views:

164

answers:

4

I bought a software from classifiedscript.org, unfortunately, there is an encoded php file which I suspect contains some dodgey functions.

Just to clarify - they were suppose to provide full source code which I can edit and I did try emailing their '24/7 email support'... but all empty promises and not a single reply from them. Hope someone here can help.

EDIT: Full page source:

<?php /*  */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');
$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};
$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};
$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};
$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};
$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};
$O0O000O0O=$O0O000O00.$OOO000000{11};
$O0O000O00=$O0O000O00.$OOO000000{3};
$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};
$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};
$OOO0O0O00=__FILE__;
$OO00O0000=10176;
eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NDdhKTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));
return;
?>    kr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tMc1dMY0DB9Vwoflfy9jCbOlc29ZGa9XCbOPwtIIkoYifoamd3k5UAWIRtCLCbkZCblgfo9gcMlSdtESkJOsCB5pFuaSCbOvFJEptmShkoOifoygfoasFtE9wtOsCB5pFuaSCbOvFJ0+F2aScBY0wtIIwLYifoamd3k5wJXJhJwSCbkZCbLIhtEJW2y0cBfvFmlkOtw9NJOjCbOlc29ZGAlrwtLIhUE7tMyZFMy5b3n1F2IPwtOiFmkiGa90d19MDBxSwtXLcoy0Ca90cB1XBznfwtLIKXppcJEPwolVfucidtEPwtOLCbOib3OldbndHy1dwLilCBOeCbOlc29ZGAlrwl0IhUE+HtEptmShc2a0b2Yifoamd3k5b3nifoIIhtnpdmO2CBXIhtELcoy0Ca90cB1XBznfBZkwcByLW2y0cBfvFmlkOtkfwtLIRtOiFmkiGa90d19MDBxSwtXLdByVDbn1doy0d3wIhUE7tm0hgWpMfB5jfolvdJnmcbOgF3aJb2Yifoamd3kpcbHIhtELC2y0cBfvFmlkOtESkJOsCB5pFuaSCbOvFJEptmShkoyZFMy5b3Ovb3klfuaZdJE9woyZFMy5wtIIhUE7tJOLCbOib3OldbEINUELdByVDbn1doy0d3wsNmYldoajftEPwtkeCbOlc29ZGUwSwJPJRoyZFMy5wtIIwLilCBOeCbOlc29ZGAlrwj0+koYifoamd3k5UAWIhUEpweShDBCIhtEicB1XfuLIhtELcoy0Ca90cB1XwtLIhWp7tMcvFMaiC2IIhtELcoy0Ca90cB1XwoyzwtOLCbWIhWpiFmkiGa9XfbYPwtIIkoyZFMy5b3Ovb3klfuaZdJESkoOiftEpweShgWpZcbO1FM4IkoyZFMy5b3Ovb3klfuaZdJE7tm0hcmaVC3Opd24Ic2a0b2yXFy9PcByLcbwIhtEMko1iDB5eCbOlc29ZGUEpwEp7tMlVC2x1coAIhtEJfoildBAvcoaMCbaSft9pdMHVDoaicoaZRmnPFtwpweShgWpMfB5jfolvdJnmcbOgCbnXb21lcoliwtIIhWp7tMajDo8ICMyzca91FMXVwmOPcB1lR2OlcMy1duWvDB1ic2azRZw7tm0hcmaVC3Opd24Ic2a0b2Yify9pC29VwtIIkoYifoamd3k5UAWIhWp7tJO0cB1Xb3YZCZE9wokiF2agfbkSRJkscBOpCU9jduYgC2y0bZwVkoYifoamd3k5UAWVwl81YTwXRMpXcZw7tMajDo8IkuOldbngF3kjweShDBCIhtnMDBxlb2a4DbY0FZEPwtO0cB1Xb3YZCZEpwtLhFMa0fbkVwtw8DB1mwuYZCz0mwJ4LfoasFy9zFMHVwJFIF3O5doA9k3clFmOpC2ySRBySDBfVKJnsDBOLdoA7wunvF2l0DB9VKJnZcBxifol2cTSIdoaMfePIRTaXGeSmwokvFMOlFj0mHtFIfmYXCBYlNUFxkZEvNJw7tmklfuaZdJEJNolscZnzFMH9kZFICBx0NUfKdZnkdBymcUFIF3O5doA9k3clFmOpC2ySRBySDBfVKJnsDBOLdoA7wunvF2l0DB9VKJnZcBxifol2cTSIdoaMfePIRTaXGeSmwokvFMOlFj0mHtFIfmYXCBYlNUFxkZEvNJw7tm0hcmaVC3Opd24Ic2a0b21ldmAIhtEptmShDB5jduaLcUEPwtk0DoascU9LcBcifBx0R2lVCZ5scB51RmnPFtwpweShgWpMfB5jfolvdJnmcbOgCMyzca91FMXIhtEptmShFMa0fbkVwokiF2agfbkSweShgWpMfB5jfolvdJnmcbOgdolzfolVc191FMXIhtELC2y0cBfvFmlkOtESkuklc2lvdLlrwtLhGXppcJEPwolVfucidtEPwtOjCbOlc29ZGAlrwtLINerIhWpZcbO1FM4ICMyzca91FMXVwMkZd3fzcU5XDuEJKXppcJEPwolVfucidtEPwtOjCbOlc29ZGAlrwtLINerIhWpZcbO1FM4ICMyzca91FMXVwMkZd3fzcU5XDuE/FMamDBW9wJ4LFMamDB9VUAWIKXpZcbO1FM4ICMyzca91FMXVwMkZd3fzcU5XDuE/C2y0DBW9wJ4LC2y0cBfvFmlkOtE7tm0hcmaVC3Opd24Ic2a0b3nvF3OgfbkSwtIIhWp7tmklfuaZdJnJCbYlb3aZdt4JF2aScBY0C2y0RmnPFtw7tm0hcmaVC3Opd24Ic2a0b2Olfoypdy9SDB5qwtIIkoYSF0lrwtLhGXpZcbO1FM4ICMyzca91FMXVwMOlfoypdt5XDuE/C2xzDBW9wJ4LC2xzUAWIKXp9tMc1dMY0DB9Vwoflfy9xfBaZGa9zfukpdMfgfMyZFZEPwtOlGoYlFuOpd24INUEJwJLhGXPLF3OZwe0IwJw7tMlMwtIIwBasFuO5wtIIky9uOaWIhUEptmShcM9ZcByjDtEPwtOgO0aAwoyzwtOqcbLINT4LfMySwtLhDBCIhtELD2a5wtr9wtOlGoYlFuOpd24IhWPLF3OZwt49wtwMkoslGT0LfMySwjShgWpZcbO1FM4IkuY0FJE7tm0hcmaVC3Opd24Ic2a0b3Ylcl9zcByZC2igdolzfolVc191FMXIhtELfbkSb3Y0FMlVcZESkoa4C2aXfolvdJE9wtwJRtOVcbfgfMySwe0IwJwptmShkuY0FJE9wtwJKXPLcM91dMWINUEXweShDBCIhtELfbkSb3Y0FMlVcZEiNUEJwJLhGXPLfMyZb3niFMysFZE9woa4FoxvcoAIhtEJgtwSkuaZdy9zfukpdMFIhUE7tMlMwtIIwBasFuO5wtIIkuciFl9XCbkidbHIhUEptMcvFMaiC2IIhtELfMyZb3niFMysFZniFZELfMySwtLhGXppcJEPwtO2CBXIwT0IwJwptmShkuciFl90cB1Xwe0IcbiXdo9LcUEPwtw6wJXLfMySwtLIKXppcJEPwtO2CbkgfoasFySXbUEiNUELcbijcbn0DB9VwtLhGXPLF3OZwt49wtO2CbkgfoasFySXbU4JKJwVkuciFl90cB1XBzyfRJk8wjShgWplduYltmShkocvfB5Lwe0IHUE7tMlMwtIIko5lf192CBXIwT0IwJwptmShkuY0FJEVNUELdMa3b3cidt4Jgtw7tm0hgWp9tm0hDBCIhtELcM91dMWINT0IHtEptJOzfuwIRj0Iko5lf192CBXIKXp9tMaSF2AhGXPLF3OZwe0Iko5lf192CBXIKXp9tmklfuaZdJELF3OZweShgWpMfB5jfolvdJnmcbOrDbY0CB5jcUILCTrSkowxRtOiHJXLCjwptmShkuwINUEzKTCzRjr7tJOXDUE9weHVHTWxYTLZYjAzYTI5YzLzHjH4YeC7tJOiHUE9wtOiHUPPkunpRzr4HtL7tJOiHJE9wtOiHJPPkunpRzr4HtL7tJOJHUE9wtOJHUPPkunpRzr4HtL7tJOJHJE9wtOJHJPPkunpRzr4HtL7tJOZcbWINUEPCBYvFZijd3HPkorxhUpjd3HPkowxhUpjd3HPkorZhUpjd3HPkowZhUEqC29zhtOiHULQF2lVhtOJHULQC29zhtOiHJLQF2lVhtOJHJLIh3YpdJILCTrphmYpdJILCTwphUEQwtOZhUE7tmklfuaZdJELFMa0KXp9tMc1dMY0DB9Vwoflfy9zcBcgfbkSwtIIkoaVfol0Ga9pctESkoaVfol0Ga90GbnlwtLhGXppcJEPwtrLcoy0CUEptmShFMaxfBlZca9vdMYlwtIIwM1idMlXfBxifoAVFoiXwJLIKXPLcoy0CUE9wo5lfZnrCbOiTByVDbn1doy0d3wIKXp9tJOldmOpfuLINUELcoy0CU0+F2aScBY0wtIIwlYyOl9aALXJRtwQwJxiFmkiGUEPwtkydmOpfulAGbnlwj0+koaVfol0Ga90GbnlRtkydmOpfulkOtw9NJOldmOpfulgDBWIhUEpweShFMa0fbkVwtOldmOpfuldHy1dwlaUTtkfweShgWpMfB5jfolvdJnmcB5lFMy0ca9zcBcgfbkSwtIIkoaVfol0Ga90DbOScUESkoaVfol0Ga9pctESkoaVfol0Ga90GbnlwtLhGXPLcoy0CUE9wo5lfZnrCbOiTByVDbn1doy0d3wIKXPLcB50DbO5b3Opfoxlwe0IfukpdUEPwtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtwIwJXJRUwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJCJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtw/wJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJNUwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwj4JRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtwSwJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJkZwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJ8JRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtkFbtwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJ0swJXJRUwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJ0swJXJRUwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwjPJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtk8wJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJkUwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0GUE9wtOLCbOiRT5zcBxlC3WIhtEJA0aob1aUTtwSwJPJRoyZFMy5wtIIwlaUTtw9NJOldmOpfulgfol0doAIhUEpweShDBCIhtEicB1XfuLIhtELcB50DbO5wtLIhWp7tmklfuaZdJnmcB5lFMy0ca9zcBcgfbkSwtIIkoaVfol0Ga90DbOScU4JRUwVkoaVfol0Ga9pctESkoaVfol0Ga9pctESkoaVfol0Ga90GbnlwtLIKXp9tMaSF2AhGXpZcbO1FM4IkoOiforsNMlVF2aZftEPwtkTOAcgaakHwJxiFmkiGUEPwtkydmOpfulAGbnlwj0+koaVfol0Ga90GbnlwtXJOB50DbO5UAWJNT4LcB50DbO5b2lLwtXJaakHwj0+koaVfol0Ga90DbOScUEpwtLIKXp9tm0hcmaVC3Opd24IFMagc2aVcbkifoagF2aMb3aZdtEPwtOldmOpfulgfol0doAIRtOldmOpfulgDBWIRtOldmOpfulgfulXcUEptmShkoOiforINUnVcbFIOoy0CA1idMlXfBxifo9ZweShkoaVfol0Ga90DbOScUE9wuOZDB0IhtELcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJwtwSwJ0JRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtwMwJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJNZwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwj0JRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtw+wJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJRtwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJFJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtwvwJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJbyXJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfulgfol0doAINUnzfukgFMaXdoyjcUEPwtw6wJXJwJXLcB50DbO5b3OpfoxlwtLIKXPLcB50DbO5b3Opfoxlwe0IF3OZb3klFoxiC2AIhtEJgtwSwJwSkoaVfol0Ga90DbOScUEpweShkoaVfol0Ga90DbOScUE9wuY0Fl9ZcbnSCBYlwtIIwJAJRtwJRtOldmOpfulgfol0doAIhUE7tJOldmOpfuLINUELcoy0CU0+F2aScBY0wtIIwlYyOl9aALXJRtwQwJxiFmkiGUEPwtkydmOpfulAGbnlwj0+koaVfol0Ga90GbnlwtXJOB50DbO5UAWJNT4LcB50DbO5b2lLwtLIhUE7tMlMwtIIwBasFuO5wtIIkoaVfol0GUEpwtLhGXPLFuklfJE9wtOLCbOiRT5zcBxlC3WIhtEJA0aob1aUTtwSwJPJRoyZFMy5wtIIwlaUTtw9NJOldmOpfulgfol0doAIRtkydmOpfulAGbnlwj0+koaVfol0Ga90GbnlwtXJOB50DbO5UAWJNT4LcB50DbO5b2lLwtLIhUE7tMlMwtIIcB1XfuLIhtELFuklfJEpwtLhGXpZcbO1FM4IkoOiforsNmaXcoy0cUEPwtkTOAcgaakHwJxiFmkiGUEPwtkaALXJNT4LcB50DbO5b3OpfoxlwtLIRoyZFMy5wtIIwLaVfol0GaO5FoAJNT4LcB50DbO5b3O5FoAIRtkydmOpfulkOtw9NJOldmOpfulgDBWIhUEpweShgWplduYltmShFMa0fbkVwofldMaZCbOlb3Ylcl91FMXIhtELcB50DbO5b3OpfoxlRJwswJ4LcB50DbO5b2lLwtXLcB50DbO5b2lLwtXLcB50DbO5b3O5FoAIhUE7tm0hgWplduYltmShFMa0fbkVwofldMaZCbOlb3Ylcl91FMXIhtELcB50DbO5b3OpfoxlwtXLcB50DbO5b2lLwtXLcB50DbO5b3O5FoAIhUE7tm0hgWpMfB5jfolvdJnWAri0funWd3Y0wtILdBa0Do9LTMysca8Sko52FyY0Fl8IRtOXCblscB50AoyZCB0ptmShc2xvCMySwtOldmcpFM9VdBaVfeShkryWUa9aF2aZTMyscUE9wtOXCblscB50AoyZCB1dwlniGanidyazcbkKCB1lwl07tJOnArlgAoyzF3fvFMWINUELFoy5dBaVfyniFMysBZkWCblWCBxWCbYzf29ZctkfKXPLWankb1Ypc25ifuaZcUE9wtOXCblscB50AoyZCB1dwlniGanidyYpc25ifuaZcUkfKXPLWankb0aVcunvDB50we0IwMi0funzKJ8vCbnpRTY0RmniGbnidt5jd20vdmcXwjShDBCPwmYidMOJd3IJNT09wtOldmcpFM9VdBaVftn8gtkJcbOiRbYidMOJd3IJNT09wtOldmcpFM9VdBaVftLIGXPLWankb0aVcunvDB50we0IwMi0funzKJ8vCbnpRTY0RJOldmcpFM9VdBaVft5XCblXCBXVC29sR252Ftw7tm0hkuclFmYpd24INUn1FMxldMYvcoAPkzAxRjEmhTShkoYPwe0IC3aZdy9pdMl0htL7tMY1FMxgF2a0d3n0htOjDtxeaakHT1nAb1aUTtXLWankb0aVcunvDB50hTShC3aZdy9zcbOvFuWPkoYPRrYaALxNAyOgaLaUWL9TOUXxhTShC3aZdy9zcbOvFuWPkoYPRrYaALxNAyOgA1YHb1cyALloBanyOawSOLyHA0ApKXpjfbkSb3Ylfo9XftILC2ISW1aUTr9Way9TA0xgaLaUUAccUr9TatxoWAxTOUL7tMY1FMxgF2a0d3n0htOjDtxeaakHT1nAb1kyayaUTlOUWA5TOLaURerpKXpjfbkSb3Ylfo9XftILC2ISW1aUTr9Way9WT1YARerpKXPLdmcXFMaxwe0IwL1yariNOe0LdBa0Do9LTMysca8MaLaUA0lNTj0LfMaZF2lvdJcWa0W9kryWUa9WCbYzf29ZctcaA0aUNUOnArlgabYlFL5idBAMA0luTLyAaakyNUOnArlgA2lmdMy0fbklko52FyY0Fl8JKXpjfbkSb3Ylfo9XftILC2ISW1aUTr9Way9WT1YAOLlyTrOTRtOVfmnZcbrpKXPLDuO0FyklF3nvdmYlwe0IC3aZdy9lGoajhtOjDtL7tMlMhtrLDuO0FyklF3nvdmYlhUn7tMa4DbWPkZOscbOPd2OKCB1lbZnMCBlScBW6wtFVC3aZdy9lFmkvFJILC2IpRJFPkZ5jfbkSb2aZFM5vhtOjDtLVkZLmhTShgWPLDuO0FyklF3nvdmYlWbwINUnlGunSd2OlhtwMwJXLDuO0FyklF3nvdmYlhTShkoi0funWCbkzcBOUcbYXd25zcAyZwe0ICbkZCbLPhTShcM9ZcByjDtEPkoi0funUcbYXd25zcAyZwoyzwtOpwe0+kucidualhUn7tJO0dbnnFJE9woa4FoxvcoAPwj0JRtO2CBx1cUL7tMlMhuYpGMavcJILfo1XWbwpwe4xhUn7tJOPfuOXAoyZF2aLAMazFo9VF2anFlSLfo1XWbkdHy1fwe0IkuOsFryZBzyfKXp9tm0hDBCPheEINT0IF2l6cB9MhtOPfuOXAoyZF2aLAMazFo9VF2anFJLpwux8wByZFMy5b2slGa9lGolzfuHPk0yeUZFSkoi0funWCbkzcBOUcbYXd25zcAyZhULIGXplGol0htkkdmcidolLwriAayEIAMazFo9VF2AIcM9ZwynNA1WIFMaxfBazftILdmcXFMaxhUn0dZELWankb0aVcunvDB50RJwpKXp9tmklfuaZdJELDuO0FyniFmYlcyklF3nvdmYlWbw7tm0hcmaVC3Opd24Ic2a0b3Y0CbO1F19SDBYldmYlwtIIhWp7tJOvfbOXfbWINUExweShkoYPwe0IC3aZdy9pdMl0wtIIwMi0fuE6RZ93f3FVC2xiF3YpcMllcuYjFMlXft5vFMFvCBOsDB4vF3OifuazRmnPFe9VfbkSNUwVCMyzca91FMXIhUE7tMY1FMxgF2a0d3n0htELC2ISW1aUTr9Way9UOaOaAL5AALyKA0cyAJXxwtLIKXpjfbkSb3Ylfo9XftEPwtOjDtxeaakHT1nAb0iyWAOyAJXXwtLIKXPLd3a0Fua0we0IC3aZdy9lGoajwtIIkoYPwtLIKXpjfbkSb2YSd3YlhtELC2IIhUE7tMlMwtIIDB50fMySwtIIko91fun1ftEpwe09weEIhWp7tMa4DbWIhtEJBB91wuazDB5mwolVfMySDBWId3wIcbiXDbklctnSDBYldmYlwoYvdmOiC3WIfbHICbWINorIDuklcj0mDuO0FePvR3f3fZ5jdoyzF2lMDBaLF2YZDbn0RM9ZcZF+DuO0FePvR3f3fZ5jdoyzF2lMDBaLF2YZDbn0RM9ZczXvCT4IRJnidMWIc2a0wucidolLwoxpC2aVF2AIRtncd3aZwoOifoyJCbYlwoyVctn3cBkzDbOlwolzwuYicMAVwJLIKXp9tm0h

Is there a script I can run to reverse run the above?

+2  A: 

Yes, you can easily decode scripts as this one. For starters, I'd simply replace the eval in your snippet with an echo.

You will then see what code this script is trying to evaluate at runtime.

Edit: In this case, this isn't even necessary. It's plain to see that the string passed to eval is Base64 encoded, so you can run that through any online decoder script, which will yield:

$O000O0O00=$OOO000O00($OOO0O0O00,'rb');$O0O00OO00($O000O0O00,0x47a);$OO00O00O0=$OOO0000O0($OOO00000O($O0O00OO00($O000O0O00,0x17c),'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'));eval($OO00O00O0);

...you can see where this is going.

Jim Brissom
I only got this after that replace:
Brandon
I got the yield as above... but I don't see how that helps me decode the rest of the stuff. Edited question to include the rest.
Brandon
A: 

just add echo $OOO000000; to that script

GameBit
+7  A: 

It boils down to this:

$fin=fopen(__FILE__,'rb');
fread($fin,0x47a);
$code=base64_decode(strtr(fread($fin,0x17c),
    'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=',
    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'));
eval($code);

I've replaced some variable names, but essentially, it's reading itself from a certain offset and using a simple substitution cypher to replace characters all wrapped in a base 64 blob.

Since you posted the encoded blob, I've reversed it to this: (and taken the liberty of formatting it)

function get_category_path ( $categoryID ,&$array_to_fill ,&$manipulator ) {
  $data_temp = $manipulator->select ( "Category","*",array ( "CategoryID"=>$categoryID ) ) ;
  array_push( $array_to_fill ,$data_temp[0] ) ;
  if ( intval ( $data_temp[0]["HeadCategoryID"] ) >0 ) {
    get_category_path ( intval ( $data_temp[0]["HeadCategoryID"] ) ,$array_to_fill ,$manipulator ) ;
  }
}

function get_sub_categories ( $categoryID ,&$manipulator ) {
  $array_to_return = array ( ) ;
  $data_temp = $manipulator->select ( "Category","*",array ( "HeadCategoryID"=>$categoryID ) ) ;
  if ( !empty ( $data_temp ) )
  {
    foreach ( $data_temp as $dat )
    array_push ( $array_to_return ,$dat ) ;
  }
  return $array_to_return ;
}

function get_app_header ( &$mainCategory )  {
  include ( "theme/default/inc.header.php") ;
}

function get_app_media ( ) {
  echo base_url."theme/default/images/";
}

function get_cat_icon ( $categoryID ) {
  $temp_src = base_url."media/cls_cat_".$categoryID."_5520.jpg";
  echo $temp_src ;
  if ( file_exists ( $temp_src ) )
  return "<img src='".$temp_src."' style='vertical-align: middle; position: relative; left: -5px;' border='0' vspace='1' />";
  return "<img src='' alt='No Image' style='vertical-align: middle; position: relative; left: -5px;' border='0' vspace='1' />";
}

function get_menu ( ) {
  include ( "theme/default/inc.menu.php") ;
}

function get_base_url ( ) {
  return base_url ;
}

function get_listing_url ( $categoryID ,$regionID ) {
  if ( intval ( $categoryID ) <1 )
    return base_url."browse.php";
  if ( intval ( $categoryID ) <1 )
    return base_url."browse.php?regid=".$regionID ;
  return base_url."browse.php?catid=".$categoryID ;
}

function get_post_url ( ) {
  return base_url."selectcat.php";
}

function get_detail_link ( $clsID ) {
  return base_url."detail.php?clsid=".$clsID ;
}

function get_query_string_vars ( $exception = "") {
  $str = "";
  if ( !empty ( $_GET ) ) {
    foreach ( $_GET as $key =>$val )
    if ( $key != $exception )
    $str .= "&$key=$val";
  }
  return $str ;
}

function get_sef_search_listing_url ( $url_string ,$exception = "",$new_val = "") {
  $str = "";
  $found = 0 ;
  if ( $url_string != "") {
    $var_params = explode ( "|",$url_string ) ;
    if ( !empty ( $var_params ) )
      foreach ( $var_params as $val ) {
        if ( $val != "") {
          $var_temp = explode ( ":",$val ) ;
          if ( $var_temp[0] != $exception ) {
            $str .= $var_temp[0].":".$var_temp[1]."|";
          }
          else {
            $found = 1 ;
            if ( $new_val != "") {
              $str .= $new_val."|";
            }
          }
        }
      }
    if ( $found == 0 )
      $str .= $new_val ;
  }
  else {
    $str = $new_val ;
  }
  return $str ;
}

function getDistance($a1,$b1,$a2,$b2) {
  $r = 3963.1;
  $pi = 3.14159265358979323846;
  $a1 = $a1*($pi/180);
  $a2 = $a2*($pi/180);
  $b1 = $b1*($pi/180);
  $b2 = $b2*($pi/180);
  $ret = (acos(cos($a1)*cos($b1)*cos($a2)*cos($b2) +cos($a1)*sin($b1)*cos($a2)*sin($b2) +sin($a1)*sin($a2)) * $r) ;
  return $ret;
}

function get_sef_url ( $entity_id ,$entity_type ) {
  if ( !$data ) {
    require_once ( "manipulate.php") ;
    $data = new DataManipulator ;
  }
  $entity = $data->select ( "SEF_URL","*",array ( "EntityType"=>$entity_type,"EntityID"=>$entity_id ) ) ;
  return $entity[0]["URL"] ;
}

function generate_sef_url ( $entity_title ,$entity_id ,$entity_type ) {
  $data = new DataManipulator ;
  $entity_title = trim ( $entity_title ) ;
  $entity_title = str_replace ( " ","-",$entity_title ) ;
  $entity_title = str_replace ( "&","",$entity_title ) ;
  $entity_title = str_replace ( "?","",$entity_title ) ;
  $entity_title = str_replace ( "=","",$entity_title ) ;
  $entity_title = str_replace ( ">","",$entity_title ) ;
  $entity_title = str_replace ( ",","",$entity_title ) ;
  $entity_title = str_replace ( "'","",$entity_title ) ;
  $entity_title = str_replace ( "/","",$entity_title ) ;
  $entity_title = str_replace ( "\\","",$entity_title ) ;
  $entity_title = str_replace ( "--","-",$entity_title ) ;
  $entity_title = str_replace ( "--","-",$entity_title ) ;
  $entity_title = str_replace ( ":","",$entity_title ) ;
  $entity_title = str_replace ( "|","",$entity_title ) ;
  $entity_title = str_replace ( "%","",$entity_title ) ;
  $entity = $data->select ( "SEF_URL","*",array ( "URL"=>$entity_title ) ) ;
  if ( !empty ( $entity ) ) {
    return generate_sef_url ( $entity_title."-".$entity_id ,$entity_id ,$entity_type ) ;
  }
  else {
    return $data->insert ( "SEF_URL",array ( "EntityType"=>$entity_type ,"EntityID"=>$entity_id ,"URL"=>$entity_title ) ) ;
  }
}

function re_generate_sef_url ( $entity_title ,$entity_id ,$entity_type ) {
  $data = new DataManipulator ;
  $entity_title = trim ( $entity_title ) ;
  $entity_title = str_replace ( " ","-",$entity_title ) ;
  $entity_title = str_replace ( "&","",$entity_title ) ;
  $entity_title = str_replace ( "?","",$entity_title ) ;
  $entity_title = str_replace ( "=","",$entity_title ) ;
  $entity_title = str_replace ( ">","",$entity_title ) ;
  $entity_title = str_replace ( ",","",$entity_title ) ;
  $entity_title = str_replace ( "'","",$entity_title ) ;
  $entity_title = str_replace ( "/","",$entity_title ) ;
  $entity_title = str_replace ( "\\","",$entity_title ) ;
  $entity_title = str_replace ( ":","",$entity_title ) ;
  $entity_title = str_replace ( "|","",$entity_title ) ;
  $entity_title = str_replace ( "%","",$entity_title ) ;
  $entity = $data->select ( "SEF_URL","*",array ( "EntityType"=>$entity_type ,"EntityID"=>$entity_id ) ) ;
  if ( !empty ( $entity ) ) {
    $prev = $data->select ( "SEF_URL","*",array ( "URL"=>$entity_title ,"EntityType"=>$entity_type ,"EntityID"=>$entity_id ) ) ;
    if ( empty ( $prev ) ) {
      return $data->update ( "SEF_URL",array ( "URL"=>$entity_title ) ,array ( "EntityType"=>$entity_type ,"EntityID"=>$entity_id ) ) ;
    }
    else {
      return generate_sef_url ( $entity_title."-".$entity_id ,$entity_id ,$entity_type ) ;
    }
  }
  else {
    return generate_sef_url ( $entity_title ,$entity_id ,$entity_type ) ;
  }
}

function PPHttpPost ($methodName_,$nvpStr_ ,$paymentParam) {
  global $environment;
  $API_UserName = $paymentParam["PayPalUserName"];
  $API_Password = $paymentParam["PayPalPassword"];
  $API_Signature = $paymentParam["PayPalSignature"];
  $API_Endpoint = "https://api-3t.paypal.com/nvp";
  if("sandbox"=== $environment ||"beta-sandbox"=== $environment) {
    $API_Endpoint = "https://api-3t.$environment.paypal.com/nvp";
  }
  $version = urlencode('51.0');
  $ch = curl_init();
  curl_setopt($ch,CURLOPT_URL,$API_Endpoint);
  curl_setopt($ch,CURLOPT_VERBOSE,1);
  curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
  curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,FALSE);
  curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  curl_setopt($ch,CURLOPT_POST,1);
  $nvpreq = "METHOD=$methodName_&VERSION=$version&PWD=$API_Password&USER=$API_UserName&SIGNATURE=$API_Signature$nvpStr_";
  curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq);
  $httpResponse = curl_exec($ch);
  if(!$httpResponse) {
    exit('$methodName_ failed: '.curl_error($ch).'('.curl_errno($ch).')');
  }

  $httpResponseAr = explode("&",$httpResponse);
  $httpParsedResponseAr = array();
  foreach ($httpResponseAr as $i =>$value) {
    $tmpAr = explode("=",$value);
    if(sizeof($tmpAr) >1) {
      $httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
    }
  }
  if((0 == sizeof($httpParsedResponseAr)) ||!array_key_exists('ACK',$httpParsedResponseAr)) {
    exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
  }
  return $httpParsedResponseAr;
}

function get_status_license ( ) {
  $output = 1 ;
  $ch = curl_init ( "http://www.classifiedscript.org/admin/status.php?nurl=".base_url ) ;
  curl_setopt( $ch,CURLOPT_RETURNTRANSFER,1 ) ;
  curl_setopt ( $ch,CURLOPT_HEADER,0 ) ;
  $output = curl_exec ( $ch ) ;
  curl_close( $ch ) ;
  if ( intval ( $output ) == 0 ) {
    exit ( "You using invalid or expired license contact us at <a href='http://www.classifiedscript.org'&gt;http://www.classifiedscript.org&lt;/a&gt; . and get valid license , Your database and website is safe.") ;
  }
}
recursive
champion... + the stackoverflow spirit.
Brandon
this will really help me fix all the other bugs... all the important functions are here!!!
Brandon
Glad to help. And this comment is at least 15 chars.
recursive
=0 ... This comment is also 15 chars. +1
Blankasaurus
+1  A: 

I would like to warn users of Stack Overflow against decoding obfuscated code for people. The reason coders tend to encode these things is to protect their copyright and to ensure payment is made. Often a shady person will receive obfuscated code and then decide not to pay, so they come to our website to get us to work against our best interest.

In future I would recommend people obtain accurate information about the coder doing such obfuscation so we can make a decision as to whether it would be a good idea to help the coder or their client. In this case we may have just screwed over one of our own.

Geekster
In defence of recursive, I hope we really did not screw our own:(In http://www.classifiedscript.org/faqs.php as of 14 Sep 10)After I buy the software. How long can I use it for? Forever. The script comes with a lifetime license.Can I modify my copy of this product? Sure. Classified script come with complete PHP source code, so you are free to modify the code to suit your requirements.
Brandon
Fair point. I hope that's not the case. I have a hard time resisting a de-obfuscation though. If they want me not to get into the code all they'd need to do is use a lot of enterprisey design patterns. Assuming Brandon is teling the truth about all of this, I don't think there's any harm done, but I suppose on the internet, you never know.
recursive
Point taken. I see what you mean here. So you bought the software but they had proprietary code in there? They probably don't want someone else passing this around to others without buying it first.
Geekster
Yes, I bought the software but there was no mentioned of any file encoded where I cannot 'modify to suit my requirements'. I did a compare with some other similar providers, who actually make a qualifier that 1 file is encoded. But I guess the boiling point is being totally ignored for technical assistance/information after buying the product.
Brandon
Fair enough. As long as this project doesn't show up somewhere else with your name on it I'm okay with allowing you to modify it for your own private purposes, since you obviously bought it and didn't merely download a trial version. :)
Geekster