tags:

views:

164

answers:

4
+2  Q: 

PHP decode starting with $OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63

I bought a software from classifiedscript.org, unfortunately, there is an encoded php file which I suspect contains some dodgey functions.

Just to clarify - they were suppose to provide full source code which I can edit and I did try emailing their '24/7 email support'... but all empty promises and not a single reply from them. Hope someone here can help.

EDIT: Full page source:

<?php /*  */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');
$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};
$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};
$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};
$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};
$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};
$O0O000O0O=$O0O000O00.$OOO000000{11};
$O0O000O00=$O0O000O00.$OOO000000{3};
$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};
$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};
$OOO0O0O00=__FILE__;
$OO00O0000=10176;
eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NDdhKTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));
return;
?>    kr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tMc1dMY0DB9Vwoflfy9jCbOlc29ZGa9XCbOPwtIIkoYifoamd3k5UAWIRtCLCbkZCblgfo9gcMlSdtESkJOsCB5pFuaSCbOvFJEptmShkoOifoygfoasFtE9wtOsCB5pFuaSCbOvFJ0+F2aScBY0wtIIwLYifoamd3k5wJXJhJwSCbkZCbLIhtEJW2y0cBfvFmlkOtw9NJOjCbOlc29ZGAlrwtLIhUE7tMyZFMy5b3n1F2IPwtOiFmkiGa90d19MDBxSwtXLcoy0Ca90cB1XBznfwtLIKXppcJEPwolVfucidtEPwtOLCbOib3OldbndHy1dwLilCBOeCbOlc29ZGAlrwl0IhUE+HtEptmShc2a0b2Yifoamd3k5b3nifoIIhtnpdmO2CBXIhtELcoy0Ca90cB1XBznfBZkwcByLW2y0cBfvFmlkOtkfwtLIRtOiFmkiGa90d19MDBxSwtXLdByVDbn1doy0d3wIhUE7tm0hgWpMfB5jfolvdJnmcbOgF3aJb2Yifoamd3kpcbHIhtELC2y0cBfvFmlkOtESkJOsCB5pFuaSCbOvFJEptmShkoyZFMy5b3Ovb3klfuaZdJE9woyZFMy5wtIIhUE7tJOLCbOib3OldbEINUELdByVDbn1doy0d3wsNmYldoajftEPwtkeCbOlc29ZGUwSwJPJRoyZFMy5wtIIwLilCBOeCbOlc29ZGAlrwj0+koYifoamd3k5UAWIhUEpweShDBCIhtEicB1XfuLIhtELcoy0Ca90cB1XwtLIhWp7tMcvFMaiC2IIhtELcoy0Ca90cB1XwoyzwtOLCbWIhWpiFmkiGa9XfbYPwtIIkoyZFMy5b3Ovb3klfuaZdJESkoOiftEpweShgWpZcbO1FM4IkoyZFMy5b3Ovb3klfuaZdJE7tm0hcmaVC3Opd24Ic2a0b2yXFy9PcByLcbwIhtEMko1iDB5eCbOlc29ZGUEpwEp7tMlVC2x1coAIhtEJfoildBAvcoaMCbaSft9pdMHVDoaicoaZRmnPFtwpweShgWpMfB5jfolvdJnmcbOgCbnXb21lcoliwtIIhWp7tMajDo8ICMyzca91FMXVwmOPcB1lR2OlcMy1duWvDB1ic2azRZw7tm0hcmaVC3Opd24Ic2a0b2Yify9pC29VwtIIkoYifoamd3k5UAWIhWp7tJO0cB1Xb3YZCZE9wokiF2agfbkSRJkscBOpCU9jduYgC2y0bZwVkoYifoamd3k5UAWVwl81YTwXRMpXcZw7tMajDo8IkuOldbngF3kjweShDBCIhtnMDBxlb2a4DbY0FZEPwtO0cB1Xb3YZCZEpwtLhFMa0fbkVwtw8DB1mwuYZCz0mwJ4LfoasFy9zFMHVwJFIF3O5doA9k3clFmOpC2ySRBySDBfVKJnsDBOLdoA7wunvF2l0DB9VKJnZcBxifol2cTSIdoaMfePIRTaXGeSmwokvFMOlFj0mHtFIfmYXCBYlNUFxkZEvNJw7tmklfuaZdJEJNolscZnzFMH9kZFICBx0NUfKdZnkdBymcUFIF3O5doA9k3clFmOpC2ySRBySDBfVKJnsDBOLdoA7wunvF2l0DB9VKJnZcBxifol2cTSIdoaMfePIRTaXGeSmwokvFMOlFj0mHtFIfmYXCBYlNUFxkZEvNJw7tm0hcmaVC3Opd24Ic2a0b21ldmAIhtEptmShDB5jduaLcUEPwtk0DoascU9LcBcifBx0R2lVCZ5scB51RmnPFtwpweShgWpMfB5jfolvdJnmcbOgCMyzca91FMXIhtEptmShFMa0fbkVwokiF2agfbkSweShgWpMfB5jfolvdJnmcbOgdolzfolVc191FMXIhtELC2y0cBfvFmlkOtESkuklc2lvdLlrwtLhGXppcJEPwolVfucidtEPwtOjCbOlc29ZGAlrwtLINerIhWpZcbO1FM4ICMyzca91FMXVwMkZd3fzcU5XDuEJKXppcJEPwolVfucidtEPwtOjCbOlc29ZGAlrwtLINerIhWpZcbO1FM4ICMyzca91FMXVwMkZd3fzcU5XDuE/FMamDBW9wJ4LFMamDB9VUAWIKXpZcbO1FM4ICMyzca91FMXVwMkZd3fzcU5XDuE/C2y0DBW9wJ4LC2y0cBfvFmlkOtE7tm0hcmaVC3Opd24Ic2a0b3nvF3OgfbkSwtIIhWp7tmklfuaZdJnJCbYlb3aZdt4JF2aScBY0C2y0RmnPFtw7tm0hcmaVC3Opd24Ic2a0b2Olfoypdy9SDB5qwtIIkoYSF0lrwtLhGXpZcbO1FM4ICMyzca91FMXVwMOlfoypdt5XDuE/C2xzDBW9wJ4LC2xzUAWIKXp9tMc1dMY0DB9Vwoflfy9xfBaZGa9zfukpdMfgfMyZFZEPwtOlGoYlFuOpd24INUEJwJLhGXPLF3OZwe0IwJw7tMlMwtIIwBasFuO5wtIIky9uOaWIhUEptmShcM9ZcByjDtEPwtOgO0aAwoyzwtOqcbLINT4LfMySwtLhDBCIhtELD2a5wtr9wtOlGoYlFuOpd24IhWPLF3OZwt49wtwMkoslGT0LfMySwjShgWpZcbO1FM4IkuY0FJE7tm0hcmaVC3Opd24Ic2a0b3Ylcl9zcByZC2igdolzfolVc191FMXIhtELfbkSb3Y0FMlVcZESkoa4C2aXfolvdJE9wtwJRtOVcbfgfMySwe0IwJwptmShkuY0FJE9wtwJKXPLcM91dMWINUEXweShDBCIhtELfbkSb3Y0FMlVcZEiNUEJwJLhGXPLfMyZb3niFMysFZE9woa4FoxvcoAIhtEJgtwSkuaZdy9zfukpdMFIhUE7tMlMwtIIwBasFuO5wtIIkuciFl9XCbkidbHIhUEptMcvFMaiC2IIhtELfMyZb3niFMysFZniFZELfMySwtLhGXppcJEPwtO2CBXIwT0IwJwptmShkuciFl90cB1Xwe0IcbiXdo9LcUEPwtw6wJXLfMySwtLIKXppcJEPwtO2CbkgfoasFySXbUEiNUELcbijcbn0DB9VwtLhGXPLF3OZwt49wtO2CbkgfoasFySXbU4JKJwVkuciFl90cB1XBzyfRJk8wjShgWplduYltmShkocvfB5Lwe0IHUE7tMlMwtIIko5lf192CBXIwT0IwJwptmShkuY0FJEVNUELdMa3b3cidt4Jgtw7tm0hgWp9tm0hDBCIhtELcM91dMWINT0IHtEptJOzfuwIRj0Iko5lf192CBXIKXp9tMaSF2AhGXPLF3OZwe0Iko5lf192CBXIKXp9tmklfuaZdJELF3OZweShgWpMfB5jfolvdJnmcbOrDbY0CB5jcUILCTrSkowxRtOiHJXLCjwptmShkuwINUEzKTCzRjr7tJOXDUE9weHVHTWxYTLZYjAzYTI5YzLzHjH4YeC7tJOiHUE9wtOiHUPPkunpRzr4HtL7tJOiHJE9wtOiHJPPkunpRzr4HtL7tJOJHUE9wtOJHUPPkunpRzr4HtL7tJOJHJE9wtOJHJPPkunpRzr4HtL7tJOZcbWINUEPCBYvFZijd3HPkorxhUpjd3HPkowxhUpjd3HPkorZhUpjd3HPkowZhUEqC29zhtOiHULQF2lVhtOJHULQC29zhtOiHJLQF2lVhtOJHJLIh3YpdJILCTrphmYpdJILCTwphUEQwtOZhUE7tmklfuaZdJELFMa0KXp9tMc1dMY0DB9Vwoflfy9zcBcgfbkSwtIIkoaVfol0Ga9pctESkoaVfol0Ga90GbnlwtLhGXppcJEPwtrLcoy0CUEptmShFMaxfBlZca9vdMYlwtIIwM1idMlXfBxifoAVFoiXwJLIKXPLcoy0CUE9wo5lfZnrCbOiTByVDbn1doy0d3wIKXp9tJOldmOpfuLINUELcoy0CU0+F2aScBY0wtIIwlYyOl9aALXJRtwQwJxiFmkiGUEPwtkydmOpfulAGbnlwj0+koaVfol0Ga90GbnlRtkydmOpfulkOtw9NJOldmOpfulgDBWIhUEpweShFMa0fbkVwtOldmOpfuldHy1dwlaUTtkfweShgWpMfB5jfolvdJnmcB5lFMy0ca9zcBcgfbkSwtIIkoaVfol0Ga90DbOScUESkoaVfol0Ga9pctESkoaVfol0Ga90GbnlwtLhGXPLcoy0CUE9wo5lfZnrCbOiTByVDbn1doy0d3wIKXPLcB50DbO5b3Opfoxlwe0IfukpdUEPwtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtwIwJXJRUwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJCJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtw/wJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJNUwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwj4JRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtwSwJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJkZwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJ8JRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtkFbtwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJ0swJXJRUwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJ0swJXJRUwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwjPJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtk8wJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJkUwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0GUE9wtOLCbOiRT5zcBxlC3WIhtEJA0aob1aUTtwSwJPJRoyZFMy5wtIIwlaUTtw9NJOldmOpfulgfol0doAIhUEpweShDBCIhtEicB1XfuLIhtELcB50DbO5wtLIhWp7tmklfuaZdJnmcB5lFMy0ca9zcBcgfbkSwtIIkoaVfol0Ga90DbOScU4JRUwVkoaVfol0Ga9pctESkoaVfol0Ga9pctESkoaVfol0Ga90GbnlwtLIKXp9tMaSF2AhGXpZcbO1FM4IkoOiforsNMlVF2aZftEPwtkTOAcgaakHwJxiFmkiGUEPwtkydmOpfulAGbnlwj0+koaVfol0Ga90GbnlwtXJOB50DbO5UAWJNT4LcB50DbO5b2lLwtXJaakHwj0+koaVfol0Ga90DbOScUEpwtLIKXp9tm0hcmaVC3Opd24IFMagc2aVcbkifoagF2aMb3aZdtEPwtOldmOpfulgfol0doAIRtOldmOpfulgDBWIRtOldmOpfulgfulXcUEptmShkoOiforINUnVcbFIOoy0CA1idMlXfBxifo9ZweShkoaVfol0Ga90DbOScUE9wuOZDB0IhtELcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJwtwSwJ0JRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtwMwJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJNZwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwj0JRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtw+wJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJRtwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJFJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtwvwJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJbyXJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtw6wJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJgtwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJAJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfuLINUELcoy0CU0+F2aScBY0wtIIwlYyOl9aALXJRtwQwJxiFmkiGUEPwtkydmOpfulAGbnlwj0+koaVfol0Ga90GbnlwtXJOB50DbO5UAWJNT4LcB50DbO5b2lLwtLIhUE7tMlMwtIIwBasFuO5wtIIkoaVfol0GUEpwtLhGXPLFuklfJE9wtOLCbOiRT5zcBxlC3WIhtEJA0aob1aUTtwSwJPJRoyZFMy5wtIIwlaUTtw9NJOldmOpfulgfol0doAIRtkydmOpfulAGbnlwj0+koaVfol0Ga90GbnlwtXJOB50DbO5UAWJNT4LcB50DbO5b2lLwtLIhUE7tMlMwtIIcB1XfuLIhtELFuklfJEpwtLhGXpZcbO1FM4IkoOiforsNmaXcoy0cUEPwtkTOAcgaakHwJxiFmkiGUEPwtkaALXJNT4LcB50DbO5b3OpfoxlwtLIRoyZFMy5wtIIwLaVfol0GaO5FoAJNT4LcB50DbO5b3O5FoAIRtkydmOpfulkOtw9NJOldmOpfulgDBWIhUEpweShgWplduYltmShFMa0fbkVwofldMaZCbOlb3Ylcl91FMXIhtELcB50DbO5b3OpfoxlRJwswJ4LcB50DbO5b2lLwtXLcB50DbO5b2lLwtXLcB50DbO5b3O5FoAIhUE7tm0hgWplduYltmShFMa0fbkVwofldMaZCbOlb3Ylcl91FMXIhtELcB50DbO5b3OpfoxlwtXLcB50DbO5b2lLwtXLcB50DbO5b3O5FoAIhUE7tm0hgWpMfB5jfolvdJnWAri0funWd3Y0wtILdBa0Do9LTMysca8Sko52FyY0Fl8IRtOXCblscB50AoyZCB0ptmShc2xvCMySwtOldmcpFM9VdBaVfeShkryWUa9aF2aZTMyscUE9wtOXCblscB50AoyZCB1dwlniGanidyazcbkKCB1lwl07tJOnArlgAoyzF3fvFMWINUELFoy5dBaVfyniFMysBZkWCblWCBxWCbYzf29ZctkfKXPLWankb1Ypc25ifuaZcUE9wtOXCblscB50AoyZCB1dwlniGanidyYpc25ifuaZcUkfKXPLWankb0aVcunvDB50we0IwMi0funzKJ8vCbnpRTY0RmniGbnidt5jd20vdmcXwjShDBCPwmYidMOJd3IJNT09wtOldmcpFM9VdBaVftn8gtkJcbOiRbYidMOJd3IJNT09wtOldmcpFM9VdBaVftLIGXPLWankb0aVcunvDB50we0IwMi0funzKJ8vCbnpRTY0RJOldmcpFM9VdBaVft5XCblXCBXVC29sR252Ftw7tm0hkuclFmYpd24INUn1FMxldMYvcoAPkzAxRjEmhTShkoYPwe0IC3aZdy9pdMl0htL7tMY1FMxgF2a0d3n0htOjDtxeaakHT1nAb1aUTtXLWankb0aVcunvDB50hTShC3aZdy9zcbOvFuWPkoYPRrYaALxNAyOgaLaUWL9TOUXxhTShC3aZdy9zcbOvFuWPkoYPRrYaALxNAyOgA1YHb1cyALloBanyOawSOLyHA0ApKXpjfbkSb3Ylfo9XftILC2ISW1aUTr9Way9TA0xgaLaUUAccUr9TatxoWAxTOUL7tMY1FMxgF2a0d3n0htOjDtxeaakHT1nAb1kyayaUTlOUWA5TOLaURerpKXpjfbkSb3Ylfo9XftILC2ISW1aUTr9Way9WT1YARerpKXPLdmcXFMaxwe0IwL1yariNOe0LdBa0Do9LTMysca8MaLaUA0lNTj0LfMaZF2lvdJcWa0W9kryWUa9WCbYzf29ZctcaA0aUNUOnArlgabYlFL5idBAMA0luTLyAaakyNUOnArlgA2lmdMy0fbklko52FyY0Fl8JKXpjfbkSb3Ylfo9XftILC2ISW1aUTr9Way9WT1YAOLlyTrOTRtOVfmnZcbrpKXPLDuO0FyklF3nvdmYlwe0IC3aZdy9lGoajhtOjDtL7tMlMhtrLDuO0FyklF3nvdmYlhUn7tMa4DbWPkZOscbOPd2OKCB1lbZnMCBlScBW6wtFVC3aZdy9lFmkvFJILC2IpRJFPkZ5jfbkSb2aZFM5vhtOjDtLVkZLmhTShgWPLDuO0FyklF3nvdmYlWbwINUnlGunSd2OlhtwMwJXLDuO0FyklF3nvdmYlhTShkoi0funWCbkzcBOUcbYXd25zcAyZwe0ICbkZCbLPhTShcM9ZcByjDtEPkoi0funUcbYXd25zcAyZwoyzwtOpwe0+kucidualhUn7tJO0dbnnFJE9woa4FoxvcoAPwj0JRtO2CBx1cUL7tMlMhuYpGMavcJILfo1XWbwpwe4xhUn7tJOPfuOXAoyZF2aLAMazFo9VF2anFlSLfo1XWbkdHy1fwe0IkuOsFryZBzyfKXp9tm0hDBCPheEINT0IF2l6cB9MhtOPfuOXAoyZF2aLAMazFo9VF2anFJLpwux8wByZFMy5b2slGa9lGolzfuHPk0yeUZFSkoi0funWCbkzcBOUcbYXd25zcAyZhULIGXplGol0htkkdmcidolLwriAayEIAMazFo9VF2AIcM9ZwynNA1WIFMaxfBazftILdmcXFMaxhUn0dZELWankb0aVcunvDB50RJwpKXp9tmklfuaZdJELDuO0FyniFmYlcyklF3nvdmYlWbw7tm0hcmaVC3Opd24Ic2a0b3Y0CbO1F19SDBYldmYlwtIIhWp7tJOvfbOXfbWINUExweShkoYPwe0IC3aZdy9pdMl0wtIIwMi0fuE6RZ93f3FVC2xiF3YpcMllcuYjFMlXft5vFMFvCBOsDB4vF3OifuazRmnPFe9VfbkSNUwVCMyzca91FMXIhUE7tMY1FMxgF2a0d3n0htELC2ISW1aUTr9Way9UOaOaAL5AALyKA0cyAJXxwtLIKXpjfbkSb3Ylfo9XftEPwtOjDtxeaakHT1nAb0iyWAOyAJXXwtLIKXPLd3a0Fua0we0IC3aZdy9lGoajwtIIkoYPwtLIKXpjfbkSb2YSd3YlhtELC2IIhUE7tMlMwtIIDB50fMySwtIIko91fun1ftEpwe09weEIhWp7tMa4DbWIhtEJBB91wuazDB5mwolVfMySDBWId3wIcbiXDbklctnSDBYldmYlwoYvdmOiC3WIfbHICbWINorIDuklcj0mDuO0FePvR3f3fZ5jdoyzF2lMDBaLF2YZDbn0RM9ZcZF+DuO0FePvR3f3fZ5jdoyzF2lMDBaLF2YZDbn0RM9ZczXvCT4IRJnidMWIc2a0wucidolLwoxpC2aVF2AIRtncd3aZwoOifoyJCbYlwoyVctn3cBkzDbOlwolzwuYicMAVwJLIKXp9tm0h

Is there a script I can run to reverse run the above?

+2  A: 

Yes, you can easily decode scripts as this one. For starters, I'd simply replace the eval in your snippet with an echo.

You will then see what code this script is trying to evaluate at runtime.

Edit: In this case, this isn't even necessary. It's plain to see that the string passed to eval is Base64 encoded, so you can run that through any online decoder script, which will yield:

$O000O0O00=$OOO000O00($OOO0O0O00,'rb');$O0O00OO00($O000O0O00,0x47a);$OO00O00O0=$OOO0000O0($OOO00000O($O0O00OO00($O000O0O00,0x17c),'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'));eval($OO00O00O0);

...you can see where this is going.

Jim Brissom  2010-09-13 13:24:34
I only got this after that replace:
Brandon  2010-09-13 13:29:10
I got the yield as above... but I don't see how that helps me decode the rest of the stuff. Edited question to include the rest.
Brandon  2010-09-13 13:35:57
A: 

just add echo $OOO000000; to that script

GameBit  2010-09-13 13:25:39
+7  A: 

It boils down to this:

$fin=fopen(__FILE__,'rb');
fread($fin,0x47a);
$code=base64_decode(strtr(fread($fin,0x17c),
    'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=',
    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'));
eval($code);

I've replaced some variable names, but essentially, it's reading itself from a certain offset and using a simple substitution cypher to replace characters all wrapped in a base 64 blob.

Since you posted the encoded blob, I've reversed it to this: (and taken the liberty of formatting it)

function get_category_path ( $categoryID ,&$array_to_fill ,&$manipulator ) {
  $data_temp = $manipulator->select ( "Category","*",array ( "CategoryID"=>$categoryID ) ) ;
  array_push( $array_to_fill ,$data_temp[0] ) ;
  if ( intval ( $data_temp[0]["HeadCategoryID"] ) >0 ) {
    get_category_path ( intval ( $data_temp[0]["HeadCategoryID"] ) ,$array_to_fill ,$manipulator ) ;
  }
}

function get_sub_categories ( $categoryID ,&$manipulator ) {
  $array_to_return = array ( ) ;
  $data_temp = $manipulator->select ( "Category","*",array ( "HeadCategoryID"=>$categoryID ) ) ;
  if ( !empty ( $data_temp ) )
  {
    foreach ( $data_temp as $dat )
    array_push ( $array_to_return ,$dat ) ;
  }
  return $array_to_return ;
}

function get_app_header ( &$mainCategory )  {
  include ( "theme/default/inc.header.php") ;
}

function get_app_media ( ) {
  echo base_url."theme/default/images/";
}

function get_cat_icon ( $categoryID ) {
  $temp_src = base_url."media/cls_cat_".$categoryID."_5520.jpg";
  echo $temp_src ;
  if ( file_exists ( $temp_src ) )
  return "<img src='".$temp_src."' style='vertical-align: middle; position: relative; left: -5px;' border='0' vspace='1' />";
  return "<img src='' alt='No Image' style='vertical-align: middle; position: relative; left: -5px;' border='0' vspace='1' />";
}

function get_menu ( ) {
  include ( "theme/default/inc.menu.php") ;
}

function get_base_url ( ) {
  return base_url ;
}

function get_listing_url ( $categoryID ,$regionID ) {
  if ( intval ( $categoryID ) <1 )
    return base_url."browse.php";
  if ( intval ( $categoryID ) <1 )
    return base_url."browse.php?regid=".$regionID ;
  return base_url."browse.php?catid=".$categoryID ;
}

function get_post_url ( ) {
  return base_url."selectcat.php";
}

function get_detail_link ( $clsID ) {
  return base_url."detail.php?clsid=".$clsID ;
}

function get_query_string_vars ( $exception = "") {
  $str = "";
  if ( !empty ( $_GET ) ) {
    foreach ( $_GET as $key =>$val )
    if ( $key != $exception )
    $str .= "&$key=$val";
  }
  return $str ;
}

function get_sef_search_listing_url ( $url_string ,$exception = "",$new_val = "") {
  $str = "";
  $found = 0 ;
  if ( $url_string != "") {
    $var_params = explode ( "|",$url_string ) ;
    if ( !empty ( $var_params ) )
      foreach ( $var_params as $val ) {
        if ( $val != "") {
          $var_temp = explode ( ":",$val ) ;
          if ( $var_temp[0] != $exception ) {
            $str .= $var_temp[0].":".$var_temp[1]."|";
          }
          else {
            $found = 1 ;
            if ( $new_val != "") {
              $str .= $new_val."|";
            }
          }
        }
      }
    if ( $found == 0 )
      $str .= $new_val ;
  }
  else {
    $str = $new_val ;
  }
  return $str ;
}

function getDistance($a1,$b1,$a2,$b2) {
  $r = 3963.1;
  $pi = 3.14159265358979323846;
  $a1 = $a1*($pi/180);
  $a2 = $a2*($pi/180);
  $b1 = $b1*($pi/180);
  $b2 = $b2*($pi/180);
  $ret = (acos(cos($a1)*cos($b1)*cos($a2)*cos($b2) +cos($a1)*sin($b1)*cos($a2)*sin($b2) +sin($a1)*sin($a2)) * $r) ;
  return $ret;
}

function get_sef_url ( $entity_id ,$entity_type ) {
  if ( !$data ) {
    require_once ( "manipulate.php") ;
    $data = new DataManipulator ;
  }
  $entity = $data->select ( "SEF_URL","*",array ( "EntityType"=>$entity_type,"EntityID"=>$entity_id ) ) ;
  return $entity[0]["URL"] ;
}

function generate_sef_url ( $entity_title ,$entity_id ,$entity_type ) {
  $data = new DataManipulator ;
  $entity_title = trim ( $entity_title ) ;
  $entity_title = str_replace ( " ","-",$entity_title ) ;
  $entity_title = str_replace ( "&","",$entity_title ) ;
  $entity_title = str_replace ( "?","",$entity_title ) ;
  $entity_title = str_replace ( "=","",$entity_title ) ;
  $entity_title = str_replace ( ">","",$entity_title ) ;
  $entity_title = str_replace ( ",","",$entity_title ) ;
  $entity_title = str_replace ( "'","",$entity_title ) ;
  $entity_title = str_replace ( "/","",$entity_title ) ;
  $entity_title = str_replace ( "\\","",$entity_title ) ;
  $entity_title = str_replace ( "--","-",$entity_title ) ;
  $entity_title = str_replace ( "--","-",$entity_title ) ;
  $entity_title = str_replace ( ":","",$entity_title ) ;
  $entity_title = str_replace ( "|","",$entity_title ) ;
  $entity_title = str_replace ( "%","",$entity_title ) ;
  $entity = $data->select ( "SEF_URL","*",array ( "URL"=>$entity_title ) ) ;
  if ( !empty ( $entity ) ) {
    return generate_sef_url ( $entity_title."-".$entity_id ,$entity_id ,$entity_type ) ;
  }
  else {
    return $data->insert ( "SEF_URL",array ( "EntityType"=>$entity_type ,"EntityID"=>$entity_id ,"URL"=>$entity_title ) ) ;
  }
}

function re_generate_sef_url ( $entity_title ,$entity_id ,$entity_type ) {
  $data = new DataManipulator ;
  $entity_title = trim ( $entity_title ) ;
  $entity_title = str_replace ( " ","-",$entity_title ) ;
  $entity_title = str_replace ( "&","",$entity_title ) ;
  $entity_title = str_replace ( "?","",$entity_title ) ;
  $entity_title = str_replace ( "=","",$entity_title ) ;
  $entity_title = str_replace ( ">","",$entity_title ) ;
  $entity_title = str_replace ( ",","",$entity_title ) ;
  $entity_title = str_replace ( "'","",$entity_title ) ;
  $entity_title = str_replace ( "/","",$entity_title ) ;
  $entity_title = str_replace ( "\\","",$entity_title ) ;
  $entity_title = str_replace ( ":","",$entity_title ) ;
  $entity_title = str_replace ( "|","",$entity_title ) ;
  $entity_title = str_replace ( "%","",$entity_title ) ;
  $entity = $data->select ( "SEF_URL","*",array ( "EntityType"=>$entity_type ,"EntityID"=>$entity_id ) ) ;
  if ( !empty ( $entity ) ) {
    $prev = $data->select ( "SEF_URL","*",array ( "URL"=>$entity_title ,"EntityType"=>$entity_type ,"EntityID"=>$entity_id ) ) ;
    if ( empty ( $prev ) ) {
      return $data->update ( "SEF_URL",array ( "URL"=>$entity_title ) ,array ( "EntityType"=>$entity_type ,"EntityID"=>$entity_id ) ) ;
    }
    else {
      return generate_sef_url ( $entity_title."-".$entity_id ,$entity_id ,$entity_type ) ;
    }
  }
  else {
    return generate_sef_url ( $entity_title ,$entity_id ,$entity_type ) ;
  }
}

function PPHttpPost ($methodName_,$nvpStr_ ,$paymentParam) {
  global $environment;
  $API_UserName = $paymentParam["PayPalUserName"];
  $API_Password = $paymentParam["PayPalPassword"];
  $API_Signature = $paymentParam["PayPalSignature"];
  $API_Endpoint = "https://api-3t.paypal.com/nvp";
  if("sandbox"=== $environment ||"beta-sandbox"=== $environment) {
    $API_Endpoint = "https://api-3t.$environment.paypal.com/nvp";
  }
  $version = urlencode('51.0');
  $ch = curl_init();
  curl_setopt($ch,CURLOPT_URL,$API_Endpoint);
  curl_setopt($ch,CURLOPT_VERBOSE,1);
  curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
  curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,FALSE);
  curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  curl_setopt($ch,CURLOPT_POST,1);
  $nvpreq = "METHOD=$methodName_&VERSION=$version&PWD=$API_Password&USER=$API_UserName&SIGNATURE=$API_Signature$nvpStr_";
  curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq);
  $httpResponse = curl_exec($ch);
  if(!$httpResponse) {
    exit('$methodName_ failed: '.curl_error($ch).'('.curl_errno($ch).')');
  }

  $httpResponseAr = explode("&",$httpResponse);
  $httpParsedResponseAr = array();
  foreach ($httpResponseAr as $i =>$value) {
    $tmpAr = explode("=",$value);
    if(sizeof($tmpAr) >1) {
      $httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
    }
  }
  if((0 == sizeof($httpParsedResponseAr)) ||!array_key_exists('ACK',$httpParsedResponseAr)) {
    exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
  }
  return $httpParsedResponseAr;
}

function get_status_license ( ) {
  $output = 1 ;
  $ch = curl_init ( "http://www.classifiedscript.org/admin/status.php?nurl=".base_url ) ;
  curl_setopt( $ch,CURLOPT_RETURNTRANSFER,1 ) ;
  curl_setopt ( $ch,CURLOPT_HEADER,0 ) ;
  $output = curl_exec ( $ch ) ;
  curl_close( $ch ) ;
  if ( intval ( $output ) == 0 ) {
    exit ( "You using invalid or expired license contact us at <a href='http://www.classifiedscript.org'&gt;http://www.classifiedscript.org&lt;/a&gt; . and get valid license , Your database and website is safe.") ;
  }
}
recursive  2010-09-13 13:44:51
champion... + the stackoverflow spirit.
Brandon  2010-09-13 14:08:56
this will really help me fix all the other bugs... all the important functions are here!!!
Brandon  2010-09-13 14:11:14
Glad to help. And this comment is at least 15 chars.
recursive  2010-09-13 14:25:31
=0 ... This comment is also 15 chars. +1
Blankasaurus  2010-09-13 14:29:09
+1  A: 

I would like to warn users of Stack Overflow against decoding obfuscated code for people. The reason coders tend to encode these things is to protect their copyright and to ensure payment is made. Often a shady person will receive obfuscated code and then decide not to pay, so they come to our website to get us to work against our best interest.

In future I would recommend people obtain accurate information about the coder doing such obfuscation so we can make a decision as to whether it would be a good idea to help the coder or their client. In this case we may have just screwed over one of our own.

Geekster  2010-09-13 14:25:40
In defence of recursive, I hope we really did not screw our own:(In http://www.classifiedscript.org/faqs.php as of 14 Sep 10)After I buy the software. How long can I use it for? Forever. The script comes with a lifetime license.Can I modify my copy of this product? Sure. Classified script come with complete PHP source code, so you are free to modify the code to suit your requirements.
Brandon  2010-09-13 14:36:07
Fair point. I hope that's not the case. I have a hard time resisting a de-obfuscation though. If they want me not to get into the code all they'd need to do is use a lot of enterprisey design patterns. Assuming Brandon is teling the truth about all of this, I don't think there's any harm done, but I suppose on the internet, you never know.
recursive  2010-09-13 14:39:34
Point taken. I see what you mean here. So you bought the software but they had proprietary code in there? They probably don't want someone else passing this around to others without buying it first.
Geekster  2010-09-13 16:07:41
Yes, I bought the software but there was no mentioned of any file encoded where I cannot 'modify to suit my requirements'. I did a compare with some other similar providers, who actually make a qualifier that 1 file is encoded. But I guess the boiling point is being totally ignored for technical assistance/information after buying the product.
Brandon  2010-09-15 06:23:53
Fair enough. As long as this project doesn't show up somewhere else with your name on it I'm okay with allowing you to modify it for your own private purposes, since you obviously bought it and didn't merely download a trial version. :)
Geekster  2010-09-15 13:46:37

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases