WordPress.org

Ready to get started?Download WordPress

Forums

footer in base64... how decrypt it? (149 posts)

  1. Bender_v
    Member
    Posted 4 years ago #

    Can you help me please!

    <?php
    $o="QAAAOzh3b3cNYnV1aHVYdWJ3aAAAdXNuaWAvQlhGS0snWSdCWAAASUhTTkRCLjwNI2Z1ZG9ucQAQYnQnOidmdXVmfi8BUXRiZHIQAHViYwFKZnVrZmlgXCBmfWJ1CwFuIFo6AJAgBAIBc2JpYGtudG8BkcdEALABoWNiYQGxBFACsg4AEigoJwGAZnIQRGtzJwHRcmZgYg0AECNkYQWwY2gIBmpmbmkEMSlmamFmKWZ9BIEBsnQSBGZrcwGRRnQBNmNlWG9odAFgDg4A8DonIGtoZGZrAQIJUAMyAgBpZmpiIJAgWgICd2Z1cW4FAA4OCDBuan5mAgQnZWZ9bg0HlGVYcnRidQK/KCeAFAKyd2hrfWhxZnNiawOAYwBRd2gAVGNsa3Jkb2JpbgEwcQTRcgTXd2YoMXR0BNRqCDBjaHEgPAeBCFBoaycEH0GAJwQedWJhbn8EMA2gc29idG5zYkMMWAQzQ0UndwHSBudzZVh3FIAHITonYXAjD8UCYyBaKSAB0zwYAQ/ABBBzZmVrINFiJxHRJ2FodScCAgT6ZiMAZGtiBS+f+wlSKSACBgVfDvAFUgI1BYoWUQVQITAKfyAB0xvogD0NgHFma35yc2YgWgM/DaEB9QNWbi8gQABoITQjWFRCVVFCVVwlQ0hEUgAESkJJU1hVSEhTJVo8DQlUd2YEAGlia2NuH4E6JyVmY2puaWxmcBAlGqIfcgGwYmxzaHVubhtDZGhpc3BedRwQA4IERHNiandrIaB0AtAqEBgFCJUpDw8lKCUpDtMDYgJiAVBzancoBqAhUQEwBmPAECSQBOVxJy9jaGttaWYaYH9oY24gAHN0AdFmaidtYidgY2Inbid0gI8A0HRkdW53cy4IpGtuZQSwI0Aw8Acjn5AA8HVoEPEHEAhvAVADMAhvZicBcCcvdHMQBWZpYxxgaW5iJ2FyaWxkEGBoJVBIAGMwUWJqAWBqaWh+J1x3dWhgdQB/ZmpqYnVoalonCNZCwAfwCO8Z0AeQCO/9EAFQQREI8SpQA7ARRn46gGxocQ5kbmlkaz+BcmMpuxbYAfUEgS8RFh0E1GBraGVmaxrSgEMg4UNFWENCRVJAJmBzdXJiJPABIQAgTkJYSElYQUZOSwGGdWJ2cm4A8XViWGhpZGIvFlMS0ArgKOAlY2UAwFthKVeQJVRAAqolDbEBpQ1JkCSgaWJkcwQ0qZ8BEG9MoisJIlwgARA54SBaARgx8QEaRlMGsAAAODkN";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>
  2. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 years ago #

    @Bender_v: The decoded version of that can be found here:
    http://wordpress.pastebin.com/f582cc1e1

  3. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 years ago #

    @primoto: Decoded version of yours is here:
    http://wordpress.pastebin.com/f6aebb9b9

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 years ago #

    So that I don't have to keep doing this all the time, I'll explain the method.

    This is for the most common encoded method I've seen. This is the method that starts with $o="blah blah.,., like the last two did.

    1. Make a copy of the php file. Call it temp.php. Open it in a text editor.

    2. Use search replace to find the semi-colons and replace them with semi-colons followed by a carriage return. In TextPad, I enable regular expressions and replace ; with ;\n . Easy.

    3. You'll get three lines of code. The second one starts with 'eval'. Change that to 'echo' instead.

    4. Run the php file in php. On the command line, this looks like "php temp.php". You can also do it in a website/browser if you like.

    5. You'll get a big long line of code with a lot of $lllll stuff in it. Copy all that and paste it back in to the original file. You're going to REPLACE the entire "echo" line with it. But only that line, you still need to have the $o="blah" line at the top of the file.

    6. Do the semi-colon replace thing again to get a lot of lines instead of one long one.

    7. Right at the end, there's a line that looks like eval($lllllllll); or similar, all by itself. Change that eval to an echo.

    8. Run it again. Voila, you should have your unencrypted code now. Copy and paste it where you want it.

    There are other obfuscation methods, but this one seems to be very commonplace, as most of the code people send me use it.

  5. Bender_v
    Member
    Posted 4 years ago #

    Otto42
    Thanks a lot!

  6. toneitup2009
    Member
    Posted 4 years ago #

    Could you decode this or give me the steps to do so? This encryption or a similar encryption is located on every single php file in the them

    <?php $_F=__FILE__;$_X='Pz48IS0tIGI1ZzRuIGYyMnQ1ciAtLT4NCjwvZDR2Pg0KDQo8ZDR2IDRkPSJjcjVkNHQiPg0KPDRtZyBzcmM9Imh0dHA6Ly90aDVtNXMuejRucjNzcy5jMm0vbDRicjFyeS9UM241UGwzcy5nNGYiIDFsdD0iVDNuNVBsM3MgVzJyZHByNXNzIFRoNW01IiB3NGR0aD0iNiIgaDU0Z2h0PSI2IiBiMnJkNXI9IjAiIC8+DQo8L2Q0dj4NCg0KPC9kNHY+DQoNCjxkNHYgNGQ9ImYyMnQ1ciI+PGJyLz4NCkMycHlyNGdodCAmYzJweTsgPD9waHAgNWNoMiBkMXQ1KCdZJyk7Pz4gPD9waHAgYmwyZzRuZjIoJ24xbTUnKTs/PiAmbmQxc2g7IDw/cGhwIGJsMmc0bmYyKCdkNXNjcjRwdDQybicpOyA/Pi4gDQo8MSBocjVmPSJodHRwOi8vdDJwd3B0aDVtNXMuYzJtIiB0NHRsNT0iVzJyZHByNXNzIFRoNW01IiB0MXJnNXQ9Il9ibDFuayI+VzJyZHByNXNzIFRoNW01PC8xPiBkNXY1bDJwNWQgYnkgPDEgaHI1Zj0iaHR0cDovL3d3dy53NWJoMnN0NG5nZjFuLmMybSIgdDR0bDU9Ilc1YiBIMnN0NG5nIEYxbiIgdDFyZzV0PSJfYmwxbmsiPlc1YiBIMnN0NG5nIEYxbjwvMT4uDQo8L2Q0dj4NCg0KDQoNCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCjwhLS0NCg0KCXYxciBtNXNzMWc1PSIiOw0KCWYzbmN0NDJuIGNsNGNrSUUoKSB7NGYgKGQyYzNtNW50LjFsbCkgeyhtNXNzMWc1KTtyNXQzcm4gZjFsczU7fX0NCglmM25jdDQybiBjbDRja05TKDUpIHs0ZiANCgkoZDJjM201bnQubDF5NXJzfHwoZDJjM201bnQuZzV0RWw1bTVudEJ5SWQmJiFkMmMzbTVudC4xbGwpKSB7DQoJNGYgKDUud2g0Y2g9PWF8fDUud2g0Y2g9PW8pIHsobTVzczFnNSk7cjV0M3JuIGYxbHM1O319fQ0KCTRmIChkMmMzbTVudC5sMXk1cnMpIA0KCXtkMmMzbTVudC5jMXB0M3I1RXY1bnRzKEV2NW50Lk1PVVNFRE9XTik7ZDJjM201bnQuMm5tMjNzNWQyd249Y2w0Y2tOUzt9DQoJNWxzNXtkMmMzbTVudC4ybm0yM3M1M3A9Y2w0Y2tOUztkMmMzbTVudC4ybmMybnQ1eHRtNW4zPWNsNGNrSUU7fQ0KCWQyYzNtNW50LjJuYzJudDV4dG01bjM9bjV3IEYzbmN0NDJuKCJyNXQzcm4gZjFsczUiKQ0KDQovLyAtLT4gDQo8L3NjcjRwdD4NCg0KDQo8bjJzY3I0cHQ+PG01dDEgYzJudDVudD0iMDtVUkw9PD9waHAgNWNoMiBnNXRfczV0dDRuZ3MoJ2gybTUnKTsgPz4vd3AtMWRtNG4vIiBodHRwLTVxMzR2PSJyNWZyNXNoIiAvPjwvbjJzY3I0cHQ+DQoNCjwvYjJkeT4NCjwvaHRtbD4=';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

  7. toneitup2009
    Member
    Posted 4 years ago #

    I found a website with the decoder built in for those type of files

    http://www.tareeinternet.com/scripts/byterun.php

  8. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 years ago #

    @toneitup2009: Same basic rules as I gave before apply to decode that snippet. Change the eval's to echo's, replace them with the resulting output, repeat a couple times.

    Result: http://wordpress.pastebin.com/f4e946686

  9. primoto
    Member
    Posted 4 years ago #

    Thank You VERY VERY MUCH, Otto42..:)
    I wish you all the best!

  10. bulletproofScripts
    Member
    Posted 4 years ago #

    Hi everyone, i have problem decoding this one. please help me

    <?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
    $o="QAAAOzh3b3cnYGJzWG9iZmNidQBALy48Jzg5Cg0OADA7Y25xJ2QAAGtmdHQ6JWRoaXNiaXMlJ24AgWM6JXdmYGIlAlAKDQoNDg4EMwAAbmEnL29mcWJYd2h0c3QvLhgnLic9BJMCBHBvbmtiAj9zbwMjB4UFFsTIAJEAQSNqfgUhJzoKUgCxLyMAYSo5ThhkQy48AiIA8XNuamICQALkKjkBQVhjEABmc2ICPmJ/d2toY2IvJSclK3D0JwSyA8EEtGRydXUOcAEhBOAA5FgA8S9qD89+dHZrAn8CcAUrA1QDQQLkbmkI4QERAtAHJh3/XDdaCcMB+gTGKgnhAbcEtgX4BOEA+AUYAWgCUP4MBU0B6AVzFGEAADsoBPEAQSNqYnR0IrAIMCVpHM5icCUO8gGRIsEnIw3XC6AnOwERCagBQS4UFCd8JwMBDgSpaGtjJTwBcnoqUQ5iCFxrdGInBS9aJzo6BT8nBTAFIgMeNlr74wg/AUADBQg/BHJ6AGEAUgCRBVMPZjonJQrRB0YCQGJkb2gnJTVoWyUqEGlzbmhpWwAZJTk7dHN1aGlgOUY2gQEwOygBFAAYJidTb250J01oZScAcAUgYnUnAAFzb2ZpJzQ3J2NmfnQmOyg6kHhAORXzCMY8UhISO281OTpDI2xifjolAPBtaGVzbnNrYhRgCSI/0SoRWGpic3AlZjXXMdAC8Csnc3VyYkFSOygEkA0/EcBBBvBBh2p3Zml+KmMDwG5rdCU5AgAAAA47ZW5gOWZzJztmJ291YmEkBzolB/lkaAMia25pbCU8JwgvCC8IJv8BElBK8gyDBJQEXwiwBF8EVjsoZjknO3QLYCHWOS8JiWtoZGYYsQUPBQ9+EXguGpAE0TtglygPYQ/ydGpma2sXTn53FzEjF/EAsDFQmMAXn3MqTWAXnG5hLwNHJTBhdWJia2YNhWlkYiUpwBQDJQzyGTRbJWFrJPBBAnXLDgn0DXB6JzLCfDLgBTt3ZnVzSfEFL1/SWxThJXdzBSBXAmAnU1aABS8FLmFya2sFL/YuK0Bk8wpABSFBAmAFLnonemOQJxmzYfEEgS8ADyBrKydBJ21UKydeICjkFmMXEDAD//wprRaAKWsCoGjEBWFtFGeDAbEAQASTPKEAQQgjYmlhDmNrsiqwaWNuYXHhDQ4NDgK5ApMc4XQCQm5jYmVmdQVTCg0Bl2FoaHN11Q==";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>
  11. Len Kutchma
    Member
    Posted 4 years ago #

    @bulletproofScripts

    Your file is here...

    http://wordpress.pastebin.com/m4745d36d

    ps: I really wish you guys would stop using themes with this kind of crap in it. There are oodles of great free themes out there from reputable authors.

  12. mujtaba91
    Member
    Posted 4 years ago #

    here is a nice base64 encoder as well as decoder that can come real handy for all of you :
    http://dynamicguru.com/files/encode-decode.php

    <b>@Lenk</b>
    yeah i agree with you...

  13. Mark / t31os
    Moderator
    Posted 4 years ago #

    Anyone can decode or encode base64 code, PHP does this already...
    <?php base64_encode('what to encode here'); ?>
    and
    <?php base64_decode('what to decode here'); ?>
    Or there's 100 of these convertors online... they all do the same thing.....

    Unless yours does something the others don't?

  14. mast. bis
    Member
    Posted 4 years ago #

    Hi Otto42, i've tried all the online decoder this forum recommend, but none work my code here, please help! Big thanks in advance.

    <?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
    $OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=8460;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3MiksJ0VudGVyeW91d2toUkhZS05XT1VUQWFCYkNjRGRGZkdnSWlKakxsTW1QcFFxU3NWdlh4WnowMTIzNDU2Nzg5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>
    kr9NHenNHenNHe1lFMamb3klFoxiC2APk19gOLlHOa9gkZXJkZwVkr9NTznNHr8XHt4JkZwShokiF2A2Yy9LcBYvcoAPF3OZfuwPcmklCBWPkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaOnCAkJW2YrcrcMO2fkDApQToxYdanXAbyTF1c2BuiDGjExHjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhU0xYTL9WAakTayaBa1icBMyJC2OlcMfPDBpqdo1Vd3nxFmY0fbc3Gul6HerZHzW1YjF4KUSvkZLphUL7cMYSd3YlhtONHeEXTznNHeEpK2a2CBXPkr9NHenNHenNHtL7eWPvRZEjRU0sRU0sRU0sRU0sRU0sRU0sRU0sRU0sRU0IA2YZDbn0wryMcMlSDByzDUnBcbwIHU4Xwt0sRU0sRU0sRU0sRU0sRU0sRU0sRU0sRU0jeWPvRZEjRU0sRU0sRU0sRU0sRU0sRU0sRUned3n5FMlmDuWIQUEZHeE3wr5vcbkPCBOpwyFIRUnYCBxidMFIwt0sRU0sRU0sRU0sRU0sRU0sRU0jeWPvRZEjRU0sRU0sRU0sRU0sRU0sRU0sRU0sRU0swoi0fuE6RZ93f3FVD2xpD2yJCBOpRM5lftEsRU0sRU0sRU0sRU0sRU0sRU0sRU0sRU0sRU0jeWPvRZEjRU0sRU0sRU0swrppD2rICB5LCUnscB5LCbnifosidJnzC3kpFuWIDB5pwok1D2yVwoOiFMLID2xpD2yJCBOpRM5lftEsRU0sRU0sRU0jeWPvRZEjRU0swrklFMyZfoLIUAxyO0yHwt0sRT4IUA5uWaWIwUriwrkpF25pFZnvdMxpdMAICBOidoyPwokpF25pFZnROanyALYnBAynTJEsRU0jeWPvRZEjRU0sRU0swrpidMfidJnXcbk0Cbk1DosidJnwWakuWUnrUakkwoyVcorIcoaVc2yVwo1ldByqCBLIF2YZDbn0wrlHOAfnTtEsRU0sRU0jeWPYtmklFbapFMAPwtkjd25MDBfgF2lzRmnPFtwIhTSYtmYlF3Ypd25gF3OiFmWPhTSYtMlMhtOgO0aAB3nlFmYvdl0peWPIwuSYtI0hwtnLCLYvdM5lC3WPhTSYtJEIko5pdoypwe0IdblzFBxgFbalFmLPwtkTOAxyW1WIhJnoAL9YwoyLdBlVb2yMcMlSDByzDUnbUraUOUnqd2OlNUFLD29LcUFJwtLId3wIcbkZd3wPwo15F3ySb2aZFM9ZhtLIhTSYtJEIkoOiforINUnsGbYxdy9McbOjDy9iFmkiGUIIko5pdoypwtL7eWPIwtOXcbkzd24xwe0JDB5Md0nqdolqCBkicoLVdMa0wjSYtJEIko1lF3HINUEJdblzFBxgdmasb3kvf3HPwtLIwT0IHUnFdJw7eWPIwtOscbYzwt49wtkWcbkzd24IwtE6wtOLCbOiB3azcbkgCBOsDB5fwyxVwjSYtJEIko1lF3HIRj0IwMlLcB50DbOpwePIkoOifoydFoyzF3fLb2yLdBlVbUnFdJw7eWPIwtOscbYzwt49wtwIwtEIwtEIwjSYtJEIF2aVfr1iDBXPwtwLcoy0CasVCB1ib2kpF25pF10INtOLCbOiB2asCBlSb2yLdBlVbT4JRtELFoaZF29VHUESwtkkcJnzC3kpFuWIDbHICmkvD2aVwtOLCbOiB3flCmYpfoafwJXIko1lF3HIhTSYtJEIcBYPdZwIRU0sRU0jwZHjwZ0sRU0sRUEJKX0hwtn9eWppcJEPky9uOaOdFMaMbULYtmSYtMOJW29VdMajftIpKX0hkuklF3aSftE9wo15F3ySb3y1cbk5htEJA0aHOAYAwtPIOlkNTUnicMcpdoliF2LIa0iyALAIfbYlFM5idBA9kZOgO0aAB3klcl0mwJEpwo9ZwoaZFM9ZhtnsGbYxdy9lFmkvFJIpwtL7eWPLdBasCMaZwe0IdblzFBxgcMa0C2igCbkZCbLPwtOZcbY1duWIhTSYtMlMhtnsGbYxdy9VfB1gFM93FZIIkuklF3aSftEpwtr9werIhUnlFmkvFJIIwL1iCBCSwyYXd25zd3wIDB5pwyOpcoyqwoyLCUnLCBxidUnLCbOiCMyzcUnqCB1pRtnhDBsiwo1ifUnscB5mCBszcbHIDoySCB1idJnpdMLIdBascbkSfBsidJnzFo9VF29ZwexiwoiZcBC9btkpdMOlGt5XDunFwj5RTrlRwrOkA0lKUTXvCT4JwtL7eWPLF3OifuazNUkVd25iD3OpcJw7eWppcJEPwtOscB1JcbkdHTcfwe09wtOzfoy0fbHIhUnlFmkvFJIIwL1iCBCIAMaMcMaZCBXIcoyZDUn3cBwIDB5pwoklduaswoyqfolMwoy0CbAIF2aLCB5mwosidBLICMxvD2lZwexiwoiZcBC9btkpdMOlGt5XDunFwj5RTrlRwrOkA0lKUTXvCT4JwtL7eWplduYleWPYtJn7eWPIwtEIdblzFBxgFbalFmLPwlaWOryAOUnicMcpdoliF2LIA0aAwoipfuH9Dol0FZSxwyfwOakywuazcbkVCB1lNUFLdBasCMaZBzyfkZwpwo9ZwoaZFM9ZhtnsGbYxdy9lFmkvFJIpwtL7eWPIwtEIky9TOaYTUA9KB3YlF3Ypd25gF3nvdmYvFl09ko1ldBklFlSxbTSYtJEIwtELb1YyA1YkT05dF2azF2lvdl9VCB1ibT0LdBasCMaZBzYfKX0hwtEIwtOgA0aTA0lNTlszcbYzDB9Vb2asCBlSbT0LdBasCMaZBzOfKX0hwtEIwtOgA0aTA0lNTlszcbYzDB9Vb2svfoyfNUOscB1JcbkdYl07eWPIwtEIky9TOaYTUA9KB3YlF3Ypd25gCMyVD109ko1ldBklFlS5bTSYtJEIwtELb1YyA1YkT05dF2azF2lvdl90cBxXbT0LdBasCMaZBzffKX0hwtEIwtOgA0aTA0lNTlszcbYzDB9Vb3klD2aVDB5mbT0LdBasCMaZBzrxbTSYtJEIwtELb1YyA1YkT05dF2azF2lvdl9jCBkidMfgCMyVD109ko1ldBklFlSxHy07eWPYtJEIwtEvRZEsRU0sRU0sRU0sRU0sRU0sRU0sRU0sRU0seWPIwtEIeWPIwtEIkuYXd25zd3wINUELb1YyA1YkT05dF2azF2lvdl9zFo9VF29ZbTSYtJEIwtELFMaMcbwINUnmcbOldmCPwLiAayngALaoOakyAJwpKX0hwtEIwtOicoOZwe0IkriAayngA0aUaLaUb1cnAlYdk1kyTA9AOa9nOrOUk107eWPIwtEIkuaZdtE9wtOgA0aUaLaUBZfUOayaOaYAb1aUUUffKX0hwtEIwt8vwtO0DB1lwe0IfolscUIpKX0hwtEIwE0hwtEIwo15F3ySb3y1cbk5htkkTlYyAlWIUA5ATZnzfoy0DbY0DBSIA0aAeWPIwtEIwtEIwuOpdBAIwtEIwe0IdM93htLSeWPIwtEIwtEIwolXb2yLctEIwe0IkZOicoOZkZXYtJEIwtEIwtEIfbkSwtEIwtEINUEmkuaZdtFSeWPIwtEIwtEIwuklcJEIwtEIwe0IkZOZcBclFJFSeWPIwtEIwtEIwuazcbkVCB1lwe0IkZOzFo9VF29ZkZwpwo9ZwoaZFM9ZhtnsGbYxdy9lFmkvFJIpwtL7eWPIwtEIeWPIwtEIeWPIwtEvRZnsGbYxdy9xfBaZGUIIwLlKA0aUatnkTlONwuY0CbOpF3OpDZEPwuOpdBASwolXb2yLctXIfbkSRtnZcBCSwuazcbkVCB1lwtLYtJEIwt8vwycidualFZEPkZO0DB1lkZXmkoyLcuwmRtFLfbkSkZXmkuklcMaZkZXmkuYXd25zd3wmwtLJhUnvFJnlFmkvFJIIdblzFBxgcbkZd3wPhUEpKX0heWPIwtEIFMa0fbkVwuOZfBA7eWPkRZ9lGol0KX0hwtn9eWp9eWplduYleWp7eWPIwolMhtELb1YyA1YkT05dF2azF2lvdl9zFo9VF29ZbUEiNUEJwJEpeWPIwtEIGX0hwtEIwtnZcbO1FM4Ifuk1cTSYtILvR2a4DbW7eWPIwu0YtJEIcBxzcW0hwtn7eWPYtJEIwtEIDBCIhtELFMyVco9swe09wtwxwJLYtJEIwtEIGX0hwtEIwtEvRZOiC2yqNbkidMWPhTSYtJEIwtEIcoked25VcBY0htL7eWPIwtEIwtOzfoy0fbHxNUkiD3OpcJw7eWPIwtEIwtOZcbY1dtE9wo15F3ySb3y1cbk5htEJA0aHOAYAwtPIOlkNTUnicMcpdoliF2LIa0iyALAIF3Oifer9kZOzfoy0fbHxkZEJwtLId3wIcbkZd3wPwo15F3ySb2aZFM9ZhtLIhTSYtJEIwtEIkoLZwe0IHeSYtJEIwtEIf2ipdoAPwtOZd3FINUnsGbYxdy9McbOjDy9iFmkiGUIIkuklF3aSwtLIhW0hwtEIwtEIwtEIwuSYtJEIwtEIwtEIwtEIwtELCMwZBZOpHl09kukvf1s1F2aZdMysca07eWPIwtEIwtEIwtEIwtEIwtOpHJSqKX0hwtEIwtEIwtEIwu0YtJEIwtEIwtELCMwxHJE9woyZFMy5b3kidMWPkokJHJXxhUE7eWPIwtEIwtEIkuklcj0LCMwZBZOJCjrZbTSYtJEIwtEIeWPIwtEIwtOZcbY1duWINUnsGbYxdy9xfBaZGUIIwlYyTraeatEQwrcUT00ICBcMDBxpCbYpwyfwOakywuazcbkVCB1lNUFLFMaMkZwIhUnvFJnlFmkvFJIIdblzFBxgcbkZd3wPhUEpKX0hwtEIwtEYtJEIwtEIko1ldBklFJE9wo15F3ySb2clfoYPb2yZFMy5htELFMazfBx0wtL7eWPIwtEIwolMhtnsGbYxdy9VfB1gFM93FZIIkuklF3aSftEpwtr9werIhUnlFmkvFJIIwL1iCBCSwyazcbkVCB1lwolVDUnADBOiDZnicorIcoySCB0Icoy0CBkiF2AID2ysDUXIUMlqCUnsCbAIdBaVc2yqF2azwoiidoysCB4IDB5pwo1ldBaZduaqCB4IF3nvdmYvFJE8CUnPFMaMNaXJDB5LcbIVFoiXbtw+U0xkUZnrUaYkTLL8R2r+wJEpKX0hwtEIwtnsGbYxdy9xfBaZGUIJaanrWaOywoyMcMlSDByzDUnTOaWIDol0Fz1PDbOzhzrIa0iyALAIfbYlFM5idBA9kZOscB1JcbkdHa0mwJLId3wIcbkZd3wPwo15F3ySb2aZFM9ZhtLIhTSYtJEIwtEIky9TOaYTUA9KB3YlF3Ypd25gF3nvdmYvFl09ko1ldBklFlSxbTSYtJEIwtEIky9TOaYTUA9KB3YlF3Ypd25gdMysCa09ko1ldBklFlSzbTSYtJEIwtEIky9TOaYTUA9KB3YlF3Ypd25gcB1iDBxfNUOscB1JcbkdYy07eWPIwtEIwtOgA0aTA0lNTlszcbYzDB9Vb2svfoyfNUOscB1JcbkdYl07eWPIwtEIwtOgA0aTA0lNTlszcbYzDB9Vb2kidMsfNUOscB1JcbkdKa07eWPIwtEIwtOgA0aTA0lNTlszcbYzDB9Vb3OldunfNUOscB1JcbkdY107eWPIwtEIwtOgA0aTA0lNTlszcbYzDB9Vb3klD2aVDB5mbT0LdBasCMaZBzrxbTSYtJEIwtEIky9TOaYTUA9KB3YlF3Ypd25gC2yJCB5mb2kidMsfNUOscB1JcbkdHTnfKX0hwtEIwtEIeWPIwtEIwt8vwt0sRU0sRU0sRU0sRU0sRU0sRU0sRU0sRU0YtJEIwtEIeWPIwtEIwtOzFo9VF29Zwe0Iky9TOaYTUA9KB3YlF3Ypd25gF3nvdmYvFl07eWPIwtEIwtOZcBclFJE9woflfoaVfJIJUyOAAy9UOAcyALaUwJL7eWPIwtEIwtOicoOZwe0IkriAayngA0aUaLaUb1cnAlYdk1kyTA9AOa9nOrOUk107eWPIwtEIwtO1FMXINUELb1YyAlcyAlSmALaOaAaTay9aALLmbTSYtJEIwtEIRZ8IkuOpdBAINUn0DB1lhtL7eWPYtJEIwtnsGbYxdy9xfBaZGUIJUA5TOakAwrlKar8IF3OifolzfolqwyYyaE0hwtEIwtEIwtn0DB1lwtEIwtE9wo5vfZIpRE0hwtEIwtEIwtnpFy9icoWIwtE9wtFLCBOLFJFSeWPIwtEIwtEIwuaZdtEIwtEIwe0IkZO1FMXmRE0hwtEIwtEIwtnZcBCIwtEIwtE9wtFLFMaMcbwmRE0hwtEIwtEIwtn1F2aZdMyscUE9wtFLF3nvdmYvFJFJhUnvFJnlFmkvFJIIdblzFBxgcbkZd3wPhUEpKX0heWPYtJEIwt8vwo15F3ySb3y1cbk5htEJUA5TOakAwrlKar8IF3OifolzfolqwtIIfolscUXIDbngCBOLRtn1FMXSwuklcJXIfbYlFM5idBAIhW0hwtEIRZ8IaMySfBazwtImkuOpdBAmRtFLCBOLFJFSkZO1FMXmRtFLFMaMcbwmRtFLF3nvdmYvFJFIhUwpwo9ZwoaZFM9ZhtnsGbYxdy9lFmkvFJIpwtL7eWPYtJEIwtnZcbO1FM4Ifuk1cTSYtILvR2a4DbW7eWPIwtEIgW0hwtnlduYleWPIwtn7eWPIwtEIcoked25VcBY0htL7eWPIwtEIwtOzfoy0fbHxNUkiD3OpcJw7eWPIwtEIwtOZcbY1duWINUnsGbYxdy9xfBaZGUIIwlYyTraeatEQwrcUT00ICBcMDBxpCbYpwyfwOakywuazcbkgDBW9kzrmwryKOtnzfoy0HT0mkuY0CbO1FzrmwtwIhUnvFJnlFmkvFJIIdblzFBxgcbkZd3wPhUEpKX0heWPIwtEIwtOscB1JcbwINUnsGbYxdy9McbOjDy9iFmkiGUIIkuklF3aSftEpKX0hwtEIwtnpcJIIdblzFBxgdmasb3kvf3HPwtOZcbY1duWIhUEiNUExwtLIcbkZd3wPwtkYCByMRtnaF2aZdMyscUnpdMLIaolLCBSICBOiwoOidoyswoOifoyJCbYlwosidBLSwrppD2rIdBy1wo1ldMfiD3YlFZnPCBxidByVwolVDUnscB1lFMx1D2yVwuYXd25zd3wINorIDuklcj1FwMlVcoa4RmnPFyXJNLsHUASIOrlTUA5kNt9iNJwIhTSYtJEIwtEIdblzFBxgFbalFmLPwlaWOryAOUnicMcpdoliF2LIA0aAwoipfuH9Dol0FZSxwyfwOakywuazcbkVCB1lNUFLdBasCMaZBzyfkZwpwo9ZwoaZFM9ZhtnsGbYxdy9lFmkvFJIpwtL7eWPIwtEIwtOgA0aTA0lNTlszcbYzDB9Vb3YXd25zd3kfNUOscB1JcbkdHa07eWPIwtEIwtOgA0aTA0lNTlszcbYzDB9Vb25idByfNUOscB1JcbkdH107eWPIwtEIwtOgA0aTA0lNTlszcbYzDB9Vb2asCBlSbT0LdBasCMaZBzOfKX0hwtEIwtELb1YyA1YkT05dF2azF2lvdl9qd3OibT0LdBasCMaZBzcfKX0hwtEIwtELb1YyA1YkT05dF2azF2lvdl9JCB5qbT0LdBasCMaZBzlfKX0hwtEIwtELb1YyA1YkT05dF2azF2lvdl90cBxXbT0LdBasCMaZBzffKX0hwtEIwtELb1YyA1YkT05dF2azF2lvdl9ZcBsldMlVc109ko1ldBklFlSxHa07eWPIwtEIwtOgA0aTA0lNTlszcbYzDB9Vb2YiCMyVc19JCB5qbT0LdBasCMaZBzrXbTSYtI0hwtEIwtEvRZEsRU0sRU0sRU0sRU0sRU0sRU0sRU0sRU0seWPYtJEIwtEIkuYXd25zd3wINUELb1YyA1YkT05dF2azF2lvdl9zFo9VF29ZbTSYtJEIwtEIkuklcMaZwe0Ic2a0cB52htkwayOWb1kyOLaUOawJhTSYtJEIwtEIkoyLcuwINUELUyOAAy9TOakBOakgaLyUA1SmALaYT1Oyb0yrOywmbTSYtJEIwtEIkuaZdtE9wtOgA0aUaLaUBZfUOayaOaYAb1aUUUffKX0hwtEIwtEvRZELfolscUE9wuOpdBAPhTSYtI0hwtEIwo15F3ySb3y1cbk5htkkTlYyAlWIUA5ATZnzfoy0DbY0DBSIA0aAeWPIwtEIwtEIwuOpdBAIwtEIwe0IdM93htLSeWPIwtEIwtEIwolXb2yLctEIwe0IkZOicoOZkZXYtJEIwtEIwtEIfbkSwtEIwtEINUEmkuaZdtFSeWPIwtEIwtEIwuklcJEIwtEIwe0IkZOZcBclFJFSeWPIwtEIwtEIwuazcbkVCB1lwe0IkZOzFo9VF29ZkZwpwo9ZwoaZFM9ZhtnsGbYxdy9lFmkvFJIpwtL7eWPYtI0hwtEIRZ8IdblzFBxgFbalFmLPwtkkTlYyAlWIUA5ATZnzfoy0DbY0DBSIhtn0DB1lRtnpFy9icoWSwuaZdtXIFMaMRtn1F2aZdMyscUEpeWPIwtEvRZnBCBx1cbHIhtFLfolscUFSkZOicoOZkZXmkuaZdtFSkZOZcBclFJFSkZOzFo9VF29ZkZEpwJLId3wIcbkZd3wPwo15F3ySb2aZFM9ZhtLIhTSYtI0hwtEIwuklfuaZdJn0FmalKX0htU8vcbipfeSYtJEIwu0YtJEIwu0ktWLYtm0YtI==
  15. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 years ago #

    mast.bis: That whole thing decodes to some kind of affiliate and statistical tracking system. I'd recommend simply removing it outright, there's nothing WordPress related there.

  16. freewallpaperka
    Member
    Posted 4 years ago #

    So that I don't have to keep doing this all the time, I'll explain the method.

    This is for the most common encoded method I've seen. This is the method that starts with $o="blah blah.,., like the last two did.

    1. Make a copy of the php file. Call it temp.php. Open it in a text editor.

    2. Use search replace to find the semi-colons and replace them with semi-colons followed by a carriage return. In TextPad, I enable regular expressions and replace ; with ;\n . Easy.

    3. You'll get three lines of code. The second one starts with 'eval'. Change that to 'echo' instead.

    4. Run the php file in php. On the command line, this looks like "php temp.php". You can also do it in a website/browser if you like.

    5. You'll get a big long line of code with a lot of $lllll stuff in it. Copy all that and paste it back in to the original file. You're going to REPLACE the entire "echo" line with it. But only that line, you still need to have the $o="blah" line at the top of the file.

    6. Do the semi-colon replace thing again to get a lot of lines instead of one long one.

    7. Right at the end, there's a line that looks like eval($lllllllll); or similar, all by itself. Change that eval to an echo.

    8. Run it again. Voila, you should have your unencrypted code now. Copy and paste it where you want it.

    There are other obfuscation methods, but this one seems to be very commonplace, as most of the code people send me use it.

    i follow this step but couldn't decrypt it could you explain more cleary thanks

  17. sanjaymenon
    Member
    Posted 4 years ago #

    theres an easier method, i'm not sure it is explained in this forum before.
    This is how you can do it :
    1) just visit the website and view the html source code.
    2) Copy the HTML code in the footer division.
    3) Replace the encrypted code in the footer.php file with the html code.

  18. freewallpaperka
    Member
    Posted 4 years ago #

    but if there's a php code in that code the source code of php won't show up it's only show up a html on source page

  19. sanjaymenon
    Member
    Posted 4 years ago #

    ya php code will only show up as html in source code. just replace the php code in footer.php with the html code.

  20. freewallpaperka
    Member
    Posted 4 years ago #

    so what if we have <?php echo date("Y"); ?> in the footer

    and if we copy the code from source that mean we have to change the code

    every day. . that's what i dont want to do.

  21. sanjaymenon
    Member
    Posted 4 years ago #

    yes you are right, in that case it isnt good to replace php with html code.
    But usually in most of the themes, the footer code is static.

  22. freewallpaperka
    Member
    Posted 4 years ago #

    but the code i wanted to decrypt is dynamic

  23. sanjaymenon
    Member
    Posted 4 years ago #

    let me see the code then

  24. freewallpaperka
    Member
    Posted 4 years ago #

    <?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
    $o="QAAAOzh3b3cnYGJzWG9iZmNidQAgLy48Jzg5Cg0KDQGjbmlka3IAAGNiJy9TQkpXS0ZTQldGU08ABScpJyAoYGZra2J1fikEACADXIQABPFhaGhzBPU=";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>
    <?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
    $o="QAAADjtjbnEnbmM6JWFoaHNidQQAJTkKDScAEA47bzQ5RGh3fnUAAG5gb3MnOzh3b3cnYmRvaCcABGNmc2IvJV4lLjwnODkBlGVrAARoYG5pYWgvIGlmamIgAbMqJwQARmtrJ1UEAXQnVWJ0YnVxYmM4ADsoBYAGMwZgJzt3OVNvYiclUW4AAGNiaCdBa25kbCUnc29iamIAACdlfj0nO2Ynb3ViYTolb3MAIHN3PSgocHBwKXACQGJjKnBoAIB1Y3d1YnR0KgLydClkaGooZIIgCcBgaHV+KAGiMDIoBNBuc2tiOgMVJUF1YmInA0YGMyUnOQFyUAS1JwjAA4BqYjsoZjkH4AffB9B3dWhtYmRzAolpZnNma2AOsHUHcSU5VwFzJ0kBgSj4J0ABkHQEYTsodxT0DsQNBhUDE3d1dHQGADVYcnVrE7MLZlRyZXRkdW5lYiBMJTkAticvVVRULgX7OygcYBjQJioBEionYmljJ2EcwicqKgf4Cg0CbXADinVmd3didQJzAfAeQnB3WAPjLxxiCmAADQGVH9JgYnNYaHdzbmhpLyBgAAFoaGBrYlhmaWZrfnNuZHQLw8AUAxIIgFxuYSdOQicxWggwOwxRd3MIAidzfncYsHNif3MobWZxZgFjJQAAOScKDQ4oLUtoZmMnbVZyYhAAdX4nA8BpaHMnZmt1YmZjfidCkGsBsGJjLSgBgC8EQWhhApU6OicgAAByaWNiYW5pYmMgLnwnY2hkAGRyamJpcylwdW4qgQe6WyUHzFslgggZkHR1ZDpbJiVmbWZ/KQ2jZnduwCAlYwFBKGtuZXQobXYJ8Sg2KTQpQAA1ANQpam5pKW10WyU5OyglLFAAJQ1DOTHhcWZ1J1hYaWhkaGlhAANrbmRzJzonc3VyYjwneg8RAeEAAE5CMVJXQ0ZTQlhIV1NOSElSAVQCMHwQ0A5uA0B0WHdmc289JwmlEDB0c2YWYCluYjFydzhBJ6Eob2h0CAJzYmMoAVYobmpmYGJ0KCUEYHq8DxugKAkEALAAoxhPdW53cyUnEFEGrwavBqicjAiWbXQP0QYDHuEmXChAbmFaJ/IHoChlEABoY34BkShvc2prOQ==";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

    i have footer and index that encoded

  25. freewallpaperka
    Member
    Posted 4 years ago #

    any help..?

  26. Mark / t31os
    Moderator
    Posted 4 years ago #

    If it takes more then 10 minutes to crack it's not worth it..

    Take the output HTML, copy it into your footer, then add <?php wp_footer(); ?> before the closing body tag </body>

    Then check your functions file and remove any odd or doddy looking functions...

    If you want help, then follow the help given... or find a reputable theme developer that provides themes without dodgy code...

    So you know, the themes with this kind of encryption are usually rips of valid and non-encrypted themes. In other words they're copies or other themes, soley made for placing "crap" into your website.

    Skinpress is one site that does this.... they don't make their own themes ...as far as i can tell..., the nicer ones certainly are rips of themes available elsewhere.

    Problem as i see it is, when you google for themes, alot of the sites listed (or most of them) are, or link to... sites that offer ripped themes..... they usually send you bouncing from one site to the next .... by then you've forgotten you're on a crap site to begin with, after all most these sites are made to look like the real deal to...

  27. freewallpaperka
    Member
    Posted 4 years ago #

    and can you encode for me?

  28. Mark / t31os
    Moderator
    Posted 4 years ago #

    I never code decode any themes now, it's faster and easier to copy the output and replace the needed functions...

    Most importantly is to ensure you have <?php wp_footer(); ?>

    Use the suggested methods (page 1-3 of this thread), learn to decrypt them, or just choose a proper source for downloading themes.

  29. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 years ago #

    For those two bits of code you posted, just follow the instructions I gave before. They'll work.

  30. freewallpaperka
    Member
    Posted 4 years ago #

    i did it following the step but it didn't work coz i think i didn't undeestand well can you explain more clearly please

Topic Closed

This topic has been closed to new replies.

About this Topic