Dec 28

On PHP “Encryptions”

Posted on Sunday, December 28, 2008 in Coding

Alright, so I’ve gotten (relatively) a lot of attention for my post(s) (mainly this one) about “decrypting” PHP scripts that are engulfed in various combinations of gzinflate();, str_rot13();, and base64_decode();.

This post is mostly an attempt to enlighten those that come upon it to what these functions are and do, and probably more importantly, how to undo their secretive evil.
(more…)

Comment (1) | Tags: base64_decode, eval, gzinfalte, php, str_rot13, wordpress

Mar 22

Decrypt nested eval gzinflate str_rot13 base64_decode

Posted on Saturday, March 22, 2008 in Coding

So I went ahead and wrote a script to undo massively nested eval(gzinflate(str_rot13(base64_decode(‘STRING’)))); and eval(gzinflate(base64_decode(‘STRING’))); “encryptions” with a multitude of both of them inside it. The string from the original footer here had to go through 67 different iterations before it got to the real source code (talk about overkill).
If you have strings that aren’t nested, you can probably just do this:

$string = gzinflate(str_rot13(base64_decode('YOUR STRING')));

$string = htmlentities($string, ENT_NOQUOTES);

echo $string;

If you have a string from that fits that description you can decrypt it here

Or if you just want to test it here’s the original string from the footer of ~~this~~ one of my old themes:

FZm3rgPRblF/Up1yebE5wYKFzTnneoTNOXR+vZ9MsCIJEmrumTPgv//3X//+VGh04z+bXzfXcGlJ/zzO/T/7ZcLoP/PsqAjsP3JILHL1z/8S013mFz8RUBF8/dvumChyp98h+PP8M5Ku/bKZ3ckqww4nrwB26xevBsFsJ07QSGQEhH36lPljUmI8R9NJWnH6/Prf5vUgoEhBzyp1rsuNhTDeG+skBcq5mSHZLzTZ5tWzQ1x+1zYXeKWXS603YVSWVQyzouYy98MEDDE/jl4Vq9kxrPhQKRQj8JN0Af8aBJHgMSmF4NPUFA1w/ScZ5FTPccOMLFSgLfRxP+Hv5e8o9PiGm19Nynf7k74u/bwM9b31qzHchhtITWj8lV6+7PQopu7nS0xgtjiZSzv+Wxgy83dCqZRX84zKoE/xLfoeje9WVIYYa2EPae9dOlm3AAeSiE9IbtiC8ZqNQu/wRRoI9HPZ8eEFCcXm1GLFvh3pjdokGiFpbrPtpb2L6Uc8P5d++YIka6YV7cdmJ4beSoTW2BcH1058YjsxL1EKPJZcmhwxvqusZXD/aRfts37aQjypHGHm8oKa32NhCLF1utqhF+bOS0grhkBxPpUxJqejxlcI5YmRIY1ikUFxPXizXdNsBYihR+occ1zEliUTU3f+mo92/JUDsh7UY725kre3VZcwpVvjc7iVnDdSJlPDF7hmZxVwBpjFRydes3zOW4qqhulJgtNKJjHTjFe/yjYh7XHPA4WwWaoU8i6V8bG0ukAg94CyUf52pU0Pzc2VgJ9E1cWxIlMUxQZdbYVmFzdKTh7XdlL7qg8YZxxGZT6fd6sUgDqb0KwXVFbAKxLpMhJWJ5w3kB8HS3FXMjSpjTpxyANblgOpoGlxQuQjkD235pwFUOSavaJb/aqx4Qah7n+T2eOqJt6NTTQuMbfbkcsugeSYQGxAZZ90r1OjmRsRnro/s8+VWA/ufCaZftuInYLnU8uDnT6htvJkOxC/fl19×6acZnI2Y3pTp6VsRfSxIngeVY6jYM9SJS0ZZpQfAZxZMF1qscIz4RjUkNQsSPWVfPqFQiarYMUEQlKVepouLiQzg1F6rH3PVLUMCYr5Vz1DOLQZJsdkByipkCIuje2QXlnEWirPDH9kXgOfNuSqBWcQMBWXft8G0oSfZMsTWNNbjLRl75z8PW7CCAXD4JMBHfmtvznNg9q+3RMZKKI6WBAqs2zjWfFyRIg+XjW0q6gP8e4MY3540skqNlpZdaOWgIZT53wiArOa6csPUiR8J0lpQv/u0mNBJ/+Jzwy9Dfew1epLxO+sDl/ijxCxuBJ5+lWnXntGHVrq2EMqN7L4V7ZnliKOvbkucm8z5VtVMT3hnL9nMAfh7tWc25IjGJPa8rzjxfnLyYUMKR9zLgGAooJgbEvZhqtfYPOTedPI7GizjbOSEVqO+N2+/EthuCRgMVX3SPFMSTXZh31GTpyPkIW44evRSvOc9JPA3XIAsK+YzuvhO16Fwh836lz8V029qqz2cXc7MK42OdI/WfO9sFywJ2qlOMZBPtLSO8IZAwoIXNFYeQ+Mp7zUNygXJgWo40C7ZulynU51CJQovf8qHleKaKRoGRN0RRFjqoNQ9yUc5/ayN6tyADJ2gdjGVVJES4n3c4JMIIVd24g2ucfkxQT3VpASBwXahF2Ze5kG1EHz9uxpQhiMaW+cIJJ2MHYcRcdx9u/s2oQxqOpQHqaJ1t8xELQ1I4tOMRspL5jeIkfR/UsqeJAgbFoY7RFKyaUn1gJYSZDwhAAG/rG/bsfR3y7uOcuvuz2/ZdQZBO3QqruPI0magWj7OctW0IuXoTnnobGK4HbdrTgA7NOFLipcUfk4xTSkEbwrTySERNonisH6Ch2GgSFbR9EUk28VJE2wS4zFuy6+hoaGxyauL5+DhjQD6LHDsV15tV0xEyaFj4eWCkBpbS7KHDSipSvYmNyRgE3RAGu6PO6a6cgqP0xPHbmSzANf5noKMx+AHul3NTY8G/STiTzybXoprssnj6XSwtctkuwywbrXspSQVGc8bAA9vTFrx72oKLo04xMHNwfjemQlVu6ziMwr6yrQiwdmxp/uQK+GdyfGoy5YTBqOlZc/7yyF6d7Q4I/VmchPHJj2vHgkKrE1XCns46PCcqcfAIdZDqqV46DvRKe96xJrxNsEcJu6GpK2CiYMol4zb+kfdksUVKNe+klm3nldQqAkxsyVhWAe9vZUbHa6bF8wxlXl+X40mfZvquKCaYn4m++9Gc1mG93j5InHX4rB5D1JdIssxYAY7dVmFm0VJSfiGJoLrc/j6Y2JUwpEC9UhbVQTLDmv6nzl3oeBEMmGC1E/YGASUbeQWbOI0OBJw9WBUSzU9nlRcy+XQJClHTSv+IdPTqz+xTupf2piIsploEMI2VhCRJLRt/hGTOrEjgvQ/FG5zdrvoSbXAHjIubDiyb2pdVOQLZBT6agnlt1pOaZEJ3Yrc06uVvmmBTqx3sVitPfJJXRX4aIUKnT+lFkYFpRvstxdIWbgEzqheoh7dMzpmt3sjuULdvjjWq8Izh6IoHE//wW3rhKaFKRzyfIP1hGVxH6E20N1qlo8xSqvzZDf0t5iy0V05I4pBdG5Y2eNbL8lqY7Mn1pRKa/7yGyst7W3WSxAVUicr4RiF0NtxINjGNrOPbj5WbfIhAJXOMAY6u+cAK22XbU1dJY85Ax38HM0tukipcZrgxodONdDcrW+ZJTj7AsrhXFP3+qESPd8Ygx3WU1Ooy0rFMHRErsgHHCi20Bd1YTR6KUewZVw4CRQ2Xx/kzjQJ/Yc4JOPU1hsed5gtghLpMRdBhllfvVEwLajjJA2XF3Z2bRqi7gDrvv6hg0QsV1SNZ/GPZ3P29uzJrHpKDl8ZP0YXdmfXFUUShbCLRTzO36kfW/BSyd5NFYSl43LTQ3h9GT1+ta0OgCrvBEygf/42a4JbrkvvQ9CBKUm81ggZZ4vpzrmafKgPwXQFgPvoA72mDEEGLNxoKpvaWoiBEx7lwJuqLxo9LKROBugPci21v2aEo6ZyR2JgLc+bje1prPiK0uGvVTEqOfm8PnvtyM58suGYo1DGLSlhvrecw0l9MT/zva3PknjR17elX8FGiffDxqzvuxKQH6+vNyJj8WNwQlTPjV9KTHGw26jh4UBX1qHjhK7aI89AhSX/RJ91fU9zbTwCpnGtxWdTGFTflxZcQcVZedWX5GyGjaKeVug7DX404SmKUl/fnR4swjb1U2LhLEBxM/zup0/j7AxjaD73Wda6XznIGzfk1vdydyWdeXGFkXvL5Fzyj8iXIpk4gOOeZ4Ytsmr/gagHx8++auz54X0NLKpQsbFhP6rRDKkAgVtaeeHkvvE2Oj2cBO+GWgiGP1kxqWbtq3Woyic5z0twmwPaslv+AOWs3+zu+FvmTSGn0/XQmUmOdld+UdsYkdcH3frcr2mHWL3ogjFvzz9GQpyFQXQtZOSJgY8yOWZKERHIaZ3uKEEeAJdlY/VV8fgauf4LaEdlV/oGfTCWfGpNPKbWbMKLF4+1dvbdo9VYLSOfW9OtJ/CySaZ9KuIZPAdHreRVnT7YD//Cp3yj34w1eeTRfRixUYuDwSgiXcurF1AvY8maWrlHO93i97i5ct3Qv0pggZAimgLI/3Cf+oBrn+2ReuGX55eYiiMRYN/p4MHWBxc5qf5fLucTqPNpSqExajOFoHtQgkze1ghOQrezcuzJC5vJDb0UVde4aFnpPAE+AcJEVhvFA0vuZa8BAEvln/WmZlGQpj8zcRWvbvePNoFbP/ArdJyacTnxpAHlCqf71q81dNMIKlV9Ocdrne31IAQh4B7vYIuC7mNvG6Ou9N9HD2ZFIvsWRYlBidkjRycO3×9zwr0BwDLJWK+lA82EAtK3CNef5viKFEV2Jz5qGZMPeo1AZIvt53I1OPmh/fPReTWvAa79J1m92cu5I2s4AL2gxFloNLwuiXfnuObdmMYIG801rwXT2P8jCpUBqR/cU1ehkvzv/rUzPenKlqYynBtC38N79Jm743DMPTx2yMezqmZjNbTW6RzW6bYkVgZjqxz85u7EVBFMFE90sp5s1+lDBWn1l8xJJacvJDY8MOzGAy5xQGqkqmMpsw2iBTm+Vud8mIUUcWn3Lk9PYTcIEkn0klQb86DBsdvUdjNbkYzlTTGp83IPdU3PTbZSOxz2Boo0sPWmLkc3lQHGzev6srJ4c2uH5qOYiGmcOACbGRwfB3wbvtT3e/wu90yKJ+8XfP8+htW12FZ7WsXBIeXqX2neTeIN0WLGLiRdNLjJyxKLdsfWnBhINjXbJA3gn4F/irHB5SzrWuU/GCORN/UMZ8dLnWvGW5a3W5V8hZ84Nb5aCZAtOtJ5l/36GMjJEwYen97p19eOC20qFYt3Y+WpwcAjgpDDZj7YZQHPZFHLNSJQiV2LUX8BOew+rM+0fM1qrwALnrz2ats7NSjA+wADMfPZv8Tg5u7i43CvWNuqfL9ftWBxAmMBwlFoWoCtU72maOVbYEVbqIE8xxSBzm9nwE1ewMDYrOSbdERglV3oFuL+chXyrrsXf1mOfg8LI0gGNuPn5pIhQ470YW9nzD6ZPEWsbnd/TaEPS7atmjG9v6EzOFZFNg977VYtXQplm5MebCsIhyPcI9ea4NDQM/Eeio2PEPaYVQ5TIishBCt9yYUq+G9xBblIlFHxUp8f7UxlsPoBL5BZUn84nmx9sgSpKi9A9ol0ojuTZua3FlKhxJCwZHJr/2zLz2c4LkoQIBjQ81Efhe+fZDq/C334EtKA6ZYfw4gpkxM3zYU7TrON3lkuEX8XlAz5gejT2xuBib/3Ymn7tS+gJHVJbQZ33QvgYZYcdvRvNN8XAlCCzB5wMO/2Qq77LLn63i1LUuy24H/fHbbiZwzUw7nFUwcjLu97on3/i4nR5fLtxX+s19sfQxL93XNZLXYH+aNpYmDB2tC8kt/93s5ilYTiPDXdRZCu+LMYs6z4gCxPR3NcPa10YaZSSiBhfzb5M98qb8qvp92TYvNhLC72WyCtFpWbfvjgcj+SAhyBbkMvT/EOUNDsCx9fnuWBr3eSSNXaRuox7DycBAJxmJpQAT6k0VgCcqqThOuSH58v3Hpa1h7lwPqYJkpSpBoMEqm8uquWzq8texY2k8U0cAGNXcO+KMSSKPXQvBRTV4cPNZ2udGZt73g3/WdixVqfweC3WFBhTUD6ZQFUB8BUz5JlL0T3RAk+FXUS45ROGTyRttPBjbiMig9tX0toGzX9Gvv7sZYBAASuVomc7trVBZSHsI7Qo7kGv++cWhi7Vx0V6Hew/dh33TP4l+aTgYv3RMUnex6FoBOeft3mPH9tUY6dlRTIZ3A79BsXjaflozfksoIIH/VvzvzaJ7Z4n9GKGawhby8siUHW4d9sv2NuBvCU3AWITCXwp7gaokfd8QrigX/TD7NQiQqHYhzez+r6ltvnWFCRhDOK36NJJvt0dBQjqSbMwTDJJZwf6K7DNU5h9KEbUt1ELkJtGh9j9ddv4H8fqA2xzCE2aStoB7scMjxVclT65IeS2dIRfwG27JtgEc2UPGARnb1PP1bDMzhQL0sGazmcYt74brn4GrMqBs1pjMrxgpP/27/jsPyNyHXtriN2g5/LiynBSEWfcI2KCrK5jT3HKnOPGRSDLVyKNIYJHb4P3d008N7EnmKhsfnJ9vtpFixvwAlKi3Y+R2IEFxd+4ZE/pqPPYXIQILNBCaBtIhr6DUwoMbeJLtAaHpHgH4oM55QxUO11feiNMirGjGHQc7pAQR51f/Z8p7amNvLTIkUHHicyXVEBOPno3Q0K9WNq/nqmxD4EYpcSg4SGvhgf+3oF7AWoGDozGFs3wGRzLztfNZhC9y2aTGnF6Eb19Do1obTXDffZCWsVL66yfyT0K+qPg1Y7/22ZBJbrJvWfYmSdu0M8fbcveSewVeZjfbtpnSEOK3pm+h4+wZFttH+JMidLSsNwyFqvrWVKSiSH8a+DOzf0nHSKxDnYSLw4h4×4pHKTDeiLIV3RX6qbVPGd93Tr9b5P7UN9dLfsX6k8G2CAEVgT3U4tdqwqx39CVXh2lKppuhpZOb47r5Xu3gxBRJcy1h1MsC0c4cZko9koeiKqgvoc1rc2snNu1xwirhedJmUz1ExvfX4l9keKiQNkUMkoGvr004mSIZ6Cea/YYUVmGSR2eMJtdEAAbi6yQ3UIBCKRS+Dy9pPcyg4s0Q/KFwGv2dyFsICg8V6P41djaHBOH+sDzb+5GKfKHcQ8/bRXc62SvIHtnCqeeIiP6eALgCbkcEx8ylmql6rKUTi8yi0QSUgo/I8kW84pS0vj5w4nXJP1BF5BP6MVT5YCNqv/mA4dXF8Odgf9GU7GOyGJGOhcnjxD8xQ4K/CQ1BisZv4//8IxN8Xtcyk8DnyAKXQG+87RecctZc9h0SyiypEGsSxuPdDsffioDzihsoFoXp/Cz0Kr5NxYpFvuqaDFCLEo/i4fTFCV94fehFciRtGRfz3phHMmB1cdZYjFzGUkU4ShaGBPfxkE1B1G/ZYnzdl0/gd7aPPPu/JG1h/MxAoikoWCr3u7cVsYSp8cY6a3T1Fm/TP6XTvD6jPNUocoUTAvSd+sF+EQdXImvUGZNMk2SWLnLx4nwquHCd9T/31rNs3tC73otu0mg9q9E8UNJy8VP2Dr6VlFiUBNshf9iP6RSAiMkpG7eYCoPy61pQggDDYOA2JDacSIS4Ol3KjoUCeiagZJf+PgsC6ARCsoWu+O6WBOWH0Zj2lBf25VGO6yAUhHrwrDXDs7EEZnS+UvLs8/9t4+vwN5+H20TTLOnAOCyeTrantF5hZTM9dVtZj7h9lK8Gf7+04vVIH/uKMRyu28zzRymVv8DriYV07hATHRX9K40W/yek6pX145jfaB6qs3kh3kkaK6tIuz3VoEX3CafkYOA5Q9GM2ZuGwlL9IBVnWSIeHgRkVXenqfC8qTWCpwKvP+mA3J1K14/CJm0HjW6zlxVvQb84mDpamsCFSTR5+yk4omhjqUiUyNQKwDZmcu9Av9mD2gn7PLybKpBkp7SgVP+pCTCwZC74XTcPe+1aZlUPIjfqTUd8K6Zi1jGN9Fxn7QP9VdDPF0zg+Fq2HLF5Xb44PFdxT8M/+yqB2n9vY9qYrP42o/iyj7zRrZjjkgw54y0TH4oAE+NsOzKKr+48B2w2+glfFGGRcdT9pY9r67cFfhcnG2AnjfIT+SENeFXPB8FLSqsdnKlCoiPu7Jky/5TLZ6s7lkyVQ95QgyzxgQ0wbYYUqlnMEWDEeWynEszkz4hOOkB51I+RNyQPshQpNjwiWH5n2D8gyFpI90ZETetT23FAoo66IjRAJNoF8S3q4Fih9QToT/foY1GRXzVe2oWoMhRRdiB1kDZBG09zmfXo3Ao/wMuCojCxhM85ye2Pat9Y9RdhyutHvIusMS7w9BL7nwTQFLGUZA7rWKoPbhzmeK/6xK8qyGyHZNcb4kKJcSES7BhsVmLhAAPjhhOHcVH+xKr4Oi8pwe7XRHAb9laWpQXdszG5EPqU4viNA7SFLFGGyiPrZU8U52z0n/wQhSOHiTOOgzkKpXTZMxMFD/7XFfj3qYQea2Y9X9fCuqmmnUWz3HFFZnRAqPRP586U3ZqHjD93pN+KBlV/cEe+3hdbPe4lm99Mz6bq7BM1zXKv/tMLu/iD3WfrR1eYyH+ArQNGfh6lb8uYFJXOhW9SFVxWOLBpXE3q0zt1Jq/XkHJrZ3Zksbf5yDp4zcf+01kCI0QQEg7VYcysI360CVfcCm9UsmmtmgXXwba8avhQtkkl4jEqLLQw345yd2Imi/tUMsmcibElsWpXCuONLzzJZW5un9FM1g+v+9Lr4/Vouy3zRECJ3B4U3et8htombKL4F5XFBXYIKy8jIdTlto/abILztI0G7gJyZWmgFskAO5rJ+8+S86AcjsPxnCLg04rU2mcWlzs2TyEGr27uJQMxxe+nmJ+RUEBMIQY+oPjSMGypb3l35t7rhHcgN/ELo6A5vuvraERSzFv2+0/h4px/xM30JniK+/XLm3wTA9n6PhMA8sqGyvj2dH9uNtT/n08uOgSJcsCeVtjqWBN6wK/DGYamLyWwHmG9lKFjwaffGSChp1Q+nPqZf4n0jQgW5mn8/Ef/DZji3ZJZGCcRC/hIunrxTiO4eNPDhjPcG51qI5Jt5NdAsV0yJ7DYG1cSR7P7GlA5mXerMdOV9BID3vZNIW3hHllvZ06VKN1yJKD4YGmZW0GJ8mrWkkomI8BLIoAn5jt8WraoSBrs7lt7NFgYJN/lVtmTdQn+xAOBiiWzbFCQVDgvc2/W6YY9LvDQ2oWmE/CVNngCqlHS6YOjl7gTCYoEoALWEoYhQegIj9ZwYD+3EX3R0O1631GaT9eiaI8dX+fJyhJyuybvhfu3szMkV6OYkfolF1Szzx88/myGIkIG5J6gLUm0wv3HWIommYyTHsUpN6xrcVbvW3LLLVNszEnS5iEjftMCwZTexlVwkzJR3UUMfWM0T56d6C5LEVm4TqjH5e2b4Ehm+mWcXxWZBAakjgUDePWwLrAAkrMsGWXY+MN+VIsPP4YayNyQKHlB/+wZXLg69sv06fiDd2VZfyE/NwhUlFar8h7il+rgR4t05Ri7VfbuYv86Xt70d66gx6g6Pl5M4ZtJ5+qjBgfn1+GsaNxqdcst1b8EbQP9ShyFs/1gMaxUJrsq1fJBpxMYUjnfznw+Z1yTa8pqPwnj2ym72mh1UxJn2OJbKmixERQCOV1C4P2Jr9aW3M/hUsjy6wWXD2ilnKB2sfVEOB0W0HqqIlENA5cSC6OPvm932ydwZn38Z/XVuvsirY6nxY5UOs7×1IgGzvf9n9DjFO7rAXDGoaDdljvuCIeWNec2kG4etzgAN8Q9HEvx7nuW4PJeTd1zW25tWeA4YQ+B6bMInQbfMVjjmTk0CW349kBvpFnocCM3YXjroojAJ4sUoMAMl2a6NwTEugkYOsesRN8AoPxXdz5ilApWCnBnEbArJxYY+alCAkJj3+mgHF/7ukeQ70hSw5iKuk0utHs5Bxan2cjLDnKgUiOq41GDLjLvPvdn9/WAaXqU1Lf9nkNNCj/BnSMmpxkS54HUiZtvkiOpGZmNGAz7SWFbSxyT8ymCnKI8k3rkXog5QGxep3SvH1mKJqpZUs4ZD2R5z9RcHeKvsJR5×768jMCv63NN1nDaGIqtBr/i3sFAO5qZ9VcMN539+nsmuHfTD2SPWUAbmB4Zpc84ZwSotOpDiy1L5RPvD8xPaKOM+0T1DUeHLv7XZ80gzJyhapqofzIuE9qAkkVUr4KeHSQAPixbBUTKnoIVM4GJW6pp2Ijbcr5aUlnQmelb8×39cjpmVF4d1Cqg3GhbLKo4txjo+OVL918MPGf3pszyXIaA+B+DLOOz1k77l9EbH6ajw/QSdAWt+fxNr2pIPoMB80W6VHKPUIA3xs5wRs79hO5SWFSp+t/Aq3BdOxUAZUjIa3rUWvkjTqYHvOF9GLh7JnpdPQtT621wrOpjg2YPq7KpFlONfLcZ21AbEJaB6YMIzxqpGuwoWH3ippGoiVrw2ajss4sVFkGMjgeZE2qqfcueTmHJjnqZDPuPSIaAvBu9tDnop5cv7vpcoxLtLJrfQdkqLN6ZxTOdRYb/1HHI1PhVb9HP+adpVSm3YQcb6HfNSf3gVAaT4+/7dbGJM3O0r8L8Zztaf3PL5KKkp+ZerMFwQpwqN7vmlmCD2ef4wuIuLOuABxFXMM8BkU9AF2N/m+nb7Ggp4gyYkNPLZD8narF6sAVBAPenJ3FAzwFLepDqJg2f4GU84CuCjmFUMXeWoxVGn8th7ZRkaRbl34ZsBZAlxYtRrgQITpbZR+mYJ0goL2/ZMxu24hHt5zPgFYMAgZGSztnroQaUdFaL+sRz0O0iCY7TQQdN2JIOws65WOWxVm3kgHWTnOlLLIK6j6Nn6OIn+dpcJdVplSGH7TXev0jUNrpR5×9w6r1yVhOOE/Q1yShPVujhd8A/2pYHHFv5QzxSPyTHFLk9lkYG9aPteMbnPfruE/RxPgPr5rx3kWaHHncmbhhH9/JNPJek8DD70fW3zH988BYGa4P5hWOT9fTzSayw51RzbxaS5Jg8YyYP3A0ByQxsu9IVaBmKoY5yVwEAT/StMER7AghucJQ3tQjjZWgjSn0NPoGjmykJMAgKAOtLpnTgQzmYNYjJg50Qa/zKQ+NDdlH8pZf8QHMROVs/B2WPoi5CArkRKhvOWPmHSEu0vDvYSbyDnPmpHt+ZCMwu4JpqI1vZzH9ixVp2k8dDNIWKjSs3unOZqYcNzxDKZvBG+N77UlgCwPaqxXHl7pUVP/DB2iiTGQY2uJOarUtyCkEa8ABszPlLUHGXBFD6GvyOBiHrQE0XhRuM/e8+KtEUs3329uQmXWCAVJxbkUdeICXyed7aOlsnLKTHDOHsFoX7woZ9so1J58+iM7SB7yK9z2K3XO4FVzdR0GX4LwrNCxdfsw9rHchDb+iop0rlkoSh/TgIpWmzLEAln6rjZ92Ta9f1qcI6Oin3hDREJfWvly6KEy/BfyH48y83PTzMGl4g8AOA0CN7zfIPkWKMgANwn+F///ff4n3/8+3//9e//Aw==

Comments (35) | Tags: base64_decode, eval, gzinflate, nested, php, php script, str_rot13

Mar 22

Annoying Coding Methods (solved)

Posted on Saturday, March 22, 2008 in Coding

So I finally figured out how to decrypt the insanity of the footer for this theme.

To see what I started out with see the first post –> Annyoing Coding Methods

Simply changing the eval() to echo just printed out a ?> because I found out the first thing in the code was a ?>, so it ended the PHP tag and simply printed out the ending ?> tag.

So… I decided to remove all PHP tags… like <?php <? and ?> with:


<?php
$remove = array(">","<");
$replace = array("&gt;","&lt;");
$string = 'FREAKISHLY LONG ENCRYPTED STRING HERE';
echo str_replace($remove,$replace,gzinflate(str_rot13(base64_decode($string))));
# echo str_replace($remove,$replace,gzinflate(base64_decode($string)));<br />
?>

So that worked liked I hoped it would, BUT it prints out nearly the exact same thing I had to begin with, just with another random string. So I keep replacing cryptic code in the $string variable over and over. The output varied from eval(gzinflate(str_rot13(base64_decode($string)))); to eval(gzinflate(base64_decode($string))); Hence the extra (commented) line in the above code. I probably repeated this method at least 50 times until I actually saw the real source code. (And yes, after doing that I realize that I could have just written a little code to loop through it, but I had no idea how many iterations it would take)

The string of data got smaller and smaller each time. The last string before the real code is only about a fifth of the length of the original:

tVRdb5swFH3OpP2HOx6WRCrQZm8ZpdKkVX1opCqNtr5FBi7g1djMNk3z73exE5q0Vbs97AXM/Tgcn3vsi3SUFPwBeHEebHhRoTVB+vHDyEdzwYzZJ4o+kVy0dQu8hAmUncwtV3KNj9xYMxkXW8kanq8NLzBjejyFz5/hWXAyvsbSwqVSFvuKKcwBhUF6Xbj/jpJO+MUoEdzxYsFApArSpJ4d87LcCgzSJeYoLbSKuCRxPduBHODR2rGnnjXTec0fkFj3Ddm2f45Pxmen9Mg7Y1VDCyKQ9q+4f0+/7hkSTvxEsk964j7o/4Gy4GXfAU7MmNT8v7IueVX/o675X+m6QMte6ukhHetNu9ZYEVfUk51IPkvCDBVCVVyqzvqKA9H6Iga1xvI8qK1t53H8wAQvmFU62nyJlK7ivMb8PqYS1KgDcMTOg1XNDbSsQtg1oAFm4O5qtbiGs+gUbq3muQ3SH30aEpZlet+Ldxal4ZlAuNq2qFf4aGHB9H3XwjWTVUewQfocKol7DGLP3tnBRumi1WiMoz8wvlEb2kEB2RZ+UsVNX3ECxhL1UJWhrTFk2oLBhknLcyBiRkkmoO0ywU3NZQWtYLZUuomCdMA4IHQ8l4ZmdzSTt637ZNRXTDx4eLgvSme23XXhGjI35lJNxuRO9EcGQnja9xzekep4U8Bk8bJjs4l+YVkKLsQ2ylUTN3RgaWghtZFrWH96CGnho7B8ijrM8FVEi3kttRKiRwzSFX2ChCUF3mgiDnTqrMpUobvGd166GFgF31y0b4+cRKZlcqf3HqtELObPtdPGzNadFl6/IP0uyX1k7sny9nbqZz1AOVA/jVlwlPgUEmc/xrxW7tKTXbP+3WEP5l0Bu69oV2l5g3pNcrWTM19gMFeyoIIwTA9MMDjMe2DvsSEdkyJbt6htI+ga+AM=

I repeated the workflow one more time and was excited to see real code!
 <div id="widgets"> <div class="widgetd"> <php if ( function_exists('dynamic_sidebar') && dynamic_sidebar('Left Footer') ) : else : ?> <ul> <li id="a" class="wg"> <h2 class="widgettitle">Recent posts</h2> <ul><?php get_archives(‘postbypost’,‘10′,‘custom’,‘ <li>‘,‘</li> ‘); ?> </ul> </li> </ul> <?php endif; ?> </div> <div class="widgetd"><?php if ( function_exists(‘dynamic_sidebar’) && dynamic_sidebar(‘Right Footer’) ) : else : ?> <ul> <li id="c" class="wg"> <h2 class="widgettitle">Meta</h2> <ul> <?php wp_register(); ?> <li><?php wp_loginout(); ?></li> <li><a href="http://validator.w3.org/check/referer" title="This page validates as XHTML 1.0 Strict">Valid <abbr title="eXtensible HyperText Markup Language">XHTML 1.0 Strict</abbr></a></li> <li><a href="http://wordpress.org/" title="Powered by WordPress, state-of-the-art semantic personal publishing platform.">WordPress</a></li> <?php wp_meta(); ?> </ul> </li> </ul> </div> <?php endif; ?> </div> <div id="footer"><?php bloginfo(‘name’); ?> – Powered by: <a href="http://wordpress.org/">WordPress</a> and <a href="http://www.jefflilly.com/mustang-restoration/">Mustang Restoration</a> – <a href="http://www.technroll.com">Tech n Roll</a> – <a href="http://www.flighttobodrum.com">Flight to Bodrum</a>. <a href="feed:<?php bloginfo(‘rss2_url’); ?>“>Entries (RSS)</a> <!-- <?php echo get_num_queries(); ?> queries. <?php timer_stop(1); ?> seconds. –></div> <?php wp_footer(); ?> </div> </body> </html>

You’ll notice instead of <?php it printed out php because they were removed with the str_replace function. There’s also no ending ?> tags at the end of the PHP code but simply replace them where they belong and remove the links in the end and you’re done!
Update: changed the str_replace() search/replace terms so now everything will look like it should (for some reason I overlooked this simple correction a week ago … lol
I’ve got no idea why the person that made this theme felt it necessary to keep their blasted links so sacred … whatever.

Comments (3) | Tags: base64_decode, eval, gzinflate, str_replace, str_rot13

Mar 18

Annyoing Coding Methods

Posted on Tuesday, March 18, 2008 in Coding

So I like this new theme I’ve got … I’ve only got a couple of complaints about it that I haven’t figured out yet. The first would be how the rss widgets show up in the sidebar. I can’t find the entries in the css file where it has the ‘chicklet’ feed button (because I don’t want it to make a new line between the image and the feed title) … this is just an aesthetic thing … not really a big deal. The second problem is what annoys me. The maker of this theme felt it necessary to ‘encrypt’ the footer so itâ€™d be impossible to remove their links (three of them). I don’t have a problem giving credit where it’s due but how am I supposed to know what else is being executed in the footer… like if i’s malicious or just retarded. I’ll figure out how to ‘decrypt’ it soon enough but if someone else wants to play with it (or just see how silly they are) take a look.



<? eval(gzinflate(str_rot13(base64_decode('FZm3rgPRblF/Up1yebE5wYKFzTnneoTNOXR+vZ9MsCIJEmrumTPgv//3X//+VGh04z+bXzfXcGlJ/zzO/T/7ZcLoP/PsqAjsP3JILHL1z/8S013mFz8RUBF8/dvumChyp98h+PP8M5Ku/bKZ3ckqww4nrwB26xevBsFsJ07QSGQEhH36lPljUmI8R9NJWnH6/Prf5vUgoEhBzyp1rsuNhTDeG+skBcq5mSHZLzTZ5tWzQ1x+1zYXeKWXS603YVSWVQyzouYy98MEDDE/jl4Vq9kxrPhQKRQj8JN0Af8aBJHgMSmF4NPUFA1w/ScZ5FTPccOMLFSgLfRxP+Hv5e8o9PiGm19Nynf7k74u/bwM9b31qzHchhtITWj8lV6+7PQopu7nS0xgtjiZSzv+Wxgy83dCqZRX84zKoE/xLfoeje9WVIYYa2EPae9dOlm3AAeSiE9IbtiC8ZqNQu/wRRoI9HPZ8eEFCcXm1GLFvh3pjdokGiFpbrPtpb2L6Uc8P5d++YIka6YV7cdmJ4beSoTW2BcH1058YjsxL1EKPJZcmhwxvqusZXD/aRfts37aQjypHGHm8oKa32NhCLF1utqhF+bOS0grhkBxPpUxJqejxlcI5YmRIY1ikUFxPXizXdNsBYihR+occ1zEliUTU3f+mo92/JUDsh7UY725kre3VZcwpVvjc7iVnDdSJlPDF7hmZxVwBpjFRydes3zOW4qqhulJgtNKJjHTjFe/yjYh7XHPA4WwWaoU8i6V8bG0ukAg94CyUf52pU0Pzc2VgJ9E1cWxIlMUxQZdbYVmFzdKTh7XdlL7qg8YZxxGZT6fd6sUgDqb0KwXVFbAKxLpMhJWJ5w3kB8HS3FXMjSpjTpxyANblgOpoGlxQuQjkD235pwFUOSavaJb/aqx4Qah7n+T2eOqJt6NTTQuMbfbkcsugeSYQGxAZZ90r1OjmRsRnro/s8+VWA/ufCaZftuInYLnU8uDnT6htvJkOxC/fl19Ãƒâ€”6acZnI2Y3pTp6VsRfSxIngeVY6jYM9SJS0ZZpQfAZxZMF1qscIz4RjUkNQsSPWVfPqFQiarYMUEQlKVepouLiQzg1F6rH3PVLUMCYr5Vz1DOLQZJsdkByipkCIuje2QXlnEWirPDH9kXgOfNuSqBWcQMBWXft8G0oSfZMsTWNNbjLRl75z8PW7CCAXD4JMBHfmtvznNg9q+3RMZKKI6WBAqs2zjWfFyRIg+XjW0q6gP8e4MY3540skqNlpZdaOWgIZT53wiArOa6csPUiR8J0lpQv/u0mNBJ/+Jzwy9Dfew1epLxO+sDl/ijxCxuBJ5+lWnXntGHVrq2EMqN7L4V7ZnliKOvbkucm8z5VtVMT3hnL9nMAfh7tWc25IjGJPa8rzjxfnLyYUMKR9zLgGAooJgbEvZhqtfYPOTedPI7GizjbOSEVqO+N2+/EthuCRgMVX3SPFMSTXZh31GTpyPkIW44evRSvOc9JPA3XIAsK+YzuvhO16Fwh836lz8V029qqz2cXc7MK42OdI/WfO9sFywJ2qlOMZBPtLSO8IZAwoIXNFYeQ+Mp7zUNygXJgWo40C7ZulynU51CJQovf8qHleKaKRoGRN0RRFjqoNQ9yUc5/ayN6tyADJ2gdjGVVJES4n3c4JMIIVd24g2ucfkxQT3VpASBwXahF2Ze5kG1EHz9uxpQhiMaW+cIJJ2MHYcRcdx9u/s2oQxqOpQHqaJ1t8xELQ1I4tOMRspL5jeIkfR/UsqeJAgbFoY7RFKyaUn1gJYSZDwhAAG/rG/bsfR3y7uOcuvuz2/ZdQZBO3QqruPI0magWj7OctW0IuXoTnnobGK4HbdrTgA7NOFLipcUfk4xTSkEbwrTySERNonisH6Ch2GgSFbR9EUk28VJE2wS4zFuy6+hoaGxyauL5+DhjQD6LHDsV15tV0xEyaFj4eWCkBpbS7KHDSipSvYmNyRgE3RAGu6PO6a6cgqP0xPHbmSzANf5noKMx+AHul3NTY8G/STiTzybXoprssnj6XSwtctkuwywbrXspSQVGc8bAA9vTFrx72oKLo04xMHNwfjemQlVu6ziMwr6yrQiwdmxp/uQK+GdyfGoy5YTBqOlZc/7yyF6d7Q4I/VmchPHJj2vHgkKrE1XCns46PCcqcfAIdZDqqV46DvRKe96xJrxNsEcJu6GpK2CiYMol4zb+kfdksUVKNe+klm3nldQqAkxsyVhWAe9vZUbHa6bF8wxlXl+X40mfZvquKCaYn4m++9Gc1mG93j5InHX4rB5D1JdIssxYAY7dVmFm0VJSfiGJoLrc/j6Y2JUwpEC9UhbVQTLDmv6nzl3oeBEMmGC1E/YGASUbeQWbOI0OBJw9WBUSzU9nlRcy+XQJClHTSv+IdPTqz+xTupf2piIsploEMI2VhCRJLRt/hGTOrEjgvQ/FG5zdrvoSbXAHjIubDiyb2pdVOQLZBT6agnlt1pOaZEJ3Yrc06uVvmmBTqx3sVitPfJJXRX4aIUKnT+lFkYFpRvstxdIWbgEzqheoh7dMzpmt3sjuULdvjjWq8Izh6IoHE//wW3rhKaFKRzyfIP1hGVxH6E20N1qlo8xSqvzZDf0t5iy0V05I4pBdG5Y2eNbL8lqY7Mn1pRKa/7yGyst7W3WSxAVUicr4RiF0NtxINjGNrOPbj5WbfIhAJXOMAY6u+cAK22XbU1dJY85Ax38HM0tukipcZrgxodONdDcrW+ZJTj7AsrhXFP3+qESPd8Ygx3WU1Ooy0rFMHRErsgHHCi20Bd1YTR6KUewZVw4CRQ2Xx/kzjQJ/Yc4JOPU1hsed5gtghLpMRdBhllfvVEwLajjJA2XF3Z2bRqi7gDrvv6hg0QsV1SNZ/GPZ3P29uzJrHpKDl8ZP0YXdmfXFUUShbCLRTzO36kfW/BSyd5NFYSl43LTQ3h9GT1+ta0OgCrvBEygf/42a4JbrkvvQ9CBKUm81ggZZ4vpzrmafKgPwXQFgPvoA72mDEEGLNxoKpvaWoiBEx7lwJuqLxo9LKROBugPci21v2aEo6ZyR2JgLc+bje1prPiK0uGvVTEqOfm8PnvtyM58suGYo1DGLSlhvrecw0l9MT/zva3PknjR17elX8FGiffDxqzvuxKQH6+vNyJj8WNwQlTPjV9KTHGw26jh4UBX1qHjhK7aI89AhSX/RJ91fU9zbTwCpnGtxWdTGFTflxZcQcVZedWX5GyGjaKeVug7DX404SmKUl/fnR4swjb1U2LhLEBxM/zup0/j7AxjaD73Wda6XznIGzfk1vdydyWdeXGFkXvL5Fzyj8iXIpk4gOOeZ4Ytsmr/gagHx8++auz54X0NLKpQsbFhP6rRDKkAgVtaeeHkvvE2Oj2cBO+GWgiGP1kxqWbtq3Woyic5z0twmwPaslv+AOWs3+zu+FvmTSGn0/XQmUmOdld+UdsYkdcH3frcr2mHWL3ogjFvzz9GQpyFQXQtZOSJgY8yOWZKERHIaZ3uKEEeAJdlY/VV8fgauf4LaEdlV/oGfTCWfGpNPKbWbMKLF4+1dvbdo9VYLSOfW9OtJ/CySaZ9KuIZPAdHreRVnT7YD//Cp3yj34w1eeTRfRixUYuDwSgiXcurF1AvY8maWrlHO93i97i5ct3Qv0pggZAimgLI/3Cf+oBrn+2ReuGX55eYiiMRYN/p4MHWBxc5qf5fLucTqPNpSqExajOFoHtQgkze1ghOQrezcuzJC5vJDb0UVde4aFnpPAE+AcJEVhvFA0vuZa8BAEvln/WmZlGQpj8zcRWvbvePNoFbP/ArdJyacTnxpAHlCqf71q81dNMIKlV9Ocdrne31IAQh4B7vYIuC7mNvG6Ou9N9HD2ZFIvsWRYlBidkjRycO3Ãƒâ€”9zwr0BwDLJWK+lA82EAtK3CNef5viKFEV2Jz5qGZMPeo1AZIvt53I1OPmh/fPReTWvAa79J1m92cu5I2s4AL2gxFloNLwuiXfnuObdmMYIG801rwXT2P8jCpUBqR/cU1ehkvzv/rUzPenKlqYynBtC38N79Jm743DMPTx2yMezqmZjNbTW6RzW6bYkVgZjqxz85u7EVBFMFE90sp5s1+lDBWn1l8xJJacvJDY8MOzGAy5xQGqkqmMpsw2iBTm+Vud8mIUUcWn3Lk9PYTcIEkn0klQb86DBsdvUdjNbkYzlTTGp83IPdU3PTbZSOxz2Boo0sPWmLkc3lQHGzev6srJ4c2uH5qOYiGmcOACbGRwfB3wbvtT3e/wu90yKJ+8XfP8+htW12FZ7WsXBIeXqX2neTeIN0WLGLiRdNLjJyxKLdsfWnBhINjXbJA3gn4F/irHB5SzrWuU/GCORN/UMZ8dLnWvGW5a3W5V8hZ84Nb5aCZAtOtJ5l/36GMjJEwYen97p19eOC20qFYt3Y+WpwcAjgpDDZj7YZQHPZFHLNSJQiV2LUX8BOew+rM+0fM1qrwALnrz2ats7NSjA+wADMfPZv8Tg5u7i43CvWNuqfL9ftWBxAmMBwlFoWoCtU72maOVbYEVbqIE8xxSBzm9nwE1ewMDYrOSbdERglV3oFuL+chXyrrsXf1mOfg8LI0gGNuPn5pIhQ470YW9nzD6ZPEWsbnd/TaEPS7atmjG9v6EzOFZFNg977VYtXQplm5MebCsIhyPcI9ea4NDQM/Eeio2PEPaYVQ5TIishBCt9yYUq+G9xBblIlFHxUp8f7UxlsPoBL5BZUn84nmx9sgSpKi9A9ol0ojuTZua3FlKhxJCwZHJr/2zLz2c4LkoQIBjQ81Efhe+fZDq/C334EtKA6ZYfw4gpkxM3zYU7TrON3lkuEX8XlAz5gejT2xuBib/3Ymn7tS+gJHVJbQZ33QvgYZYcdvRvNN8XAlCCzB5wMO/2Qq77LLn63i1LUuy24H/fHbbiZwzUw7nFUwcjLu97on3/i4nR5fLtxX+s19sfQxL93XNZLXYH+aNpYmDB2tC8kt/93s5ilYTiPDXdRZCu+LMYs6z4gCxPR3NcPa10YaZSSiBhfzb5M98qb8qvp92TYvNhLC72WyCtFpWbfvjgcj+SAhyBbkMvT/EOUNDsCx9fnuWBr3eSSNXaRuox7DycBAJxmJpQAT6k0VgCcqqThOuSH58v3Hpa1h7lwPqYJkpSpBoMEqm8uquWzq8texY2k8U0cAGNXcO+KMSSKPXQvBRTV4cPNZ2udGZt73g3/WdixVqfweC3WFBhTUD6ZQFUB8BUz5JlL0T3RAk+FXUS45ROGTyRttPBjbiMig9tX0toGzX9Gvv7sZYBAASuVomc7trVBZSHsI7Qo7kGv++cWhi7Vx0V6Hew/dh33TP4l+aTgYv3RMUnex6FoBOeft3mPH9tUY6dlRTIZ3A79BsXjaflozfksoIIH/VvzvzaJ7Z4n9GKGawhby8siUHW4d9sv2NuBvCU3AWITCXwp7gaokfd8QrigX/TD7NQiQqHYhzez+r6ltvnWFCRhDOK36NJJvt0dBQjqSbMwTDJJZwf6K7DNU5h9KEbUt1ELkJtGh9j9ddv4H8fqA2xzCE2aStoB7scMjxVclT65IeS2dIRfwG27JtgEc2UPGARnb1PP1bDMzhQL0sGazmcYt74brn4GrMqBs1pjMrxgpP/27/jsPyNyHXtriN2g5/LiynBSEWfcI2KCrK5jT3HKnOPGRSDLVyKNIYJHb4P3d008N7EnmKhsfnJ9vtpFixvwAlKi3Y+R2IEFxd+4ZE/pqPPYXIQILNBCaBtIhr6DUwoMbeJLtAaHpHgH4oM55QxUO11feiNMirGjGHQc7pAQR51f/Z8p7amNvLTIkUHHicyXVEBOPno3Q0K9WNq/nqmxD4EYpcSg4SGvhgf+3oF7AWoGDozGFs3wGRzLztfNZhC9y2aTGnF6Eb19Do1obTXDffZCWsVL66yfyT0K+qPg1Y7/22ZBJbrJvWfYmSdu0M8fbcveSewVeZjfbtpnSEOK3pm+h4+wZFttH+JMidLSsNwyFqvrWVKSiSH8a+DOzf0nHSKxDnYSLw4h4Ãƒâ€”4pHKTDeiLIV3RX6qbVPGd93Tr9b5P7UN9dLfsX6k8G2CAEVgT3U4tdqwqx39CVXh2lKppuhpZOb47r5Xu3gxBRJcy1h1MsC0c4cZko9koeiKqgvoc1rc2snNu1xwirhedJmUz1ExvfX4l9keKiQNkUMkoGvr004mSIZ6Cea/YYUVmGSR2eMJtdEAAbi6yQ3UIBCKRS+Dy9pPcyg4s0Q/KFwGv2dyFsICg8V6P41djaHBOH+sDzb+5GKfKHcQ8/bRXc62SvIHtnCqeeIiP6eALgCbkcEx8ylmql6rKUTi8yi0QSUgo/I8kW84pS0vj5w4nXJP1BF5BP6MVT5YCNqv/mA4dXF8Odgf9GU7GOyGJGOhcnjxD8xQ4K/CQ1BisZv4//8IxN8Xtcyk8DnyAKXQG+87RecctZc9h0SyiypEGsSxuPdDsffioDzihsoFoXp/Cz0Kr5NxYpFvuqaDFCLEo/i4fTFCV94fehFciRtGRfz3phHMmB1cdZYjFzGUkU4ShaGBPfxkE1B1G/ZYnzdl0/gd7aPPPu/JG1h/MxAoikoWCr3u7cVsYSp8cY6a3T1Fm/TP6XTvD6jPNUocoUTAvSd+sF+EQdXImvUGZNMk2SWLnLx4nwquHCd9T/31rNs3tC73otu0mg9q9E8UNJy8VP2Dr6VlFiUBNshf9iP6RSAiMkpG7eYCoPy61pQggDDYOA2JDacSIS4Ol3KjoUCeiagZJf+PgsC6ARCsoWu+O6WBOWH0Zj2lBf25VGO6yAUhHrwrDXDs7EEZnS+UvLs8/9t4+vwN5+H20TTLOnAOCyeTrantF5hZTM9dVtZj7h9lK8Gf7+04vVIH/uKMRyu28zzRymVv8DriYV07hATHRX9K40W/yek6pX145jfaB6qs3kh3kkaK6tIuz3VoEX3CafkYOA5Q9GM2ZuGwlL9IBVnWSIeHgRkVXenqfC8qTWCpwKvP+mA3J1K14/CJm0HjW6zlxVvQb84mDpamsCFSTR5+yk4omhjqUiUyNQKwDZmcu9Av9mD2gn7PLybKpBkp7SgVP+pCTCwZC74XTcPe+1aZlUPIjfqTUd8K6Zi1jGN9Fxn7QP9VdDPF0zg+Fq2HLF5Xb44PFdxT8M/+yqB2n9vY9qYrP42o/iyj7zRrZjjkgw54y0TH4oAE+NsOzKKr+48B2w2+glfFGGRcdT9pY9r67cFfhcnG2AnjfIT+SENeFXPB8FLSqsdnKlCoiPu7Jky/5TLZ6s7lkyVQ95QgyzxgQ0wbYYUqlnMEWDEeWynEszkz4hOOkB51I+RNyQPshQpNjwiWH5n2D8gyFpI90ZETetT23FAoo66IjRAJNoF8S3q4Fih9QToT/foY1GRXzVe2oWoMhRRdiB1kDZBG09zmfXo3Ao/wMuCojCxhM85ye2Pat9Y9RdhyutHvIusMS7w9BL7nwTQFLGUZA7rWKoPbhzmeK/6xK8qyGyHZNcb4kKJcSES7BhsVmLhAAPjhhOHcVH+xKr4Oi8pwe7XRHAb9laWpQXdszG5EPqU4viNA7SFLFGGyiPrZU8U52z0n/wQhSOHiTOOgzkKpXTZMxMFD/7XFfj3qYQea2Y9X9fCuqmmnUWz3HFFZnRAqPRP586U3ZqHjD93pN+KBlV/cEe+3hdbPe4lm99Mz6bq7BM1zXKv/tMLu/iD3WfrR1eYyH+ArQNGfh6lb8uYFJXOhW9SFVxWOLBpXE3q0zt1Jq/XkHJrZ3Zksbf5yDp4zcf+01kCI0QQEg7VYcysI360CVfcCm9UsmmtmgXXwba8avhQtkkl4jEqLLQw345yd2Imi/tUMsmcibElsWpXCuONLzzJZW5un9FM1g+v+9Lr4/Vouy3zRECJ3B4U3et8htombKL4F5XFBXYIKy8jIdTlto/abILztI0G7gJyZWmgFskAO5rJ+8+S86AcjsPxnCLg04rU2mcWlzs2TyEGr27uJQMxxe+nmJ+RUEBMIQY+oPjSMGypb3l35t7rhHcgN/ELo6A5vuvraERSzFv2+0/h4px/xM30JniK+/XLm3wTA9n6PhMA8sqGyvj2dH9uNtT/n08uOgSJcsCeVtjqWBN6wK/DGYamLyWwHmG9lKFjwaffGSChp1Q+nPqZf4n0jQgW5mn8/Ef/DZji3ZJZGCcRC/hIunrxTiO4eNPDhjPcG51qI5Jt5NdAsV0yJ7DYG1cSR7P7GlA5mXerMdOV9BID3vZNIW3hHllvZ06VKN1yJKD4YGmZW0GJ8mrWkkomI8BLIoAn5jt8WraoSBrs7lt7NFgYJN/lVtmTdQn+xAOBiiWzbFCQVDgvc2/W6YY9LvDQ2oWmE/CVNngCqlHS6YOjl7gTCYoEoALWEoYhQegIj9ZwYD+3EX3R0O1631GaT9eiaI8dX+fJyhJyuybvhfu3szMkV6OYkfolF1Szzx88/myGIkIG5J6gLUm0wv3HWIommYyTHsUpN6xrcVbvW3LLLVNszEnS5iEjftMCwZTexlVwkzJR3UUMfWM0T56d6C5LEVm4TqjH5e2b4Ehm+mWcXxWZBAakjgUDePWwLrAAkrMsGWXY+MN+VIsPP4YayNyQKHlB/+wZXLg69sv06fiDd2VZfyE/NwhUlFar8h7il+rgR4t05Ri7VfbuYv86Xt70d66gx6g6Pl5M4ZtJ5+qjBgfn1+GsaNxqdcst1b8EbQP9ShyFs/1gMaxUJrsq1fJBpxMYUjnfznw+Z1yTa8pqPwnj2ym72mh1UxJn2OJbKmixERQCOV1C4P2Jr9aW3M/hUsjy6wWXD2ilnKB2sfVEOB0W0HqqIlENA5cSC6OPvm932ydwZn38Z/XVuvsirY6nxY5UOs7Ãƒâ€”1IgGzvf9n9DjFO7rAXDGoaDdljvuCIeWNec2kG4etzgAN8Q9HEvx7nuW4PJeTd1zW25tWeA4YQ+B6bMInQbfMVjjmTk0CW349kBvpFnocCM3YXjroojAJ4sUoMAMl2a6NwTEugkYOsesRN8AoPxXdz5ilApWCnBnEbArJxYY+alCAkJj3+mgHF/7ukeQ70hSw5iKuk0utHs5Bxan2cjLDnKgUiOq41GDLjLvPvdn9/WAaXqU1Lf9nkNNCj/BnSMmpxkS54HUiZtvkiOpGZmNGAz7SWFbSxyT8ymCnKI8k3rkXog5QGxep3SvH1mKJqpZUs4ZD2R5z9RcHeKvsJR5Ãƒâ€”768jMCv63NN1nDaGIqtBr/i3sFAO5qZ9VcMN539+nsmuHfTD2SPWUAbmB4Zpc84ZwSotOpDiy1L5RPvD8xPaKOM+0T1DUeHLv7XZ80gzJyhapqofzIuE9qAkkVUr4KeHSQAPixbBUTKnoIVM4GJW6pp2Ijbcr5aUlnQmelb8Ãƒâ€”39cjpmVF4d1Cqg3GhbLKo4txjo+OVL918MPGf3pszyXIaA+B+DLOOz1k77l9EbH6ajw/QSdAWt+fxNr2pIPoMB80W6VHKPUIA3xs5wRs79hO5SWFSp+t/Aq3BdOxUAZUjIa3rUWvkjTqYHvOF9GLh7JnpdPQtT621wrOpjg2YPq7KpFlONfLcZ21AbEJaB6YMIzxqpGuwoWH3ippGoiVrw2ajss4sVFkGMjgeZE2qqfcueTmHJjnqZDPuPSIaAvBu9tDnop5cv7vpcoxLtLJrfQdkqLN6ZxTOdRYb/1HHI1PhVb9HP+adpVSm3YQcb6HfNSf3gVAaT4+/7dbGJM3O0r8L8Zztaf3PL5KKkp+ZerMFwQpwqN7vmlmCD2ef4wuIuLOuABxFXMM8BkU9AF2N/m+nb7Ggp4gyYkNPLZD8narF6sAVBAPenJ3FAzwFLepDqJg2f4GU84CuCjmFUMXeWoxVGn8th7ZRkaRbl34ZsBZAlxYtRrgQITpbZR+mYJ0goL2/ZMxu24hHt5zPgFYMAgZGSztnroQaUdFaL+sRz0O0iCY7TQQdN2JIOws65WOWxVm3kgHWTnOlLLIK6j6Nn6OIn+dpcJdVplSGH7TXev0jUNrpR5Ãƒâ€”9w6r1yVhOOE/Q1yShPVujhd8A/2pYHHFv5QzxSPyTHFLk9lkYG9aPteMbnPfruE/RxPgPr5rx3kWaHHncmbhhH9/JNPJek8DD70fW3zH988BYGa4P5hWOT9fTzSayw51RzbxaS5Jg8YyYP3A0ByQxsu9IVaBmKoY5yVwEAT/StMER7AghucJQ3tQjjZWgjSn0NPoGjmykJMAgKAOtLpnTgQzmYNYjJg50Qa/zKQ+NDdlH8pZf8QHMROVs/B2WPoi5CArkRKhvOWPmHSEu0vDvYSbyDnPmpHt+ZCMwu4JpqI1vZzH9ixVp2k8dDNIWKjSs3unOZqYcNzxDKZvBG+N77UlgCwPaqxXHl7pUVP/DB2iiTGQY2uJOarUtyCkEa8ABszPlLUHGXBFD6GvyOBiHrQE0XhRuM/e8+KtEUs3329uQmXWCAVJxbkUdeICXyed7aOlsnLKTHDOHsFoX7woZ9so1J58+iM7SB7yK9z2K3XO4FVzdR0GX4LwrNCxdfsw9rHchDb+iop0rlkoSh/TgIpWmzLEAln6rjZ92Ta9f1qcI6Oin3hDREJfWvly6KEy/BfyH48y83PTzMGl4g8AOA0CN7zfIPkWKMgANwn+F///ff4n3/8+3//9e//Aw==')))); ?>

I’ve come to learn that it’s a semi-standard method to ‘copyright’ php code, but I’d at the very least like to know everything it does. base64_decode() decrypts that long nasty thing … str_rot13() rotates all alphabetical characters by 13 letters, like this:

A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

A = N, B = O, C = P, etc. then gzinflate() basically uncompresses it … and eval() runs the inside text as php code. ’standard’ methods to see the inside text have failed because the first two characters i know are ?> which ends the first <?php tag so all it’ll print out is the ?> at the very end of the code. So … any ideas would be appreciated. I’m too lazy to design my own theme (again) but it seems I might just have to anyway :/

blarg,

-josh

Comment (1) | Tags: base64_decode, eval, gzinflate, php, str_rot13

Josh’s Random Non-sense! // my crazy life :)

On PHP “Encryptions”

Decrypt nested eval gzinflate str_rot13 base64_decode

Annoying Coding Methods (solved)

Annyoing Coding Methods

Pages

Recent Comments

Categories

Tags