WordPress.org

Ready to get started?Download WordPress

Forums

How to 'decode' any encrypted theme without messing with decoder (5 posts)

  1. VitaeBlog
    Member
    Posted 4 years ago #

    I noticed there was a really long thread on the matter and figured I should make one myself since I'm honestly surprised at how few people know of this, it's a flawless method and will work in any theme you're ever going to come across.

    One thing I don't understand about encrypting parts of themes is that they tend to come with warnings stating it is protected by copyright law and reverse engineering or decoding them would be in violation of said law, when in fact everytime you load the theme you are 'decoding' it.

    So to decode themes here's what you do:

    1) Install the theme
    2) Add php comments to the first and last line of any block of encrypted code in the theme editor
    3) Load up your wordpress page
    4) right click -> view source
    5) see where your begin/end comments have been inserted
    6) Copy + paste all HTML code between the comments over the encrypted code in the theme editor
    7) You're done.

    Usually you don't even have to do most of the steps since you'll be smart enough to know which parts are encrypted so you can just view source then copy+paste in the appropriate area.

    Hope this helps you guys :)

  2. Mark / t31os
    Moderator
    Posted 4 years ago #

    That will get you most of the way, most of the time, but it's not always sufficient..

    It does not cover adding back in required WordPress functions that can sometimes be obscured, such as wp_head, wp_footer, and so on..

    Best to avoid sites that provide encoded themes... alot of these sites are just ripped versions of other peoples work..

    If you must use such a theme, don't install it on a live site, then remove the decoding. Install locally, remove dodgy code, then deploy to live site..

  3. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 years ago #

    VitaeBlog:
    Your method doesn't really work, because all it gives you is the output of the final code. It doesn't give you any of the PHP code, which may contain conditional changes or specialized calls (wp_footer, for example) or other things along those lines.

    Merely producing a static set of HTML is not all that the code might be doing. Using a decoder is better. Not using a theme with encrypted data at all is best.

    Furthermore, your method requires that you RUN the code, which is extremely dangerous. What if the encrypted code adds a backdoor into your site, then sends an email to some malicious person saying "hey, this idiot just ran your malicious theme code. Here's his URL and login information". Somebody now has access to your site, even though you had removed the encrypted code after you ran it that one time.

    NEVER RUN ENCRYPTED CODE. Not even once. Doing so is just inviting malicious people in.

    The decoders I created or found do not run the code, ever. They decode it directly. The methods I tell people on how to decode things do not involve running the code in an unmodified state (changing eval to echo and running it is safe, since it's echoing the result, not executing it).

  4. Benn1e
    Member
    Posted 4 years ago #

    I tried everything to get rid off the footer but nothing works..

    Here's the code: http://wordpress.pastebin.com/Y2KRHWUC

    I hope anybody can help me, thanks in advance!

  5. cubecolour
    ɹoʇɐɹǝpoɯ
    Posted 4 years ago #

    Benn1e instead of hijacking an old thread, you should have started a new one.

    If you put decode document.write( unescape into google, the first result leads you to:
    http://www.java2s.com/Code/JavaScriptDemo/UnescapeEncoderDecode.htm

    Put your encoded gunk into that and it decodes as the following (but wth the linkspam replaced)

    <div id="footer">
    Designed by: <a href="http://www.spammylink.com/">spammylink</a>. Sponsored by:  <a href="http://www.spammylink.com/">spammylink</a>, <a href="http://www.spammylink.com/">spammylink</a>, <a href="http://www.spammylink.com/">spammylink</a>.
    </div>
    </div>
    </body>
    </html>

    You probably shouldn't be using dodgy themes though - there are plenty of places to get good honest GPL themes.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.