Go Back   Web Design & SEO Company > Knowledgebase

Knowledgebase Articles and information about running a website, cPanel and various hints and tips. Here you will find tutorials on php, MySql, .htaccess, cron, SEO, Search Engines, CHMOD, FTP, CSS, HTML and various other hints and tips on running and Administrating a website.

Reply
 
  #1  
Old 09-20-2007, 08:00 PM
Admin's Avatar
Administrator
 
Join Date: Jan 2007
Location: Taree
Posts: 610
Default Decoding eval gzinflate base64_decode

Decoding eval gzinflate base64_decode

There's a few applications around both freeware and paid that encode files or rather scripts so you can't see or modify the source. These encrypted files can be identified by the starting line which is like:

eval(gzinflate(str_rot13(base64_decode

Then it goes on with a mass of random numbers, letters and characters like 'FZi3ksTWEVJ/hZnITwDvV' and so on.

Note: Please try out the online tool to decode this automatically, do not paste in PHP tags just the eval code.

Online eval(gzinflate(str_rot13 Decoder

Base64 Decoder

Now i'm all for people who wish to keep their code or intellectual property hidden so it's not stolen or modified, but at the same time i do like to know exactly what the given piece of code is doing on my server. Being encrypted like this, it could be doing all sorts of malicious things i don't want happening.

So, lets decrypt it and see if it's all legitimate.

Disclaimer: I don't condone modifying and distributing copyright files, this is simply provided so you can view the plain source to ensure your script isn't doing anything malicious on your property ie server.

Firstly, copy the below code in to Notepad and save it as decrypt.php

Quote:
<?php
echo "\nDECODE nested eval(gzinflate()) from Taree Internet <www.tareeinternet.com>\n\n";
echo "1. Reading coded.txt\n";
$fp1 = fopen ("coded.txt", "r");
$contents = fread ($fp1, filesize ("coded.txt"));
fclose($fp1);
echo "2. Decoding\n";
while (preg_match("/eval\(gzinflate/",$contents)) {
$contents=preg_replace("/<\?|\?>/", "", $contents); eval(preg_replace("/eval/", "\$contents=", $contents)); } echo "3. Writing decoded.txt\n"; $fp2 = fopen("decoded.txt","w"); fwrite($fp2, trim($contents)); fclose($fp2);
?>
Next step, copy your encoded file to NotePad and save it as coded.txt

Save a blank text file as decoded.txt

Upload all 3 files to the root directory of your server, then set the CHMOD on decoded.txt to 666

You will have:

www.domain.com/decrypt.php - Our decoding script
www.domain.com/coded.txt - A text file with our encoded script
www.domain.com/decoded.txt - A blank .txt file CHMOD to 666

Next up, simply visit www.domain.com/decrypt.php with your browser and you will receive a message "Writing Decoded.txt" and you are done. The decoded.txt file that was blank will now have your plain viewable source code.

Save the text file as original-filename.php and you will have a plain source code version of your encrypted file.
Reply With Quote
Top SEO Tool
Harvester and Mass Blog Commenter
Blog Comment Software

  #2  
Old 11-19-2007, 07:34 AM
Unregistered
Guest
 
Posts: n/a
Default

I tried your sollution to decode something, but it doesn't work with me. I got exactly the same code in the decoded.txt file. Below my code I need to decrypt.

<?eval(gzinflate(base64_decode(’ZC9bsMwDITnFOg7XD2 1g+PdVWSgS7t1CZCxkCLaixLqq
TECNCHrxX3ZwkXHu7IDyA7zh7qGpIG49B7ymirvn93WbDGmXOq +qCDhgofySjSIr4+PS
MrkR/M0UvEkbtqhVTFRtggUNRMoMjBXlpwQR0pH5X6ZxDzTzPG8nMdL nyRzH7dFPF
X931jjCgWQymfByMlZRI3gEE7dRswktU/ZuGEgGtMKWgh4W12U9dcS4QviIwV0hL6SAS
RW+x9uIXNPswha5roB4mDjypESgn7q124rAnLtVjq9yH/XXp1uQqdJ8tZ9w0=))); ?>
Reply With Quote
  #3  
Old 11-19-2007, 09:04 AM
Admin's Avatar
Administrator
 
Join Date: Jan 2007
Location: Taree
Posts: 610
Default

Quote:
Originally Posted by Unregistered View Post
I tried your sollution to decode something, but it doesn't work with me. I got exactly the same code in the decoded.txt file. Below my code I need to decrypt.

<?eval(gzinflate(base64_decode(’ZC9bsMwDITnFOg7XD2 1g+PdVWSgS7t1CZCxkCLaixLqq
TECNCHrxX3ZwkXHu7IDyA7zh7qGpIG49B7ymirvn93WbDGmXOq +qCDhgofySjSIr4+PS
MrkR/M0UvEkbtqhVTFRtggUNRMoMjBXlpwQR0pH5X6ZxDzTzPG8nMdL nyRzH7dFPF
X931jjCgWQymfByMlZRI3gEE7dRswktU/ZuGEgGtMKWgh4W12U9dcS4QviIwV0hL6SAS
RW+x9uIXNPswha5roB4mDjypESgn7q124rAnLtVjq9yH/XXp1uQqdJ8tZ9w0=))); ?>
Hello,

I had a shot as well using 2 different methods, and same thing i was unable to decode it.. Which is quite strange because it's the first piece of encrypted code like this that hasn't worked out of hundreds.

If i can get it to decode i'll post it up here, but so far not looking good. It may of been encrypted twice using the eval(gzinflate(base64_decode method last which is why it doesn't want to go back.
Reply With Quote
  #4  
Old 11-19-2007, 11:12 AM
Unregistered
Guest
 
Posts: n/a
Cool

Thanks for your help. Ofcourse I understand that developers and designers protect there copyright, but this is really frustrating.

Stephan
Reply With Quote
  #5  
Old 02-08-2008, 08:06 PM
Unregistered
Guest
 
Posts: n/a
Thumbs up Good script

Looking at the problem code block posted here, I see you have included the <?php ?> tags, which I think is wrong.

Also there is a single angled quote mark at the beginning of the block - it should be a straight one - and no quote mark at the end. This will cause problems.

Lastly there are whitespaces in the block. I don't think this is right. Best review the whole block thoroughly / start again.

It's been working fine for me when other decrypters failed. It is indeed good to know that commercial code is free of mal/ad/bug-ware. So a very big thanks the author.
Reply With Quote
  #6  
Old 03-05-2008, 03:19 PM
Unregistered
Guest
 
Posts: n/a
Default

Hello.. I followed every step but it still doesn't work..
It says: DECODE nested eval(gzinflate()) from Taree Internet 1. Reading coded.txt 2. Decoding 3. Writing decoded.txt..
Thats hopefull.. But when I looked in decoded.txt it was just the same code..

Code:
<?php $__F=__FILE__;$__C='Pz48L2Q0dj4NCiAgICAgIDxkNHYgNGQ9ImYyMnQ1ciI+PGJyLz48YnIvPkQ1czRnbjVkIGJ5IDwxDQpocjVmPSJodHRwOi8vdzViaDJzdDRuZ2c1NWtzLmMybSI+VzViIEgyc3Q0bmcgRzU1a3M8LzE+IDFuZCA8MQ0KaHI1Zj0iaHR0cDovL3QycHdwdGg1bTVzLmMybSI+VDJwIFcycmRQcjVzcyBUaDVtNXM8LzE+LjwvZDR2Pg0KICAgICAgDQogICA8L2Q0dj4NCiAgIA0KPGQ0diA0ZD0iY3I1ZDR0Ij4gDQogDQoNCjwvZDR2Pg0KDQo8L2IyZHk+DQo8L2h0bWw+';eval(base64_decode('JF9fQz1iYXNlNjRfZGVjb2RlKCRfX0MpOwokX19DPXN0cnRyKCRfX0MsIjEyMzQ1NmFvdWllIiwiYW91aWUxMjM0NTYiKTsKJF9fQz1lcmVnX3JlcGxhY2UoJ19fRklMRV9fJywiJyIuJF9fRi4iJyIsJF9fQyk7CmV2YWwoJF9fQyk7CiRfX0M9IiI7'));?>
Reply With Quote
  #7  
Old 03-06-2008, 04:15 AM
Admin's Avatar
Administrator
 
Join Date: Jan 2007
Location: Taree
Posts: 610
Default

Quote:
Originally Posted by Unregistered View Post
Hello.. I followed every step but it still doesn't work..
It says: DECODE nested eval(gzinflate()) from Taree Internet 1. Reading coded.txt 2. Decoding 3. Writing decoded.txt..
Thats hopefull.. But when I looked in decoded.txt it was just the same code..

Code:
<?php $__F=__FILE__;$__C='Pz48L2Q0dj4NCiAgICAgIDxkNHYgNGQ9ImYyMnQ1ciI+PGJyLz48YnIvPkQ1czRnbjVkIGJ5IDwxDQpocjVmPSJodHRwOi8vdzViaDJzdDRuZ2c1NWtzLmMybSI+VzViIEgyc3Q0bmcgRzU1a3M8LzE+IDFuZCA8MQ0KaHI1Zj0iaHR0cDovL3QycHdwdGg1bTVzLmMybSI+VDJwIFcycmRQcjVzcyBUaDVtNXM8LzE+LjwvZDR2Pg0KICAgICAgDQogICA8L2Q0dj4NCiAgIA0KPGQ0diA0ZD0iY3I1ZDR0Ij4gDQogDQoNCjwvZDR2Pg0KDQo8L2IyZHk+DQo8L2h0bWw+';eval(base64_decode('JF9fQz1iYXNlNjRfZGVjb2RlKCRfX0MpOwokX19DPXN0cnRyKCRfX0MsIjEyMzQ1NmFvdWllIiwiYW91aWUxMjM0NTYiKTsKJF9fQz1lcmVnX3JlcGxhY2UoJ19fRklMRV9fJywiJyIuJF9fRi4iJyIsJF9fQyk7CmV2YWwoJF9fQyk7CiRfX0M9IiI7'));?>
Unfortunately that's using a different encryption method to what this script decodes. For this one to work your encrypted code needs to start with eval(gzinflate(base64_decode

The actual encrypted string itself does look similar, and midway through the code it has eval(base64_decode( so i tried taking just the string after that end decoding it however it wouldn't work either.

The $__F=__FILE__;$__C= has got me, i'm not familiar with that encryption string. Is this from a commercial script or something like a Wordpress theme? You can PM me if you don't wish to post it, but i'd like to work out what's going on with this one.
Reply With Quote
  #8  
Old 03-12-2008, 05:22 PM
Unregistered
Guest
 
Posts: n/a
Default

I have tried used this method on this code string but I can't get it to decrypt. Any help is appreciated.

<?php eval(gzinflate(base64_decode('lVJNT8MwDD3TX2HCZUi0 FVdIM8EEAgkJhKZxnLLWXSK1cUjSVfDrSdvxJeBATo797Pf8MR cJr/QOdFWwmiigYyI5gPgSAG4Fr8kE8PoVC3bKoJZlNFboKmnkCVw4 LZsTuMFmh0GX0eOl8alHp2smHqhHhxVsXoBLUA7rgqkQ7Fme9+ Qq69D7zDpisLxd3l0V7NohwtN7CJYKW/Rsr6GkhlzBjhbjY+ITlwxyJzDPB6zguRQZLBzKEPkvf+Hv+2wr 202DijqPWUnth4qVLGXQZOARTZDNnwLuTaMNTuwL6bWhb+yXjr qtCr92H9l7G0bFdex5oM8ZBB2aON3/D+BH7x+m3S+TH6Yp8LlVFrBUBFsMa9O16+curgr97Pgc5gL2v2 yPDLpFt/aB7Ox0AngsyVQRkKZi6PuA5/F4xFj9aDqfMZR89XdG79B5hEzVGNcxAUaG3q6nrNlxLD+kbah6 iSeZq9A2YgQl8AY=')));?>

Ps. this code is from a Wordpress theme footer.php which is weird...

I just got it to decode using this code....

<?php
$a = 'lVJNT8MwDD3TX2HCZUi0FVdIM8EEAgkJhKZxnLLWXSK1cUjSV fDrSdvxJeBATo797Pf8MRcJr/QOdFWwmiigYyI5gPgSAG4Fr8kE8PoVC3bKoJZlNFboKmnkCVw4 LZsTuMFmh0GX0eOl8alHp2smHqhHhxVsXoBLUA7rgqkQ7Fme9+ Qq69D7zDpisLxd3l0V7NohwtN7CJYKW/Rsr6GkhlzBjhbjY+ITlwxyJzDPB6zguRQZLBzKEPkvf+Hv+2wr 202DijqPWUnth4qVLGXQZOARTZDNnwLuTaMNTuwL6bWhb+yXjr qtCr92H9l7G0bFdex5oM8ZBB2aON3/D+BH7x+m3S+TH6Yp8LlVFrBUBFsMa9O16+curgr97Pgc5gL2v2 yPDLpFt/aB7Ox0AngsyVQRkKZi6PuA5/F4xFj9aDqfMZR89XdG79B5hEzVGNcxAUaG3q6nrNlxLD+kbah6 iSeZq9A2YgQl8AY=';
function a($a){ return gzinflate(base64_decode($a));}
while(!$b){
if(substr($a,0,4) == 'eval' || !$count){
$a = a(str_replace(Array('eval(gzinflate(base64_decode( \'','\')));'),'',$a));
$count++;
}else
$b = true;
}
echo $a;
?>

Then I just went to view page source and copied it over the encoded footer.php code.
Reply With Quote
  #9  
Old 03-15-2008, 05:48 PM
Unregistered
Guest
 
Posts: n/a
Unhappy

i`ve got the same problem with my footer ... but i didn`t get how where u able to fix your problem
Reply With Quote
  #10  
Old 03-22-2008, 02:21 PM
Unregistered
Guest
 
Posts: n/a
Default gzinflate .....

Topunuzun sülalesini sikeyim. pis kafirler...

Last edited by Unregistered; 03-22-2008 at 02:23 PM. Reason: Link
Reply With Quote
Top SEO Tool
Harvester and Mass Blog Commenter
Blog Comment Software

Reply

Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Decoding Js help me Fantastikky Knowledgebase 0 01-05-2015 12:44 AM
Decoding Array unicornio Knowledgebase 0 10-22-2009 11:33 PM
Help with base64_decode Unregistered Knowledgebase 3 09-04-2009 10:52 PM
Decoding base64_decode murker Knowledgebase 0 02-05-2009 03:28 PM
help me eval(base64_decode(str_replace DoukanN Knowledgebase 0 01-05-2009 06:06 PM



Knowledgebase | SEO | Free Scripts | Free Wordpress Themes | Free Graphics

eval gzinflate base64 decode | SEO Addons


Forum time zone is GMT. Currently it's 09:43 PM.

SEO - Top



Web Design & SEO Forums