WordPress.org

Ready to get started?Download WordPress

Forums

[closed] Theme decoding thread (449 posts)

  1. dpDesignz
    Member
    Posted 3 years ago #

  2. dpDesignz
    Member
    Posted 3 years ago #

    sorry and this one 2 http://pastebin.com/c3KgNc1f

  3. johnburn
    Member
    Posted 3 years ago #

    footer.php

    <?php
    
    $OO0OO000O00OO000O0O0 = true;
    if (file_exists(HESK_PATH . 'hesk_license.php'))
    {
    	$OO0OO0O0O000O000O0O0 = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
    	$OO0OO000O000O000O0O0 = str_replace('www.','',strtolower($OO0OO0O0O000O000O0O0));
    	include(HESK_PATH . 'hesk_license.php');
    
    	if (strpos($hesk_settings['license'],sha1($OO0OO000O000O000O0O0.'h3&Fp2#LaA&59!w(8.Zc]*+uR512')) !== false)
    	{
    		$OO0OO000O00OO000O0O0 = false;
    	}
        else
        {
        	echo '<p style="text-align:center;color:red;font-weight:bold;">INVALID LICENSE (NOT REGISTERED FOR '.$OO0OO000O000O000O0O0.')!</p>';
        }
    }
    
    if ($OO0OO000O00OO000O0O0)
    {
    	echo '<p style="text-align:center"><span class="smaller">Powered by <a href="http://www.hesk.com" class="smaller" target="_blank" title="Free Help Desk Software HESK">Help Desk Software</a> HESK&trade;</span></p>';
    }
    echo '</td></tr></table></div>';
    include(HESK_PATH . 'footer.txt');
    echo '</body></html>';
    ?>

    The second one:

    <?php
    
    $OO0OO000O00OO000O0O0 = true;
    if (file_exists(HESK_PATH . 'hesk_license.php'))
    {
    	$OO0OO0O0O000O000O0O0 = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
    	$OO0OO000O000O000O0O0 = str_replace('www.','',strtolower($OO0OO0O0O000O000O0O0));
    
    	include(HESK_PATH . 'hesk_license.php');
    
    	if (strpos($hesk_settings['license'],sha1($OO0OO000O000O000O0O0.'h3&Fp2#LaA&59!w(8.Zc]*+uR512')) !== false)
    	{
    		$OO0OO000O00OO000O0O0 = false;
    	}
        else
        {
        	echo '<p style="text-align:center;color:red;font-weight:bold;">INVALID LICENSE (NOT REGISTERED FOR '.$OO0OO000O000O000O0O0.')!</p>';
        }
    }
    
    if ($OO0OO000O00OO000O0O0)
    {
    	echo '<hr /><table border="0" width="100%"><tr><td><b>'.$hesklang['remove_statement'].'</b></td><td style="text-align:right"><a href="Javascript:void(0)" onclick="alert(\''.$hesklang['support_notice'].'\')">'.$hesklang['sh'].'</a></td></tr></table><p>'.$hesklang['support_remove'].'. <a href="https://www.hesk.com/buy.php" target="_blank">'.$hesklang['click_info'].'</a></p>';
    }
    
    ?>
  4. dpDesignz
    Member
    Posted 3 years ago #

    Thanks yet again. :)

  5. bilalirfan
    Member
    Posted 3 years ago #

    Can you please decode this?

    Thanks in advance!

    http://pastebin.com/yLS2EB4K

  6. johnburn
    Member
    Posted 3 years ago #

  7. femmejolie
    Member
    Posted 3 years ago #

    Can someone please decode? Pretty please with sugar on top?
    http://pastebin.com/2mfPNTmh

  8. johnburn
    Member
    Posted 3 years ago #

  9. Khang Minh
    Member
    Posted 3 years ago #

    @femmejolie: Same as johnburn's, but with double new lines removed.
    http://pastebin.com/AdS80Pvu

  10. jetfalcon
    Member
    Posted 3 years ago #

    johnburn, do you mind?

    Johnburn, do you mind?

  11. johnburn
    Member
    Posted 3 years ago #

  12. UseShots
    Member
    Posted 3 years ago #

    This was an interesting obfuscation technique.

    I gather, this site repackages someone else's themes and adds their own links there? And they force you to sign up with scammy services to be able to download rogue themes? Nice!

  13. couchmouse
    Member
    Posted 3 years ago #

    I have tried to decode this using sites found on google with no luck, just gibberish. So...
    Can you please decode this?

    Thanks in advance!

    http://pastebin.com/KubWiSjn

  14. johnburn
    Member
    Posted 3 years ago #

  15. T3Kaos
    Member
    Posted 3 years ago #

    I'm having a problem decoding the rubbish in the footer.php of a so called free theme. I tried using various decoders but they can only decoded the encrypted data before the base64 line. Any help anyone?

    http://pastebin.com/LrH4WQYU

  16. rakiapu
    Member
    Posted 3 years ago #

    please some one help to decode this free theme footer.php

    <?php /* /* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x478;eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NGZiKTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tjslC2ivwtFYtjXvcol2NjXiRU0IR2YvdmOldmWIRU0+eWPYtjXvcol2NjXiRU0IR2YvdmOiDB5lFJEsRT4YtI0hNoOpfJnpce0JCM90fo9swj4YtI0hNoOpfJnjdoyzFz0JDB5VcbwJNI0heWPkkzspcJEPwtyMfB5jfolvdl9lGolzfuHPk2O5dMysDBYgF2lLcBkiFJFpwux8wBO5dMysDBYgF2lLcBkiFJIJOM9vfoaZwJLIhUE6woaVcolMK2ajDo8IkX0htW0hNt9LDbC+eWPYtjXvcol2NjXiRU0IR2kvfuOvdUEsRT4YtI0heWPYtjxLDbCIDBW9wMcvd3OlFJw+eWPYtjxLDbCIC2xiF3H9wMlVdMaZwj4YtI0heWPYtILYtJF7koYvFuLINUnmcbOgd3n0DB9Vhtfzd2OiC29jCa9MdoaMftFpK2ajDo8IkX0hNuE+kzslC2ivwtOjd3n5K2ajDo8IkzXvCT48R3E+eWP8Fe5rcbYpc25lctnJGUE8CUnPFMaMNUkPfuOXKJ8vf3f3RMc1dMYvF3O1dBa3DBfzRMYvdU8Jwuklde0Jco9Md2xSd3FJNLc1dLYvF3O1dBabDBfzRMYvdTXvCT4IgtnADoyVD3HIfo8INorIDuklcj0JDuO0FePvR2asdByzfo9VcbnpC3HVC29sRZwIFMaSNUkLd2cvdoxvfZw+OB1sCUnTfo9VcTXvCT4IRtE8CUnPFMaMNUkPfuOXKJ8vdBamCB5Md3IVdorvwJnZcBX9wMOvcM9Sdo93wj5YcBfidJnod3I8R2r+wtcidbE7wexiwoiZcBC9wMi0fuE6RZ93f3FVCMyVCbOmCB1lFZ5jd20Jwuklde0Jco9Md2xSd3FJNMimfBiMNt9iNjXvFe4YtI0heWPYtjXvcol2NI0hNt9LDbC+NtrsRUEvcM9vfoaZwt0sNI0hNt9LDbC+NtrsRUEvC29VfoypdMaZFZEsRT4YtI0heWPYtjxzC3kpFuWIfulXcT0Jfoa4ft9QCbciF2YZDbn0wj4IW3aMd24VdM93htL7weXvF2YZDbn0NI0heWPmK3fXb2cvd3OlFJIpK2ajDo8IkX0hNt9Jd2O5NI0heWPYtI0hNt9Pfo1SNJF7tjS=alVnRPIq

  17. johnburn
    Member
    Posted 3 years ago #

  18. T3Kaos
    Member
    Posted 3 years ago #

    thanks - you're a life saver johnburn! you are awesome!

  19. rakiapu
    Member
    Posted 3 years ago #

    Johnburn All my respect goes to u ..a little thanks is not enough for me to say .. but I would say thumbs up.Anyways bro, can u tell me what type of encryption that one was...

  20. johnburn
    Member
    Posted 3 years ago #

    @rakiapu:
    It is encoded/obfuscated using PHPLockit!

  21. Xr3m1ckX
    Member
    Posted 3 years ago #

    http://pastebin.com/p8J6hb4U
    http://pastebin.com/Q5WnwtZP

    please decrypt that encoded :) thx

  22. Xr3m1ckX
    Member
    Posted 3 years ago #

    http://pastebin.com/YgJqZ6iP
    also this
    thx :D

  23. amjad ali
    Member
    Posted 3 years ago #

    pleas help me decode it
    change it

    <?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
    $o="QAAADTs4d293J25pZGtyY2InLwAAU0JKV0tGU0JXRlNPJyknIACAKGVoc3NoaikCUCAuPCc4OQ4AAA07Y25xJ25jOiVhaGhzYnUQQiU5DQFEZGtmdHQBcGtiYXMBYA0AAENidG5gaSdlfj0nO2Ynb3UAAGJhOiVvc3N3PSgoampob3IAAHMpZGhqKCU5SkpIVVdAOygAAGY5Jyc7ZXUoOQ1EaHd+dW4CQGBvcychZACwPCcKY2Jkb2gnYwJAZnNiLyBeCOA4OQGEZWtoYG5pAIFhaC8gaWZqYgGjIWljZnRvA6WADQInY2J0ZHVud3NuaGkCkA0QDQczoBAGIyMNQSc6J2Bic1hoAlIvIGZ0HKFzdFgBgQMBCDJ0cwQgdA7gb2J0LwMyiV8Rsg07KBGwOQ0SI2QCAHQQ4AyCEPAQPxA2AIB0aGRuZmsqYAvQdCU5QWZkYgJQZWhobCdAAQE7KBFxexQucHBwKQQRb2h0c3EUVFFXVCdPAQBuaWADP8DgF1MDMWRudXNifwORApADtFBiZXRuNwBzYgP6EVMNC1YR8xR3dXR0NVhydWuAgBFBODklOVRyZRWBZWInc2gnV7gdCIB0CGILiAQtZGhqamJpFbAEvwS4RAJknkQE4Q0OFhQAhRagK+JwdxoCYnUvGIVlaBAIY345GQBvc2prOScNJwAR";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

  24. Samuel B
    moderator
    Posted 3 years ago #

    vfundude62

    <?php include (TEMPLATEPATH . '/bottom.php'); ?>
    <div id="footer">
    
    <div class="fleft">
    
    Design by: <a href="http://mmohut.com/">MMORPG</a>  <br/>
    Copyright &copy; <?php echo date('Y');?> <?php bloginfo('name');?> &ndash; <?php bloginfo('description'); ?>
    <br/>
    <?php $foot = get_option('asts_foot'); echo stripslashes($foot); ?>
    </div>
    
    <div class="fright">
    <a href="http://mmohut.com/social-games">Facebook Games</a>  | <a href="http://www.hostv.com/">VPS Hosting</a>  | <a href="http://www.cirtexhosting.com/">Website Hosting</a> <br/>
    
    <a href="<?php bloginfo('rss2_url'); ?>">Subscribe to Posts</a> | <a href="<?php bloginfo('comments_rss2_url'); ?>">Subscribe to Comments</a>
    	</div>
    	</div>
    
    <?php wp_footer(); ?>
    </body>
    </html>
  25. Samuel B
    moderator
    Posted 3 years ago #

    Xr3m1ckX
    sorry pastebin is down right now

  26. Gazzooks
    Member
    Posted 3 years ago #

    Hello Brainyacs;

    I have a weird piece of Code here that I have never seen before and tried it in all decrypter out there, even zend and cube, no go.

    Could I get someone to have a look at this for me please?

    http://pastebin.com/5qBLs7su

    Thank you in advance!

  27. Samuel B
    moderator
    Posted 3 years ago #

  28. Gazzooks
    Member
    Posted 3 years ago #

    Thank you Samuel B, May I inquire how the original was encoded?

  29. tepsam
    Member
    Posted 3 years ago #

    pleas help me decode it

    footer.php is:

    <?php $_F=__FILE__;$_X='Pz48P3BocCA1djFsKHN0cjRwc2wxc2g1cyhnejRuZmwxdDUoYjFzNWV1X2Q1YzJkNSgialZUQmpwc3dFRDZ2cGY3RDZENnNJcFZ3YnVGSW9XcXJTajZRYjFRY0lhTUdzTmJZbG02Sytmc09nNXdTMFlhMUUvSjc4YWJtelV6YWFWMFNsL0pvbG55SUl2alljcWtoNHJMbzd1QitDUUVneWlSVnhnUjBESnhSbURKaGRFQWRwS3VNbWlsb0w2UmhsTEdOMFJka1F2NWFzUUN5YTJEcGdzZHdxakVZR2VUUm02bjg2TTNTSGpvYlFwMkNHOUF6YUFLOW5Md3NzNUIzY3o4Ujc3ZGZZTDhRdnlyVXl1RFJzckRicktob29ESVE0bnRQcFN2a3JwSi8vaFc3anE5UjIrUEJPSmJscGs1SEpSUURKQncxaDZYS21oRHNpemozalMzdFErOW94dFV4Z3lERDFPRVR0cHdjRkpDajgwWnpCWGxYS09rYnFXdklGUStWY1NvaWpTcGw0MFJIVXN0SHRTVG1HWEJkcnZOWnVUMnRtbUVuVFAzMTc5RWhBa1dhc212aFY4NVZEQU1jTDdYQjJjR1dETStPK2NNVVA1cFA1L0UvVmdocVh0TDJzbS8yWjFvZmNNSUt1ZTRUc1RDcTR6MzFiY3BPaDVMZTU1cHNyZ1ZiU3diZzNjY2QvTkJBS2VWdVljZ0RhaGYyWldoV3UzTnFGRndwTHgyc091V2phK3NrRHlTRU5jTGp6STFubVRlbStyUVNMWnpoWmM4SG10TXpiU1lWdnBiOE9uUGdNSkg1SEF3ZGpVQVhnM25jNVJVVUx1NTJpaldQeHE1NjhFL0N1VHZoY0NEODZqeVc5bzM5YTErWGZKTjdUVnRTTHM1OCtFdFkyTk05VHRqeWZVeHRYdUR6ZWZmYU5MRW84L1VtY1dIS3VmelJoRlpseWZ1diIpKSkpOyA/Pg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

Topic Closed

This topic has been closed to new replies.