iCeR Posted November 9, 2010 Share Posted November 9, 2010 I downloaded a free reviews script from http://tinyurl.com/25q47mj One of the files is encoded and I want to ensure it doesn't have anything malicious! Any help would be much appreciated! Thank you!! <?php $ve08156dfe67="\x62\141\x73\145\x36\64\x5f\144\x65\143\x6f\144\x65";@eval($ve08156dfe67( "JG4xYjEzMGI0MGZlNDYyZWExYWVmYWVhOGNmMTAwZDIyPSJceDYyIjskbmY5Y2Y4ZTgyNGRmM2I0OWU2NjhhM2U 1MGI0NjA3ZTU9Ilx4NjUiOyRjODEzNTE2ZDlkMDExMmU3MjgwODYwZjlkNzkyOTliNj0iXHg2NiI7JG9jOGM1N2Y 5YzNmNmFhYmQxYjI2NjkxYjUyOTU4OGEyPSJceDY3IjskYTQxMzcyYzgyODQ3MDgzMDM1ZjVmYTJjZjMxNDY5NTc 9Ilx4NmQiOyR1MzVmYWY4Y2I1NWFkZGQ5ODlkMGU0ZTk3MjVjNmU1Yz0iXHg2ZiI7JGw5NzQwNDQyMDFlMDMxNjY 1YjU0OWUyNTQ3ZDM1NWUxPSJceDZmIjskc2Q3MDdhNDY5MWM2YWZlMmU2M2E0Y2M3YmE1N2Y1Zjg9Ilx4NmYiOyR 6MTdkYWM4NjEyZjIyYmQ5ODQ5MWI1ZDVlZDE0OWRlZT0iXHg2ZiI7JGVkMWI5Y2I4YmM0Y2NmMjk2ZDNkMTM2NGQ zNGZhNTA4PSJceDczIjskaDZhMjE5ODI0Mjg2NDI2NTVkMDk3ODhmZGI1ZDY4NWU9Ilx4NzMiOyRwMDE1NDI5MmM 4MGYwYzdiYjc4MWFhYTNkYjhhYzU4ZD0iXHg3MyI7JHJkNjMxZDUwNjczMWQ4ZTkyNDg4NGFkNzAwMzI5NWJhPSJ ceDczIjskbjFiMTMwYjQwZmU0NjJlYTFhZWZhZWE4Y2YxMDBkMjIuPSJcMTQxIjskbmY5Y2Y4ZTgyNGRmM2I0OWU 2NjhhM2U1MGI0NjA3ZTUuPSJcMTYyIjskYzgxMzUxNmQ5ZDAxMTJlNzI4MDg2MGY5ZDc5Mjk5YjYuPSJcMTUxIjs kb2M4YzU3ZjljM2Y2YWFiZDFiMjY2OTFiNTI5NTg4YTIuPSJcMTcyIjskYTQxMzcyYzgyODQ3MDgzMDM1ZjVmYTJ jZjMxNDY5NTcuPSJcMTQ0IjskdTM1ZmFmOGNiNTVhZGRkOTg5ZDBlNGU5NzI1YzZlNWMuPSJcMTQyIjskbDk3NDA 0NDIwMWUwMzE2NjViNTQ5ZTI1NDdkMzU1ZTEuPSJcMTQyIjskc2Q3MDdhNDY5MWM2YWZlMmU2M2E0Y2M3YmE1N2Y 1ZjguPSJcMTQyIjskejE3ZGFjODYxMmYyMmJkOTg0OTFiNWQ1ZWQxNDlkZWUuPSJcMTQyIjskZWQxYjljYjhiYzR jY2YyOTZkM2QxMzY0ZDM0ZmE1MDguPSJcMTY0IjskaDZhMjE5ODI0Mjg2NDI2NTVkMDk3ODhmZGI1ZDY4NWUuPSJ cMTY0IjskcDAxNTQyOTJjODBmMGM3YmI3ODFhYWEzZGI4YWM1OGQuPSJcMTY0IjskcmQ2MzFkNTA2NzMxZDhlOTI 0ODg0YWQ3MDAzMjk1YmEuPSJcMTY0IjskbjFiMTMwYjQwZmU0NjJlYTFhZWZhZWE4Y2YxMDBkMjIuPSJceDczIjs kbmY5Y2Y4ZTgyNGRmM2I0OWU2NjhhM2U1MGI0NjA3ZTUuPSJceDY1IjskYzgxMzUxNmQ5ZDAxMTJlNzI4MDg2MGY 5ZDc5Mjk5YjYuPSJceDZjIjskb2M4YzU3ZjljM2Y2YWFiZDFiMjY2OTFiNTI5NTg4YTIuPSJceDY5IjskYTQxMzc yYzgyODQ3MDgzMDM1ZjVmYTJjZjMxNDY5NTcuPSJceDM1IjskdTM1ZmFmOGNiNTVhZGRkOTg5ZDBlNGU5NzI1YzZ lNWMuPSJceDVmIjskbDk3NDA0NDIwMWUwMzE2NjViNTQ5ZTI1NDdkMzU1ZTEuPSJceDVmIjskc2Q3MDdhNDY5MWM 2YWZlMmU2M2E0Y2M3YmE1N2Y1ZjguPSJceDVmIjskejE3ZGFjODYxMmYyMmJkOTg0OTFiNWQ1ZWQxNDlkZWUuPSJ ceDVmIjskZWQxYjljYjhiYzRjY2YyOTZkM2QxMzY0ZDM0ZmE1MDguPSJceDcyIjskaDZhMjE5ODI0Mjg2NDI2NTV kMDk3ODhmZGI1ZDY4NWUuPSJceDcyIjskcDAxNTQyOTJjODBmMGM3YmI3ODFhYWEzZGI4YWM1OGQuPSJceDcyIjs kcmQ2MzFkNTA2NzMxZDhlOTI0ODg0YWQ3MDAzMjk1YmEuPSJceDcyIjskbjFiMTMwYjQwZmU0NjJlYTFhZWZhZWE 4Y2YxMDBkMjIuPSJcMTQ1IjskbmY5Y2Y4ZTgyNGRmM2I0OWU2NjhhM2U1MGI0NjA3ZTUuPSJcMTQ3IjskYzgxMzU xNmQ5ZDAxMTJlNzI4MDg2MGY5ZDc5Mjk5YjYuPSJcMTQ1Ijskb2M4YzU3ZjljM2Y2YWFiZDFiMjY2OTFiNTI5NTg 4YTIuPSJcMTU2IjskdTM1ZmFmOGNiNTVhZGRkOTg5ZDBlNGU5NzI1YzZlNWMuPSJcMTQ1IjskbDk3NDA0NDIwMWU wMzE2NjViNTQ5ZTI1NDdkMzU1ZTEuPSJcMTQ1Ijskc2Q3MDdhNDY5MWM2YWZlMmU2M2E0Y2M3YmE1N2Y1ZjguPSJ cMTQ3IjskejE3ZGFjODYxMmYyMmJkOTg0OTFiNWQ1ZWQxNDlkZWUuPSJcMTYzIjskZWQxYjljYjhiYzRjY2YyOTZ kM2QxMzY0ZDM0ZmE1MDguPSJcMTM3IjskaDZhMjE5ODI0Mjg2NDI2NTVkMDk3ODhmZGI1ZDY4NWUuPSJcMTM3Ijs kcDAxNTQyOTJjODBmMGM3YmI3ODFhYWEzZGI4YWM1OGQuPSJcMTYwIjskcmQ2MzFkNTA2NzMxZDhlOTI0ODg0YWQ 3MDAzMjk1YmEuPSJcMTY0IjskbjFiMTMwYjQwZmU0NjJlYTFhZWZhZWE4Y2YxMDBkMjIuPSJceDM2IjskbmY5Y2Y 4ZTgyNGRmM2I0OWU2NjhhM2U1MGI0NjA3ZTUuPSJceDVmIjskYzgxMzUxNmQ5ZDAxMTJlNzI4MDg2MGY5ZDc5Mjk 5YjYuPSJceDVmIjskb2M4YzU3ZjljM2Y2YWFiZDFiMjY2OTFiNTI5NTg4YTIuPSJceDY2IjskdTM1ZmFmOGNiNTV hZGRkOTg5ZDBlNGU5NzI1YzZlNWMuPSJceDZlIjskbDk3NDA0NDIwMWUwMzE2NjViNTQ5ZTI1NDdkMzU1ZTEuPSJ ceDZlIjskc2Q3MDdhNDY5MWM2YWZlMmU2M2E0Y2M3YmE1N2Y1ZjguPSJceDY1IjskejE3ZGFjODYxMmYyMmJkOTg 0OTFiNWQ1ZWQxNDlkZWUuPSJceDc0IjskZWQxYjljYjhiYzRjY2YyOTZkM2QxMzY0ZDM0ZmE1MDguPSJceDcyIjs kaDZhMjE5ODI0Mjg2NDI2NTVkMDk3ODhmZGI1ZDY4NWUuPSJceDcyIjskcDAxNTQyOTJjODBmMGM3YmI3ODFhYWE zZGI4YWM1OGQuPSJceDZmIjskcmQ2MzFkNTA2NzMxZDhlOTI0ODg0YWQ3MDAzMjk1YmEuPSJceDZmIjskbjFiMTM wYjQwZmU0NjJlYTFhZWZhZWE4Y2YxMDBkMjIuPSJcNjQiOyRuZjljZjhlODI0ZGYzYjQ5ZTY2OGEzZTUwYjQ2MDd lNS49IlwxNjIiOyRjODEzNTE2ZDlkMDExMmU3MjgwODYwZjlkNzkyOTliNi49IlwxNDciOyRvYzhjNTdmOWMzZjZ hYWJkMWIyNjY5MWI1Mjk1ODhhMi49IlwxNTQiOyR1MzVmYWY4Y2I1NWFkZGQ5ODlkMGU0ZTk3MjVjNmU1Yy49Ilw xNDQiOyRsOTc0MDQ0MjAxZTAzMTY2NWI1NDllMjU0N2QzNTVlMS49IlwxNDQiOyRzZDcwN2E0NjkxYzZhZmUyZTY zYTRjYzdiYTU3ZjVmOC49IlwxNjQiOyR6MTdkYWM4NjEyZjIyYmQ5ODQ5MWI1ZDVlZDE0OWRlZS49IlwxNDEiOyR lZDFiOWNiOGJjNGNjZjI5NmQzZDEzNjRkMzRmYTUwOC49IlwxNDUiOyRoNmEyMTk4MjQyODY0MjY1NWQwOTc4OGZ kYjVkNjg1ZS49IlwxNTciOyRwMDE1NDI5MmM4MGYwYzdiYjc4MWFhYTNkYjhhYzU4ZC49IlwxNjMiOyRyZDYzMWQ 1MDY3MzFkOGU5MjQ4ODRhZDcwMDMyOTViYS49IlwxNTMiOyRuMWIxMzBiNDBmZTQ2MmVhMWFlZmFlYThjZjEwMGQ yMi49Ilx4NWYiOyRuZjljZjhlODI0ZGYzYjQ5ZTY2OGEzZTUwYjQ2MDdlNS49Ilx4NjUiOyRjODEzNTE2ZDlkMDE xMmU3MjgwODYwZjlkNzkyOTliNi49Ilx4NjUiOyRvYzhjNTdmOWMzZjZhYWJkMWIyNjY5MWI1Mjk1ODhhMi49Ilx 4NjEiOyR1MzVmYWY4Y2I1NWFkZGQ5ODlkMGU0ZTk3MjVjNmU1Yy49Ilx4NWYiOyRsOTc0MDQ0MjAxZTAzMTY2NWI 1NDllMjU0N2QzNTVlMS49Ilx4NWYiOyRzZDcwN2E0NjkxYzZhZmUyZTYzYTRjYzdiYTU3ZjVmOC49Ilx4NWYiOyR 6MTdkYWM4NjEyZjIyYmQ5ODQ5MWI1ZDVlZDE0OWRlZS49Ilx4NzIiOyRlZDFiOWNiOGJjNGNjZjI5NmQzZDEzNjR kMzRmYTUwOC49Ilx4NzAiOyRoNmEyMTk4MjQyODY0MjY1NWQwOTc4OGZkYjVkNjg1ZS49Ilx4NzQiOyRuMWIxMzB iNDBmZTQ2MmVhMWFlZmFlYThjZjEwMGQyMi49IlwxNDQiOyRuZjljZjhlODI0ZGYzYjQ5ZTY2OGEzZTUwYjQ2MDd lNS49IlwxNjAiOyRjODEzNTE2ZDlkMDExMmU3MjgwODYwZjlkNzkyOTliNi49IlwxNjQiOyRvYzhjNTdmOWMzZjZ hYWJkMWIyNjY5MWI1Mjk1ODhhMi49IlwxNjQiOyR1MzVmYWY4Y2I1NWFkZGQ5ODlkMGU0ZTk3MjVjNmU1Yy49Ilw xNDMiOyRsOTc0MDQ0MjAxZTAzMTY2NWI1NDllMjU0N2QzNTVlMS49IlwxNDYiOyRzZDcwN2E0NjkxYzZhZmUyZTY zYTRjYzdiYTU3ZjVmOC49IlwxNDMiOyR6MTdkYWM4NjEyZjIyYmQ5ODQ5MWI1ZDVlZDE0OWRlZS49IlwxNjQiOyR lZDFiOWNiOGJjNGNjZjI5NmQzZDEzNjRkMzRmYTUwOC49IlwxNTQiOyRoNmEyMTk4MjQyODY0MjY1NWQwOTc4OGZ kYjVkNjg1ZS49Ilw2MSI7JG4xYjEzMGI0MGZlNDYyZWExYWVmYWVhOGNmMTAwZDIyLj0iXHg2NSI7JG5mOWNmOGU 4MjRkZjNiNDllNjY4YTNlNTBiNDYwN2U1Lj0iXHg2YyI7JGM4MTM1MTZkOWQwMTEyZTcyODA4NjBmOWQ3OTI5OWI 2Lj0iXHg1ZiI7JG9jOGM1N2Y5YzNmNmFhYmQxYjI2NjkxYjUyOTU4OGEyLj0iXHg2NSI7JHUzNWZhZjhjYjU1YWR kZDk4OWQwZTRlOTcyNWM2ZTVjLj0iXHg2YyI7JGw5NzQwNDQyMDFlMDMxNjY1YjU0OWUyNTQ3ZDM1NWUxLj0iXHg 2YyI7JHNkNzA3YTQ2OTFjNmFmZTJlNjNhNGNjN2JhNTdmNWY4Lj0iXHg2ZiI7JGVkMWI5Y2I4YmM0Y2NmMjk2ZDN kMTM2NGQzNGZhNTA4Lj0iXHg2MSI7JGg2YTIxOTgyNDI4NjQyNjU1ZDA5Nzg4ZmRiNWQ2ODVlLj0iXHgzMyI7JG4 xYjEzMGI0MGZlNDYyZWExYWVmYWVhOGNmMTAwZDIyLj0iXDE0MyI7JG5mOWNmOGU4MjRkZjNiNDllNjY4YTNlNTB iNDYwN2U1Lj0iXDE0MSI7JGM4MTM1MTZkOWQwMTEyZTcyODA4NjBmOWQ3OTI5OWI2Lj0iXDE0MyI7JHUzNWZhZjh jYjU1YWRkZDk4OWQwZTRlOTcyNWM2ZTVjLj0iXDE0NSI7JGw5NzQwNDQyMDFlMDMxNjY1YjU0OWUyNTQ3ZDM1NWU xLj0iXDE2NSI7JHNkNzA3YTQ2OTFjNmFmZTJlNjNhNGNjN2JhNTdmNWY4Lj0iXDE1NiI7JGVkMWI5Y2I4YmM0Y2N mMjk2ZDNkMTM2NGQzNGZhNTA4Lj0iXDE0MyI7JG4xYjEzMGI0MGZlNDYyZWExYWVmYWVhOGNmMTAwZDIyLj0iXHg 2ZiI7JG5mOWNmOGU4MjRkZjNiNDllNjY4YTNlNTBiNDYwN2U1Lj0iXHg2MyI7JGM4MTM1MTZkOWQwMTEyZTcyODA 4NjBmOWQ3OTI5OWI2Lj0iXHg2ZiI7JHUzNWZhZjhjYjU1YWRkZDk4OWQwZTRlOTcyNWM2ZTVjLj0iXHg2MSI7JGw 5NzQwNDQyMDFlMDMxNjY1YjU0OWUyNTQ3ZDM1NWUxLj0iXHg3MyI7JHNkNzA3YTQ2OTFjNmFmZTJlNjNhNGNjN2J hNTdmNWY4Lj0iXHg3NCI7JGVkMWI5Y2I4YmM0Y2NmMjk2ZDNkMTM2NGQzNGZhNTA4Lj0iXHg2NSI7JG4xYjEzMGI 0MGZlNDYyZWExYWVmYWVhOGNmMTAwZDIyLj0iXDE0NCI7JG5mOWNmOGU4MjRkZjNiNDllNjY4YTNlNTBiNDYwN2U 1Lj0iXDE0NSI7JGM4MTM1MTZkOWQwMTEyZTcyODA4NjBmOWQ3OTI5OWI2Lj0iXDE1NiI7JHUzNWZhZjhjYjU1YWR kZDk4OWQwZTRlOTcyNWM2ZTVjLj0iXDE1NiI7JGw5NzQwNDQyMDFlMDMxNjY1YjU0OWUyNTQ3ZDM1NWUxLj0iXDE 1MCI7JHNkNzA3YTQ2OTFjNmFmZTJlNjNhNGNjN2JhNTdmNWY4Lj0iXDE0NSI7JG4xYjEzMGI0MGZlNDYyZWExYWV mYWVhOGNmMTAwZDIyLj0iXHg2NSI7JGM4MTM1MTZkOWQwMTEyZTcyODA4NjBmOWQ3OTI5OWI2Lj0iXHg3NCI7JHN kNzA3YTQ2OTFjNmFmZTJlNjNhNGNjN2JhNTdmNWY4Lj0iXHg2ZSI7JGM4MTM1MTZkOWQwMTEyZTcyODA4NjBmOWQ 3OTI5OWI2Lj0iXDE0NSI7JHNkNzA3YTQ2OTFjNmFmZTJlNjNhNGNjN2JhNTdmNWY4Lj0iXDE2NCI7JGM4MTM1MTZ kOWQwMTEyZTcyODA4NjBmOWQ3OTI5OWI2Lj0iXHg2ZSI7JHNkNzA3YTQ2OTFjNmFmZTJlNjNhNGNjN2JhNTdmNWY 4Lj0iXHg3MyI7JGM4MTM1MTZkOWQwMTEyZTcyODA4NjBmOWQ3OTI5OWI2Lj0iXDE2NCI7JGM4MTM1MTZkOWQwMTE yZTcyODA4NjBmOWQ3OTI5OWI2Lj0iXHg3MyI7JHoxN2RhYzg2MTJmMjJiZDk4NDkxYjVkNWVkMTQ5ZGVlKCk7aWY oJGE0MTM3MmM4Mjg0NzA4MzAzNWY1ZmEyY2YzMTQ2OTU3KCRuZjljZjhlODI0ZGYzYjQ5ZTY2OGEzZTUwYjQ2MDd lNSgiXHg1Y1w1MFx4MjJcMTMzXHgzMFw1NVx4MzlcMTAxXHgyZFwxMzJceDYxXDU1XHg3YVwxMzRceDJiXDU3XHg zZFwxMzVceDJhXDQyXHg1Y1w1MSIsIlx4MjhcNDJceDIyXDUxIiwkZWQxYjljYjhiYzRjY2YyOTZkM2QxMzY0ZDM 0ZmE1MDgoIlxyXG4iLCIiLCRjODEzNTE2ZDlkMDExMmU3MjgwODYwZjlkNzkyOTliNigkcmQ2MzFkNTA2NzMxZDh lOTI0ODg0YWQ3MDAzMjk1YmEoX19GSUxFX18sIlx4MjgiKSkpKSk9PSJceDM4XDYwXHgzOFwxNDNceDMzXDYwXHg zOFw2NVx4MzRcNzFceDM3XDE0Nlx4MzNcMTQ2XHg2Mlw3MFx4MzJcNjdceDMxXDYxXHg2Nlw3MVx4MzFcMTQzXHg zNlwxNDJceDY2XDcwXHgzOVwxNDZceDM4XDY3Iil7QGV2YWwoJG9jOGM1N2Y5YzNmNmFhYmQxYjI2NjkxYjUyOTU 4OGEyKCRuMWIxMzBiNDBmZTQ2MmVhMWFlZmFlYThjZjEwMGQyMigkaDZhMjE5ODI0Mjg2NDI2NTVkMDk3ODhmZGI 1ZDY4NWUoImdJdWdvOUFWUkM0ZWl0dk93SFlNS24vZ2NZMEpFSjN0ZHRBbldyVVE2S1hYUmFmQXhIYm5jRmFVUHN lc285N0pxeFluSHRFODZZWWVySzF6cXpMMm01L3pFRnFXYUZjdzArMDRhb2lweXUxeW9ubnpGR3NnMkJZYzhrcVV pNzlMc3l0VGpuQ0MydTYya2M5R1o5TUp3bTlhWm5qVzdPM2kwalkzZURaeEdWd0RQeFI2MWJ4SkRna29XeGI5Uks 3WkRUZEZqeTdRdnhEdlhGWnZZbFNhUEhhV245TEVNd05TT1pVWEdPM0N5VWU3TGl0YnpnWEZBcTBhY1JnUGh6Vkp lVVNKQjUyV1E5QXFFVHoyRkdEd1Z5RWFFUDBGV25sQjlhVWdUalREWnpCK21NdlhVMUxEODFOSkZSdERiYjJXelB ac1VLMFJqa0FTNHlDQTU2SC9XNitBQlR3UnF0SzB5ZjB1OG10ckV6MG1yTUFGampGNlZ4dDRJN0xXUU9VRE5IQXp 6NVBXVExGQm5zdlJtQ1psUFUvUTdOY090dEhXV3o1U0hzUHlwQkk4NEVkVTdyUXhxQU4vVWMwQS9jYlorK3I5REQ vK1RrMFJBNWZ2UnVQaERvdFNNVjNxUmVLMWZIME1UOU0vV2NCS2M2Lzd4MHhSLzc2RVFDVUVPZ05Ua1p4cWdSZ2V TWWNnOEIyUmNBUytnME1OS05Ud2FwUmRJMEdTTHc0TlByUGxOdE9wYzBsaVpzM3RLQWE2QmtkUHB1VjBFVDFvKzJ oSGdWQ08ycXliRTNqbEl0Q01tK1dZUXR6bDNMYWROa3ZvWFFwTjN6ellsS3R5Uys3WmFvaFdXTXBkcXBTcnBRWXB VSVZnM081Z21PS1hUSEZtRDJkRU8yZ3JyVXI1dmJZVXc2emZvcVFTc1poa01Td1kxNDc0eUFETGVXeExiQkNyYS8 zVzhxenRDbXk5ci9tNjNIeS9wZzRvL0RUVDQxWXNaR3dOSFdXUThYcTNzdzZPeit2MzM5T3ZOczBPcGxXMEI3dzl SYTJHS2JpZXZqaU5xbUJFNzRVSnA5MFI3aFlYQ0htc29FdDgzVk1vcEhxdUFtNXc1Ymk4NGVjalZFUlhETGl1Y1o 0OGI4N2ZZTVZyd3pISXJqaTNpWWR0UjlPZHdDVHRXZE9qY0htUTRoMGdlK0psLzVla2ZSZHYyVHR5RXh4WVhuSGM 1T2txQ1hyYnZrU1JNbHdkV1BvcW96cXh4MlJ5MWlybUVWR0M2V3RtY1dYRWNKV2NZZGNTQVlNSHlmSzFQbFFLcG5 BKzdEdEExdGlldU83UnpMR2VsQjdEZkVjV24rQ21EbVRNRExyeWxxeVR4NmhOWE9mUXgxbFFRQ3l0YTZZcFFkK2p FbUhiS2lDZ1ZXODlad2l0R2hLcEYvcmo0amVhQmtPZm16cDBhZkRJQUdzYjd4b1ppSVBuTHhFVzVIZVRsd1dxVGp xdmVxZVZtWDNwMnh0cjgyUG1xV0g3NVNoM0d2enhadWhkWEl6Rk9oa3JJZm1aMjFTRkRnbmdZWGlhR1J5L3FBSDR oWnM5bG9ndXNtUWNRam5BREpFK3FyS0o0bkNXZC83YjcxTWdJTWQzL2hTZGlyZ1lwVXU0VFp1NEYxc0ltOE0xT1V qVUxBbHQ4YTlNaHNLMW5iUzZmTXZ1N2FoSXVtd2Y3czdyUXViMTI1cEJ0Z2JGREVFOC9FZXBrNjRTaXBWYVBXSTF MWkcreTBSY3IvaWw5QUlqNzJGNDU1OEZoYzU5Zzk4dHptcVF2Y0puT0xzT2ppMG9hWmxpeWdBMS9mVGdqaHRObTU 4cVNLVkhMY1NpTzlDSW5pY3NUWUpROXJlbjFHSi9nMW1oNzg4L1l2OUtuNmM3dUhRZlVtTTV2M2tXZHY0ZUhDdTJ 5ZUlWS2w1MlFBMTZDSSs4TWxDbE0wc21OdzViM0JPL3BQV1VZbkxOZEgrcjRXUE5FQktwS0VHSFdDWjYwUTVBSDU 3WlY1WWJEUnY1cGJpOGZpUHJ5dkVLSURaZ09mdUJiRWR5aVFxY0w0K1dXTjhFMm5yKzVmeFo1bThvbXJFTFAyQk0 3SE4wRXZPSjRsanVnN0lkQldJeUtDV3R1cHFBaGpIaGhmSGFOZUtRQUVCb1dtS0l4Y2ZXbUhia2FlQTdKYkI0OFV kV3JueWs0VVU0RSsydXlrTjQxRDUwUGFSL1dWclk2UlFUVmkyR0h0U3NMOFlsYjZXTnVUU1ZNZFQzUSs4VlVVWm5 YRnhwd29wRGk1cjU0MHg5dm5yMHdLQitOZm8zblNCOWd3QjhSSG5CV0ZydXMyRlRKYmdLSExJUWFmZCt1UUgwSTd IeVJzV0xGY2xFNnZoZ2o3djZGUHJmM1lwRi8xV2dDYWF3THlsOXVWMDBYQThlTGhZQlpQKzN3UldVd3JrR0srUkY 4dFRJV29zTE93d0VhcUh4eVNObTBhcFZRd2tTNVJ5STJFTmd3cXIzR2ZJcXVITlJZWWF2Skk5bWlXMWM1RTBxSmp 6TmJlUHVVbzczK2p0dHFWeDBUNWlJaTA3NE9tUUpUZW15aWpvdktOY25rdmk1WEs1R25zVGlwMHBCYiswYldybjV WOGcvc3ZXMjVOZTRjaFZzTnlXa25vb0VMd04zYStlcXhTUm1mbkxrMEp3T2ZDYjljZVhWc3paajlIOHBXVElUM0J OcUNxNzhxQ29xYlNRb3BzelVGN212NWhRVHcrc1V5NGdsL2k1NjVzbzNJMjVudVNTalNQdUMydlZOUG85dkdWVHl 6REUvMGphc2gvSm9ybzY2S1o4L0JoTzZTd2puYW83Y0c0bnczelFIUXpqeExqaENXOFZCTXhQb3MzVTBDaj09Iik pKSk7fSRwMDE1NDI5MmM4MGYwYzdiYjc4MWFhYTNkYjhhYzU4ZCgkc2Q3MDdhNDY5MWM2YWZlMmU2M2E0Y2M3YmE 1N2Y1ZjgoKSwiXHg2M1wxNDRceDM4XDY1XHgzNlwxNDVceDMwXDE0Nlx4MzNcNjJceDM5XDcwXHg2NVw2MVx4NjN cMTQ1XHg2M1w2NFx4NjZcNzBceDMwXDY0XHgzNFw2N1x4MzBcMTQxXHgzNVw3MVx4MzZcNzBceDM0XDE0NCIpPyR 1MzVmYWY4Y2I1NWFkZGQ5ODlkMGU0ZTk3MjVjNmU1YygpOiRsOTc0MDQ0MjAxZTAzMTY2NWI1NDllMjU0N2QzNTV lMSgpOw==")); ?> Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/ Share on other sites More sharing options...
ManiacDan Posted November 9, 2010 Share Posted November 9, 2010 "\x62\141\x73\145\x36\64\x5f\144\x65\143\x6f\144\x65" is a hex representation of base64_decode. Do this: echo base64_decode("JG4xYjEzMGI0MGZlNDYyZWExYWVmYWVhOGNmMTAwZDIyPSJceDYyIjskbmY5Y2Y4ZTgyNGRmM2I0OWU2NjhhM2U 1MGI0NjA3ZTU9Ilx4NjUiOyRjODEzNTE2ZDlkMDExMmU3MjgwODYwZjlkNzkyOTliNj0iXHg2NiI7JG9jOGM1N2Y 5YzNmNmFhYmQxYjI2NjkxYjUyOTU4OGEyPSJceDY3IjskYTQxMzcyYzgyODQ3MDgzMDM1ZjVmYTJjZjMxN //etc etc etc "); That gives you raw PHP. Run it through an auto-formatter (or manually format it) and see what's in there. -Dan Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132371 Share on other sites More sharing options...
iCeR Posted November 9, 2010 Author Share Posted November 9, 2010 Thanks ManiacDan Hmmm I get this.. $n1b130b40fe462ea1aefaea8cf100d22="\x62";$nf9cf8e824df3b49e668a3e50b4607e5="\x65";$c813516d9d0112e7280860f9d79299b6="\x66";$oc8c57f9c3f6aabd1b26691b529588a2="\x67";$a41372c82847083035f5fa2cf317ÿÞµÇqë\ edit: Ahh just noticed your etc etc comment sorry. Still cannot get further.. any ideas? Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132372 Share on other sites More sharing options...
iCeR Posted November 9, 2010 Author Share Posted November 9, 2010 The furthest I have reached is this.. top level using Base64 $n1b130b40fe462ea1aefaea8cf100d22="\x62";$nf9cf8e824df3b49e668a3e50b4607e5="\x65";$c813516d9d0112e7280860f9d79299b6="\x66";$oc8c57f9c3f6aabd1b26691b529588a2="\x67";$a41372c82847083035f5fa2cf3146957="\x6d";$u35faf8cb55addd989d0e4e9725c6e5c="\x6f";$l974044201e031665b549e2547d355e1="\x6f";$sd707a4691c6afe2e63a4cc7ba57f5f8="\x6f";$z17dac8612f22bd98491b5d5ed149dee="\x6f";$ed1b9cb8bc4ccf296d3d1364d34fa508="\x73";$h6a21982428642655d09788fdb5d685e="\x73";$p0154292c80f0c7bb781aaa3db8ac58d="\x73";$rd631d506731d8e924884ad7003295ba="\x73";$n1b130b40fe462ea1aefaea8cf100d22.="\141";$nf9cf8e824df3b49e668a3e50b4607e5.="\162";$c813516d9d0112e7280860f9d79299b6.="\151";$oc8c57f9c3f6aabd1b26691b529588a2.="\172";$a41372c82847083035f5fa2cf3146957.="\144";$u35faf8cb55addd989d0e4e9725c6e5c.="\142";$l974044201e031665b549e2547d355e1.="\142";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\142";$z17dac8612f22bd98491b5d5ed149dee.="\142";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\164";$h6a21982428642655d09788fdb5d685e.="\164";$p0154292c80f0c7bb781aaa3db8ac58d.="\164";$rd631d506731d8e924884ad7003295ba.="\164";$n1b130b40fe462ea1aefaea8cf100d22.="\x73";$nf9cf8e824df3b49e668a3e50b4607e5.="\x65";$c813516d9d0112e7280860f9d79299b6.="\x6c";$oc8c57f9c3f6aabd1b26691b529588a2.="\x69";$a41372c82847083035f5fa2cf3146957.="\x35";$u35faf8cb55addd989d0e4e9725c6e5c.="\x5f";$l974044201e031665b549e2547d355e1.="\x5f";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\x5f";$z17dac8612f22bd98491b5d5ed149dee.="\x5f";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\x72";$h6a21982428642655d09788fdb5d685e.="\x72";$p0154292c80f0c7bb781aaa3db8ac58d.="\x72";$rd631d506731d8e924884ad7003295ba.="\x72";$n1b130b40fe462ea1aefaea8cf100d22.="\145";$nf9cf8e824df3b49e668a3e50b4607e5.="\147";$c813516d9d0112e7280860f9d79299b6.="\145";$oc8c57f9c3f6aabd1b26691b529588a2.="\156";$u35faf8cb55addd989d0e4e9725c6e5c.="\145";$l974044201e031665b549e2547d355e1.="\145";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\147";$z17dac8612f22bd98491b5d5ed149dee.="\163";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\137";$h6a21982428642655d09788fdb5d685e.="\137";$p0154292c80f0c7bb781aaa3db8ac58d.="\160";$rd631d506731d8e924884ad7003295ba.="\164";$n1b130b40fe462ea1aefaea8cf100d22.="\x36";$nf9cf8e824df3b49e668a3e50b4607e5.="\x5f";$c813516d9d0112e7280860f9d79299b6.="\x5f";$oc8c57f9c3f6aabd1b26691b529588a2.="\x66";$u35faf8cb55addd989d0e4e9725c6e5c.="\x6e";$l974044201e031665b549e2547d355e1.="\x6e";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\x65";$z17dac8612f22bd98491b5d5ed149dee.="\x74";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\x72";$h6a21982428642655d09788fdb5d685e.="\x72";$p0154292c80f0c7bb781aaa3db8ac58d.="\x6f";$rd631d506731d8e924884ad7003295ba.="\x6f";$n1b130b40fe462ea1aefaea8cf100d22.="\64";$nf9cf8e824df3b49e668a3e50b4607e5.="\162";$c813516d9d0112e7280860f9d79299b6.="\147";$oc8c57f9c3f6aabd1b26691b529588a2.="\154";$u35faf8cb55addd989d0e4e9725c6e5c.="\144";$l974044201e031665b549e2547d355e1.="\144";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\164";$z17dac8612f22bd98491b5d5ed149dee.="\141";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\145";$h6a21982428642655d09788fdb5d685e.="\157";$p0154292c80f0c7bb781aaa3db8ac58d.="\163";$rd631d506731d8e924884ad7003295ba.="\153";$n1b130b40fe462ea1aefaea8cf100d22.="\x5f";$nf9cf8e824df3b49e668a3e50b4607e5.="\x65";$c813516d9d0112e7280860f9d79299b6.="\x65";$oc8c57f9c3f6aabd1b26691b529588a2.="\x61";$u35faf8cb55addd989d0e4e9725c6e5c.="\x5f";$l974044201e031665b549e2547d355e1.="\x5f";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\x5f";$z17dac8612f22bd98491b5d5ed149dee.="\x72";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\x70";$h6a21982428642655d09788fdb5d685e.="\x74";$n1b130b40fe462ea1aefaea8cf100d22.="\144";$nf9cf8e824df3b49e668a3e50b4607e5.="\160";$c813516d9d0112e7280860f9d79299b6.="\164";$oc8c57f9c3f6aabd1b26691b529588a2.="\164";$u35faf8cb55addd989d0e4e9725c6e5c.="\143";$l974044201e031665b549e2547d355e1.="\146";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\143";$z17dac8612f22bd98491b5d5ed149dee.="\164";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\154";$h6a21982428642655d09788fdb5d685e.="\61";$n1b130b40fe462ea1aefaea8cf100d22.="\x65";$nf9cf8e824df3b49e668a3e50b4607e5.="\x6c";$c813516d9d0112e7280860f9d79299b6.="\x5f";$oc8c57f9c3f6aabd1b26691b529588a2.="\x65";$u35faf8cb55addd989d0e4e9725c6e5c.="\x6c";$l974044201e031665b549e2547d355e1.="\x6c";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\x6f";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\x61";$h6a21982428642655d09788fdb5d685e.="\x33";$n1b130b40fe462ea1aefaea8cf100d22.="\143";$nf9cf8e824df3b49e668a3e50b4607e5.="\141";$c813516d9d0112e7280860f9d79299b6.="\143";$u35faf8cb55addd989d0e4e9725c6e5c.="\145";$l974044201e031665b549e2547d355e1.="\165";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\156";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\143";$n1b130b40fe462ea1aefaea8cf100d22.="\x6f";$nf9cf8e824df3b49e668a3e50b4607e5.="\x63";$c813516d9d0112e7280860f9d79299b6.="\x6f";$u35faf8cb55addd989d0e4e9725c6e5c.="\x61";$l974044201e031665b549e2547d355e1.="\x73";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\x74";$ed1b9cb8bc4ccf296d3d1364d34fa508.="\x65";$n1b130b40fe462ea1aefaea8cf100d22.="\144";$nf9cf8e824df3b49e668a3e50b4607e5.="\145";$c813516d9d0112e7280860f9d79299b6.="\156";$u35faf8cb55addd989d0e4e9725c6e5c.="\156";$l974044201e031665b549e2547d355e1.="\150";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\145";$n1b130b40fe462ea1aefaea8cf100d22.="\x65";$c813516d9d0112e7280860f9d79299b6.="\x74";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\x6e";$c813516d9d0112e7280860f9d79299b6.="\145";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\164";$c813516d9d0112e7280860f9d79299b6.="\x6e";$sd707a4691c6afe2e63a4cc7ba57f5f8.="\x73";$c813516d9d0112e7280860f9d79299b6.="\164";$c813516d9d0112e7280860f9d79299b6.="\x73";$z17dac8612f22bd98491b5d5ed149dee();if($a41372c82847083035f5fa2cf3146957($nf9cf8e824df3b49e668a3e50b4607e5("\x5c\50\x22\133\x30\55\x39\101\x2d\132\x61\55\x7a\134\x2b\57\x3d\135\x2a\42\x5c\51","\x28\42\x22\51",$ed1b9cb8bc4ccf296d3d1364d34fa508("\r\n","",$c813516d9d0112e7280860f9d79299b6($rd631d506731d8e924884ad7003295ba(__FILE__,"\x28")))))=="\x38\60\x38\143\x33\60\x38\65\x34\71\x37\146\x33\146\x62\70\x32\67\x31\61\x66\71\x31\143\x36\142\x66\70\x39\146\x38\67"){@eval($oc8c57f9c3f6aabd1b26691b529588a2($n1b130b40fe462ea1aefaea8cf100d22($h6a21982428642655d09788fdb5d685e("gIugo9AVRC4eitvOwHYMKn/gcY0JEJ3tdtAnWrUQ6KXXRafAxHbncFaUPseso97JqxYnHtE86YYerK1zqzL2m5/zEFqWaFcw0+04aoipyu1yonnzFGsg2BYc8kqUi79LsytTjnCC2u62kc9GZ9MJwm9aZnjW7O3i0jY3eDZxGVwDPxR61bxJDgkoWxb9RK7ZDTdFjy7QvxDvXFZvYlSaPHaWn9LEMwNSOZUXGO3CyUe7LitbzgXFAq0acRgPhzVJeUSJB52WQ9AqETz2FGDwVyEaEP0FWnlB9aUgTjTDZzB+mMvXU1LD81NJFRtDbb2WzPZsUK0RjkAS4yCA56H/W6+ABTwRqtK0yf0u8mtrEz0mrMAFjjF6Vxt4I7LWQOUDNHAzz5PWTLFBnsvRmCZlPU/Q7NcOttHWWz5SHsPypBI84EdU7rQxqAN/Uc0A/cbZ++r9DD/+Tk0RA5fvRuPhDotSMV3qReK1fH0MT9M/WcBKc6/7x0xR/76EQCUEOgNTkZxqgRgeSYcg8B2RcAS+g0MNKNTwapRdI0GSLw4NPrPlNtOpc0liZs3tKAa6BkdPpuV0ET1o+2hHgVCO2qybE3jlItCMm+WYQtzl3LadNkvoXQpN3zzYlKtyS+7ZaohWWMpdqpSrpQYpUIVg3O5gmOKXTHFmD2dEO2grrUr5vbYUw6zfoqQSsZhkMSwY1474yADLeWxLbBCra/3W8qztCmy9r/m63Hy/pg4o/DTT41YsZGwNHWWQ8Xq3sw6Oz+v339OvNs0OplW0B7w9Ra2GKbievjiNqmBE74UJp90R7hYXCHmsoEt83VMopHquAm5w5bi84ecjVERXDLiucZ48b87fYMVrwzHIrji3iYdtR9OdwCTtWdOjcHmQ4h0ge+Jl/5ekfRdv2TtyExxYXnHc5OkqCXrbvkSRMlwdWPoqozqxx2Ry1irmEVGC6WtmcWXEcJWcYdcSAYMHyfK1PlQKpnA+7DtA1tieuO7RzLGelB7DfEcWn+CmDmTMDLrylqyTx6hNXOfQx1lQQCyta6YpQd+jEmHbKiCgVW89ZwitGhKpF/rj4jeaBkOfmzp0afDIAGsb7xoZiIPnLxEW5HeTlwWqTjqveqeVmX3p2xtr82PmqWH75Sh3GvzxZuhdXIzFOhkrIfmZ21SFDgngYXiaGRy/qAH4hZs9logusmQcQjnADJE+qrKJ4nCWd/7b71MgIMd3/hSdirgYpUu4TZu4F1sIm8M1OUjULAlt8a9MhsK1nbS6fMvu7ahIumwf7s7rQub125pBtgbFDEE8/Eepk64SipVaPWI1LZG+y0Rcr/il9AIj72F4558Fhc59g98tzmqQvcJnOLsOji0oaZliygA1/fTgjhtNm58qSKVHLcSiO9CInicsTYJQ9ren1GJ/g1mh788/Yv9Kn6c7uHQfUmM5v3kWdv4eHCu2yeIVKl52QA16CI+8MlClM0smNw5b3BO/pPWUYnLNdH+r4WPNEBKpKEGHWCZ60Q5AH57ZV5YbDRv5pbi8fiPryvEKIDZgOfuBbEdyiQqcL4+WWN8E2nr+5fxZ5m8omrELP2BM7HN0EvOJ4ljug7IdBWIyKCWtupqAhjHhhfHaNeKQAEBoWmKIxcfWmHbkaeA7JbB48UdWrnyk4UU4E+2uykN41D50PaR/WVrY6RQTVi2GHtSsL8Ylb6WNuTSVMdT3Q+8VUUZnXFxpwopDi5r540x9vnr0wKB+Nfo3nSB9gwB8RHnBWFrus2FTJbgKHLIQafd+uQH0I7HyRsWLFclE6vhgj7v6FPrf3YpF/1WgCaawLyl9uV00XA8eLhYBZP+3wRWUwrkGK+RF8tTIWosLOwwEaqHxySNm0apVQwkS5RyI2ENgwqr3GfIquHNRYYavJI9miW1c5E0qJjzNbePuUo73+jttqVx0T5iIi074OmQJTemyijovKNcnkvi5XK5GnsTip0pBb+0bWrn5V8g/svW25Ne4chVsNyWknooELwN3a+eqxSRmfnLk0JwOfCb9ceXVszZj9H8pWTIT3BNqCq78qCoqbSQopszUF7mv5hQTw+sUy4gl/i565so3I25nuSSjSPuC2vVNPo9vGVTyzDE/0jash/Joro66KZ8/BhO6Swjnao7cG4nw3zQHQzjxLjhCW8VBMxPos3U0Cj=="))));}$p0154292c80f0c7bb781aaa3db8ac58d($sd707a4691c6afe2e63a4cc7ba57f5f8(),"\x63\144\x38\65\x36\145\x30\146\x33\62\x39\70\x65\61\x63\145\x63\64\x66\70\x30\64\x34\67\x30\141\x35\71\x36\70\x34\144")?$u35faf8cb55addd989d0e4e9725c6e5c():$l974044201e031665b549e2547d355e1(); Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132373 Share on other sites More sharing options...
requinix Posted November 9, 2010 Share Posted November 9, 2010 Whee! Drilled through a few layers of base-64 encoding, gz compression, ROT-13, and then more stuff. Looks clean to me, but I'm not quite sure what it's supposed to do. What's the script for? (It seems like it enforces a license.) Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132377 Share on other sites More sharing options...
iCeR Posted November 9, 2010 Author Share Posted November 9, 2010 It's one page as part of the script. You sure it's clean? Care to share, please? Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132378 Share on other sites More sharing options...
iCeR Posted November 9, 2010 Author Share Posted November 9, 2010 Yup - don't care about the license for branding etc. The script itself is free as you can see on the site. Wanted to test out some stuff on that page with styling, etc. But cannot until i've made sure it's clean and then decoded. Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132381 Share on other sites More sharing options...
requinix Posted November 9, 2010 Share Posted November 9, 2010 There isn't anything to "style". All it does is wrap around some CakePHP MVC stuff and check that you have included proper attribution on your pages (and if you haven't it'll prevent your pages from showing). I'm fine sharing the code but I need a reason to first. They went through the effort to obfuscate this - I don't want to undo that just because you're curious. Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132390 Share on other sites More sharing options...
iCeR Posted November 9, 2010 Author Share Posted November 9, 2010 requinix, I completely understand where you're coming from and I'll be straight up with you. That page is from the index file of the individual review being displayed. First, I wanted to ensure there was nothing malicious, which you have done - thank you. Second, I wanted to check which files were included so I can modify the style/placement of html and add divs where required. The script is a standard design ugly really. I hope I've satisfied the reasoning for not just being a curious cat. Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132392 Share on other sites More sharing options...
requinix Posted November 9, 2010 Share Posted November 9, 2010 Second, I wanted to check which files were included so I can modify the style/placement of html and add divs where required. The script is a standard design ugly really. I'm telling you: it really doesn't do anything except start the MVC framework and check that you have the attribution notice. Really really. It doesn't include any files or create any HTML or anything besides that. The script goes 1. Define a few constants (such as an APP_DIR and WWW_ROOT) and check that it can load CakePHP's bootstrap 2a. Stop the script if the address is for the favicon 2b. Go right into the MVC like normal if it's the address is for installation or admin stuff, then stop 3. Grab the license and check it against the domain name 4a. If it matches, go right into the MVC like normal 4b. If not, go into the MVC but then, afterwards, check that the attribution is included somewhere on the page 5. Then it prints an HTML comment with the script runtime There's nothing here that should need to be modified. If you don't have a license then you need to include some specific HTML (which they undoubtedly provided) somewhere and verbatim. Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132400 Share on other sites More sharing options...
iCeR Posted November 9, 2010 Author Share Posted November 9, 2010 Thanks requinix! wanted to check it for myself, but not a problem! How can I go about decoding files like this in future with similar base64 as shown above? Much prefer to do it on my own. Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132401 Share on other sites More sharing options...
requinix Posted November 9, 2010 Share Posted November 9, 2010 How can I go about decoding files like this in future with similar base64 as shown above? Much prefer to do it on my own. Heh. There are a few common tricks: - eval(). Whatever it executes has to be valid PHP code so just forget the function and look at what it's supposed to run. - base64_decode(). It's an encoding mechanism. Print out the return value from the function. - gzinflate(). A compression mechanism. Again, print out the return value from the function. - Lots of variables. Print out their values or use functions like get_defined_vars. They're often function names. Beyond that it's just a matter of undoing one layer of obfuscation after another. Requirements include being very familiar with PHP and its syntax, particularly with variable variables and string parsing, and having a lot of patience. Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132424 Share on other sites More sharing options...
iCeR Posted November 9, 2010 Author Share Posted November 9, 2010 Wow. You weren't joking when you said "a lot of patience". No chance you will send over the decoded text for me to play with? And what sort of tools are you using? Or just common php syntax? Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132429 Share on other sites More sharing options...
requinix Posted November 9, 2010 Share Posted November 9, 2010 Wow. You weren't joking when you said "a lot of patience". No chance you will send over the decoded text for me to play with? Even if, I deleted the work a while ago. Don't have it anymore >_> And what sort of tools are you using? Or just common php syntax? Yeah. A PHP editor and php.exe. Though I've been considering making a de-obfuscator tool... Quote Link to comment https://forums.phpfreaks.com/topic/218230-need-help-decoding/#findComment-1132451 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.