help to decoding a eval(base64_decode .. it drive me crazy

eurekaa

hi every one ,

I need urgent help to decode the index.php file below

/ base64 code removed by mod.
stretched the page, plus it appears to be copyrighted anyway. /

Thanks a lot in advance ..

scrupul0us

Thats some ugly nested and obfuscated code

the first base64_decode renders:

$o="QAAAOzh3b3cnYGJzWG9iZmNidQAgLy48Jzg5Cg0KDQGjbmlka3IAAGNiJy9TQkpXS0ZTQldGU08ABScpJyAoYGZra2J1fikEACADXIQABPFhaGhzBPU=";
$lll=0;
$lllllllllll='base64_decode';
$ll=0;
$llllllllll='ord';
$llll=0;
$lllll=3;
$l=$lllllllllll($o);
$lllllll=0;
$llllll=($llllllllll($l[1])<<8)+$llllllllll($l[2]);
$lllllllllllll='strlen';
$lllllllll=16;
$llllllll="";
for(;$lllll<$lllllllllllll($l);)
{
if($lllllllll==0)
{
$llllll=($llllllllll($l[$lllll++])<<8);
$llllll+=$llllllllll($l[$lllll++]);
$lllllllll=16;
}
if($llllll&0x8000)
{
$lll=($llllllllll($l[$lllll++])<<4);
$lll+=($llllllllll($l[$lllll])>>4);
if($lll)
{
$ll=($llllllllll($l[$lllll++])&0x0f)+3;
for($llll=0;$llll<$ll;$llll++)
$llllllll[$lllllll+$llll]=$llllllll[$lllllll-$lll+$llll];
$lllllll+=$ll;
}
else
{
$ll=($llllllllll($l[$lllll++])<<8);
$ll+=$llllllllll($l[$lllll++])+16;
for($llll=0;$llll<$ll;$llllllll[$lllllll+$llll++]=$llllllllll($l[$lllll]));
$lllll++;
$lllllll+=$ll;
}
}
else
$llllllll[$lllllll++]=$llllllllll($l[$lllll++]);
$llllll<<=1;
$lllllllll--;
}
$llllllllllll='chr';
$lllll=0;
$lllllllll="?".$llllllllllll(62);
$llllllllll="";
for(;$lllll<$lllllll;)
{
$llllllllll.=$llllllllllll($llllllll[$lllll++]^0x07);
}
$lllllllll.=$llllllllll.$llllllllllll(60)."?";
eval($lllllllll);

and i have no interest in going deeper than that as it's more than likely malicious

eurekaa

I knew that this code wont be fixed that easy .. now im in mess 🙁

I hope if some one could help in this or i`ll have to leave it for good 🙁

scrupul0us

well its riddled with missing braces, function parameters and etc

also, please edit your first post and use PHP tags instead of CODE/QUOTE tags so the post wraps

scrupul0us

Well... Out of sheer boredom I've cleaned this up and added missing braces followed by comments and put in MISSING where terms are missing in the for loops

Of course I'm purely guessing here:

<?php
$o="QAAAOzh3b3cnYGJzWG9iZmNidQAgLy48Jzg5Cg0KDQGjbmlka3IAAGNiJy9TQkpXS0ZTQldGU08ABScpJyAoYGZra2J1fikEACADXIQABPFhaGhzBPU=";
$lll=0;
$lllllllllll='base64_decode';
$ll=0;
$llllllllll='ord';
$llll=0;
$lllll=3;
$l=$lllllllllll($o);
$lllllll=0;
$llllll=($llllllllll($l[1])<<8)+$llllllllll($l[2]);
$lllllllllllll='strlen';
$lllllllll=16;
$llllllll="";

for(MISSING;$lllll<$lllllllllllll($l);MISSING)
{
	if($lllllllll==0)
	{
		$llllll=($llllllllll($l[$lllll++])<<8);
		$llllll+=$llllllllll($l[$lllll++]);
		$lllllllll=16;
	}
	if($llllll&0x8000)
	{
	$lll=($llllllllll($l[$lllll++])<<4);
	$lll+=($llllllllll($l[$lllll])>>4);
		if($lll)
		{
			$ll=($llllllllll($l[$lllll++])&0x0f)+3;

		for($llll=0;$llll<$ll;$llll++)
		{//MISSING
		$llllllll[$lllllll+$llll]=$llllllll[$lllllll-$lll+$llll];
		$lllllll+=$ll;
		}//MISSING
	}
	else
	{
		$ll=($llllllllll($l[$lllll++])<<8);
		$ll+=$llllllllll($l[$lllll++])+16;

		for($llll=0;$llll<$ll;$llllllll[$lllllll+$llll++]=$llllllllll($l[$lllll]));
		{//MISSING
		$lllll++;
		$lllllll+=$ll;
		}//MISSING
	}
}
else
{//MISSING
$llllllll[$lllllll++]=$llllllllll($l[$lllll++]);
$llllll<<=1;
$lllllllll--;
}//MISSING
}
$llllllllllll='chr';
$lllll=0;
$lllllllll="?".$llllllllllll(62);
$llllllllll="";
for(MISSING;$lllll<$lllllll;MISSING)
{
	$llllllllll.=$llllllllllll($llllllll[$lllll++]^0x07);
}
$lllllllll.=$llllllllll.$llllllllllll(60)."?";
eval($lllllllll);
?>

eurekaa

Thanks for your help ,

i appreciate your time/effort .

as for the first post , i did already try to edit it , but i do not see the EDIT button , maybe because im new in the forum , not sure .. I 'll try to request help by moderator

scrupul0us

more than likely the allowed time to edit has expired

no problem on the help...

is the code throwing errors? if so what are they? can you cite where you got the code?

eurekaa

there is no error given on site ..

This code is the content of index.php page ( for WorePress theme VIDEO FLICK v2.2 )

here is the download link for the theme ( click here )

eurekaa

and for DEMO ( Click Here )

dagon

i suppose this notice in the theme means nothing to you ?

/ WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. /

bradgrafelman

Thread locked.

As dagon pointed out, this file appears to be copyrighted, so helping you break that measure of protection isn't allowed on these forums.