-
-
Save yireo/f9e3ba3b7e8cca7d74c3 to your computer and use it in GitHub Desktop.
| <?php | |
| /* | |
| * Basic script to decrypt files encoded with eval(gzinflate(base64_decode($data))); | |
| */ | |
| $file = 'encrypted.php'; | |
| $content = file_get_contents($file); | |
| function evaldecode($content, $step = 0) { | |
| //echo "STEP $step\n"; | |
| $step++; | |
| if(preg_match('/^eval\(/', $content)) { | |
| $content = str_replace('eval(', 'print(', $content); | |
| ob_start(); | |
| eval($content); | |
| $content = ob_get_contents(); | |
| ob_end_clean(); | |
| } | |
| $content = trim($content); | |
| if(preg_match('/^eval\(/', $content)) { | |
| $content = evaldecode($content, $step); | |
| } | |
| return $content; | |
| } | |
| echo evaldecode($content)."\n"; |
Thanks for sharing this.
<?php
eval ('echo "Hello world"');Is also valid syntax, so I updated with preg_replace() instead of str_replace()
function eval_decode($content, $step = 0)
{
$content = preg_replace('/\s*<\?php/', '', $content);
$pattern = '/eval\s*\(/';
$step++;
if (preg_match($pattern, $content)) {
$content = preg_replace($pattern, 'print(', $content);
ob_start();
eval($content);
$content = ob_get_contents();
ob_end_clean();
}
$content = trim($content);
if (preg_match($pattern, $content)) {
$content = eval_decode($content, $step);
}
return $content;
}
'.base64_decode(gzinflate(str_rot13(convert_uudecode(gzinflate(base64_decode('FZPXsaNQAEP/6QIwOWdMNpjMJefo/qvYtwVoRiOdA0o1ZeIi21/CHLBtKpaAfS8/QoRbWZNV1kukJAwx4sukw2e6TjqkKQudZ5c/wx8ENKQ4ruKwYu9LCOFNFAWfmtq7J1tQvyTWXycfi6t9TMx70Tnul3lkUIAAQ2R/g8DWJdyaT48d4E1IXsj79tuvtPrdnR5eTZR04oiI+8u/DS4deHOHaCVutx7ZfJpBAJEyECxaiM9NfSffX3gVsoO0a2Cqj/trqArRVd1zsso69TCjTF5VKv0jMRr5OSBQIQ3wrblU8MaXapPZCHBvafXBU2PoZFIQJA0RFG1EvjY+HzfzchIbVfhYD0UbAt1CTvNLfW+u3Z4JkR9l6b5GrxoM8hragbikcBByNHh90Fd3rGbWIess4G4ue39pV3RPJuvl5Fu9d/2lf7wVt2ec3N/bdBR91HKJPDJfhDkNcly2ZxAsKrcqilXiCQJfFksCD3OxsKlp59iSPD3FH/JwuoumTJ1uUUp1D/tUrGPOnLrV9li6U45dZ/6GgIGM6NMW63eEhTXr2Y+4C6vRLWfYKGparPCFrsq5VCw7cqGpzCat2O8k/7KGIEOAgZM4KVOyIpD3HE1eTkT02IjlmtrU69h+emHlSXEXW91r0fXqv0JkhR2f1Wb/goAsMbECk9zeZc4HZQSSsmaR4scOdNG1ktJj0ZvfBtp9ympofp6joXr0GUuTP5K/9HGNZ2EFW0jCR1XFE4OuS7Pafe6EssETu7lFzpAfBR+vDM+CE9sYlcVdxfH/aOkCH1AMwKLLBGlS8055yrwbyh1frk63LFGyXirN7lH8hkdCQuk1/Un1zdBLhkKgeX+Bk54/b7l4A44XRaa8uBh4sCwcn40aqle+yF+ctwCNS/zsnISIqfa5fC4OAvOFHutS1a7WlC0u8bpk2NqWdKkq9y3tzZJu9UZgDcKv/1hxGmm+8tSSudcmvvxxzh01Dj87KivFumYFKkiPjtg7du87Xmyrjza89yJHtO6H7XruOhlirBlDvrthCMB7G+34WoiNFZVHnskO4BPbcSa3q/667oKtnpiGjY0b3mGrT/RpBIttELbhUhBwUAk017WePVAjcXUJGpGqVr+HAk1Dy6qkmq2nF1ImJ2hnK9Ez0d7XmhWGESkhID6VznVNzz7Y3cVMFLhXIHM9Akc/wqiLsjpIwkX3lPY+LVagjYnlb2IYvM3iGwjY2qSvZH3qRJTJcsdg6KOI70FZSX0VRyrHTOPd1Cq9RWraaqD27TZleeebVBf4e6yeld5xC94khE0wcXPbP+njgWf265+nuvHmT67lf/I5FyfeORjJFiWkyrpz/m9JQBWwyMlf/nF1Gpm7o5yZS/lKnMhvlAIPfF72o3nuMG56GGzf+MMF1qISvBP++Y1VuhF8Mt9bBk/7BIX+zvQ60gLK/ca+dMgbV6T33ejbUggY/uDpeC4LD2f1mEPg+V3J70vhh/2j0dfAPkp4DYp0by3eiZiPHfBdCsaWtRNXwECKUcFLuCNYDGvtIHDTXc8XRpvS8bi97Xuq6XNruTP+et2H8X8lWSruJ0vX0b0E/zQDyWOajAtv1ScgYBHpCu4hX8wt5/q2cVHTSRtQvlRQm348ttINP9s2GCrjRzV+btc2DUtfIHv0t5r+XJWYBx7RPGpwFcxnGfLQB1vgc6HB4wfaZhwxcPpF8mvSaWi9Ncoi3YjyRwwUlcajvWuTuvfFkBeZ52UHfzcTxUx1cWMifm0P4VdH8U7scVjOH/SD/gE=')))))));
here is the decoded version
query("SELECT * FROM stories where story_time > '{$story_time}' order by story_id ASC"); if ($users_list->num_rows > 0) { $users = []; while ($list = $users_list->fetch_assoc()) { $users['u' . $list['user_id']] = $list; } foreach ($users as $key => $value) { //print_r($value); $stories_list = $mysqli->query("SELECT * FROM stories WHERE user_id='{$value['user_id']}' and story_time > '{$story_time}' order by story_id ASC"); if ($stories_list->num_rows > 0) { $user_stories = []; while ($list = $stories_list->fetch_assoc()) { $story['story_id'] = $list['story_id']; $story['story_source'] = $list['story_source']; $story['story_description'] = $list['story_description']; $story['story_type'] = $list['story_type']; $story['story_time'] = $list['story_time']; $story_seen = json_decode($list['story_seen'], true); $story['story_seen'] = is_array($story_seen) ? count($story_seen) : 0; array_push($user_stories, $story); } } $story_seen = in_array($data['user_id'], json_decode($value['story_seen'], true)) ? 'true' : 'false'; $user = userDetails($value['user_id']); $user_story_data = [ 'user_photo' => myavatar($user['user_tumb']), 'user_name' => '' . $user['user_name'] . '', 'user_id' => $user['user_id'], 'last_updated' => $value['story_time'], 'story_seen' => $story_seen, 'story' => $user_stories ]; array_push($stories, $user_story_data); } } echo json_encode(['stories' => $stories, 'stories_count' => count($stories)]); }
cool