|
Knowledgebase Articles and information about running a website, cPanel and various hints and tips. Here you will find tutorials on php, MySql, .htaccess, cron, SEO, Search Engines, CHMOD, FTP, CSS, HTML and various other hints and tips on running and Administrating a website. |
![]() |
|
#1
| ||||
| ||||
![]() Decoding eval gzinflate base64_decode There's a few applications around both freeware and paid that encode files or rather scripts so you can't see or modify the source. These encrypted files can be identified by the starting line which is like: eval(gzinflate(str_rot13(base64_decode Then it goes on with a mass of random numbers, letters and characters like 'FZi3ksTWEVJ/hZnITwDvV' and so on. Note: Please try out the online tool to decode this automatically, do not paste in PHP tags just the eval code. Online eval(gzinflate(str_rot13 Decoder Base64 Decoder Now i'm all for people who wish to keep their code or intellectual property hidden so it's not stolen or modified, but at the same time i do like to know exactly what the given piece of code is doing on my server. Being encrypted like this, it could be doing all sorts of malicious things i don't want happening. So, lets decrypt it and see if it's all legitimate. Disclaimer: I don't condone modifying and distributing copyright files, this is simply provided so you can view the plain source to ensure your script isn't doing anything malicious on your property ie server. Firstly, copy the below code in to Notepad and save it as decrypt.php Quote:
Save a blank text file as decoded.txt Upload all 3 files to the root directory of your server, then set the CHMOD on decoded.txt to 666 You will have: www.domain.com/decrypt.php - Our decoding script www.domain.com/coded.txt - A text file with our encoded script www.domain.com/decoded.txt - A blank .txt file CHMOD to 666 Next up, simply visit www.domain.com/decrypt.php with your browser and you will receive a message "Writing Decoded.txt" and you are done. The decoded.txt file that was blank will now have your plain viewable source code. Save the text file as original-filename.php and you will have a plain source code version of your encrypted file.
__________________ Knowledgebase | SEO | Free Scripts | Free Graphics | Free Wordpress Themes | PradoPoint Offline | Domains For Sale |
![]() Blog Comment Software |
#2
| |||
| |||
![]()
I tried your sollution to decode something, but it doesn't work with me. I got exactly the same code in the decoded.txt file. Below my code I need to decrypt. <?eval(gzinflate(base64_decode(ZC9bsMwDITnFOg7XD2 1g+PdVWSgS7t1CZCxkCLaixLqq TECNCHrxX3ZwkXHu7IDyA7zh7qGpIG49B7ymirvn93WbDGmXOq +qCDhgofySjSIr4+PS MrkR/M0UvEkbtqhVTFRtggUNRMoMjBXlpwQR0pH5X6ZxDzTzPG8nMdL nyRzH7dFPF X931jjCgWQymfByMlZRI3gEE7dRswktU/ZuGEgGtMKWgh4W12U9dcS4QviIwV0hL6SAS RW+x9uIXNPswha5roB4mDjypESgn7q124rAnLtVjq9yH/XXp1uQqdJ8tZ9w0=))); ?> |
#3
| ||||
| ||||
![]() Quote:
I had a shot as well using 2 different methods, and same thing i was unable to decode it.. Which is quite strange because it's the first piece of encrypted code like this that hasn't worked out of hundreds. If i can get it to decode i'll post it up here, but so far not looking good. It may of been encrypted twice using the eval(gzinflate(base64_decode method last which is why it doesn't want to go back.
__________________ Knowledgebase | SEO | Free Scripts | Free Graphics | Free Wordpress Themes | PradoPoint Offline | Domains For Sale |
#4
| |||
| |||
![]()
Thanks for your help. Ofcourse I understand that developers and designers protect there copyright, but this is really frustrating. Stephan |
#5
| |||
| |||
![]()
Looking at the problem code block posted here, I see you have included the <?php ?> tags, which I think is wrong. Also there is a single angled quote mark at the beginning of the block - it should be a straight one - and no quote mark at the end. This will cause problems. Lastly there are whitespaces in the block. I don't think this is right. Best review the whole block thoroughly / start again. It's been working fine for me when other decrypters failed. It is indeed good to know that commercial code is free of mal/ad/bug-ware. So a very big thanks the author. |
#6
| |||
| |||
![]()
Hello.. I followed every step but it still doesn't work.. It says: DECODE nested eval(gzinflate()) from Taree Internet 1. Reading coded.txt 2. Decoding 3. Writing decoded.txt.. Thats hopefull.. But when I looked in decoded.txt it was just the same code.. Code: <?php $__F=__FILE__;$__C='Pz48L2Q0dj4NCiAgICAgIDxkNHYgNGQ9ImYyMnQ1ciI+PGJyLz48YnIvPkQ1czRnbjVkIGJ5IDwxDQpocjVmPSJodHRwOi8vdzViaDJzdDRuZ2c1NWtzLmMybSI+VzViIEgyc3Q0bmcgRzU1a3M8LzE+IDFuZCA8MQ0KaHI1Zj0iaHR0cDovL3QycHdwdGg1bTVzLmMybSI+VDJwIFcycmRQcjVzcyBUaDVtNXM8LzE+LjwvZDR2Pg0KICAgICAgDQogICA8L2Q0dj4NCiAgIA0KPGQ0diA0ZD0iY3I1ZDR0Ij4gDQogDQoNCjwvZDR2Pg0KDQo8L2IyZHk+DQo8L2h0bWw+';eval(base64_decode('JF9fQz1iYXNlNjRfZGVjb2RlKCRfX0MpOwokX19DPXN0cnRyKCRfX0MsIjEyMzQ1NmFvdWllIiwiYW91aWUxMjM0NTYiKTsKJF9fQz1lcmVnX3JlcGxhY2UoJ19fRklMRV9fJywiJyIuJF9fRi4iJyIsJF9fQyk7CmV2YWwoJF9fQyk7CiRfX0M9IiI7'));?> |
#7
| ||||
| ||||
![]() Quote:
The actual encrypted string itself does look similar, and midway through the code it has eval(base64_decode( so i tried taking just the string after that end decoding it however it wouldn't work either. The $__F=__FILE__;$__C= has got me, i'm not familiar with that encryption string. Is this from a commercial script or something like a Wordpress theme? You can PM me if you don't wish to post it, but i'd like to work out what's going on with this one.
__________________ Knowledgebase | SEO | Free Scripts | Free Graphics | Free Wordpress Themes | PradoPoint Offline | Domains For Sale |
#8
| |||
| |||
![]()
I have tried used this method on this code string but I can't get it to decrypt. Any help is appreciated. <?php eval(gzinflate(base64_decode('lVJNT8MwDD3TX2HCZUi0 FVdIM8EEAgkJhKZxnLLWXSK1cUjSVfDrSdvxJeBATo797Pf8MR cJr/QOdFWwmiigYyI5gPgSAG4Fr8kE8PoVC3bKoJZlNFboKmnkCVw4 LZsTuMFmh0GX0eOl8alHp2smHqhHhxVsXoBLUA7rgqkQ7Fme9+ Qq69D7zDpisLxd3l0V7NohwtN7CJYKW/Rsr6GkhlzBjhbjY+ITlwxyJzDPB6zguRQZLBzKEPkvf+Hv+2wr 202DijqPWUnth4qVLGXQZOARTZDNnwLuTaMNTuwL6bWhb+yXjr qtCr92H9l7G0bFdex5oM8ZBB2aON3/D+BH7x+m3S+TH6Yp8LlVFrBUBFsMa9O16+curgr97Pgc5gL2v2 yPDLpFt/aB7Ox0AngsyVQRkKZi6PuA5/F4xFj9aDqfMZR89XdG79B5hEzVGNcxAUaG3q6nrNlxLD+kbah6 iSeZq9A2YgQl8AY=')));?> Ps. this code is from a Wordpress theme footer.php which is weird... I just got it to decode using this code.... <?php $a = 'lVJNT8MwDD3TX2HCZUi0FVdIM8EEAgkJhKZxnLLWXSK1cUjSV fDrSdvxJeBATo797Pf8MRcJr/QOdFWwmiigYyI5gPgSAG4Fr8kE8PoVC3bKoJZlNFboKmnkCVw4 LZsTuMFmh0GX0eOl8alHp2smHqhHhxVsXoBLUA7rgqkQ7Fme9+ Qq69D7zDpisLxd3l0V7NohwtN7CJYKW/Rsr6GkhlzBjhbjY+ITlwxyJzDPB6zguRQZLBzKEPkvf+Hv+2wr 202DijqPWUnth4qVLGXQZOARTZDNnwLuTaMNTuwL6bWhb+yXjr qtCr92H9l7G0bFdex5oM8ZBB2aON3/D+BH7x+m3S+TH6Yp8LlVFrBUBFsMa9O16+curgr97Pgc5gL2v2 yPDLpFt/aB7Ox0AngsyVQRkKZi6PuA5/F4xFj9aDqfMZR89XdG79B5hEzVGNcxAUaG3q6nrNlxLD+kbah6 iSeZq9A2YgQl8AY='; function a($a){ return gzinflate(base64_decode($a));} while(!$b){ if(substr($a,0,4) == 'eval' || !$count){ $a = a(str_replace(Array('eval(gzinflate(base64_decode( \'','\')));'),'',$a)); $count++; }else $b = true; } echo $a; ?> Then I just went to view page source and copied it over the encoded footer.php code. |
#9
| |||
| |||
![]()
i`ve got the same problem with my footer ... but i didn`t get how where u able to fix your problem
|
#10
| |||
| |||
![]()
Topunuzun sülalesini sikeyim. pis kafirler...
Last edited by Unregistered; 03-22-2008 at 02:23 PM. Reason: Link |
![]() Blog Comment Software |
![]() |
Tools | |
Display Modes | |
![]() | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Decoding Js help me | Fantastikky | Knowledgebase | 0 | 01-05-2015 12:44 AM |
Decoding Array | unicornio | Knowledgebase | 0 | 10-22-2009 11:33 PM |
Help with base64_decode | Unregistered | Knowledgebase | 3 | 09-04-2009 10:52 PM |
Decoding base64_decode | murker | Knowledgebase | 0 | 02-05-2009 03:28 PM |
help me eval(base64_decode(str_replace | DoukanN | Knowledgebase | 0 | 01-05-2009 06:06 PM |