This is starting to look like a pretty effective encryption technique :evilgrin:

eval(gzuncompress(base64_decode("
eJwNlEUO7FgCwO7Sq9/KIi+cqFdhrHCFNqMKM/Pp5x/BluXi/PV/qvcYs2mY12Lb/qS/rSDx/+VF
NuXFn38K7TJ7oThGdmJZC26eOpYKR0qMrSISYjrjT0fUjA0j9MW58zS/qw9HKaYMIiycXJoy7W7s
kC7AZbbTR5/CNhHoWulmFKmBOzJD0xHmoIJIeYw6nbEGkYx8qzP77kCX5UcZpsTl095VjlKPLjoz
Tm5NH+FNMoVyvb5++I7T1dWzqePLTfOGayx2VWCTuYGiFX2Jwry6o0l/ImXbJVmVhoQbJz9GoitU
8s+OUreXBE1nn98ombTRC7Q+c9XE4nZkURDwldGX4533yDqPlD/4wdDEvtgrZqmIP/EgUW4VyG5z
2qqnL+iZ+96jHzv4uA4E6OmBcIBsD0jg2FxnAW84NIbx0PyhkvQF+2HdGwFfdTVYokEzC84ZIgmF
K3DbWY5/0qcHezeud5mYMPfW7FR92RlR9jPPXxZ94FBnhITUx7p7TBmtL3mnQFhTs5kbGqNXZCRs
hbbb2Rt+ry8DGi3ygbhP7FeS+/CEkeaMayVAR/PEakFZe39PzWhoViv5quo7DfdFnpzsjBh7fhBG
9HhlmnOW71XrOJAG49jxF/3l8JkCATJDcLOH1GcVb0mP3rx71jaIfvM1f803Ik6V4vF67N8gRnWC
Y+Zkr3iGjTJII6bGQDw82TuzGnBxypv1bKFyQ9MUNl6K9zEUsKvadmR76igV3NFPGu991tlOcIq0
dhpEu1nSfrR+AJSmu8zpQ+pu/EKPzeZRLX5F36JKElmKFaGuZ6D2iwPz4jtixzjtVxysDrV1YZtC
X+SOMmaLcOzSSkUmRWc1vp/anUmXQOc38fGUuZX10rzYPrJKyMmsRRKFCOpTvY2dwXplTHTd3lUr
HcYZyFzIA2eSBUFNgTeOLOR747mtOsPcGplH3ttmyhiKeRZB6EF2mooioJ+jJ7IMfZ1plGi4EU5n
36Gmu8Yqe06spa2+qp7e8nHyA8wuRYE51Vy6cof1874rqKV1IFhklqvO7omAELzPGlYuJzdqpFMc
81cE+gJpCWwGTO1WC/gjM0pfVL+GeWbP2sm6fhhtJ2aqybTmau5Ee/4qxDKan3opV+U8qdfS/Llz
0yjY1ITXbEx3DPE8v1w0F+YdkaoDewXbIHM958W0nMHj9QFX0zqNKr9ZIWOYBdZQwa0V8VVURZcy
wMY4/+K2of4Mq7frTFChNr/h5AxSGUmvKOTsl70VGsAt1p1xFoL+IbAVwognGAtJ+jsC1XieOANB
YbQr+M4CGYVSMRSoyiDD84pkfF0kXDe3nXPLyRKLvRXDUJ8v1ogRQlD7KTTmpcmKUxzNfMCgJalP
WCMPElNjEGZGC3+LfgclQU2HZ+w2HNjRWyCEgtofUfRoQVUeg5knyLtQdeqKjZOqTYm4Uogy+sxT
73bnZa5oEkDzK+o4bpP1BpY1DubVfDb9S3img4Nk3aq3CDR0ztNZMja5ruqPDqOYng5QW1ETzgWx
AU132ponzHhcnt03PeoQiBXXVx/nGTlzVQlxXBhp62FO4WO8VQNZG0HJesW56bp9XxKSLo72lt67
3LOQH9XqYP3VJD0930ZJnj83yVQnffB5z2jrS/04ZMVmfAP4fROrVwSxUDLJtBd46WCczfHhVzH5
obbFTrTEGSVtFBUq9Rg0VX5sqhg+jv0GsllhF+cYue9gVyHJne8ffEBbYNPFL7uLmI5aGqU1Cv2b
0HCXg5WBb7PlUkqeS65dI8jWu7C21IGHUxZER9VrPh5cCg46K5i5MClVEft4qv8bBZKpqec0Kuxv
AdtzRAfGuprNifVj0n8bRMHooefudmRkVx4jeBFZ+vvwUQLGD4enWqSWbj5Djf7Cw0DCsumHiEBE
3n+jhkAqZujDp8xm3mhdJ/l9WzyJ1koxV4cp5KtcRiHHzHOoR3lyvj4/bDDz6SqdvcapHaeNAHtW
+T6zayb9K6HHlatKY8WPsz0i+r1hCqOYorQxGIIruqpGlvrn33///e//xhWSuQ==
")));

Why stop at 20, Weedpacket? :p

Surely this all puts unnecessary load on the server?

I'm sure at some point it becomes noticable, but keep in mind that other (more secure) techniques (e.g. Zend Encoder) have to decode their encoded data, too.

Hello,

i'm a total newbie when it comes to php and base64. But i have a problem cause im thinking that a file on my server is sending informations. Can someone explain me how i can decode a base64 encrpyted php file? I think its encrypted more than once cause everytime i try it, i just get binary code output.

Starts like this

eval(gzinflate(base64_decode('FZrHDqtauoRfpWd9rhiQkzockXPOTFrkDCaDn/

TIA
Saskia

I have this attached file can you help me decode it?
I tried with this decrypt.txt in php but I did not manage it.

Thanks Kind Regards
Franco

You do realize the last post in this thread is from JUNE, correct?
Coded.txt, once you look at the code in a bit better formatting, you see it does this:
sets $F equal to the name of itself (the file)
sets $X to an encrypted string
decodes and evaluates:

JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='

I would assume that code would then, once decoded and evaluated, act on decoding and evaluating those two variables. Also, your decript.php uses gzinflate, not base64_decode, which is what your encoding in coded.txt is.

Sooooo.... go back and read the rest of this thread (not the manual), and see how they break down the base64 encoding, in the first couple of posts. Then, implement THAT on the SECOND encoding in your file. Then you can figure out what it does to the first encoding, and decode that.

Just don't hurt yourself :/ If I have more time in a bit I'll decode it for you

Edit: Okay, done with supper.
That second encoding evaluates out to this:

$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;

$_X then decodes to this:

?>v1r l4nks = n5w Arr1y(); $t4m5n2w ORDER BY 4d ASC") 2r d45(mysql_5rr2r()); $p55l_1d_c23nt = mysql_r5s3lt(mysql_q35ry("SELECT COUNT(*) 1s N3m FROM 1dp55l5rs WHERE st1t3s = 6 AND 5xp4r5 > $t4m5n2w"),0); 4f($1ff4l41t54d!="") { $p55l_1d_c23nt = $p55l_1d_c23nt+6; $c23nt5r6 = 6; pr4nt "l4nks[6] = 5sc1p5('http://www.1dp55l5rs.c2m/2ff5r-".$1ff4l41t54d."-6i8eo-6.html');"; } 5ls5 { $c23nt5r6 = 0; } wh4l5 ($r2wpd = mysql_f5tch_1rr1y($p55l_d1t1)) { ++$c23nt5r6; pr4nt "l4nks[".$c23nt5r6."] = 5sc1p5('".$r2wpd['l4nk']."');"; pr4nt "\n"; } ?> v1r b4g_4m1g5s = n5w Arr1y(); 

Which then seems to evaluate out to:

?>var links = new Array(); $timenow ORDER BY id ASC") or die(mysql_error()); $peel_ad_count = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM adpeelers WHERE status = 1 AND expire > $timenow"),0); if($affiliateid!="") { $peel_ad_count = $peel_ad_count+1; $counter1 = 1; print "links[1] = escape('http://www.adpeelers.com/offer-".$affiliateid."-15863-1.html');"; } else { $counter1 = 0; } while ($rowpd = mysql_fetch_array($peel_data)) { ++$counter1; print "links[".$counter1."] = escape('".$rowpd['link']."');"; print "\n"; } ?> var big_images = new Array();

Then, I'm not sure about this next bit, but it looks like it tries to replace any references to FILE in the original evaluated code with the actual filename it's running from, then executes that code.

Looks like it's an ad loading script?

Thanks very much Horizon88
yes it is an ad code. I purchased this ad script and I want to see if I can change the image sizes.
I hope I can end up with a working PHP file
Thanks again
Franco

Can some 1 help me to decode this

<? eval(gzinflate(base64_decode('
bZCxisMwEERrG/wPgz8g6o2iwDV3XZpAajla24tt
SScpEQf5+MjxlRm2WGbYB7MnVRVBGn6AzbEdnEsU
WtXUKCO9gqHIoyWD/q+D1JgCDcd2Ssl3QuScD6ue
6ffOt/lwc2urznZhS7hSHzkRvu68GApSaAVtzWdE
pn5yMbEdR6I57qBCwM/uYjv/3iI8oR+aF90vhCEQ
QacOF+c/YZPz2aeJVvpH4uqC8YFixOVtb1wpSsum
lqL8oPRu6qrad7xVktML
'))); ?>

Thanks...

Can some 1 help me to decode this

<? eval(gzinflate(base64_decode('
bZCxisMwEERrG/wPgz8g6o2iwDV3XZpAajla24tt
SScpEQf5+MjxlRm2WGbYB7MnVRVBGn6AzbEdnEsU
WtXUKCO9gqHIoyWD/q+D1JgCDcd2Ssl3QuScD6ue
6ffOt/lwc2urznZhS7hSHzkRvu68GApSaAVtzWdE
pn5yMbEdR6I57qBCwM/uYjv/3iI8oR+aF90vhCEQ
QacOF+c/YZPz2aeJVvpH4uqC8YFixOVtb1wpSsum
lqL8oPRu6qrad7xVktML
'))); ?>

Thanks

Could you lock this or something, brad? People keep coming in and just adding their questions onto the end without actually doing anything. :/

Actually, I agree;

If you have found this thread because you're looking to decode some base64 encoded PHP script, I highly recommend you:

• Read this thread (especially the beginning, when the problem was presented and people offered suggestions)

• Realize that this pubilc forum is not here to break others' security measures (albeit quite weak) who felt that they needed to obfuscate their code for whatever reason

If you honestly have a question that pertains with base64_encode() or _decode(), please create a new thread with your problem! I'm definitely not discouraging anyone with a legitimate question involving base64 encoding.

Otherwise, this thread is being locked from further replies. If Parabola, the thread creator, wishes to reopen to this thread, please PM either myself or one of the other mods with a link to this thread and it will be re-opened.