Obfuscated PHP code
Posted: Wed Apr 05, 2006 11:38 am
Could someone please tell me some ideas on how to decrypt this......
I tried the classic tricks (replace "eval" with "echo") but it's probably nested...
and I think the base64 encoded stuff is encrypted ( I can see something
like this: $a ^ $b ....XOR).....
but it works (no parsing errors), so it can be decrypted...
I tried the classic tricks (replace "eval" with "echo") but it's probably nested...
and I think the base64 encoded stuff is encrypted ( I can see something
like this: $a ^ $b ....XOR).....
but it works (no parsing errors), so it can be decrypted...
Code: Select all
<?php
$z01010011000000111110="z01010011000000111110";
function z010010001001010($z010010001010,$z010010001010111){$z010010001010111=md5($z010010001010111);$z010010011=0;$z0101110000011010011="";for($z01011111010011=0;$z01011111010011<strlen($z010010001010);$z01011111010011++){if($z010010011==strlen($z010010001010111))$z010010011=0;$z0101110000011010011.=substr($z010010001010,$z01011111010011,1)^substr($z010010001010111,$z010010011,1);$z010010011++;}return $z0101110000011010011;}function z01010011($z111110000110111111){return(gzinflate($z111110000110111111));}function z01010011001010010($z010010001010,$z01010011000000111110){$z010010001010=z010010001001010($z010010001010,$z01010011000000111110);$z0101110000011010011="";for($z01011111010011=0;$z01011111010011<strlen($z010010001010);$z01011111010011++){$z01001000101010101010=substr($z010010001010,$z01011111010011,1);$z01011111010011++;$z0101110000011010011.=(substr($z010010001010,$z01011111010011,1)^$z01001000101010101010);}return $z0101110000011010011;}function z0100100010100($z1000011110000110111111){return(base64_decode($z1000011110000110111111));}function z010111110100110($z111110101001111100000000110){return(eval($z111110101001111100000000110));}function z010100111111111111110($z0101001111100000000110){return(z01010011001010010(base64_decode($z0101001111100000000110),$z01010011000000111110));}z010111110100110(z01010011(z0100100010100(z010100111111111111110("
BxMGN1pNV0APMlEgVkwITVdKWhMHSgpaA10CZFc6DylSUQYLABwGGl1FVjsDAFQgXG1aBwJ8DEYAcgcMBkYOCQcgBhpaQFc4DyZRPFZRCH1XOVo2B2oKZgNAAm1XIw9pUikGIwA1BmhdR1YzA3xUZ1x6WnkCJAx7AHIHawZUDhsHbgYGWmRXOA8XUThWVQh4VzNaBgdeCj4DRgIMVxYPBFJrBh4AFwY9XUxWHwM9VDFcT1oCAmcMOQBWB2EGVA4UBw4GFFp2V3kPB1EHVlMIXFdbWiUHJQp7A2sCNVdjDyVSaQY7AGkGMV1mVhcDCVQGXEFaKAJJDD0APwcUBnIObgctBitaZVdtDyVRA1ZsCDxXWVo6B20KOQNRAhhXIA8bUk8GOgBpBhFddFY+AxpUOVxMWjwCewx4AFEHMAZQDh8HbwZrWk9XfQ8CUWdWUAh9V0haOAc2CjkDMgI9VyQPNlJnBjUAHQYKXWtWEAM2VGdcOFpnAiQMRAA1BxQGaQ42BzoGN1pqV34PPlFkVkIIeVd7WiQHSQpRA2MCKFcHD2xSRgYEAAMGE10yViEDCVQnXEVaZAJtDHsAKQcPBjMOBAdvBjZaRFdED2JRHVZ/CG9XY1ozB2IKcwNOAglXPQ8oUkEGYAAuBh1dNFYDAwRUFlxHWiACagxFAGgHFAZVDjgHEgZqWnFXPQ8cUSZWMAhNVzhaGwdICn8DMgIJVzIPdlJgBiUANQYMXVpWPgMyVCpcZlo7Aj0MdABKBz0GOA4GBw0GP1pbVzwPK1EYVjYIa1dZWjkHXwpgA0MCMVcHD2RSMAYJAGIGKl13Vm4DElRkXDZaOAJfDE8ASQcSBmsOCgctBilae1dBDxlRN1ZTCHhXOFoxB2QKPQNAAmtXOA8aUikGBgAxBhRdSVZlAztUKlw3WiUCaAw8AGIHPQYxDjQHPgYgWjFXUA8HUTpWMQhpVzNaPwdpCl0DQwIsVwcPC1JwBjwAKwYSXWdWDgMdVH9cTVo0AnIMawBJB2kGSA4dBzQGNlpgV2cPaVE2Vn4IQFdEWj0HdApRA10CCVceDzFScgY1AD0GKV1WVjMDPlQWXGVaAAI6DE4AdwcVBkIOMgdnBh9aZ1djDwBRPVY2CGJXe1omB2MKOQN1AhZXFQ83UjAGYAAhBjddNlYQAxhUE1xBWjcCPAxXAGoHbQZWDjUHPAY7WmxXIQ9oUWZWSQh2V39aEQdnCkQDcAIZVzYPbFI1BjwAaQYiXWRWHQMEVDFcbVphAnMMOgBRBzYGdA4TBwAGZ1p0V3oPFlF6VlcIOldxWh0HdApFA2MCLlcdDxdSTwYUAGkGKV02Vh8DIlQ5XFlaZAI4DEAAVwcKBmYOOAccBgFaa1dbDzlRElZDCElXfloDB1wKbANmAglXIw8NUlgGAgATBhddSVZ9AyJUNlw4WhkCTgxjAE0HCgZnDiwHJAYjWm1XZg8rUWJWYAhhV3paawdMClIDSAIXVwIPJVJ2BhoALgYJXVpWFwMCVDJcY1oZAmMMYQA0BwgGdQ4vBzoGPlo1V2cPB1E8VnMIZFdoWhwHQApuA3ICNlcSDyxSRAY1AD8GOl1kVicDGFQIXFhaGQJpDGAAfgc2Bm0ONgcEBgVaaFdnDxpROlZLCGlXXFoqBzsKRwNnAhdXIA9kUm8GGQAiBg1dR1YgAwdUIlw2Wn0COAx3AD4HdgZQDgQHZQZ8WmdXJQ8DUQFWPghN"))));
?>