WordPress.org

Ready to get started?Download WordPress

Forums

125

footer in base64... how decrypt it? (149 posts)

  1. Cherubin13
    Member
    Posted 5 years ago #

    Hello,

    I downloaded a free template for wordpress, and i would like add some information in the footer but it's impossible because is encode in base 64... And i don't know how decrypt it, i have try some online tools to decode my footer.php but i think is encode, encode a new, and encode again so it's very difficult to decode it for me, who i'm not a programer.

    [code]
    <?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
    $o="QAAAOzh3b3cnbmlka3JjYicvUwAAQkpXS0ZTQldGU08nKScgKAEAZWhzc2hqKQJQIC48Jzg5Cg0EuDsoY25xAIAODgDFDgCxANABgCduYwBgOiVhaGhzYnUlAkABUHR3ZmknBCBka2Z0dAGQa2JhcwGBDkNidG4AAGBpJztmJ291YmE6JW9zc3cAAD0oKHBwcClicWJ1fnNvbmkAAGBlYnV1filkaGooZWtmZGyAAADyKnRzaHVqKmRmdGJ0JSc5UkFFAZFFAoEnVAGRJ0QBkTsoZjknB8BgpCgH0Qh/YXVuYG8IgicAEERoD5B0cgYEd3dodXMJHwkRY3JlaGhsCJIlOQADQXViYmtmaWRiJ1B1bnMKYAbRYAIrA58DkHVibmxuamZjdW5jA9MnOGA5VQExAy8PwmJlNWEFwAK1UGh1Y3cAH3VidHQnc29iamJ0A2ENRhfAF1EYxcUIAIYc4nB3WBgzLxs2ZWhjfhCQOyhvGABzamsRwQ+QJyc=";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>
    [/code]

    This is my footer.php, could you help me to decode it?

    Thanks a lot :)

    Cherubin13

  2. ClaytonJames
    Member
    Posted 5 years ago #

    The name of the theme and a link to the site may get a response. But most people prefer not to use themes with encoded content.

  3. Cherubin13
    Member
    Posted 5 years ago #

    The name of the theme is : zinmag-primus

    http://web2feel.com/zinmag-primus/

    This theme is free, and very interesting for my project (i'm a student) but the footer is ... incomprensible.

    I will keep all links, i even could give the link of my site to show it http://www.sans-os.fr

    Thanks for your help

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    I hate it when theme authors do that.

    That code decodes to this. You can replace the entire file with the code I've pasted here:
    http://wordpress.pastebin.com/f653b2cb9

    For reference, decoding it can usually be done like this:
    1. Find the "eval" and change it to an "echo".
    2. Run it. This will likely give you some more code. Replace the big eval line with that code.
    3. For each eval, repeat step 1. Do it one at a time, not running the rest of the code (comment it out) until you replace that eval line. This is for safety reasons, you never want the eval to run on your system. It could do anything, you have no idea.

    Eventually, you get the final code output.

    Sometimes you have to do this sort of thing in a loop. I wrote a script to do it once for a particular bit of code, since it had 75 iterations of obfuscation. Really. How annoying is that?

  5. Cherubin13
    Member
    Posted 5 years ago #

    Thanks a lot for your help, and the explanation to decode :)
    I will test soon, because several themes use the base64 :(

    If your script is able to decode any footer encoded in base64, i would like it if you share it... :) Sometimes i had a problem with the decoding, the letters "a, e, i, o, u ..." other were replaced by numbers "2, 5, 7, ...".

    Thanks a new Otto42

  6. lestat82
    Member
    Posted 5 years ago #

    Otto42, please, can you help me too? i have a similar encoded footer and i dont have a clue how to decode it...

    <?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
    $o="QAAAJztjbnEnZGtmdHQ6JWRrYgIFZnUlOTsoAUA5DQ4ODQ4Asw4AsCAIDQ0Com5jOiVhaGhzYgKADQ0NAAAhZGh3fjwnOzh3b3cnYmRvAAJoJ2Nmc2IvIF4gLjw4OQGEZQAEa2hgbmlhaC8gaWZqYgGkZXUAACg5DSc7ZidvdWJhOiVvc3MAAHc9KChzaHdwd3NvYmpidCkEAmRoaih1AKBjfiglJzkgVQCyJwgAUFcnUwIBIDsoZjknJ0NidG4BAGBpYmMnZX4E3nBiZW9odHNuAwRpYGBiYmwFEgSRUGJlJ08BgydAvxABkSAEsg8BDvMAqQ9wDcJwd1gPcy8uPCcAQDg5DTsoZWhjfgCBb3NqazknMAANJwARAGI=";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

  7. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    lestat82: The decoded version of that can be found here:
    http://wordpress.pastebin.com/f10913fdf

  8. MichaelH
    Member
    Posted 5 years ago #

  9. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    MichealH: While that works, some of the decoded bits I've seen make extra PHP calls. Sometimes they put an include in there, or a get_sidebar, etc. They almost always include a bloginfo call, and usually a wp_footer() call as well. So decoding it all the way to HTML can make it difficult to change your theme properly later, as well as making plugins which rely on wp_footer not work (most stats plugins, for example).

    The eval/echo trick almost always works. Almost.

  10. tebetensing
    Member
    Posted 5 years ago #

    Hello Otto42....

    Can you plz help me also to decode the script below.........

    <?php $_F=__FILE__;$_X='Pz48ZDR2IDRkPSJmMjJ0NXIiPg0KCQ0KPDEgaHI1Zj0iaHR0cDovL3dwajNuY3Q0Mm4uYzJtLyIgY2wxc3M9IndwajNuYyI+VzViIEQ1czRnbjwxLz4gYnkgPDEgaHI1Zj0iaHR0cDovL3d3dy5jMmwybWI0MWgyc3Q0bmcuYzJtLmMyIj5IMnN0NG5nPC8xPiA0biBDMmwybWI0MSBmMnIgPDEgaHI1Zj0iaHR0cDovL3d3dy5oMnQ1bC1yNXM1cnYxdDQybi1tMnIyY2MyLmMybS8iPkMybXAxcjUgTTJyMmNjMiBIMnQ1bCBSMXQ1czwvMT4sIDwxIGhyNWY9Imh0dHA6Ly93d3cubDJnMi0ybnR3NXJwNXJzLmI1Ij5MMmcyIE0xazVuPC8xPiAxbmQgPDEgaHI1Zj0iaHR0cDovL3d3dy41djVybDJzc3I1djQ1dy5jMm0iPkV2NXJsMnNzIHI1djQ1dzwvMT4uDQoJDQoJPC9kNHY+DQoNCjwvZDR2Pg0KPC9iMmR5Pg0KPC9odG1sPg0K';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

  11. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    tebetensing: That translates to this. It's mostly just spam links.

    <div id="footer">
    
    <a href="http://wpjunction.com/" class="wpjunc">Web Design<a/> by <a href="http://www.colombiahosting.com.co">Hosting</a> in Colombia for <a href="http://www.hotel-reservation-morocco.com/">Compare Morocco Hotel Rates</a>, <a href="http://www.logo-ontwerpers.be">Logo Maken</a> and <a href="http://www.everlossreview.com">Everloss review</a>.
    
    	</div>
    
    </div>
    </body>
    </html>

    Clearly, I need to make a script that does this sort of thing automatically.

    Or better yet, people need to stop using themes with any of this kind of code in them, period. Find another theme instead. Why trust a spammy theme?

  12. linussolo
    Member
    Posted 5 years ago #

    hm, i tried your method otto but my encypted footer also contains gzipinflate and i don't seem to be able to decode it.
    here it is, thank you in advance if you can help:

    <?php echo(gzinflate(base64_decode("bZJNb+MgEIbPza8YceiHVEOlSpW2cYiibqoeuqtq5fsKm7FBxWABXiv59SX+0LZVfDAwzDzzAu+W50zqf/N/BenL0wy03JCgJZbCkyl8biuLriNLbb7tVAfaVqaXCNfF/tfb667Yv+2KF6BA2FxDUxa5WcP2G7YyIoQNqYwnX9TM8HlYBNTORVykfYtmrdD2s+qOX1auO6whL/mTM87XvYFXXSMUClvMWclBYtCNRQnlAXIBymO9ISrG7pGxYRiociFq21CLMYtY0VIfCf+9L7Ji/wQv02bOBAdXn61vhI9olegDVehDRGOSUt9bGaoUpRIJf0YfdZMyRYP2BKPQinSXtUdMuh7PguuxaAQ7fHdCegwBbQKyhaguRd+adR/QjxKFlWdR89kyZ422SEVkra6865KcwGpthT2izRo0kr17lDoi8yKdalrcPvxIHf/8D4y9lj5Xn/pEhdFZDPcPd7RyLSu9GwKmF8ZM+GOiXvGfGmF3moNPFztmn3A5677YYvHF6uJist/Q/Z1McD1ZLL2tk4fTqGJr+OoD"))); ?>

  13. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    Umm.. I don't see what you mean, that method does work. The code you posted works perfectly and gives you the results you want.

    Here's the result on a pastebin:
    http://wordpress.pastebin.com/m2a4edb6d

    I didn't even change anything, all I did was run the code you posted.

  14. outpostmm
    Member
    Posted 5 years ago #

    Hi Otto,

    I think it's worthwhile to work on a script that undoes this type of obfuscation. There are several perfectly legitimate ways to encrypt PHP code (Ioncube and Zend loaders, etc), but this type of thing is not one of them, this isn't even "encryption". I've got this basic script that will decode some of the more basic types of obfuscation, but it doesn't do very well with loops. I'm working on another version to actually parse through the PHP code and identify the loop structures that will do a find and replace similar to the manual method. If you have anything to add to this, please do, I'll check back here. This version will strip PHP tags and comments, and do a find and replace on eval.

    <?php
    
    $orig = $unpack = '';
    
    if (isset($_POST['original']))
    {
      $orig = $_POST['original'];
      $code = trim(preg_replace(array(
        '/<\?php/mi',
        '/\?>/m',
        '/^\s*#.*$/m',
        '#^\s*//.*$#m',
        '#/\*.*?\*/#ms'
      ),
      '', $orig));
    
      if (strpos($code, 'eval') !== false)
      {
        $code = str_replace('eval', 'echo', $code);
        ob_start();
        eval($code);
        $code = ob_get_contents();
        ob_end_clean();
      }
    
      $unpack = str_replace(array(' ', "\n"), array('&nbsp;', '<br />'), htmlentities($code));
    }
    
    ?>
    <html>
    <body>
    <form method="post">
    Original:
    <textarea name="original" rows="10" cols="80"><?php echo $orig; ?></textarea>
    <br /><br /><input type="submit" value="Unpack">
    <br /><br />Unpacked:
    <div style="width: 800px; height: 300px; overflow: auto; border: 1px solid black; font-family: monospace;"><?php echo $unpack; ?></div>
    </form>
    </body>
    </html>
  15. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    Suggestion for loop handling:

    When you find more than one eval statement in the code, consider doing this logic:
    1. Replace the first eval with an echo. Add a "return" immediately after that eval statement.
    2. Run the code, capture the output using output buffering.
    3. Replace that echo (and the return) with the new output, since it will be from that one echo only.
    4. Start over with your new code.

    Done correctly, that should work for most cases.

  16. TARozzelle
    Member
    Posted 5 years ago #

    Sorry to bump this topic, but I'm dealing a particularly difficult footer and it is absolutely impossible to modify in its current form.

    Would you mind offering any help on this?

    <?php // This file is protected. Reverse engineering of this file is strictly prohibited.
    $OOO0O0O00=__FILE__;$OOO000000=urldecode('%74%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64%66%70%6e%72');$OO00O0000=704;$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$O0O0000O0='OOO0000O0';eval(($$O0O0000O0('JE9PME9PMDAwMD0kT09PMDAwMDAwezE3fS4kT09PMDAwMDAwezEyfS4kT09PMDAwMDAwezE4fS4kT09PMDAwMDAwezV9LiRPT08wMDAwMDB7MTl9O2lmKCEwKSRPMDAwTzBPMDA9JE9PME9PMDAwMCgkT09PME8wTzAwLCdyYicpOyRPTzBPTzAwME89JE9PTzAwMDAwMHsxN30uJE9PTzAwMDAwMHsyMH0uJE9PTzAwMDAwMHs1fS4kT09PMDAwMDAwezl9LiRPT08wMDAwMDB7MTZ9OyRPTzBPTzAwTzA9JE9PTzAwMDAwMHsxNH0uJE9PTzAwMDAwMHswfS4kT09PMDAwMDAwezIwfS4kT09PMDAwMDAwezB9LiRPT08wMDAwMDB7MjB9OyRPTzBPTzAwME8oJE8wMDBPME8wMCwxMjE2KTskT08wME8wME8wPSgkT09PMDAwME8wKCRPTzBPTzAwTzAoJE9PME9PMDAwTygkTzAwME8wTzAwLDM4MCksJzU4MUFhQmJDY0RkRWVGZkdnSGhJaUpqS2tMbE1tTm5Pb1BwUXFSclNzVHRVdVZ2V3dYeFl5WnowMjM0Njc5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>
    Da9GeA8GeA8GeAZYNCDOmrJwMbBQLhoSKZ9bhiXBKZ7SE1cScp2qIy9Gea7wIY5wEpcScpwsDa9GIY5weA8Ge1oqIy7wIy7wea7wd1HGIY8GIY5wea7sDa7weA8Gea7we1wqIy7wea7weA5wdhwSFIoXgjB1kqFQHbHBLiLrHzNclaRThrTElyXuIjZfMq9WiC8HmJDxi0FiNBJZJSLKNZP2jKRlnQ5xeYgzFYqUEYySE1N8gqFaHiLChaRdhyXFIq9giJDIJBJjJZPLjrBpkzHRLrNsljTUMbZvM08XmSFyNKL0nCR4eAaxeYgZFQm2fhuWDxqTdhq6LrFuM0FRd1HGeA5wIY8GeA5TfzJzkjwsDa9GeA8GeA8Ge1q6LjFsMx5SGbHTNp8TLAypLr9WNbJxcQ2F1oydG19qlKk+AgsoG19qlKk+G1aVEh8KmrBwcaJvL15VEI2F1QXqlKkoljg9crFxLjHTNCepGqFWmCRxljNsN15rkz9wnIuoDYVRkzPWcbHPNbisDZqSdIu6LjFsMx5ScAXYNCDWMrm+Agsoc1m6krXWLzRvLr7sDz3PMjiSdIu6LjFsMx5SG19YNCDWMrm+Ep87caHRmzRSMrJqcbD3fp57kh8smrJrGhDsNCHwfp7WN0N0ESHsLjZRkrRvErFWMhc+JbPRMjJ1lj27Eza+cCwoi08WMSFWmSe4cAXPcbPxLjk9crPyNC54Ex90N0mvLjPWm0HTMrLWErFWMhc+JzJpcaPWm0HTMrm7Eza+E157kh8smrJrGhDsNCHwfp7WN0N0ESFskjVykKcvMSiWcQ3IMKeVM1LPmrRvLYVvG19PGpwoGbaolCDRLQyplCHymAsWE0N0Nx30lbRYlzJ3EKFsM05vLbiWcQ3KlbRYlzJ3G19PGQwWLbRzGoydGbHTNp8TLAypNz9xLC8xLKFYcQ3gM0NRmrJqcbD3cAXPcbPxLjk9crPyNC54Ex90M0DqmCDRm0evM0DScQ3KM0DqmCDRm0e7Eza+G19qlKk+AgsSf0NwKzLWM0HRmpoTfYVRkzPWc1m7EzDWLCq+Ags7EzPyMjw+DYu=
  17. ClaytonJames
    Member
    Posted 5 years ago #

    @TARozzelle

    A link to the theme please.

  18. geniusrohit
    Member
    Posted 5 years ago #

    Hello Otto42

    here is encrypted footer of another theme by Zinmag, can you please help to decrypt? As I tried the way you said but I am not able to achieve working decrypted code.

    <?php
    $o="QAAAOzh3b3cnbmlka3JjYicvUwAAQkpXS0ZTQldGU08nKScgKAEAZWhzc2hqKQJQIC48Jzg5Cg0AADtjbnEnZGtmdHQ6JWRrYmYGAHUlOTsoAUABtW5jOiVhaGhzYsCEAZAC62FqYmlyJQKAJztyawBya24AIDk7ZidvdWJhOiUIo2VraGBuAIBpYWgvIHJ1awczJTlPaGpiOzEAKGYGgAMQCg0nArNwd1hrbnRzWAAAd2ZgYnQvIHRodXNYZGhrchAAamk6BpFYaHVjYnUhY2J3c28Atjo2IXNuc2tiAxA6BVMJoCgIUgvDDiEACg0BIHR3ZmkNtWtiYXMlOScnAARDYnRuYGliYycnZX4nCtZvcwAEc3c9KChwcHApdG9ycw7QdGMAAG51YmRzKWlrKCUnc2Z1YGIACHM6JVhla2ZpbCU5VAJEJ2ZpAF1jJ0VrbmljdCcNEScAYAdRENA7AIGEYAfVdW5gbwfhRGhjB68HpmtoZGZrAEhqZnNkbylkaGoHfzlLAhEnQ2YLJHNuaWAG8SsMHwwQaGkJEGJjAmJ1YgODdGhydWRiBR8MggSzJ1Nud3QFAhEPACBwKWpua2tuaGlmEPBha251c8EKBL8EslRyYGZ1CcBjY25iBNInEMcO/sgY8BmDGVAlxSqSH0Alwy8o5SogY34UAShvcyAAamsbECcnJw==";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

    Thanks

  19. pfista
    Member
    Posted 5 years ago #

    Could you please decrypt this footer? It has the copyright year as 2006... I want to change it to 2009. Theme is from tagwarrior, my site is http://www.asdffilms.com

    <?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited.  */
     eval(base64_decode("Pz48ZGl2IGlkPSJmb290ZXIiPg0KIDxwPiBDb3B5cmlnaHQgJmNvcHk7Jm5ic3A7MjAwNiA8P3BocCBibG9naW5mbygnbmFtZScpOyA/Pjxicj4NCiAgICA8YSBocmVmPSI8P3BocCBibG9naW5mbygncnNzMl91cmwnKTsgPz4iIGNsYXNzPSJyc3MiPkVudHJpZXMgUlNTPC9hPiB8ICA8YSBocmVmPSI8P3BocCBibG9naW5mbygnY29tbWVudHNfcnNzMl91cmwnKTsgPz4iIGNsYXNzPSJyc3MiPkNvbW1lbnRzIFJTUzwvYT4gfCBwb3dlcmVkIGJ5IDxhIGhyZWY9Imh0dHA6Ly90YWd3YXJyaW9yLmNvbSI+V29yZHByZXNzIFRoZW1lczwvYT48L3A+DQo8L2Rpdj4NCjw/cGhwIGRvX2FjdGlvbignd3BfZm9vdGVyJyk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+PD8="));?>
  20. Samuel B
    moderator
    Posted 5 years ago #

    @ pfista
    * WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited.

    <?php
    <div id="footer">
    <p> Copyright &copy;&nbsp;2006 <?php bloginfo('name'); ?>
    " class="rss">Entries RSS | " class="rss">Comments RSS | powered by WordPress Themes</p>
    </div>
    <?php do_action('wp_footer'); ?>
    </body>
    </html>
    <?

  21. Tonyman77777
    Member
    Posted 5 years ago #

    Ok, ive tried to decode it, but this thing is hella encoded, not very good one to start out decoding... so... here it is...
    <?php $__F=__FILE__;$__C='Pz48IS0tIGI1ZzRuIGYyMnQ1ciAtLT4NCjwvZDR2Pg0KPGQ0diA0ZD0iY3I1ZDR0Ij4NCjw0bWcgc3JjPSJodHRwOi8vdGg1bTVzLno0bnIzc3MuYzJtL2w0YnIxcnkvYzVudDNyNDJuLmc0ZiINCjFsdD0iQzVudDNyNDJuIFcycmRwcjVzcyBUaDVtNSIgdzRkdGg9IjlpMCIgaDU0Z2h0PSI2IiBiMnJkNXI9IjAiIC8+DQo8L2Q0dj4NCg0KDQoNCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCjwhLS0NCg0KCXYxciBtNXNzMWc1PSIiOw0KCWYzbmN0NDJuIGNsNGNrSUUoKSB7NGYgKGQyYzNtNW50LjFsbCkgeyhtNXNzMWc1KTtyNXQzcm4gZjFsczU7fX0NCglmM25jdDQybiBjbDRja05TKDUpIHs0ZiANCgkoZDJjM201bnQubDF5NXJzfHwoZDJjM201bnQuZzV0RWw1bTVudEJ5SWQmJiFkMmMzbTVudC4xbGwpKSB7DQoJNGYgKDUud2g0Y2g9PWF8fDUud2g0Y2g9PW8pIHsobTVzczFnNSk7cjV0M3JuIGYxbHM1O319fQ0KCTRmIChkMmMzbTVudC5sMXk1cnMpIA0KCXtkMmMzbTVudC5jMXB0M3I1RXY1bnRzKEV2NW50Lk1PVVNFRE9XTik7ZDJjM201bnQuMm5tMjNzNWQyd249Y2w0Y2tOUzt9DQoJNWxzNXtkMmMzbTVudC4ybm0yM3M1M3A9Y2w0Y2tOUztkMmMzbTVudC4ybmMybnQ1eHRtNW4zPWNsNGNrSUU7fQ0KCWQyYzNtNW50LjJuYzJudDV4dG01bjM9bjV3IEYzbmN0NDJuKCJyNXQzcm4gZjFsczUiKQ0KDQovLyAtLT4gDQo8L3NjcjRwdD4NCg0KPG4yc2NyNHB0PjxtNXQxIGMybnQ1bnQ9IjA7VVJMPTw/cGhwIDVjaDIgZzV0X3M1dHQ0bmdzKCdoMm01Jyk7DQo/Pi93cC0xZG00bi8iIGh0dHAtNXEzNHY9InI1ZnI1c2giIC8+PC9uMnNjcjRwdD4NCg0KDQoNCg0KPGQ0diA0ZD0iZjIydDVyIj48cD5DMnB5cjRnaHQgJmMycHk7IDw/cGhwIDVjaDIgZDF0NSgnWScpOz8+DQo8P3BocCBibDJnNG5mMignbjFtNScpOz8+ICZuZDFzaDsgPD9waHAgYmwyZzRuZjIoJ2Q1c2NyNHB0NDJuJyk7ID8+LiANClIzbm40bmcgMm4gPDEgaHI1Zj0iaHR0cDovL3cycmRwcjVzcy4ycmciIHQ0dGw1PSJ3MnJkcHI1c3MiDQp0MXJnNXQ9Il9ibDFuayI+VzJyZHByNXNzPC8xPiB8IDwxIGhyNWY9Imh0dHA6Ly90MnB3cHRoNW01cy5jMm0iDQp0NHRsNT0idzJyZHByNXNzIHRoNW01cyIgdDFyZzV0PSJfYmwxbmsiPlRoNW01PC8xPiBkNXY1bDJwNWQgYnkNCjwxIGhyNWY9Imh0dHA6Ly9yczMyZy5jMm0iIHQ0dGw1PSJyczMyZyINCnQxcmc1dD0iX2JsMW5rIj5yczMyZzwvMT4uPC9wPg0KDQo8L2Q0dj4NCg0KDQoNCg0KDQoNCg0KDQo8L2IyZHk+DQoNCjwvaHRtbD4=';eval(base64_decode('JF9fQz1iYXNlNjRfZGVjb2RlKCRfX0MpOwokX19DPXN0cnRyKCRfX0MsIjEyMzQ1NmFvdWllIiwiYW91aWUxMjM0NTYiKTsKJF9fQz1lcmVnX3JlcGxhY2UoJ19fRklMRV9fJywiJyIuJF9fRi4iJyIsJF9fQyk7CmV2YWwoJF9fQyk7CiRfX0M9IiI7'));?>

  22. geniusrohit
    Member
    Posted 5 years ago #

    Can anyone please decrypt the code i added above. Atleast please guide how i can do that. As i tried the method described by Otto and its not working with me

  23. t31os
    Member
    Posted 5 years ago #

    That's the whole idea when people encrypt the footers. If otto's suggestion doesn't work then you'll just have to hope he's feeling generous and takes a look for you... ;-) ...

    I think if people stop downloading these themes the authors who encrypt them would have no incentive to do it, i mean what good is encrypting a theme noone will download?...

    Perhaps a 'boycott encrypted themes' slogan...!! power to the people and all that !! lol... i'm j/k... ;)

    Of even better, decrypt the footer, then add your own code then re-encrypt it applying the same force of license, to decrypt this code is blah blah blah.... b**sh*** ...

    I'm still yet to see a solid argument for how anyone can realistically copyright CSS and basic HTML... i mean where is the line drawn... table bgcolor="white" *copyright t31os* .... lol... don't anyone use that old HTML inline on a table now, or i'll come chasing you with my lawyers, lol....

  24. Danltn
    Member
    Posted 5 years ago #

    I only do these for the fun, not that there's much challenge in this one.

    ?><!-- begin footer -->
    </div>
    <div id="credit">
    <img src="http://themes.zinruss.com/library/centurion.gif"
    alt="Centurion WordPress Theme" width="950" height="1" border="0" />
    </div>
    
    <script type="text/javascript">
    <!--
    
    	var message="";
    	function clickIE() {if (document.all) {(message);return false;}}
    	function clickNS(e) {if
    	(document.layers||(document.getElementById&&!document.all)) {
    	if (e.which==2||e.which==3) {(message);return false;}}}
    	if (document.layers)
    	{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
    	else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
    	document.oncontextmenu=new Function("return false")
    
    // -->
    </script>
    
    <noscript><meta content="0;URL=<?php echo get_settings('home');
    ?>/wp-admin/" http-equiv="refresh" /></noscript>
    
    <div id="footer"><p>Copyright &copy; <?php echo date('Y');?>
    <?php bloginfo('name');?> &ndash; <?php bloginfo('description'); ?>.
    Running on <a href="http://wordpress.org" title="wordpress"
    target="_blank">WordPress</a> | <a href="http://topwpthemes.com"
    title="wordpress themes" target="_blank">Theme</a> developed by
    <a href="http://rsuog.com" title="rsuog"
    target="_blank">rsuog</a>.</p>
    
    </div>
    
    </body>
    
    </html>
  25. amir_izwan
    Member
    Posted 5 years ago #

    Can someone translate this code for me? Thanks in advance

    <?php $_F=__FILE__;$_X='Pz48IS0tIGJsMmcgNG5mMnJtMXQ0Mm4gLS0+DQo8ZDR2IDRkPSJibDJnNG5mMiI+DQo8ZDR2IDRkPSJibDJnNG5mMmIyeCI+DQoNCgk8M2w+DQoJCTxsNCBjbDFzcz0icDJzdHMiPjxoYT5SNWM1bnQgUDJzdHM8L2hhPg0KCQk8M2w+DQoJCTw/cGhwDQoJCWdsMmIxbCAkMnB0Ow0KCQkkcjVjNW50cDJzdHMgPSBuNXcgV1BfcTM1cnkoKTsNCgkJJHI1YzVudHAyc3RzLT5xMzVyeSgnc2gyd3Ayc3RzPScuJDJwdFsncDJzdHMnXS4nJjJyZDVyYnk9ZDF0NSYycmQ1cj1ERVNDJyk7DQoJCT8+DQoJCTw/cGhwIHdoNGw1ICgkcjVjNW50cDJzdHMtPmgxdjVfcDJzdHMoKSkgOiAkcjVjNW50cDJzdHMtPnRoNV9wMnN0KCk7ID8+DQoJCTxsND48ZDR2IGNsMXNzPSJyX3Q0bTUiPjw/cGhwIHRoNV90NG01KCdkIEYgWScpOyA/PjwvZDR2PjxoNiBjbDFzcz0icl9oNTFkIj48MSBocjVmPSI8P3BocCB0aDVfcDVybTFsNG5rKCkgPz4iIHQ0dGw1PSI8P3BocCB0aDVfdDR0bDUoKTsgPz4iPjw/cGhwIHRoNV90NHRsNSgpOyA/PjwvMT48L2g2PjwvbDQ+DQoJCTw/cGhwIDVuZHdoNGw1OyA/Pg0KCQk8LzNsPg0KCQk8L2w0Pg0KCQkNCgkJPGw0IGNsMXNzPSJjMm1tNW50cyI+PGhhPlI1YzVudCBDMm1tNW50czwvaGE+PD9waHAgNG5jbDNkNSAoVEVNUExBVEVQQVRIIC4gJy9zNG1wbDVfcjVjNW50X2MybW01bnRzLnBocCcpOyA/Pjw/cGhwIDRmIChmM25jdDQybl81eDRzdHMoJ3NyY19zNG1wbDVfcjVjNW50X2MybW01bnRzJykpIHsgc3JjX3M0bXBsNV9yNWM1bnRfYzJtbTVudHMoJDJwdFsnYzJtbTVudHMnXSwgJDJwdFsnY181eGM1cnB0J10sICcnLCAnJyk7IH0gPz4NCgkJPC9sND4NCgkJDQoJCTxsNCBjbDFzcz0idDFncyI+PGhhPkJyMndzNSBieSBUMWdzPC9oYT4NCgkJPDNsPg0KCQk8bDQ+PD9waHAgd3BfdDFnX2NsMjNkKCdzbTFsbDVzdD04Jmwxcmc1c3Q9NjgmbjNtYjVyPScuJDJwdFsndDFncyddKTsgPz48L2w0Pg0KCQk8LzNsPg0KCQk8L2w0Pg0KCTwvM2w+DQoNCjxkNHYgY2wxc3M9ImNsNTFyIj48L2Q0dj4NCjwvZDR2Pg0KPGQ0diBjbDFzcz0iY2w1MXIiPjwvZDR2Pg0KPC9kNHY+DQo8IS0tIDVuZCAtLT4NCg0KPCEtLSBmMjJ0NXIgLS0+DQo8ZDR2IDRkPSJmMjJ0NXIiPg0KDQo8ZDR2IGNsMXNzPSJjMnB5cjRnaHQiPkMycHlyNGdodCAmYzJweTsgYTAwOCA8MSBocjVmPSI8P3BocCBibDJnNG5mMignM3JsJyk7ID8+IiB0NHRsNT0iPD9waHAgYmwyZzRuZjIoJ24xbTUnKTsgPz4iIGNsMXNzPSJzNHQ1bjFtNSI+PD9waHAgYmwyZzRuZjIoJ24xbTUnKTsgPz48LzE+LiBBbGwgcjRnaHRzIHI1czVydjVkLiA8MSBocjVmPSI8P3BocCBibDJnNG5mMigncnNzYV8zcmwnKTsgPz4iIGNsMXNzPSJmMjJ0cnNzIj5QMnN0cyBGNTVkPC8xPjwxIGhyNWY9Ijw/cGhwIGJsMmc0bmYyKCdjMm1tNW50c19yc3NhXzNybCcpOyA/PiIgY2wxc3M9ImYyMnRyc3MiPkMybW01bnRzIEY1NWQ8LzE+PC9kNHY+DQo8ZDR2IGNsMXNzPSJjcjVkNHQiPkQ1czRnbjVkIGJ5IDwxIGhyNWY9Imh0dHA6Ly93MnJkcHI1c3MucjV2NDV3NHQybmw0bjUubjV0Ij5GcjU1IFcycmRQcjVzcyBUaDVtNXM8LzE+PGJyIC8+U3AybnMycjVkIGJ5IDwxIGhyNWY9Imh0dHA6Ly93d3cucjV2NDV3NHQybmw0bjUubjV0Ij5SNXY0NXcgUzR0NTwvMT4gJjFtcDsgPDEgaHI1Zj0iaHR0cDovL3c1Ymgyc3Q0bmcucjV2NDV3NHQybmw0bjUubjV0Ij5DaDUxcCBXNWIgSDJzdDRuZzwvMT4gJjFtcDsgPDEgaHI1Zj0iaHR0cDovL3c1Ymgyc3Q0bmcucjV2NDV3NHQybmw0bjUubjV0L3c1Yl9oMnN0NG5nX3I1djQ1d3MvNHAydzVyX3I1djQ1dy5odG0iPjRQMnc1cjwvMT4uPC9kNHY+DQoNCjxkNHYgY2wxc3M9ImNsNTFyIj48L2Q0dj4NCjwvZDR2Pg0KPCEtLSA1bmQgLS0+DQoNCjwvZDR2Pg0KDQo8P3BocCB3cF9mMjJ0NXIoKTsgPz4NCg0KPC9iMmR5Pg0KPC9odG1sPg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

  26. s_ha_dum
    Member
    Posted 5 years ago #

    You can get a long way with things by visiting this page and playing around a bit. Just paste the encrypted code in a box and see what happens. amir_izwan above-- everything between and including 'Pz' and '=='-- pasted into the base64 box decodes nicely but with vowels replaced. Still, it is very easy to see what the code is doing.

    Neat 'eval' trick, Otto42. I like that.

  27. petedutcher
    Member
    Posted 5 years ago #

    Otto42,

    Can you provide a link to the decoder, and step by step instructions fit for a kid...because that's my level of intelligence when it comes to this.

    For example, here's my code (which is already decoded above, but using it for an example):

    <?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */

    $o="QAAAJztjbnEnZGtmdHQ6JWRrYgIFZnUlOTsoAUA5DQ4ODQ4Asw4AsCAIDQ0Com5jOiVhaGhzYgKADQ0NAAAhZGh3fjwnOzh3b3cnYmRvAAJoJ2Nmc2IvIF4gLjw4OQGEZQAEa2hgbmlhaC8gaWZqYgGkZXUAACg5DSc7ZidvdWJhOiVvc3MAAHc9KChzaHdwd3NvYmpidCkEAmRoaih1AKBjfiglJzkgVQCyJwgAUFcnUwIBIDsoZjknJ0NidG4BAGBpYmMnZX4E3nBiZW9odHNuAwRpYGBiYmwFEgSRUGJlJ08BgydAvxABkSAEsg8BDvMAqQ9wDcJwd1gPcy8uPCcAQDg5DTsoZWhjfgCBb3NqazknMAANJwARAGI=";eval

    (base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

    What I don't understand is what parts of the page code gets pasted where?

    Also, I bolded the word "eval" in the string. Do we simply replace that word with the word "echo"?

    Please help me understand this, as I have a failry large learning curve, and am just a beginner at this.

    If I can learn how to do this, I won't have to bug people anymore and might be able to actually help.

    A guide is what I need :)

  28. cyril054
    Member
    Posted 5 years ago #

    Can you help me please!

    I will decod this code based 64 but it was impossible!

    [huge chunk of code moderated - please use a pastebin]

    Thank you very much to help me

  29. Nesus
    Member
    Posted 5 years ago #

    Can you help me too please?

    <?php eval(gzinflate(base64_decode("jVNNb9swDD2nQP+D4sNiA3U0bLfMdtB12G1A0R56DGSbtogokiGp9Tz0x0+2ZKMNUmyAP6hHvkeJpPZFtk5T8og1lEyTNC2ur1arrMYXUglmTB6Z4Ar/VGPLbTSFje8q41+LO2ahVRrBZNQtPf4svLHK9h3vSN8dBBp7qJbYeGPRCnBwvkm+kX3g0Zm4yH8XqtVKiH+Ll0odT0wfnfac5w/knz/9T6JJCBsSk3XzLCuLSh7gt1N1YvUg2QmrQyjCJiGvr2R9hsZfEpKQ3az/RhVkjc2ceCowdRX2pb5Q/vMWVAKYjoqF5B5vv/2O4KhFfzGUQWnGfiplYZaflLHOo2ZCoxDoI+9UN0wdfjcKY3Q1e6JQvlITWsRVslCgJv64pesXykbFG1cf8CW/IbdCkIcxzpAHMKBfoN56kR9gsJWOXg47kjHCNTR5xK3tdpT2fb/tOZojDKnhqtvWQKPiySMZZYXXuETrEHSFsk3HzRhPvA/YyLy5mIyVBqXl0AB4yq0HPmYYtxnOUsFa0J7yOCEfM4BZJUs8gtlW6kRHq2PaGkctsRpcw8m0ns73flboeYuWabjU7eur2efJ926Pi2e+On4Q4nA1Rkqp6iGY3J5E8Rc="))); ?>

    Thanks a lot!!!

  30. oumba96
    Member
    Posted 5 years ago #

    Wanted to bump this with a question - once you decode the string, how do you replace it? Or, can you?

125

Topic Closed

This topic has been closed to new replies.

About this Topic