwS1pHbHpjRk5wZEdWUWIybHVkSE1vS1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWxOamNtbHRWR1ZoYlNJcElIc05DbVJwYzNCVFkzSnBiVlJsWVcwb0tUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lsTmpjbWx0VUhKdlptbHNaU0lwSUhzTkNtUnBjM0JUWTNKcGJWQnliMlpwYkdVb0pIVnpaWElwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVFdWdFltVnlVR2xqY3lJcElIc05DbVJwYzNCTlpXMWlaWEpRYVdOektDazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSldhV1YzUTI5dGJXVnVkSE1pS1NCN0RRcGthWE53UTI5dGJXVnVkSE1vSkc1bGQzTnVkVzBzSUNSektUc05DbjBOQ21sbUtDUndJRDA5SUNKRGFHRnNiR1Z1WjJWeklpa2dldzBLWkdsemNFTm9ZV3hzWiFuWlNncE93MEtmUTBLTHlvTkNtbG1LQ1J3SUQwOUlDSkNibVYwVTNSaGRITWlLU0I3RFFwa2FYTndRbTVsZEZOMFlYUnpLQ2s3RFFwOURRb3FMdzBLYVdZb0pIQWdQVDBnSWtkbGJtVnlZV3hIY21Ga1pYTWlLU0I3RFFwa2FYTndSMGNvS1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWsxbFpHRnNTIW1ieUlwSUhzTkNtUnBjM0JYYUc5SVlYTlhhR0YwVFdWa1lXd29KRzBwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVkhKcFlXeE1iMmRwYmlJcElIc05DbU5vWldOclZISnBZV3hNYjJkcGJpZ2tkSEpwWVd4dVlXMWxMQ0FrZEhKcFlXeHdZWE56S1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWtScGNHeHZiV0ZqZVZKbGNYVmxjM1FpS1NCN0RRcGthWEJzYjIxaFkzbFNaWEVvS1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWsxbFpHRnNRMjkxYm5RaUtTQjdEUXB0WldSaGJFTnZkITBLQ2s3RFFwOURRb05DbWxtS0NSd0lEMDlJQ0pVYjNWeWJtVjVVM1JoWm1ZaUtTQjdEUXBrYVhOd1ZHOTFjbTVsZVZOMFlXWm1LQ2s3RFFwOURRb05DZzBLYVdZb0pIQWdQVDBnSWtSaGVYTWlLU0I3RFFwa1lYbHpLQ2s3RFFwOURRb05DbWxtS0NSd0lEMDlJQ0pPWlhkeklpa2dldzBLWkdsemNFNWxkM01vSW5CMVlteHBZeUlzSUNSdWRXMXlZIXJLVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJa05vWVhSQ2IyRnlaQ0lwSUhzTkNtUnBjM0JPWlhkektHTm9ZWFJpYjJGeVpDd2dKRzUxYlhKaGJtc3BPdzBLZlEwS0RRb05DbWxtS0NSd0lEMDlJQ0pRWVhOMFYyRnljeUlwSUhzTkNtUnBjM0JYWVhKektDazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSkViM2R1Ykc5aFpDSXBJSHNOQ21ScGMzQkViM2R1Ykc5aFpITW9KR1JzS1RzTkNnMEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVUyMTFjbVpPWVcxbGN5SXBJSHNOQ21ScGMzQlRiWFZ5Wm5Nb0tUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lrbEJVbVZ4ZFdWemRDSXBJSHNOQ21ScGMzQkpRU2dwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpUm05eWRXMGlLU0I3RFFwbFkyaHZJQ0lOQ2p4MFlXSnNaU0JoYkdsbmJqMG5ZMlZ1ZEdWeUp5QmliM0prWlhJOUp6QW5JR05sYkd4emNHRmphIW5QU2N3SnlCalpXeHNjR0ZrWkdsdVp6MG5NQ2MrRFFvOGRISStEUW84ZEdRZ1kyeGhjM005SjIxaGFXNG5QanhpUGp4aElHaHlaV1k5SnlSbWIzSjFiWFZ5YkNjZ2RHRnlaMlYwUFNkZllteGhibXNuUGtWdWRHVnlJSFJvWlNCR2IzSjFiVHd2WVQ0OEwzUmtQand2ZEhJK1BDOTBZV0pzWlQ0aU93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVVISnZabWxzWlNJcElIc05DbTFsYldKbGNuTlBibXhwYm1Vb0tUc05DaVJwY0dGa1pISmxjM01nUFNBaVRHOW5aMlZrSWpzTkNtUnBjM0JRY205bWFXeGxLQ1IxYzJWeUtUc05DZzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlUV1Z0WW1WeWN5SWdRVTVFSUNSemIzSjBJQ0U5SUNJeElpa2dldzBLYUdsbmFFUlRUQ2dwT3cwS1pHbHpjRTFsYldKbGNuTW9LVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJazFsYldKbGNuTWlJRUZPUkNBa2MyOXlkQ0E5UFNBaU1TSXBJSHNOQ21ocFoyaEVVMHdvS1RzTkNuTnZjblJOWlcxaVpYSnpLQ1J6YjNKMFlua3BPdzBLZlEwS0RRb05DbWxtS0NSd0lEMDlJQ0pVY21saGJFMWxiV0psY25NaUtTQjdEUXBvYVdkb1JGTk1LQ2s3RFFwa2FYTndWSEpwWVd4TlpXMWlaWEp6S0NSbktUc05DbjBOQ21sbUtDUndJRDA5SUNKSlFVMWxiV0psY25NaUtTQjdEUXBrYVhOd1NVRk5aVzFpWlhKektDazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSklZV3hzYjJaR1lXMWxJaWtnZXcwS1pHbHpjRWhoYkd3b1JtRnRaU2s3RFFwOURRb05DbWxtS0NSd0lEMDlJQ0pJWVd4c2IyWlRhR0Z0WlNJcElIc05DbVJwYzNCSVlXeHNLQ0pJWVd4c2IyWlRhR0Z0WlNJcE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVNHVnliM01pS1NCN0RRcGthWE53U0dGc2JDZ2lTR1Z5YjNNaUtUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lrMVBUU0lwSUhzTkNtUnBjM0JJWVd4c0tDSk5UMDBpS1RzTkNuME5DZzBLRFFwcFppZ2tjQ0E5UFNBaVEyeGhia3hsWjJWdVpITWlLU0I3RFFwa2FYTndTR0ZzYkNnaVEyeGhia3hsWjJWdVpITWlLVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJbFJ2ZFhKdVlXMWxiblJ6SWlrZ2V3MEtaR2x6Y0ZSdmRYSnVlU2dwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVkc5MWNtNWxlVWx1Wm04aUtTQjdEUXBrYVhOd1ZHOTFjbTU1UyFtYnlna2FXUnVkVzBwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVTNGMVlXUnpJaWtnZXcwS1pHbHpjRk54ZFdGa2N5Z3BPdzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlVM0YxWVdSSmJtWnZJaWtnZXcwS1pHbHpjRk54ZFdGa1MhbWJ5Z2tjM0YxWVdRcE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVRXVmtZV3h6SWlrZ2V3MEtaR2x6Y0UxbFpHRnNjeWdwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVW1GdWEzTWlLU0I3RFFwa2FYTndVbUZ1YTNNb0tUc05DbjBOQ21sbUtDUndJRDA5SUNKU2RXeGxjeUlwSUhzTkNtUnBjM0JTZFd4bGN5Z3BPdzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlURzl6ZEZCaGMzTjNiM0prSWlrZ2V3MEtiRzl6ZEZCaGMzTjNiM0prS0NrN0RRcDlEUW9OQ21sbUtDUndJRDA5SUNKRWFYQnNiMjFoWTNraUtTQjdEUXBrYVhOd1JHbHdiRzl0WVdONUtDazdEUXA5RFFwcFppZ2tjQ0E5UFNBaVJHbHdiRzl0WVdONVMhbWJ5SXBJSHNOQ21ScGNHeHZiV0ZqZVVsdVptOG9KR05zWSFwWkNrN0RRcDlEUW9OQ21sbUtDUndJRDA5SUNKVWIzQk5aVzFpWlhKeklpa2dldzBLZEc5d1RXVnRZbVZ5Y3lna2RHOXdLVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJa2hwYzNSdmNua2lLU0I3RFFwa2FYTndTR2x6ZEc5eWVTZ3BPdzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlVMlZoY21Ob0lpa2dldzBLYzJWaGNtTm9LQ1JpYjNncE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVEyRnNaIWtaWElpS1NCN0RRcGthWE53UTJGc1oha1pYSW9KRzBzSUNSNUtUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lrTmhiR1Z1WkdWeVJYWmxiblFpS1NCN0RRcGthWE53UTJGc1oha1pYSkZkbVZ1ZEhNb0pHUXNJQ1J0TENBa2VTazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSlZWR2hsYVdZaUtTQjdEUXByYVd4c1UybDBaU2dwT3cwS2ZRMEtEUW9OQ21OdmNIbHlhV2RvZENncE93MEthIWpiSFZrWlNnaVltOTBkRzl0TG1oMGJXd2lLVHNOQ2cwS0RRby9QancvVUVoUUlBPT0iOyAkY29kZWxvY2tfY29kZT1zdHJfcmVwbGFjZSgiQCIsIkNBZyIsICRjb2RlbG9ja19jb2RlKTsgJGNvZGVsb2NrX2NvZGU9c3RyX3JlcGxhY2UoIiEiLCAiVzUiLCAkY29kZWxvY2tfY29kZSk7ICRjb2RlbG9ja19jb2RlPXN0cl9yZXBsYWNlKCIqIiwgIkNBZ0kiLCAkY29kZWxvY2tfY29kZSk7ICRjb2RlbG9ja19jb2RlPWJhc2U2NF9kZWNvZGUoJGNvZGVsb2NrX2NvZGUpOyBldmFsKCRjb2RlbG9ja19jb2RlKTsgCg=='));
?>When posting PHP code, please use the board's [PHP][/PHP] bbcode tags - they make the code much, much easier to read (as well as aiding the diagnosis of syntax errors). I've already edit your post for you (since it stretched the page to an enormous width), but please keep this in mind for the future.
Basically, just start stepping through the process, changing eva( to echo( so that the code is displayed instead of evaluated.
Brad: Is there any way to know, without decoding it, if something malicious will happen during decoding?
i.e.
If I ran this code (to decrypt the last guys hash) ... would I kill my machine?
<?php
$a = 'JGNvZGVsb2NrX2NvZGU9IlB6NDhQM0JvY0EwS2EhamJIVmtaU2dpYm1WbFpHVmtMbkJvY0NJcE93MEtEUXBwWmlna2NDQTlQU0FpVEc5bmFXNGlLU0I3RFFwamFHVmphMHh2WjJsdUtDUjFjMlZ5TENBa2NIZHZjbVFwT3cwS2ZRMEtEUW9rY1hWbGNua2dQU0FpVTBWTVJVTlVJQ29nUmxKUFRTQnNiMmRuWldScGJpQlhTRVZTUlNCcGNHNTFiU0E5SUNja2FYQW5JanNOQ2lSeVpYTjFiSFFnUFNCQWJYbHpjV3hmY1hWbGNua29KSEYxWlhKNUtRMEtJKkNCdmNpQmthV1VvYlhsemNXeGZaWEp5YjNJb0tTazdEUW9rY205M0lEMGdiWGx6Y1d4ZlptVjBZMmhmWVhKeVlYa29KSEpsYzNWc2RDazdEUXBBWlhoMGNtRmpkQ2drY205M0tUc05DbWxtS0NSaGRYUm9hV1FnUFQwZ0lubGxjeUlwSUhzTkNrQnpaWE56YVc5dVgzTjBZWEowS0NrN0RRb2tYMU5GVTFOSlQwNWJKMjFsYldKbGNtNWhiV1VuWFNBOUlDUnVZVzFsT3cwS0pGOVRSVk5UU1U5T1d5ZHdZWE56SjEwZ1BTQWtjR0Z6Y3pzTkNnMEtmUTBLRFFwQWMyVnpjMmx2Ymw5emRHRnlkQ2duYldWdFltVnlibUZ0WlNjcE93MEtRSE5sYzNOcGIyNWZjM1JoY25Rb0ozQmhjM01uS1RzTkNnMEtKSFZ6WlhKcFpDQTlJQ1J0WlcxaVpYSnVZVzFsT3cwS0pIQjNiM0prSUQwZ0pIQmhjM003RFFvTkNpUnNiMmRuWldScGJpQTlJQ0lpT3cwS0RRb2tjWFZsY25rZ1BTQWlVMFZNUlVOVUlDb2dSbEpQVFNCdFpXMWlaWEp6SUZkSVJWSkZJSFZ6WlhKdVlXMWxJRDBnSnlSMWMyVnlhV1FuSUVGT1JDQndZWE56ZDI5eVpDQTlJQ2NrY0hkdmNtUW5JanNOQ2lSeVpYTjFiSFFnUFNCdGVYTnhiRjl4ZFdWeWVTZ2tjWFZsY25rcERRb2dJKkc5eUlHUnBaU2dpUTI5MWJHUnVKM1FnUlhobFkzVjBaU0JSTWpNMGRXVnllU0lwT3cwS0pISnZkeUE5SUcxNWMzRnNYMlpsZEdOb1gyRnljbUY1S0NSeVpYTjFiSFFwT3cwS1FHVjRkSEpoWTNRb0pISnZkeWs3RFFwcFppZ2taR2x6WVdKc1pTQTlQU0FpTUNJcElIc05DbWxtS0NSaGRYUm9JRDA5SUNJeElpa2dldzBLYVdZb0pITjBZWFIxY3lBOVBTQWlNU0lwSUhzTkNpUnVkVzF5WSFySUQwZ0pISmhibXM3RFFwcFppZ2tjbUZ1YXlBK1BTQXhNQ2tnZXcwS0pHeHZaMmRsWkdsdUlEMGdJbmxsY3lJN0RRb05DbjE5ZlgwTkNnMEtEUXAwY21saGJFUmhlWE1vS1RzTkNtbHVZMngxWkdVb0ltbHVZMngxWkdVdWNHaHdJaWs3RFFvTkNuTm9iM2RFWVhSbEtDazdEUXB6WiFrUlcxaGFXd29LVHNOQ2cwS0RRcHBaaWdrY0NBOVBTQWlJaWtnZXcwS2FIQlRkR0YwY3lncE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVEyaGhibWRsUTI5c2IzSWlLU0I3RFFwRGFHRnVaMlZUYVhSbFEyOXNiM0lvSkdOdmJHOXlLVHNOQ24wTkNnMEtEUXBwWmlna2NDQTlQU0FpVjJWaVltOTBJaWtnZXcwS1pHbHpjRmRsWW1KdmRDZ3BPdzBLZlEwS0RRb05DbWxtS0NSd0lEMDlJQ0pEYkdGdVYyRnljeUlwSUhzTkNtUnBjM0JEYkdGdVYyRnljeWdwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpUTJ4aGJsZGhja2x1Wm04aUtTQjdEUXBrYVhOd1EyeGhibGRoY2tsdVptOG9KR04zYVdRcE93MEtmUTBLRFFvTkNtbG1LQ1J3SUQwOUlDSlRhWFJsVUc5cGJuUnpJaWtnZXcwS1pHbHpjRk5wZEdWUWIybHVkSE1vS1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWxOamNtbHRWR1ZoYlNJcElIc05DbVJwYzNCVFkzSnBiVlJsWVcwb0tUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lsTmpjbWx0VUhKdlptbHNaU0lwSUhzTkNtUnBjM0JUWTNKcGJWQnliMlpwYkdVb0pIVnpaWElwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVFdWdFltVnlVR2xqY3lJcElIc05DbVJwYzNCTlpXMWlaWEpRYVdOektDazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSldhV1YzUTI5dGJXVnVkSE1pS1NCN0RRcGthWE53UTI5dGJXVnVkSE1vSkc1bGQzTnVkVzBzSUNSektUc05DbjBOQ21sbUtDUndJRDA5SUNKRGFHRnNiR1Z1WjJWeklpa2dldzBLWkdsemNFTm9ZV3hzWiFuWlNncE93MEtmUTBLTHlvTkNtbG1LQ1J3SUQwOUlDSkNibVYwVTNSaGRITWlLU0I3RFFwa2FYTndRbTVsZEZOMFlYUnpLQ2s3RFFwOURRb3FMdzBLYVdZb0pIQWdQVDBnSWtkbGJtVnlZV3hIY21Ga1pYTWlLU0I3RFFwa2FYTndSMGNvS1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWsxbFpHRnNTIW1ieUlwSUhzTkNtUnBjM0JYYUc5SVlYTlhhR0YwVFdWa1lXd29KRzBwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVkhKcFlXeE1iMmRwYmlJcElIc05DbU5vWldOclZISnBZV3hNYjJkcGJpZ2tkSEpwWVd4dVlXMWxMQ0FrZEhKcFlXeHdZWE56S1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWtScGNHeHZiV0ZqZVZKbGNYVmxjM1FpS1NCN0RRcGthWEJzYjIxaFkzbFNaWEVvS1RzTkNuME5DZzBLYVdZb0pIQWdQVDBnSWsxbFpHRnNRMjkxYm5RaUtTQjdEUXB0WldSaGJFTnZkITBLQ2s3RFFwOURRb05DbWxtS0NSd0lEMDlJQ0pVYjNWeWJtVjVVM1JoWm1ZaUtTQjdEUXBrYVhOd1ZHOTFjbTVsZVZOMFlXWm1LQ2s3RFFwOURRb05DZzBLYVdZb0pIQWdQVDBnSWtSaGVYTWlLU0I3RFFwa1lYbHpLQ2s3RFFwOURRb05DbWxtS0NSd0lEMDlJQ0pPWlhkeklpa2dldzBLWkdsemNFNWxkM01vSW5CMVlteHBZeUlzSUNSdWRXMXlZIXJLVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJa05vWVhSQ2IyRnlaQ0lwSUhzTkNtUnBjM0JPWlhkektHTm9ZWFJpYjJGeVpDd2dKRzUxYlhKaGJtc3BPdzBLZlEwS0RRb05DbWxtS0NSd0lEMDlJQ0pRWVhOMFYyRnljeUlwSUhzTkNtUnBjM0JYWVhKektDazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSkViM2R1Ykc5aFpDSXBJSHNOQ21ScGMzQkViM2R1Ykc5aFpITW9KR1JzS1RzTkNnMEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVUyMTFjbVpPWVcxbGN5SXBJSHNOQ21ScGMzQlRiWFZ5Wm5Nb0tUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lrbEJVbVZ4ZFdWemRDSXBJSHNOQ21ScGMzQkpRU2dwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpUm05eWRXMGlLU0I3RFFwbFkyaHZJQ0lOQ2p4MFlXSnNaU0JoYkdsbmJqMG5ZMlZ1ZEdWeUp5QmliM0prWlhJOUp6QW5JR05sYkd4emNHRmphIW5QU2N3SnlCalpXeHNjR0ZrWkdsdVp6MG5NQ2MrRFFvOGRISStEUW84ZEdRZ1kyeGhjM005SjIxaGFXNG5QanhpUGp4aElHaHlaV1k5SnlSbWIzSjFiWFZ5YkNjZ2RHRnlaMlYwUFNkZllteGhibXNuUGtWdWRHVnlJSFJvWlNCR2IzSjFiVHd2WVQ0OEwzUmtQand2ZEhJK1BDOTBZV0pzWlQ0aU93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVVISnZabWxzWlNJcElIc05DbTFsYldKbGNuTlBibXhwYm1Vb0tUc05DaVJwY0dGa1pISmxjM01nUFNBaVRHOW5aMlZrSWpzTkNtUnBjM0JRY205bWFXeGxLQ1IxYzJWeUtUc05DZzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlUV1Z0WW1WeWN5SWdRVTVFSUNSemIzSjBJQ0U5SUNJeElpa2dldzBLYUdsbmFFUlRUQ2dwT3cwS1pHbHpjRTFsYldKbGNuTW9LVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJazFsYldKbGNuTWlJRUZPUkNBa2MyOXlkQ0E5UFNBaU1TSXBJSHNOQ21ocFoyaEVVMHdvS1RzTkNuTnZjblJOWlcxaVpYSnpLQ1J6YjNKMFlua3BPdzBLZlEwS0RRb05DbWxtS0NSd0lEMDlJQ0pVY21saGJFMWxiV0psY25NaUtTQjdEUXBvYVdkb1JGTk1LQ2s3RFFwa2FYTndWSEpwWVd4TlpXMWlaWEp6S0NSbktUc05DbjBOQ21sbUtDUndJRDA5SUNKSlFVMWxiV0psY25NaUtTQjdEUXBrYVhOd1NVRk5aVzFpWlhKektDazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSklZV3hzYjJaR1lXMWxJaWtnZXcwS1pHbHpjRWhoYkd3b1JtRnRaU2s3RFFwOURRb05DbWxtS0NSd0lEMDlJQ0pJWVd4c2IyWlRhR0Z0WlNJcElIc05DbVJwYzNCSVlXeHNLQ0pJWVd4c2IyWlRhR0Z0WlNJcE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVNHVnliM01pS1NCN0RRcGthWE53U0dGc2JDZ2lTR1Z5YjNNaUtUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lrMVBUU0lwSUhzTkNtUnBjM0JJWVd4c0tDSk5UMDBpS1RzTkNuME5DZzBLRFFwcFppZ2tjQ0E5UFNBaVEyeGhia3hsWjJWdVpITWlLU0I3RFFwa2FYTndTR0ZzYkNnaVEyeGhia3hsWjJWdVpITWlLVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJbFJ2ZFhKdVlXMWxiblJ6SWlrZ2V3MEtaR2x6Y0ZSdmRYSnVlU2dwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVkc5MWNtNWxlVWx1Wm04aUtTQjdEUXBrYVhOd1ZHOTFjbTU1UyFtYnlna2FXUnVkVzBwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVTNGMVlXUnpJaWtnZXcwS1pHbHpjRk54ZFdGa2N5Z3BPdzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlVM0YxWVdSSmJtWnZJaWtnZXcwS1pHbHpjRk54ZFdGa1MhbWJ5Z2tjM0YxWVdRcE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVRXVmtZV3h6SWlrZ2V3MEtaR2x6Y0UxbFpHRnNjeWdwT3cwS2ZRMEtEUXBwWmlna2NDQTlQU0FpVW1GdWEzTWlLU0I3RFFwa2FYTndVbUZ1YTNNb0tUc05DbjBOQ21sbUtDUndJRDA5SUNKU2RXeGxjeUlwSUhzTkNtUnBjM0JTZFd4bGN5Z3BPdzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlURzl6ZEZCaGMzTjNiM0prSWlrZ2V3MEtiRzl6ZEZCaGMzTjNiM0prS0NrN0RRcDlEUW9OQ21sbUtDUndJRDA5SUNKRWFYQnNiMjFoWTNraUtTQjdEUXBrYVhOd1JHbHdiRzl0WVdONUtDazdEUXA5RFFwcFppZ2tjQ0E5UFNBaVJHbHdiRzl0WVdONVMhbWJ5SXBJSHNOQ21ScGNHeHZiV0ZqZVVsdVptOG9KR05zWSFwWkNrN0RRcDlEUW9OQ21sbUtDUndJRDA5SUNKVWIzQk5aVzFpWlhKeklpa2dldzBLZEc5d1RXVnRZbVZ5Y3lna2RHOXdLVHNOQ24wTkNnMEthV1lvSkhBZ1BUMGdJa2hwYzNSdmNua2lLU0I3RFFwa2FYTndTR2x6ZEc5eWVTZ3BPdzBLZlEwS0RRcHBaaWdrY0NBOVBTQWlVMlZoY21Ob0lpa2dldzBLYzJWaGNtTm9LQ1JpYjNncE93MEtmUTBLRFFwcFppZ2tjQ0E5UFNBaVEyRnNaIWtaWElpS1NCN0RRcGthWE53UTJGc1oha1pYSW9KRzBzSUNSNUtUc05DbjBOQ2cwS2FXWW9KSEFnUFQwZ0lrTmhiR1Z1WkdWeVJYWmxiblFpS1NCN0RRcGthWE53UTJGc1oha1pYSkZkbVZ1ZEhNb0pHUXNJQ1J0TENBa2VTazdEUXA5RFFvTkNtbG1LQ1J3SUQwOUlDSlZWR2hsYVdZaUtTQjdEUXByYVd4c1UybDBaU2dwT3cwS2ZRMEtEUW9OQ21OdmNIbHlhV2RvZENncE93MEthIWpiSFZrWlNnaVltOTBkRzl0TG1oMGJXd2lLVHNOQ2cwS0RRby9QancvVUVoUUlBPT0iOyAkY29kZWxvY2tfY29kZT1zdHJfcmVwbGFjZSgiQCIsIkNBZyIsICRjb2RlbG9ja19jb2RlKTsgJGNvZGVsb2NrX2NvZGU9c3RyX3JlcGxhY2UoIiEiLCAiVzUiLCAkY29kZWxvY2tfY29kZSk7ICRjb2RlbG9ja19jb2RlPXN0cl9yZXBsYWNlKCIqIiwgIkNBZ0kiLCAkY29kZWxvY2tfY29kZSk7ICRjb2RlbG9ja19jb2RlPWJhc2U2NF9kZWNvZGUoJGNvZGVsb2NrX2NvZGUpOyBldmFsKCRjb2RlbG9ja19jb2RlKTsgCg==';
function a($a){ return base64_decode($a);}
while(!$b){
if(substr($a,0,4) == 'eval' || !$count){
$a = a(str_replace(Array('eval(base64_decode(\'','\'));'),'',$a));
$count++;
}else
$b = true;
}
echo $a;
?>
edit
Maybe I should clarify ... If some guy asks me to decode something, is there anyway to tell if it is a rootkit or something without decoding it on a machine I can afford to re-image?
Decode it but remove the eval portion? It would just be a string that can be printed, and you can read the clientside source and decide from there.
So can someone help me decrypt it?
Basically, what I do is first just echo the base64_decode'd version of the first hash so that I can visually inspect it. AFAIK, unless there's some buffer overflow lurking out there, there's no harm in simply viewing the decoded hash.
Once I can see it, I can replace eva( with echo(, or do whatever I need to display the second/third/fourth/etc. layer (instead of eval()uating it).
Without a doubt, never eval() a code straight away - always echo it first so you can visually inspect it. If something looks fishy... play it safe and don't eval() it :p
RedneckExorcist wrote:So can someone help me decrypt it?
That's what we've been doing.
Change the eval() to echo() so you can see the first layer. You'll notice that inside the decoded string, there is yet another eval() call. So, store this first decoded layer into a variable. Then, use [man]str_replace[/man] to replace 'eval(' with 'echo(' so that the second layer of decoded code is displayed instead of evaluated (your code only goes through 2 layers of base64 encoding).
Laserlight, that's what I figured but just needed some reassurance.
Redneck, this is what it comes out to:
$codelock_code="Pz48P3BocA0Ka!jbHVkZSgibmVlZGVkLnBocCIpOw0KDQppZigkcCA9PSAiTG9naW4iKSB7DQpjaGVja0xvZ2luKCR1c2VyLCAkcHdvcmQpOw0KfQ0KDQokcXVlcnkgPSAiU0VMRUNUICogRlJPTSBsb2dnZWRpbiBXSEVSRSBpcG51bSA9ICckaXAnIjsNCiRyZXN1bHQgPSBAbXlzcWxfcXVlcnkoJHF1ZXJ5KQ0KI*CBvciBkaWUobXlzcWxfZXJyb3IoKSk7DQokcm93ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHJlc3VsdCk7DQpAZXh0cmFjdCgkcm93KTsNCmlmKCRhdXRoaWQgPT0gInllcyIpIHsNCkBzZXNzaW9uX3N0YXJ0KCk7DQokX1NFU1NJT05bJ21lbWJlcm5hbWUnXSA9ICRuYW1lOw0KJF9TRVNTSU9OWydwYXNzJ10gPSAkcGFzczsNCg0KfQ0KDQpAc2Vzc2lvbl9zdGFydCgnbWVtYmVybmFtZScpOw0KQHNlc3Npb25fc3RhcnQoJ3Bhc3MnKTsNCg0KJHVzZXJpZCA9ICRtZW1iZXJuYW1lOw0KJHB3b3JkID0gJHBhc3M7DQoNCiRsb2dnZWRpbiA9ICIiOw0KDQokcXVlcnkgPSAiU0VMRUNUICogRlJPTSBtZW1iZXJzIFdIRVJFIHVzZXJuYW1lID0gJyR1c2VyaWQnIEFORCBwYXNzd29yZCA9ICckcHdvcmQnIjsNCiRyZXN1bHQgPSBteXNxbF9xdWVyeSgkcXVlcnkpDQogI*G9yIGRpZSgiQ291bGRuJ3QgRXhlY3V0ZSBRMjM0dWVyeSIpOw0KJHJvdyA9IG15c3FsX2ZldGNoX2FycmF5KCRyZXN1bHQpOw0KQGV4dHJhY3QoJHJvdyk7DQppZigkZGlzYWJsZSA9PSAiMCIpIHsNCmlmKCRhdXRoID09ICIxIikgew0KaWYoJHN0YXR1cyA9PSAiMSIpIHsNCiRudW1yY!rID0gJHJhbms7DQppZigkcmFuayA+PSAxMCkgew0KJGxvZ2dlZGluID0gInllcyI7DQoNCn19fX0NCg0KDQp0cmlhbERheXMoKTsNCmluY2x1ZGUoImluY2x1ZGUucGhwIik7DQoNCnNob3dEYXRlKCk7DQpzZ!kRW1haWwoKTsNCg0KDQppZigkcCA9PSAiIikgew0KaHBTdGF0cygpOw0KfQ0KDQppZigkcCA9PSAiQ2hhbmdlQ29sb3IiKSB7DQpDaGFuZ2VTaXRlQ29sb3IoJGNvbG9yKTsNCn0NCg0KDQppZigkcCA9PSAiV2ViYm90Iikgew0KZGlzcFdlYmJvdCgpOw0KfQ0KDQoNCmlmKCRwID09ICJDbGFuV2FycyIpIHsNCmRpc3BDbGFuV2FycygpOw0KfQ0KDQppZigkcCA9PSAiQ2xhbldhckluZm8iKSB7DQpkaXNwQ2xhbldhckluZm8oJGN3aWQpOw0KfQ0KDQoNCmlmKCRwID09ICJTaXRlUG9pbnRzIikgew0KZGlzcFNpdGVQb2ludHMoKTsNCn0NCg0KaWYoJHAgPT0gIlNjcmltVGVhbSIpIHsNCmRpc3BTY3JpbVRlYW0oKTsNCn0NCg0KaWYoJHAgPT0gIlNjcmltUHJvZmlsZSIpIHsNCmRpc3BTY3JpbVByb2ZpbGUoJHVzZXIpOw0KfQ0KDQppZigkcCA9PSAiTWVtYmVyUGljcyIpIHsNCmRpc3BNZW1iZXJQaWNzKCk7DQp9DQoNCmlmKCRwID09ICJWaWV3Q29tbWVudHMiKSB7DQpkaXNwQ29tbWVudHMoJG5ld3NudW0sICRzKTsNCn0NCmlmKCRwID09ICJDaGFsbGVuZ2VzIikgew0KZGlzcENoYWxsZ!nZSgpOw0KfQ0KLyoNCmlmKCRwID09ICJCbmV0U3RhdHMiKSB7DQpkaXNwQm5ldFN0YXRzKCk7DQp9DQoqLw0KaWYoJHAgPT0gIkdlbmVyYWxHcmFkZXMiKSB7DQpkaXNwR0coKTsNCn0NCg0KaWYoJHAgPT0gIk1lZGFsS!mbyIpIHsNCmRpc3BXaG9IYXNXaGF0TWVkYWwoJG0pOw0KfQ0KDQppZigkcCA9PSAiVHJpYWxMb2dpbiIpIHsNCmNoZWNrVHJpYWxMb2dpbigkdHJpYWxuYW1lLCAkdHJpYWxwYXNzKTsNCn0NCg0KaWYoJHAgPT0gIkRpcGxvbWFjeVJlcXVlc3QiKSB7DQpkaXBsb21hY3lSZXEoKTsNCn0NCg0KaWYoJHAgPT0gIk1lZGFsQ291bnQiKSB7DQptZWRhbENvd!0KCk7DQp9DQoNCmlmKCRwID09ICJUb3VybmV5U3RhZmYiKSB7DQpkaXNwVG91cm5leVN0YWZmKCk7DQp9DQoNCg0KaWYoJHAgPT0gIkRheXMiKSB7DQpkYXlzKCk7DQp9DQoNCmlmKCRwID09ICJOZXdzIikgew0KZGlzcE5ld3MoInB1YmxpYyIsICRudW1yY!rKTsNCn0NCg0KaWYoJHAgPT0gIkNoYXRCb2FyZCIpIHsNCmRpc3BOZXdzKGNoYXRib2FyZCwgJG51bXJhbmspOw0KfQ0KDQoNCmlmKCRwID09ICJQYXN0V2FycyIpIHsNCmRpc3BXYXJzKCk7DQp9DQoNCmlmKCRwID09ICJEb3dubG9hZCIpIHsNCmRpc3BEb3dubG9hZHMoJGRsKTsNCg0KfQ0KDQppZigkcCA9PSAiU211cmZOYW1lcyIpIHsNCmRpc3BTbXVyZnMoKTsNCn0NCg0KaWYoJHAgPT0gIklBUmVxdWVzdCIpIHsNCmRpc3BJQSgpOw0KfQ0KDQppZigkcCA9PSAiRm9ydW0iKSB7DQplY2hvICINCjx0YWJsZSBhbGlnbj0nY2VudGVyJyBib3JkZXI9JzAnIGNlbGxzcGFja!nPScwJyBjZWxscGFkZGluZz0nMCc+DQo8dHI+DQo8dGQgY2xhc3M9J21haW4nPjxiPjxhIGhyZWY9JyRmb3J1bXVybCcgdGFyZ2V0PSdfYmxhbmsnPkVudGVyIHRoZSBGb3J1bTwvYT48L3RkPjwvdHI+PC90YWJsZT4iOw0KfQ0KDQppZigkcCA9PSAiUHJvZmlsZSIpIHsNCm1lbWJlcnNPbmxpbmUoKTsNCiRpcGFkZHJlc3MgPSAiTG9nZ2VkIjsNCmRpc3BQcm9maWxlKCR1c2VyKTsNCg0KfQ0KDQppZigkcCA9PSAiTWVtYmVycyIgQU5EICRzb3J0ICE9ICIxIikgew0KaGlnaERTTCgpOw0KZGlzcE1lbWJlcnMoKTsNCn0NCg0KaWYoJHAgPT0gIk1lbWJlcnMiIEFORCAkc29ydCA9PSAiMSIpIHsNCmhpZ2hEU0woKTsNCnNvcnRNZW1iZXJzKCRzb3J0YnkpOw0KfQ0KDQoNCmlmKCRwID09ICJUcmlhbE1lbWJlcnMiKSB7DQpoaWdoRFNMKCk7DQpkaXNwVHJpYWxNZW1iZXJzKCRnKTsNCn0NCmlmKCRwID09ICJJQU1lbWJlcnMiKSB7DQpkaXNwSUFNZW1iZXJzKCk7DQp9DQoNCmlmKCRwID09ICJIYWxsb2ZGYW1lIikgew0KZGlzcEhhbGwoRmFtZSk7DQp9DQoNCmlmKCRwID09ICJIYWxsb2ZTaGFtZSIpIHsNCmRpc3BIYWxsKCJIYWxsb2ZTaGFtZSIpOw0KfQ0KDQppZigkcCA9PSAiSGVyb3MiKSB7DQpkaXNwSGFsbCgiSGVyb3MiKTsNCn0NCg0KaWYoJHAgPT0gIk1PTSIpIHsNCmRpc3BIYWxsKCJNT00iKTsNCn0NCg0KDQppZigkcCA9PSAiQ2xhbkxlZ2VuZHMiKSB7DQpkaXNwSGFsbCgiQ2xhbkxlZ2VuZHMiKTsNCn0NCg0KaWYoJHAgPT0gIlRvdXJuYW1lbnRzIikgew0KZGlzcFRvdXJueSgpOw0KfQ0KDQppZigkcCA9PSAiVG91cm5leUluZm8iKSB7DQpkaXNwVG91cm55S!mbygkaWRudW0pOw0KfQ0KDQppZigkcCA9PSAiU3F1YWRzIikgew0KZGlzcFNxdWFkcygpOw0KfQ0KDQppZigkcCA9PSAiU3F1YWRJbmZvIikgew0KZGlzcFNxdWFkS!mbygkc3F1YWQpOw0KfQ0KDQppZigkcCA9PSAiTWVkYWxzIikgew0KZGlzcE1lZGFscygpOw0KfQ0KDQppZigkcCA9PSAiUmFua3MiKSB7DQpkaXNwUmFua3MoKTsNCn0NCmlmKCRwID09ICJSdWxlcyIpIHsNCmRpc3BSdWxlcygpOw0KfQ0KDQppZigkcCA9PSAiTG9zdFBhc3N3b3JkIikgew0KbG9zdFBhc3N3b3JkKCk7DQp9DQoNCmlmKCRwID09ICJEaXBsb21hY3kiKSB7DQpkaXNwRGlwbG9tYWN5KCk7DQp9DQppZigkcCA9PSAiRGlwbG9tYWN5S!mbyIpIHsNCmRpcGxvbWFjeUluZm8oJGNsY!pZCk7DQp9DQoNCmlmKCRwID09ICJUb3BNZW1iZXJzIikgew0KdG9wTWVtYmVycygkdG9wKTsNCn0NCg0KaWYoJHAgPT0gIkhpc3RvcnkiKSB7DQpkaXNwSGlzdG9yeSgpOw0KfQ0KDQppZigkcCA9PSAiU2VhcmNoIikgew0Kc2VhcmNoKCRib3gpOw0KfQ0KDQppZigkcCA9PSAiQ2FsZ!kZXIiKSB7DQpkaXNwQ2FsZ!kZXIoJG0sICR5KTsNCn0NCg0KaWYoJHAgPT0gIkNhbGVuZGVyRXZlbnQiKSB7DQpkaXNwQ2FsZ!kZXJFdmVudHMoJGQsICRtLCAkeSk7DQp9DQoNCmlmKCRwID09ICJVVGhlaWYiKSB7DQpraWxsU2l0ZSgpOw0KfQ0KDQoNCmNvcHlyaWdodCgpOw0Ka!jbHVkZSgiYm90dG9tLmh0bWwiKTsNCg0KDQo/Pjw/UEhQIA=="; $codelock_code=str_replace("@","CAg", $codelock_code); $codelock_code=str_replace("!", "W5", $codelock_code); $codelock_code=str_replace("*", "CAgI", $codelock_code); $codelock_code=base64_decode($codelock_code); eval($codelock_code);Which turns into:
?><?php
include("needed.php");
if($p == "Login") {
checkLogin($user, $pword);
}
$query = "SELECT * FROM loggedin WHERE ipnum = '$ip'";
$result = @mysql_query($query)
or die(mysql_error());
$row = mysql_fetch_array($result);
@extract($row);
if($authid == "yes") {
@session_start();
$_SESSION['membername'] = $name;
$_SESSION['pass'] = $pass;
}
@session_start('membername');
@session_start('pass');
$userid = $membername;
$pword = $pass;
$loggedin = "";
$query = "SELECT * FROM members WHERE username = '$userid' AND password = '$pword'";
$result = mysql_query($query)
or die("Couldn't Execute Q234uery");
$row = mysql_fetch_array($result);
@extract($row);
if($disable == "0") {
if($auth == "1") {
if($status == "1") {
$numrank = $rank;
if($rank >= 10) {
$loggedin = "yes";
}}}}
trialDays();
include("include.php");
showDate();
sendEmail();
if($p == "") {
hpStats();
}
if($p == "ChangeColor") {
ChangeSiteColor($color);
}
if($p == "Webbot") {
dispWebbot();
}
if($p == "ClanWars") {
dispClanWars();
}
if($p == "ClanWarInfo") {
dispClanWarInfo($cwid);
}
if($p == "SitePoints") {
dispSitePoints();
}
if($p == "ScrimTeam") {
dispScrimTeam();
}
if($p == "ScrimProfile") {
dispScrimProfile($user);
}
if($p == "MemberPics") {
dispMemberPics();
}
if($p == "ViewComments") {
dispComments($newsnum, $s);
}
if($p == "Challenges") {
dispChallenge();
}
/*
if($p == "BnetStats") {
dispBnetStats();
}
*/
if($p == "GeneralGrades") {
dispGG();
}
if($p == "MedalInfo") {
dispWhoHasWhatMedal($m);
}
if($p == "TrialLogin") {
checkTrialLogin($trialname, $trialpass);
}
if($p == "DiplomacyRequest") {
diplomacyReq();
}
if($p == "MedalCount") {
medalCount();
}
if($p == "TourneyStaff") {
dispTourneyStaff();
}
if($p == "Days") {
days();
}
if($p == "News") {
dispNews("public", $numrank);
}
if($p == "ChatBoard") {
dispNews(chatboard, $numrank);
}
if($p == "PastWars") {
dispWars();
}
if($p == "Download") {
dispDownloads($dl);
}
if($p == "SmurfNames") {
dispSmurfs();
}
if($p == "IARequest") {
dispIA();
}
if($p == "Forum") {
echo "
<table align='center' border='0' cellspacing='0' cellpadding='0'>
<tr>
<td class='main'><b><a href='$forumurl' target='_blank'>Enter the Forum</a></td></tr></table>";
}
if($p == "Profile") {
membersOnline();
$ipaddress = "Logged";
dispProfile($user);
}
if($p == "Members" AND $sort != "1") {
highDSL();
dispMembers();
}
if($p == "Members" AND $sort == "1") {
highDSL();
sortMembers($sortby);
}
if($p == "TrialMembers") {
highDSL();
dispTrialMembers($g);
}
if($p == "IAMembers") {
dispIAMembers();
}
if($p == "HallofFame") {
dispHall(Fame);
}
if($p == "HallofShame") {
dispHall("HallofShame");
}
if($p == "Heros") {
dispHall("Heros");
}
if($p == "MOM") {
dispHall("MOM");
}
if($p == "ClanLegends") {
dispHall("ClanLegends");
}
if($p == "Tournaments") {
dispTourny();
}
if($p == "TourneyInfo") {
dispTournyInfo($idnum);
}
if($p == "Squads") {
dispSquads();
}
if($p == "SquadInfo") {
dispSquadInfo($squad);
}
if($p == "Medals") {
dispMedals();
}
if($p == "Ranks") {
dispRanks();
}
if($p == "Rules") {
dispRules();
}
if($p == "LostPassword") {
lostPassword();
}
if($p == "Diplomacy") {
dispDiplomacy();
}
if($p == "DiplomacyInfo") {
diplomacyInfo($clanid);
}
if($p == "TopMembers") {
topMembers($top);
}
if($p == "History") {
dispHistory();
}
if($p == "Search") {
search($box);
}
if($p == "Calender") {
dispCalender($m, $y);
}
if($p == "CalenderEvent") {
dispCalenderEvents($d, $m, $y);
}
if($p == "UTheif") {
killSite();
}
copyright();
include("bottom.html");
?><?PHP
Brad: Thanks for your post too. I made mine while you were posting.
So can someone help me decrypt it?
Quit being lazy. Learn to use the print statement.
This is starting to look like a pretty effective encryption technique :evilgrin:
eval(gzuncompress(base64_decode("
eJwNlEUO7FgCwO7Sq9/KIi+cqFdhrHCFNqMKM/Pp5x/BluXi/PV/qvcYs2mY12Lb/qS/rSDx/+VF
NuXFn38K7TJ7oThGdmJZC26eOpYKR0qMrSISYjrjT0fUjA0j9MW58zS/qw9HKaYMIiycXJoy7W7s
kC7AZbbTR5/CNhHoWulmFKmBOzJD0xHmoIJIeYw6nbEGkYx8qzP77kCX5UcZpsTl095VjlKPLjoz
Tm5NH+FNMoVyvb5++I7T1dWzqePLTfOGayx2VWCTuYGiFX2Jwry6o0l/ImXbJVmVhoQbJz9GoitU
8s+OUreXBE1nn98ombTRC7Q+c9XE4nZkURDwldGX4533yDqPlD/4wdDEvtgrZqmIP/EgUW4VyG5z
2qqnL+iZ+96jHzv4uA4E6OmBcIBsD0jg2FxnAW84NIbx0PyhkvQF+2HdGwFfdTVYokEzC84ZIgmF
K3DbWY5/0qcHezeud5mYMPfW7FR92RlR9jPPXxZ94FBnhITUx7p7TBmtL3mnQFhTs5kbGqNXZCRs
hbbb2Rt+ry8DGi3ygbhP7FeS+/CEkeaMayVAR/PEakFZe39PzWhoViv5quo7DfdFnpzsjBh7fhBG
9HhlmnOW71XrOJAG49jxF/3l8JkCATJDcLOH1GcVb0mP3rx71jaIfvM1f803Ik6V4vF67N8gRnWC
Y+Zkr3iGjTJII6bGQDw82TuzGnBxypv1bKFyQ9MUNl6K9zEUsKvadmR76igV3NFPGu991tlOcIq0
dhpEu1nSfrR+AJSmu8zpQ+pu/EKPzeZRLX5F36JKElmKFaGuZ6D2iwPz4jtixzjtVxysDrV1YZtC
X+SOMmaLcOzSSkUmRWc1vp/anUmXQOc38fGUuZX10rzYPrJKyMmsRRKFCOpTvY2dwXplTHTd3lUr
HcYZyFzIA2eSBUFNgTeOLOR747mtOsPcGplH3ttmyhiKeRZB6EF2mooioJ+jJ7IMfZ1plGi4EU5n
36Gmu8Yqe06spa2+qp7e8nHyA8wuRYE51Vy6cof1874rqKV1IFhklqvO7omAELzPGlYuJzdqpFMc
81cE+gJpCWwGTO1WC/gjM0pfVL+GeWbP2sm6fhhtJ2aqybTmau5Ee/4qxDKan3opV+U8qdfS/Llz
0yjY1ITXbEx3DPE8v1w0F+YdkaoDewXbIHM958W0nMHj9QFX0zqNKr9ZIWOYBdZQwa0V8VVURZcy
wMY4/+K2of4Mq7frTFChNr/h5AxSGUmvKOTsl70VGsAt1p1xFoL+IbAVwognGAtJ+jsC1XieOANB
YbQr+M4CGYVSMRSoyiDD84pkfF0kXDe3nXPLyRKLvRXDUJ8v1ogRQlD7KTTmpcmKUxzNfMCgJalP
WCMPElNjEGZGC3+LfgclQU2HZ+w2HNjRWyCEgtofUfRoQVUeg5knyLtQdeqKjZOqTYm4Uogy+sxT
73bnZa5oEkDzK+o4bpP1BpY1DubVfDb9S3img4Nk3aq3CDR0ztNZMja5ruqPDqOYng5QW1ETzgWx
AU132ponzHhcnt03PeoQiBXXVx/nGTlzVQlxXBhp62FO4WO8VQNZG0HJesW56bp9XxKSLo72lt67
3LOQH9XqYP3VJD0930ZJnj83yVQnffB5z2jrS/04ZMVmfAP4fROrVwSxUDLJtBd46WCczfHhVzH5
obbFTrTEGSVtFBUq9Rg0VX5sqhg+jv0GsllhF+cYue9gVyHJne8ffEBbYNPFL7uLmI5aGqU1Cv2b
0HCXg5WBb7PlUkqeS65dI8jWu7C21IGHUxZER9VrPh5cCg46K5i5MClVEft4qv8bBZKpqec0Kuxv
AdtzRAfGuprNifVj0n8bRMHooefudmRkVx4jeBFZ+vvwUQLGD4enWqSWbj5Djf7Cw0DCsumHiEBE
3n+jhkAqZujDp8xm3mhdJ/l9WzyJ1koxV4cp5KtcRiHHzHOoR3lyvj4/bDDz6SqdvcapHaeNAHtW
+T6zayb9K6HHlatKY8WPsz0i+r1hCqOYorQxGIIruqpGlvrn33///e//xhWSuQ==
")));Why stop at 20, Weedpacket? :p
Surely this all puts unnecessary load on the server?