Josh's Random Non-sense! » base64_decode

On PHP “Encryptions”

josh — Sun, 28 Dec 2008 22:00:29 +0000

Alright, so I’ve gotten (relatively) a lot of attention for my post(s) (mainly this one) about “decrypting” PHP scripts that are engulfed in various combinations of gzinflate();, str_rot13();, and base64_decode();.

This post is mostly an attempt to enlighten those that come upon it to what these functions are and do, and probably more importantly, how to undo their secretive evil.

base64_decode

The most common function (I’ve seen) used would be base64_code(). From the documentation on php.net of this function:

Encodes the given data with base64.
This encoding is designed to make binary data survive transport through transport layers that are not 8-bit clean, such as mail bodies.
Base64-encoded data takes about 33% more space than the original data.

Here’s an example of the base64_encode(); and what the encoded string looks like (if the string ends in ‘==’ odds are it’s base64_encoded).

echo base64_encode('This is an encoded string');
// VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==

# The reverse of this function is pretty much the same:

echo base64_decode('VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==');
// This is an encoded string

str_rot13

Sometimes you’ll see people use str_rot13(); at some point during their process. This really just “shifts every letter by 13 places in the alphabet while leaving non-alpha characters untouched”. So … using str_rot13() on the string that’s already had it used on it, produces the original string.

$a = 'this is a string';
$b = str_rot13($a);
$c = str_rot13($b);

echo $b; // guvf vf n fgevat
echo $c; // this is a string

gzinflate

Now a lot of times, they like to go a step further and use gzdeflate(); because base64_encode(); produces a lot more code than the original, so it will shrink the size of the original code inside before sent to base64_encode(). gzdeflate() uses the DEFLATE data format to make the encoded string quite a bit smaller.

$a = 'this is a long, long, long, string that just seems to keep on going forever and ever and ever ...';
$b = gzdeflate($a);
$c = gzinflate($b);

echo $b;
// lots of unreadable characters
// 67 characters

echo $c;
// this is a long, long, long, string that just seems to keep on going forever and ever and ever ...
// 97 characters

Methodology

The first thing I do when I see some obscenely long, obfuscated code somewhere is look how they convert their encoded string to actual php code. This most simplistic one you’ll find would probably look something like this:

$str = 'PctOCoMwEEDRtYHcbhDBbYZ3vVU30zgxgZgJ46RdlN692bTwSg/+vJZDrBlj6V80CsHGMe9j8k7g+CgpOkfa4NTqPQQS6q/W+JqdU87wVSj7cmtB8Lamu1DCf9hAVatxQ6nUro815AL/Jpyarbcv';
eval(gzinflate(str_rot13(base64_decode($str))));

To retrieve the original code out of this you just have to change the eval() to echo() instead. But since the string might have some tags in it, I usually use htmlentities() as well.

$str = 'PctOCoMwEEDRtYHcbhDBbYZ3vVU30zgxgZgJ46RdlN692bTwSg/+vJZDrBlj6V80CsHGMe9j8k7g+CgpOkfa4NTqPQQS6q/W+JqdU87wVSj7cmtB8Lamu1DCf9hAVatxQ6nUro815AL/Jpyarbcv';

//eval(gzinflate(str_rot13(base64_decode($str))));
echo(htmlentities(gzinflate(str_rot13(base64_decode($str)))));
//

Assuming the encoding hasn’t been iterated over and over again, it should be pretty easy to view the code inside by taking apart how they undo it themselves. Sometimes it’s a bit more in depth and complicated than others, but the end result is just a hair bit of observation

PS.

eval is one letter away from evil

Decrypt nested eval gzinflate str_rot13 base64_decode

josh — Sun, 23 Mar 2008 01:49:06 +0000

So I went ahead and wrote a script to undo massively nested eval(gzinflate(str_rot13(base64_decode(‘STRING’)))); and eval(gzinflate(base64_decode(‘STRING’))); “encryptions” with a multitude of both of them inside it. The string from the original footer here had to go through 67 different iterations before it got to the real source code (talk about overkill).
If you have strings that aren’t nested, you can probably just do this:

$string = gzinflate(str_rot13(base64_decode('YOUR STRING')));

$string = htmlentities($string, ENT_NOQUOTES);

echo $string;

If you have a string from that fits that description you can decrypt it here

Or if you just want to test it here’s the original string from the footer of ~~this~~ one of my old themes:

FZm3rgPRblF/Up1yebE5wYKFzTnneoTNOXR+vZ9MsCIJEmrumTPgv//3X//+VGh04z+bXzfXcGlJ/zzO/T/7ZcLoP/PsqAjsP3JILHL1z/8S013mFz8RUBF8/dvumChyp98h+PP8M5Ku/bKZ3ckqww4nrwB26xevBsFsJ07QSGQEhH36lPljUmI8R9NJWnH6/Prf5vUgoEhBzyp1rsuNhTDeG+skBcq5mSHZLzTZ5tWzQ1x+1zYXeKWXS603YVSWVQyzouYy98MEDDE/jl4Vq9kxrPhQKRQj8JN0Af8aBJHgMSmF4NPUFA1w/ScZ5FTPccOMLFSgLfRxP+Hv5e8o9PiGm19Nynf7k74u/bwM9b31qzHchhtITWj8lV6+7PQopu7nS0xgtjiZSzv+Wxgy83dCqZRX84zKoE/xLfoeje9WVIYYa2EPae9dOlm3AAeSiE9IbtiC8ZqNQu/wRRoI9HPZ8eEFCcXm1GLFvh3pjdokGiFpbrPtpb2L6Uc8P5d++YIka6YV7cdmJ4beSoTW2BcH1058YjsxL1EKPJZcmhwxvqusZXD/aRfts37aQjypHGHm8oKa32NhCLF1utqhF+bOS0grhkBxPpUxJqejxlcI5YmRIY1ikUFxPXizXdNsBYihR+occ1zEliUTU3f+mo92/JUDsh7UY725kre3VZcwpVvjc7iVnDdSJlPDF7hmZxVwBpjFRydes3zOW4qqhulJgtNKJjHTjFe/yjYh7XHPA4WwWaoU8i6V8bG0ukAg94CyUf52pU0Pzc2VgJ9E1cWxIlMUxQZdbYVmFzdKTh7XdlL7qg8YZxxGZT6fd6sUgDqb0KwXVFbAKxLpMhJWJ5w3kB8HS3FXMjSpjTpxyANblgOpoGlxQuQjkD235pwFUOSavaJb/aqx4Qah7n+T2eOqJt6NTTQuMbfbkcsugeSYQGxAZZ90r1OjmRsRnro/s8+VWA/ufCaZftuInYLnU8uDnT6htvJkOxC/fl19×6acZnI2Y3pTp6VsRfSxIngeVY6jYM9SJS0ZZpQfAZxZMF1qscIz4RjUkNQsSPWVfPqFQiarYMUEQlKVepouLiQzg1F6rH3PVLUMCYr5Vz1DOLQZJsdkByipkCIuje2QXlnEWirPDH9kXgOfNuSqBWcQMBWXft8G0oSfZMsTWNNbjLRl75z8PW7CCAXD4JMBHfmtvznNg9q+3RMZKKI6WBAqs2zjWfFyRIg+XjW0q6gP8e4MY3540skqNlpZdaOWgIZT53wiArOa6csPUiR8J0lpQv/u0mNBJ/+Jzwy9Dfew1epLxO+sDl/ijxCxuBJ5+lWnXntGHVrq2EMqN7L4V7ZnliKOvbkucm8z5VtVMT3hnL9nMAfh7tWc25IjGJPa8rzjxfnLyYUMKR9zLgGAooJgbEvZhqtfYPOTedPI7GizjbOSEVqO+N2+/EthuCRgMVX3SPFMSTXZh31GTpyPkIW44evRSvOc9JPA3XIAsK+YzuvhO16Fwh836lz8V029qqz2cXc7MK42OdI/WfO9sFywJ2qlOMZBPtLSO8IZAwoIXNFYeQ+Mp7zUNygXJgWo40C7ZulynU51CJQovf8qHleKaKRoGRN0RRFjqoNQ9yUc5/ayN6tyADJ2gdjGVVJES4n3c4JMIIVd24g2ucfkxQT3VpASBwXahF2Ze5kG1EHz9uxpQhiMaW+cIJJ2MHYcRcdx9u/s2oQxqOpQHqaJ1t8xELQ1I4tOMRspL5jeIkfR/UsqeJAgbFoY7RFKyaUn1gJYSZDwhAAG/rG/bsfR3y7uOcuvuz2/ZdQZBO3QqruPI0magWj7OctW0IuXoTnnobGK4HbdrTgA7NOFLipcUfk4xTSkEbwrTySERNonisH6Ch2GgSFbR9EUk28VJE2wS4zFuy6+hoaGxyauL5+DhjQD6LHDsV15tV0xEyaFj4eWCkBpbS7KHDSipSvYmNyRgE3RAGu6PO6a6cgqP0xPHbmSzANf5noKMx+AHul3NTY8G/STiTzybXoprssnj6XSwtctkuwywbrXspSQVGc8bAA9vTFrx72oKLo04xMHNwfjemQlVu6ziMwr6yrQiwdmxp/uQK+GdyfGoy5YTBqOlZc/7yyF6d7Q4I/VmchPHJj2vHgkKrE1XCns46PCcqcfAIdZDqqV46DvRKe96xJrxNsEcJu6GpK2CiYMol4zb+kfdksUVKNe+klm3nldQqAkxsyVhWAe9vZUbHa6bF8wxlXl+X40mfZvquKCaYn4m++9Gc1mG93j5InHX4rB5D1JdIssxYAY7dVmFm0VJSfiGJoLrc/j6Y2JUwpEC9UhbVQTLDmv6nzl3oeBEMmGC1E/YGASUbeQWbOI0OBJw9WBUSzU9nlRcy+XQJClHTSv+IdPTqz+xTupf2piIsploEMI2VhCRJLRt/hGTOrEjgvQ/FG5zdrvoSbXAHjIubDiyb2pdVOQLZBT6agnlt1pOaZEJ3Yrc06uVvmmBTqx3sVitPfJJXRX4aIUKnT+lFkYFpRvstxdIWbgEzqheoh7dMzpmt3sjuULdvjjWq8Izh6IoHE//wW3rhKaFKRzyfIP1hGVxH6E20N1qlo8xSqvzZDf0t5iy0V05I4pBdG5Y2eNbL8lqY7Mn1pRKa/7yGyst7W3WSxAVUicr4RiF0NtxINjGNrOPbj5WbfIhAJXOMAY6u+cAK22XbU1dJY85Ax38HM0tukipcZrgxodONdDcrW+ZJTj7AsrhXFP3+qESPd8Ygx3WU1Ooy0rFMHRErsgHHCi20Bd1YTR6KUewZVw4CRQ2Xx/kzjQJ/Yc4JOPU1hsed5gtghLpMRdBhllfvVEwLajjJA2XF3Z2bRqi7gDrvv6hg0QsV1SNZ/GPZ3P29uzJrHpKDl8ZP0YXdmfXFUUShbCLRTzO36kfW/BSyd5NFYSl43LTQ3h9GT1+ta0OgCrvBEygf/42a4JbrkvvQ9CBKUm81ggZZ4vpzrmafKgPwXQFgPvoA72mDEEGLNxoKpvaWoiBEx7lwJuqLxo9LKROBugPci21v2aEo6ZyR2JgLc+bje1prPiK0uGvVTEqOfm8PnvtyM58suGYo1DGLSlhvrecw0l9MT/zva3PknjR17elX8FGiffDxqzvuxKQH6+vNyJj8WNwQlTPjV9KTHGw26jh4UBX1qHjhK7aI89AhSX/RJ91fU9zbTwCpnGtxWdTGFTflxZcQcVZedWX5GyGjaKeVug7DX404SmKUl/fnR4swjb1U2LhLEBxM/zup0/j7AxjaD73Wda6XznIGzfk1vdydyWdeXGFkXvL5Fzyj8iXIpk4gOOeZ4Ytsmr/gagHx8++auz54X0NLKpQsbFhP6rRDKkAgVtaeeHkvvE2Oj2cBO+GWgiGP1kxqWbtq3Woyic5z0twmwPaslv+AOWs3+zu+FvmTSGn0/XQmUmOdld+UdsYkdcH3frcr2mHWL3ogjFvzz9GQpyFQXQtZOSJgY8yOWZKERHIaZ3uKEEeAJdlY/VV8fgauf4LaEdlV/oGfTCWfGpNPKbWbMKLF4+1dvbdo9VYLSOfW9OtJ/CySaZ9KuIZPAdHreRVnT7YD//Cp3yj34w1eeTRfRixUYuDwSgiXcurF1AvY8maWrlHO93i97i5ct3Qv0pggZAimgLI/3Cf+oBrn+2ReuGX55eYiiMRYN/p4MHWBxc5qf5fLucTqPNpSqExajOFoHtQgkze1ghOQrezcuzJC5vJDb0UVde4aFnpPAE+AcJEVhvFA0vuZa8BAEvln/WmZlGQpj8zcRWvbvePNoFbP/ArdJyacTnxpAHlCqf71q81dNMIKlV9Ocdrne31IAQh4B7vYIuC7mNvG6Ou9N9HD2ZFIvsWRYlBidkjRycO3×9zwr0BwDLJWK+lA82EAtK3CNef5viKFEV2Jz5qGZMPeo1AZIvt53I1OPmh/fPReTWvAa79J1m92cu5I2s4AL2gxFloNLwuiXfnuObdmMYIG801rwXT2P8jCpUBqR/cU1ehkvzv/rUzPenKlqYynBtC38N79Jm743DMPTx2yMezqmZjNbTW6RzW6bYkVgZjqxz85u7EVBFMFE90sp5s1+lDBWn1l8xJJacvJDY8MOzGAy5xQGqkqmMpsw2iBTm+Vud8mIUUcWn3Lk9PYTcIEkn0klQb86DBsdvUdjNbkYzlTTGp83IPdU3PTbZSOxz2Boo0sPWmLkc3lQHGzev6srJ4c2uH5qOYiGmcOACbGRwfB3wbvtT3e/wu90yKJ+8XfP8+htW12FZ7WsXBIeXqX2neTeIN0WLGLiRdNLjJyxKLdsfWnBhINjXbJA3gn4F/irHB5SzrWuU/GCORN/UMZ8dLnWvGW5a3W5V8hZ84Nb5aCZAtOtJ5l/36GMjJEwYen97p19eOC20qFYt3Y+WpwcAjgpDDZj7YZQHPZFHLNSJQiV2LUX8BOew+rM+0fM1qrwALnrz2ats7NSjA+wADMfPZv8Tg5u7i43CvWNuqfL9ftWBxAmMBwlFoWoCtU72maOVbYEVbqIE8xxSBzm9nwE1ewMDYrOSbdERglV3oFuL+chXyrrsXf1mOfg8LI0gGNuPn5pIhQ470YW9nzD6ZPEWsbnd/TaEPS7atmjG9v6EzOFZFNg977VYtXQplm5MebCsIhyPcI9ea4NDQM/Eeio2PEPaYVQ5TIishBCt9yYUq+G9xBblIlFHxUp8f7UxlsPoBL5BZUn84nmx9sgSpKi9A9ol0ojuTZua3FlKhxJCwZHJr/2zLz2c4LkoQIBjQ81Efhe+fZDq/C334EtKA6ZYfw4gpkxM3zYU7TrON3lkuEX8XlAz5gejT2xuBib/3Ymn7tS+gJHVJbQZ33QvgYZYcdvRvNN8XAlCCzB5wMO/2Qq77LLn63i1LUuy24H/fHbbiZwzUw7nFUwcjLu97on3/i4nR5fLtxX+s19sfQxL93XNZLXYH+aNpYmDB2tC8kt/93s5ilYTiPDXdRZCu+LMYs6z4gCxPR3NcPa10YaZSSiBhfzb5M98qb8qvp92TYvNhLC72WyCtFpWbfvjgcj+SAhyBbkMvT/EOUNDsCx9fnuWBr3eSSNXaRuox7DycBAJxmJpQAT6k0VgCcqqThOuSH58v3Hpa1h7lwPqYJkpSpBoMEqm8uquWzq8texY2k8U0cAGNXcO+KMSSKPXQvBRTV4cPNZ2udGZt73g3/WdixVqfweC3WFBhTUD6ZQFUB8BUz5JlL0T3RAk+FXUS45ROGTyRttPBjbiMig9tX0toGzX9Gvv7sZYBAASuVomc7trVBZSHsI7Qo7kGv++cWhi7Vx0V6Hew/dh33TP4l+aTgYv3RMUnex6FoBOeft3mPH9tUY6dlRTIZ3A79BsXjaflozfksoIIH/VvzvzaJ7Z4n9GKGawhby8siUHW4d9sv2NuBvCU3AWITCXwp7gaokfd8QrigX/TD7NQiQqHYhzez+r6ltvnWFCRhDOK36NJJvt0dBQjqSbMwTDJJZwf6K7DNU5h9KEbUt1ELkJtGh9j9ddv4H8fqA2xzCE2aStoB7scMjxVclT65IeS2dIRfwG27JtgEc2UPGARnb1PP1bDMzhQL0sGazmcYt74brn4GrMqBs1pjMrxgpP/27/jsPyNyHXtriN2g5/LiynBSEWfcI2KCrK5jT3HKnOPGRSDLVyKNIYJHb4P3d008N7EnmKhsfnJ9vtpFixvwAlKi3Y+R2IEFxd+4ZE/pqPPYXIQILNBCaBtIhr6DUwoMbeJLtAaHpHgH4oM55QxUO11feiNMirGjGHQc7pAQR51f/Z8p7amNvLTIkUHHicyXVEBOPno3Q0K9WNq/nqmxD4EYpcSg4SGvhgf+3oF7AWoGDozGFs3wGRzLztfNZhC9y2aTGnF6Eb19Do1obTXDffZCWsVL66yfyT0K+qPg1Y7/22ZBJbrJvWfYmSdu0M8fbcveSewVeZjfbtpnSEOK3pm+h4+wZFttH+JMidLSsNwyFqvrWVKSiSH8a+DOzf0nHSKxDnYSLw4h4×4pHKTDeiLIV3RX6qbVPGd93Tr9b5P7UN9dLfsX6k8G2CAEVgT3U4tdqwqx39CVXh2lKppuhpZOb47r5Xu3gxBRJcy1h1MsC0c4cZko9koeiKqgvoc1rc2snNu1xwirhedJmUz1ExvfX4l9keKiQNkUMkoGvr004mSIZ6Cea/YYUVmGSR2eMJtdEAAbi6yQ3UIBCKRS+Dy9pPcyg4s0Q/KFwGv2dyFsICg8V6P41djaHBOH+sDzb+5GKfKHcQ8/bRXc62SvIHtnCqeeIiP6eALgCbkcEx8ylmql6rKUTi8yi0QSUgo/I8kW84pS0vj5w4nXJP1BF5BP6MVT5YCNqv/mA4dXF8Odgf9GU7GOyGJGOhcnjxD8xQ4K/CQ1BisZv4//8IxN8Xtcyk8DnyAKXQG+87RecctZc9h0SyiypEGsSxuPdDsffioDzihsoFoXp/Cz0Kr5NxYpFvuqaDFCLEo/i4fTFCV94fehFciRtGRfz3phHMmB1cdZYjFzGUkU4ShaGBPfxkE1B1G/ZYnzdl0/gd7aPPPu/JG1h/MxAoikoWCr3u7cVsYSp8cY6a3T1Fm/TP6XTvD6jPNUocoUTAvSd+sF+EQdXImvUGZNMk2SWLnLx4nwquHCd9T/31rNs3tC73otu0mg9q9E8UNJy8VP2Dr6VlFiUBNshf9iP6RSAiMkpG7eYCoPy61pQggDDYOA2JDacSIS4Ol3KjoUCeiagZJf+PgsC6ARCsoWu+O6WBOWH0Zj2lBf25VGO6yAUhHrwrDXDs7EEZnS+UvLs8/9t4+vwN5+H20TTLOnAOCyeTrantF5hZTM9dVtZj7h9lK8Gf7+04vVIH/uKMRyu28zzRymVv8DriYV07hATHRX9K40W/yek6pX145jfaB6qs3kh3kkaK6tIuz3VoEX3CafkYOA5Q9GM2ZuGwlL9IBVnWSIeHgRkVXenqfC8qTWCpwKvP+mA3J1K14/CJm0HjW6zlxVvQb84mDpamsCFSTR5+yk4omhjqUiUyNQKwDZmcu9Av9mD2gn7PLybKpBkp7SgVP+pCTCwZC74XTcPe+1aZlUPIjfqTUd8K6Zi1jGN9Fxn7QP9VdDPF0zg+Fq2HLF5Xb44PFdxT8M/+yqB2n9vY9qYrP42o/iyj7zRrZjjkgw54y0TH4oAE+NsOzKKr+48B2w2+glfFGGRcdT9pY9r67cFfhcnG2AnjfIT+SENeFXPB8FLSqsdnKlCoiPu7Jky/5TLZ6s7lkyVQ95QgyzxgQ0wbYYUqlnMEWDEeWynEszkz4hOOkB51I+RNyQPshQpNjwiWH5n2D8gyFpI90ZETetT23FAoo66IjRAJNoF8S3q4Fih9QToT/foY1GRXzVe2oWoMhRRdiB1kDZBG09zmfXo3Ao/wMuCojCxhM85ye2Pat9Y9RdhyutHvIusMS7w9BL7nwTQFLGUZA7rWKoPbhzmeK/6xK8qyGyHZNcb4kKJcSES7BhsVmLhAAPjhhOHcVH+xKr4Oi8pwe7XRHAb9laWpQXdszG5EPqU4viNA7SFLFGGyiPrZU8U52z0n/wQhSOHiTOOgzkKpXTZMxMFD/7XFfj3qYQea2Y9X9fCuqmmnUWz3HFFZnRAqPRP586U3ZqHjD93pN+KBlV/cEe+3hdbPe4lm99Mz6bq7BM1zXKv/tMLu/iD3WfrR1eYyH+ArQNGfh6lb8uYFJXOhW9SFVxWOLBpXE3q0zt1Jq/XkHJrZ3Zksbf5yDp4zcf+01kCI0QQEg7VYcysI360CVfcCm9UsmmtmgXXwba8avhQtkkl4jEqLLQw345yd2Imi/tUMsmcibElsWpXCuONLzzJZW5un9FM1g+v+9Lr4/Vouy3zRECJ3B4U3et8htombKL4F5XFBXYIKy8jIdTlto/abILztI0G7gJyZWmgFskAO5rJ+8+S86AcjsPxnCLg04rU2mcWlzs2TyEGr27uJQMxxe+nmJ+RUEBMIQY+oPjSMGypb3l35t7rhHcgN/ELo6A5vuvraERSzFv2+0/h4px/xM30JniK+/XLm3wTA9n6PhMA8sqGyvj2dH9uNtT/n08uOgSJcsCeVtjqWBN6wK/DGYamLyWwHmG9lKFjwaffGSChp1Q+nPqZf4n0jQgW5mn8/Ef/DZji3ZJZGCcRC/hIunrxTiO4eNPDhjPcG51qI5Jt5NdAsV0yJ7DYG1cSR7P7GlA5mXerMdOV9BID3vZNIW3hHllvZ06VKN1yJKD4YGmZW0GJ8mrWkkomI8BLIoAn5jt8WraoSBrs7lt7NFgYJN/lVtmTdQn+xAOBiiWzbFCQVDgvc2/W6YY9LvDQ2oWmE/CVNngCqlHS6YOjl7gTCYoEoALWEoYhQegIj9ZwYD+3EX3R0O1631GaT9eiaI8dX+fJyhJyuybvhfu3szMkV6OYkfolF1Szzx88/myGIkIG5J6gLUm0wv3HWIommYyTHsUpN6xrcVbvW3LLLVNszEnS5iEjftMCwZTexlVwkzJR3UUMfWM0T56d6C5LEVm4TqjH5e2b4Ehm+mWcXxWZBAakjgUDePWwLrAAkrMsGWXY+MN+VIsPP4YayNyQKHlB/+wZXLg69sv06fiDd2VZfyE/NwhUlFar8h7il+rgR4t05Ri7VfbuYv86Xt70d66gx6g6Pl5M4ZtJ5+qjBgfn1+GsaNxqdcst1b8EbQP9ShyFs/1gMaxUJrsq1fJBpxMYUjnfznw+Z1yTa8pqPwnj2ym72mh1UxJn2OJbKmixERQCOV1C4P2Jr9aW3M/hUsjy6wWXD2ilnKB2sfVEOB0W0HqqIlENA5cSC6OPvm932ydwZn38Z/XVuvsirY6nxY5UOs7×1IgGzvf9n9DjFO7rAXDGoaDdljvuCIeWNec2kG4etzgAN8Q9HEvx7nuW4PJeTd1zW25tWeA4YQ+B6bMInQbfMVjjmTk0CW349kBvpFnocCM3YXjroojAJ4sUoMAMl2a6NwTEugkYOsesRN8AoPxXdz5ilApWCnBnEbArJxYY+alCAkJj3+mgHF/7ukeQ70hSw5iKuk0utHs5Bxan2cjLDnKgUiOq41GDLjLvPvdn9/WAaXqU1Lf9nkNNCj/BnSMmpxkS54HUiZtvkiOpGZmNGAz7SWFbSxyT8ymCnKI8k3rkXog5QGxep3SvH1mKJqpZUs4ZD2R5z9RcHeKvsJR5×768jMCv63NN1nDaGIqtBr/i3sFAO5qZ9VcMN539+nsmuHfTD2SPWUAbmB4Zpc84ZwSotOpDiy1L5RPvD8xPaKOM+0T1DUeHLv7XZ80gzJyhapqofzIuE9qAkkVUr4KeHSQAPixbBUTKnoIVM4GJW6pp2Ijbcr5aUlnQmelb8×39cjpmVF4d1Cqg3GhbLKo4txjo+OVL918MPGf3pszyXIaA+B+DLOOz1k77l9EbH6ajw/QSdAWt+fxNr2pIPoMB80W6VHKPUIA3xs5wRs79hO5SWFSp+t/Aq3BdOxUAZUjIa3rUWvkjTqYHvOF9GLh7JnpdPQtT621wrOpjg2YPq7KpFlONfLcZ21AbEJaB6YMIzxqpGuwoWH3ippGoiVrw2ajss4sVFkGMjgeZE2qqfcueTmHJjnqZDPuPSIaAvBu9tDnop5cv7vpcoxLtLJrfQdkqLN6ZxTOdRYb/1HHI1PhVb9HP+adpVSm3YQcb6HfNSf3gVAaT4+/7dbGJM3O0r8L8Zztaf3PL5KKkp+ZerMFwQpwqN7vmlmCD2ef4wuIuLOuABxFXMM8BkU9AF2N/m+nb7Ggp4gyYkNPLZD8narF6sAVBAPenJ3FAzwFLepDqJg2f4GU84CuCjmFUMXeWoxVGn8th7ZRkaRbl34ZsBZAlxYtRrgQITpbZR+mYJ0goL2/ZMxu24hHt5zPgFYMAgZGSztnroQaUdFaL+sRz0O0iCY7TQQdN2JIOws65WOWxVm3kgHWTnOlLLIK6j6Nn6OIn+dpcJdVplSGH7TXev0jUNrpR5×9w6r1yVhOOE/Q1yShPVujhd8A/2pYHHFv5QzxSPyTHFLk9lkYG9aPteMbnPfruE/RxPgPr5rx3kWaHHncmbhhH9/JNPJek8DD70fW3zH988BYGa4P5hWOT9fTzSayw51RzbxaS5Jg8YyYP3A0ByQxsu9IVaBmKoY5yVwEAT/StMER7AghucJQ3tQjjZWgjSn0NPoGjmykJMAgKAOtLpnTgQzmYNYjJg50Qa/zKQ+NDdlH8pZf8QHMROVs/B2WPoi5CArkRKhvOWPmHSEu0vDvYSbyDnPmpHt+ZCMwu4JpqI1vZzH9ixVp2k8dDNIWKjSs3unOZqYcNzxDKZvBG+N77UlgCwPaqxXHl7pUVP/DB2iiTGQY2uJOarUtyCkEa8ABszPlLUHGXBFD6GvyOBiHrQE0XhRuM/e8+KtEUs3329uQmXWCAVJxbkUdeICXyed7aOlsnLKTHDOHsFoX7woZ9so1J58+iM7SB7yK9z2K3XO4FVzdR0GX4LwrNCxdfsw9rHchDb+iop0rlkoSh/TgIpWmzLEAln6rjZ92Ta9f1qcI6Oin3hDREJfWvly6KEy/BfyH48y83PTzMGl4g8AOA0CN7zfIPkWKMgANwn+F///ff4n3/8+3//9e//Aw==

Annoying Coding Methods (solved)

josh — Sat, 22 Mar 2008 20:42:39 +0000

So I finally figured out how to decrypt the insanity of the footer for this theme.

To see what I started out with see the first post –> Annyoing Coding Methods

Simply changing the eval() to echo just printed out a ?> because I found out the first thing in the code was a ?>, so it ended the PHP tag and simply printed out the ending ?> tag.

So… I decided to remove all PHP tags… like and ?> with:



= array(">","<");
$replace = array(">","<");
$string = 'FREAKISHLY LONG ENCRYPTED STRING HERE';
echo str_replace($remove,$replace,gzinflate(str_rot13(base64_decode($string))));
# echo str_replace($remove,$replace,gzinflate(base64_decode($string)));

?>

So that worked liked I hoped it would, BUT it prints out nearly the exact same thing I had to begin with, just with another random string. So I keep replacing cryptic  code in the $string variable over and over. The output varied from eval(gzinflate(str_rot13(base64_decode($string)))); to eval(gzinflate(base64_decode($string))); Hence the extra (commented) line in the above code. I probably repeated this method at least 50 times until I actually saw the real source code. (And yes, after doing that I realize that I could have just written a little code to loop through it, but I had no idea how many iterations it would take)
The string of data got smaller and smaller each time. The last string before the real code is only about a fifth of the length of the original:
tVRdb5swFH3OpP2HOx6WRCrQZm8ZpdKkVX1opCqNtr5FBi7g1djMNk3z73exE5q0Vbs97AXM/Tgcn3vsi3SUFPwBeHEebHhRoTVB+vHDyEdzwYzZJ4o+kVy0dQu8hAmUncwtV3KNj9xYMxkXW8kanq8NLzBjejyFz5/hWXAyvsbSwqVSFvuKKcwBhUF6Xbj/jpJO+MUoEdzxYsFApArSpJ4d87LcCgzSJeYoLbSKuCRxPduBHODR2rGnnjXTec0fkFj3Ddm2f45Pxmen9Mg7Y1VDCyKQ9q+4f0+/7hkSTvxEsk964j7o/4Gy4GXfAU7MmNT8v7IueVX/o675X+m6QMte6ukhHetNu9ZYEVfUk51IPkvCDBVCVVyqzvqKA9H6Iga1xvI8qK1t53H8wAQvmFU62nyJlK7ivMb8PqYS1KgDcMTOg1XNDbSsQtg1oAFm4O5qtbiGs+gUbq3muQ3SH30aEpZlet+Ldxal4ZlAuNq2qFf4aGHB9H3XwjWTVUewQfocKol7DGLP3tnBRumi1WiMoz8wvlEb2kEB2RZ+UsVNX3ECxhL1UJWhrTFk2oLBhknLcyBiRkkmoO0ywU3NZQWtYLZUuomCdMA4IHQ8l4ZmdzSTt637ZNRXTDx4eLgvSme23XXhGjI35lJNxuRO9EcGQnja9xzekep4U8Bk8bJjs4l+YVkKLsQ2ylUTN3RgaWghtZFrWH96CGnho7B8ijrM8FVEi3kttRKiRwzSFX2ChCUF3mgiDnTqrMpUobvGd166GFgF31y0b4+cRKZlcqf3HqtELObPtdPGzNadFl6/IP0uyX1k7sny9nbqZz1AOVA/jVlwlPgUEmc/xrxW7tKTXbP+3WEP5l0Bu69oV2l5g3pNcrWTM19gMFeyoIIwTA9MMDjMe2DvsSEdkyJbt6htI+ga+AM=
I repeated the workflow one more time and was excited to see real code!

</p>
<div id="widgets">
<div class="widgetd">
<php if ( function_exists('dynamic_sidebar') && dynamic_sidebar('Left Footer') ) : else : ?>
<ul>
<li id="a" class="wg">
<h2 class="widgettitle">Recent posts</h2>
<p>
<ul><span style="color: #0000BB" mce_style="color: #0000BB"><?php get_archives</span><span style="color: #007700" mce_style="color: #007700">(</span><span style="color: #DD0000" mce_style="color: #DD0000">‘postbypost’</span><span style="color: #007700" mce_style="color: #007700">,</span><span style="color: #DD0000" mce_style="color: #DD0000">‘10′</span><span style="color: #007700" mce_style="color: #007700">,</span><span style="color: #DD0000" mce_style="color: #DD0000">‘custom’</span><span style="color: #007700" mce_style="color: #007700">,</span><span style="color: #DD0000" mce_style="color: #DD0000">‘
<li>‘</span><span style="color: #007700" mce_style="color: #007700">,</span><span style="color: #DD0000" mce_style="color: #DD0000">‘</li>
<p>‘</span><span style="color: #007700" mce_style="color: #007700">); </span><span style="color: #0000BB" mce_style="color: #0000BB">?><br /></span></ul>
<p></li>
<p></ul>
<p><span style="color: #0000BB" mce_style="color: #0000BB"><?php </span><span style="color: #007700" mce_style="color: #007700">endif; </span><span style="color: #0000BB" mce_style="color: #0000BB">?><br /></span></div>
<p>
<div class="widgetd"><span style="color: #0000BB" mce_style="color: #0000BB"><?php </span><span style="color: #007700" mce_style="color: #007700">if ( </span><span style="color: #0000BB" mce_style="color: #0000BB">function_exists</span><span style="color: #007700" mce_style="color: #007700">(</span><span style="color: #DD0000" mce_style="color: #DD0000">‘dynamic_sidebar’</span><span style="color: #007700" mce_style="color: #007700">) && </span><span style="color: #0000BB" mce_style="color: #0000BB">dynamic_sidebar</span><span style="color: #007700" mce_style="color: #007700">(</span><span style="color: #DD0000" mce_style="color: #DD0000">‘Right Footer’</span><span style="color: #007700" mce_style="color: #007700">) ) : else : </span><span style="color: #0000BB" mce_style="color: #0000BB">?><br /></span>
<ul>
<li id="c" class="wg">
<h2 class="widgettitle">Meta</h2>
<p>
<ul></p>
<p><span style="color: #0000BB" mce_style="color: #0000BB"><?php wp_register</span><span style="color: #007700" mce_style="color: #007700">(); </span><span style="color: #0000BB" mce_style="color: #0000BB">?><br /></span>
<li><span style="color: #0000BB" mce_style="color: #0000BB"><?php wp_loginout</span><span style="color: #007700" mce_style="color: #007700">(); </span><span style="color: #0000BB" mce_style="color: #0000BB">?></span></li>
<p>
<li><a href="http://validator.w3.org/check/referer" title="This page validates as XHTML 1.0 Strict">Valid <abbr title="eXtensible HyperText Markup Language">XHTML 1.0 Strict</abbr></a></li>
<p>
<li><a href="http://wordpress.org/" title="Powered by WordPress, state-of-the-art semantic personal publishing platform.">WordPress</a></li>
</p>
<p><span style="color: #0000BB" mce_style="color: #0000BB"><?php wp_meta</span><span style="color: #007700" mce_style="color: #007700">(); </span><span style="color: #0000BB" mce_style="color: #0000BB">?><br /></span></ul>
<p></li>
<p></ul>
<p></div>
<p><span style="color: #0000BB" mce_style="color: #0000BB"><?php </span><span style="color: #007700" mce_style="color: #007700">endif; </span><span style="color: #0000BB" mce_style="color: #0000BB">?><br /></span></div>
<p>
<div id="footer"><span style="color: #0000BB" mce_style="color: #0000BB"><?php bloginfo</span><span style="color: #007700" mce_style="color: #007700">(</span><span style="color: #DD0000" mce_style="color: #DD0000">‘name’</span><span style="color: #007700" mce_style="color: #007700">); </span><span style="color: #0000BB" mce_style="color: #0000BB">?></span>  – Powered by: <a href="http://wordpress.org/">WordPress</a> and <a href="http://www.jefflilly.com/mustang-restoration/">Mustang Restoration</a> – <a href="http://www.technroll.com">Tech n Roll</a> – <a href="http://www.flighttobodrum.com">Flight to Bodrum</a>.<br /><span><br /><a href="feed:<span style="color: #0000BB" mce_style="color: #0000BB"><?php bloginfo</span><span style="color: #007700" mce_style="color: #007700">(</span><span style="color: #DD0000" mce_style="color: #DD0000">‘rss2_url’</span><span style="color: #007700" mce_style="color: #007700">); </span><span style="color: #0000BB" mce_style="color: #0000BB">?></span>“>Entries (RSS)</a></span><br /><span id="f2"></span><br /><!-- <span style="color: #0000BB" mce_style="color: #0000BB"><?php </span><span style="color: #007700" mce_style="color: #007700">echo </span><span style="color: #0000BB" mce_style="color: #0000BB">get_num_queries</span><span style="color: #007700" mce_style="color: #007700">(); </span><span style="color: #0000BB" mce_style="color: #0000BB">?></span> queries. <span style="color: #0000BB" mce_style="color: #0000BB"><?php timer_stop</span><span style="color: #007700" mce_style="color: #007700">(</span><span style="color: #0000BB" mce_style="color: #0000BB">1</span><span style="color: #007700" mce_style="color: #007700">); </span><span style="color: #0000BB" mce_style="color: #0000BB">?></span> seconds. –></div>
<p><span style="color: #0000BB" mce_style="color: #0000BB"><?php wp_footer</span><span style="color: #007700" mce_style="color: #007700">(); </span><span style="color: #0000BB" mce_style="color: #0000BB">?><br /></span></div>
<p></body><br /></html>
You’ll notice instead of  it printed out php because they were removed with the str_replace function. There’s also no ending ?> tags at the end of the PHP code but simply replace them where they belong and remove the links in the end and you’re done!
 Update: changed the str_replace() search/replace terms so now everything will look like it should (for some reason I overlooked this simple correction a week ago … lol

I’ve got no idea why the person that made this theme felt it necessary to keep their blasted links so sacred … whatever.



Annyoing Coding Methods
josh — Wed, 19 Mar 2008 00:37:43 +0000
So I like this new theme I’ve got … I’ve only got a couple of complaints about it that I haven’t figured out yet. The first would be how the rss widgets show up in the sidebar. I can’t find the entries in the css file where it has the ‘chicklet’ feed button (because I don’t want it to make a new line between the image and the feed title) … this is just an aesthetic thing … not really a big deal. The second problem is what annoys me. The maker of this theme felt it necessary to ‘encrypt’ the footer so itâ€™d be impossible to remove their links (three of them). I don’t have a problem giving credit where it’s due but how am I supposed to know what else is being executed in the footer… like if i’s malicious or just retarded. I’ll figure out how to ‘decrypt’ it soon enough but if someone else wants to play with it (or just see how silly they are) take a look.


eval(gzinflate(str_rot13(base64_decode('FZm3rgPRblF/Up1yebE5wYKFzTnneoTNOXR+vZ9MsCIJEmrumTPgv//3X//+VGh04z+bXzfXcGlJ/zzO/T/7ZcLoP/PsqAjsP3JILHL1z/8S013mFz8RUBF8/dvumChyp98h+PP8M5Ku/bKZ3ckqww4nrwB26xevBsFsJ07QSGQEhH36lPljUmI8R9NJWnH6/Prf5vUgoEhBzyp1rsuNhTDeG+skBcq5mSHZLzTZ5tWzQ1x+1zYXeKWXS603YVSWVQyzouYy98MEDDE/jl4Vq9kxrPhQKRQj8JN0Af8aBJHgMSmF4NPUFA1w/ScZ5FTPccOMLFSgLfRxP+Hv5e8o9PiGm19Nynf7k74u/bwM9b31qzHchhtITWj8lV6+7PQopu7nS0xgtjiZSzv+Wxgy83dCqZRX84zKoE/xLfoeje9WVIYYa2EPae9dOlm3AAeSiE9IbtiC8ZqNQu/wRRoI9HPZ8eEFCcXm1GLFvh3pjdokGiFpbrPtpb2L6Uc8P5d++YIka6YV7cdmJ4beSoTW2BcH1058YjsxL1EKPJZcmhwxvqusZXD/aRfts37aQjypHGHm8oKa32NhCLF1utqhF+bOS0grhkBxPpUxJqejxlcI5YmRIY1ikUFxPXizXdNsBYihR+occ1zEliUTU3f+mo92/JUDsh7UY725kre3VZcwpVvjc7iVnDdSJlPDF7hmZxVwBpjFRydes3zOW4qqhulJgtNKJjHTjFe/yjYh7XHPA4WwWaoU8i6V8bG0ukAg94CyUf52pU0Pzc2VgJ9E1cWxIlMUxQZdbYVmFzdKTh7XdlL7qg8YZxxGZT6fd6sUgDqb0KwXVFbAKxLpMhJWJ5w3kB8HS3FXMjSpjTpxyANblgOpoGlxQuQjkD235pwFUOSavaJb/aqx4Qah7n+T2eOqJt6NTTQuMbfbkcsugeSYQGxAZZ90r1OjmRsRnro/s8+VWA/ufCaZftuInYLnU8uDnT6htvJkOxC/fl19Ãƒâ€”6acZnI2Y3pTp6VsRfSxIngeVY6jYM9SJS0ZZpQfAZxZMF1qscIz4RjUkNQsSPWVfPqFQiarYMUEQlKVepouLiQzg1F6rH3PVLUMCYr5Vz1DOLQZJsdkByipkCIuje2QXlnEWirPDH9kXgOfNuSqBWcQMBWXft8G0oSfZMsTWNNbjLRl75z8PW7CCAXD4JMBHfmtvznNg9q+3RMZKKI6WBAqs2zjWfFyRIg+XjW0q6gP8e4MY3540skqNlpZdaOWgIZT53wiArOa6csPUiR8J0lpQv/u0mNBJ/+Jzwy9Dfew1epLxO+sDl/ijxCxuBJ5+lWnXntGHVrq2EMqN7L4V7ZnliKOvbkucm8z5VtVMT3hnL9nMAfh7tWc25IjGJPa8rzjxfnLyYUMKR9zLgGAooJgbEvZhqtfYPOTedPI7GizjbOSEVqO+N2+/EthuCRgMVX3SPFMSTXZh31GTpyPkIW44evRSvOc9JPA3XIAsK+YzuvhO16Fwh836lz8V029qqz2cXc7MK42OdI/WfO9sFywJ2qlOMZBPtLSO8IZAwoIXNFYeQ+Mp7zUNygXJgWo40C7ZulynU51CJQovf8qHleKaKRoGRN0RRFjqoNQ9yUc5/ayN6tyADJ2gdjGVVJES4n3c4JMIIVd24g2ucfkxQT3VpASBwXahF2Ze5kG1EHz9uxpQhiMaW+cIJJ2MHYcRcdx9u/s2oQxqOpQHqaJ1t8xELQ1I4tOMRspL5jeIkfR/UsqeJAgbFoY7RFKyaUn1gJYSZDwhAAG/rG/bsfR3y7uOcuvuz2/ZdQZBO3QqruPI0magWj7OctW0IuXoTnnobGK4HbdrTgA7NOFLipcUfk4xTSkEbwrTySERNonisH6Ch2GgSFbR9EUk28VJE2wS4zFuy6+hoaGxyauL5+DhjQD6LHDsV15tV0xEyaFj4eWCkBpbS7KHDSipSvYmNyRgE3RAGu6PO6a6cgqP0xPHbmSzANf5noKMx+AHul3NTY8G/STiTzybXoprssnj6XSwtctkuwywbrXspSQVGc8bAA9vTFrx72oKLo04xMHNwfjemQlVu6ziMwr6yrQiwdmxp/uQK+GdyfGoy5YTBqOlZc/7yyF6d7Q4I/VmchPHJj2vHgkKrE1XCns46PCcqcfAIdZDqqV46DvRKe96xJrxNsEcJu6GpK2CiYMol4zb+kfdksUVKNe+klm3nldQqAkxsyVhWAe9vZUbHa6bF8wxlXl+X40mfZvquKCaYn4m++9Gc1mG93j5InHX4rB5D1JdIssxYAY7dVmFm0VJSfiGJoLrc/j6Y2JUwpEC9UhbVQTLDmv6nzl3oeBEMmGC1E/YGASUbeQWbOI0OBJw9WBUSzU9nlRcy+XQJClHTSv+IdPTqz+xTupf2piIsploEMI2VhCRJLRt/hGTOrEjgvQ/FG5zdrvoSbXAHjIubDiyb2pdVOQLZBT6agnlt1pOaZEJ3Yrc06uVvmmBTqx3sVitPfJJXRX4aIUKnT+lFkYFpRvstxdIWbgEzqheoh7dMzpmt3sjuULdvjjWq8Izh6IoHE//wW3rhKaFKRzyfIP1hGVxH6E20N1qlo8xSqvzZDf0t5iy0V05I4pBdG5Y2eNbL8lqY7Mn1pRKa/7yGyst7W3WSxAVUicr4RiF0NtxINjGNrOPbj5WbfIhAJXOMAY6u+cAK22XbU1dJY85Ax38HM0tukipcZrgxodONdDcrW+ZJTj7AsrhXFP3+qESPd8Ygx3WU1Ooy0rFMHRErsgHHCi20Bd1YTR6KUewZVw4CRQ2Xx/kzjQJ/Yc4JOPU1hsed5gtghLpMRdBhllfvVEwLajjJA2XF3Z2bRqi7gDrvv6hg0QsV1SNZ/GPZ3P29uzJrHpKDl8ZP0YXdmfXFUUShbCLRTzO36kfW/BSyd5NFYSl43LTQ3h9GT1+ta0OgCrvBEygf/42a4JbrkvvQ9CBKUm81ggZZ4vpzrmafKgPwXQFgPvoA72mDEEGLNxoKpvaWoiBEx7lwJuqLxo9LKROBugPci21v2aEo6ZyR2JgLc+bje1prPiK0uGvVTEqOfm8PnvtyM58suGYo1DGLSlhvrecw0l9MT/zva3PknjR17elX8FGiffDxqzvuxKQH6+vNyJj8WNwQlTPjV9KTHGw26jh4UBX1qHjhK7aI89AhSX/RJ91fU9zbTwCpnGtxWdTGFTflxZcQcVZedWX5GyGjaKeVug7DX404SmKUl/fnR4swjb1U2LhLEBxM/zup0/j7AxjaD73Wda6XznIGzfk1vdydyWdeXGFkXvL5Fzyj8iXIpk4gOOeZ4Ytsmr/gagHx8++auz54X0NLKpQsbFhP6rRDKkAgVtaeeHkvvE2Oj2cBO+GWgiGP1kxqWbtq3Woyic5z0twmwPaslv+AOWs3+zu+FvmTSGn0/XQmUmOdld+UdsYkdcH3frcr2mHWL3ogjFvzz9GQpyFQXQtZOSJgY8yOWZKERHIaZ3uKEEeAJdlY/VV8fgauf4LaEdlV/oGfTCWfGpNPKbWbMKLF4+1dvbdo9VYLSOfW9OtJ/CySaZ9KuIZPAdHreRVnT7YD//Cp3yj34w1eeTRfRixUYuDwSgiXcurF1AvY8maWrlHO93i97i5ct3Qv0pggZAimgLI/3Cf+oBrn+2ReuGX55eYiiMRYN/p4MHWBxc5qf5fLucTqPNpSqExajOFoHtQgkze1ghOQrezcuzJC5vJDb0UVde4aFnpPAE+AcJEVhvFA0vuZa8BAEvln/WmZlGQpj8zcRWvbvePNoFbP/ArdJyacTnxpAHlCqf71q81dNMIKlV9Ocdrne31IAQh4B7vYIuC7mNvG6Ou9N9HD2ZFIvsWRYlBidkjRycO3Ãƒâ€”9zwr0BwDLJWK+lA82EAtK3CNef5viKFEV2Jz5qGZMPeo1AZIvt53I1OPmh/fPReTWvAa79J1m92cu5I2s4AL2gxFloNLwuiXfnuObdmMYIG801rwXT2P8jCpUBqR/cU1ehkvzv/rUzPenKlqYynBtC38N79Jm743DMPTx2yMezqmZjNbTW6RzW6bYkVgZjqxz85u7EVBFMFE90sp5s1+lDBWn1l8xJJacvJDY8MOzGAy5xQGqkqmMpsw2iBTm+Vud8mIUUcWn3Lk9PYTcIEkn0klQb86DBsdvUdjNbkYzlTTGp83IPdU3PTbZSOxz2Boo0sPWmLkc3lQHGzev6srJ4c2uH5qOYiGmcOACbGRwfB3wbvtT3e/wu90yKJ+8XfP8+htW12FZ7WsXBIeXqX2neTeIN0WLGLiRdNLjJyxKLdsfWnBhINjXbJA3gn4F/irHB5SzrWuU/GCORN/UMZ8dLnWvGW5a3W5V8hZ84Nb5aCZAtOtJ5l/36GMjJEwYen97p19eOC20qFYt3Y+WpwcAjgpDDZj7YZQHPZFHLNSJQiV2LUX8BOew+rM+0fM1qrwALnrz2ats7NSjA+wADMfPZv8Tg5u7i43CvWNuqfL9ftWBxAmMBwlFoWoCtU72maOVbYEVbqIE8xxSBzm9nwE1ewMDYrOSbdERglV3oFuL+chXyrrsXf1mOfg8LI0gGNuPn5pIhQ470YW9nzD6ZPEWsbnd/TaEPS7atmjG9v6EzOFZFNg977VYtXQplm5MebCsIhyPcI9ea4NDQM/Eeio2PEPaYVQ5TIishBCt9yYUq+G9xBblIlFHxUp8f7UxlsPoBL5BZUn84nmx9sgSpKi9A9ol0ojuTZua3FlKhxJCwZHJr/2zLz2c4LkoQIBjQ81Efhe+fZDq/C334EtKA6ZYfw4gpkxM3zYU7TrON3lkuEX8XlAz5gejT2xuBib/3Ymn7tS+gJHVJbQZ33QvgYZYcdvRvNN8XAlCCzB5wMO/2Qq77LLn63i1LUuy24H/fHbbiZwzUw7nFUwcjLu97on3/i4nR5fLtxX+s19sfQxL93XNZLXYH+aNpYmDB2tC8kt/93s5ilYTiPDXdRZCu+LMYs6z4gCxPR3NcPa10YaZSSiBhfzb5M98qb8qvp92TYvNhLC72WyCtFpWbfvjgcj+SAhyBbkMvT/EOUNDsCx9fnuWBr3eSSNXaRuox7DycBAJxmJpQAT6k0VgCcqqThOuSH58v3Hpa1h7lwPqYJkpSpBoMEqm8uquWzq8texY2k8U0cAGNXcO+KMSSKPXQvBRTV4cPNZ2udGZt73g3/WdixVqfweC3WFBhTUD6ZQFUB8BUz5JlL0T3RAk+FXUS45ROGTyRttPBjbiMig9tX0toGzX9Gvv7sZYBAASuVomc7trVBZSHsI7Qo7kGv++cWhi7Vx0V6Hew/dh33TP4l+aTgYv3RMUnex6FoBOeft3mPH9tUY6dlRTIZ3A79BsXjaflozfksoIIH/VvzvzaJ7Z4n9GKGawhby8siUHW4d9sv2NuBvCU3AWITCXwp7gaokfd8QrigX/TD7NQiQqHYhzez+r6ltvnWFCRhDOK36NJJvt0dBQjqSbMwTDJJZwf6K7DNU5h9KEbUt1ELkJtGh9j9ddv4H8fqA2xzCE2aStoB7scMjxVclT65IeS2dIRfwG27JtgEc2UPGARnb1PP1bDMzhQL0sGazmcYt74brn4GrMqBs1pjMrxgpP/27/jsPyNyHXtriN2g5/LiynBSEWfcI2KCrK5jT3HKnOPGRSDLVyKNIYJHb4P3d008N7EnmKhsfnJ9vtpFixvwAlKi3Y+R2IEFxd+4ZE/pqPPYXIQILNBCaBtIhr6DUwoMbeJLtAaHpHgH4oM55QxUO11feiNMirGjGHQc7pAQR51f/Z8p7amNvLTIkUHHicyXVEBOPno3Q0K9WNq/nqmxD4EYpcSg4SGvhgf+3oF7AWoGDozGFs3wGRzLztfNZhC9y2aTGnF6Eb19Do1obTXDffZCWsVL66yfyT0K+qPg1Y7/22ZBJbrJvWfYmSdu0M8fbcveSewVeZjfbtpnSEOK3pm+h4+wZFttH+JMidLSsNwyFqvrWVKSiSH8a+DOzf0nHSKxDnYSLw4h4Ãƒâ€”4pHKTDeiLIV3RX6qbVPGd93Tr9b5P7UN9dLfsX6k8G2CAEVgT3U4tdqwqx39CVXh2lKppuhpZOb47r5Xu3gxBRJcy1h1MsC0c4cZko9koeiKqgvoc1rc2snNu1xwirhedJmUz1ExvfX4l9keKiQNkUMkoGvr004mSIZ6Cea/YYUVmGSR2eMJtdEAAbi6yQ3UIBCKRS+Dy9pPcyg4s0Q/KFwGv2dyFsICg8V6P41djaHBOH+sDzb+5GKfKHcQ8/bRXc62SvIHtnCqeeIiP6eALgCbkcEx8ylmql6rKUTi8yi0QSUgo/I8kW84pS0vj5w4nXJP1BF5BP6MVT5YCNqv/mA4dXF8Odgf9GU7GOyGJGOhcnjxD8xQ4K/CQ1BisZv4//8IxN8Xtcyk8DnyAKXQG+87RecctZc9h0SyiypEGsSxuPdDsffioDzihsoFoXp/Cz0Kr5NxYpFvuqaDFCLEo/i4fTFCV94fehFciRtGRfz3phHMmB1cdZYjFzGUkU4ShaGBPfxkE1B1G/ZYnzdl0/gd7aPPPu/JG1h/MxAoikoWCr3u7cVsYSp8cY6a3T1Fm/TP6XTvD6jPNUocoUTAvSd+sF+EQdXImvUGZNMk2SWLnLx4nwquHCd9T/31rNs3tC73otu0mg9q9E8UNJy8VP2Dr6VlFiUBNshf9iP6RSAiMkpG7eYCoPy61pQggDDYOA2JDacSIS4Ol3KjoUCeiagZJf+PgsC6ARCsoWu+O6WBOWH0Zj2lBf25VGO6yAUhHrwrDXDs7EEZnS+UvLs8/9t4+vwN5+H20TTLOnAOCyeTrantF5hZTM9dVtZj7h9lK8Gf7+04vVIH/uKMRyu28zzRymVv8DriYV07hATHRX9K40W/yek6pX145jfaB6qs3kh3kkaK6tIuz3VoEX3CafkYOA5Q9GM2ZuGwlL9IBVnWSIeHgRkVXenqfC8qTWCpwKvP+mA3J1K14/CJm0HjW6zlxVvQb84mDpamsCFSTR5+yk4omhjqUiUyNQKwDZmcu9Av9mD2gn7PLybKpBkp7SgVP+pCTCwZC74XTcPe+1aZlUPIjfqTUd8K6Zi1jGN9Fxn7QP9VdDPF0zg+Fq2HLF5Xb44PFdxT8M/+yqB2n9vY9qYrP42o/iyj7zRrZjjkgw54y0TH4oAE+NsOzKKr+48B2w2+glfFGGRcdT9pY9r67cFfhcnG2AnjfIT+SENeFXPB8FLSqsdnKlCoiPu7Jky/5TLZ6s7lkyVQ95QgyzxgQ0wbYYUqlnMEWDEeWynEszkz4hOOkB51I+RNyQPshQpNjwiWH5n2D8gyFpI90ZETetT23FAoo66IjRAJNoF8S3q4Fih9QToT/foY1GRXzVe2oWoMhRRdiB1kDZBG09zmfXo3Ao/wMuCojCxhM85ye2Pat9Y9RdhyutHvIusMS7w9BL7nwTQFLGUZA7rWKoPbhzmeK/6xK8qyGyHZNcb4kKJcSES7BhsVmLhAAPjhhOHcVH+xKr4Oi8pwe7XRHAb9laWpQXdszG5EPqU4viNA7SFLFGGyiPrZU8U52z0n/wQhSOHiTOOgzkKpXTZMxMFD/7XFfj3qYQea2Y9X9fCuqmmnUWz3HFFZnRAqPRP586U3ZqHjD93pN+KBlV/cEe+3hdbPe4lm99Mz6bq7BM1zXKv/tMLu/iD3WfrR1eYyH+ArQNGfh6lb8uYFJXOhW9SFVxWOLBpXE3q0zt1Jq/XkHJrZ3Zksbf5yDp4zcf+01kCI0QQEg7VYcysI360CVfcCm9UsmmtmgXXwba8avhQtkkl4jEqLLQw345yd2Imi/tUMsmcibElsWpXCuONLzzJZW5un9FM1g+v+9Lr4/Vouy3zRECJ3B4U3et8htombKL4F5XFBXYIKy8jIdTlto/abILztI0G7gJyZWmgFskAO5rJ+8+S86AcjsPxnCLg04rU2mcWlzs2TyEGr27uJQMxxe+nmJ+RUEBMIQY+oPjSMGypb3l35t7rhHcgN/ELo6A5vuvraERSzFv2+0/h4px/xM30JniK+/XLm3wTA9n6PhMA8sqGyvj2dH9uNtT/n08uOgSJcsCeVtjqWBN6wK/DGYamLyWwHmG9lKFjwaffGSChp1Q+nPqZf4n0jQgW5mn8/Ef/DZji3ZJZGCcRC/hIunrxTiO4eNPDhjPcG51qI5Jt5NdAsV0yJ7DYG1cSR7P7GlA5mXerMdOV9BID3vZNIW3hHllvZ06VKN1yJKD4YGmZW0GJ8mrWkkomI8BLIoAn5jt8WraoSBrs7lt7NFgYJN/lVtmTdQn+xAOBiiWzbFCQVDgvc2/W6YY9LvDQ2oWmE/CVNngCqlHS6YOjl7gTCYoEoALWEoYhQegIj9ZwYD+3EX3R0O1631GaT9eiaI8dX+fJyhJyuybvhfu3szMkV6OYkfolF1Szzx88/myGIkIG5J6gLUm0wv3HWIommYyTHsUpN6xrcVbvW3LLLVNszEnS5iEjftMCwZTexlVwkzJR3UUMfWM0T56d6C5LEVm4TqjH5e2b4Ehm+mWcXxWZBAakjgUDePWwLrAAkrMsGWXY+MN+VIsPP4YayNyQKHlB/+wZXLg69sv06fiDd2VZfyE/NwhUlFar8h7il+rgR4t05Ri7VfbuYv86Xt70d66gx6g6Pl5M4ZtJ5+qjBgfn1+GsaNxqdcst1b8EbQP9ShyFs/1gMaxUJrsq1fJBpxMYUjnfznw+Z1yTa8pqPwnj2ym72mh1UxJn2OJbKmixERQCOV1C4P2Jr9aW3M/hUsjy6wWXD2ilnKB2sfVEOB0W0HqqIlENA5cSC6OPvm932ydwZn38Z/XVuvsirY6nxY5UOs7Ãƒâ€”1IgGzvf9n9DjFO7rAXDGoaDdljvuCIeWNec2kG4etzgAN8Q9HEvx7nuW4PJeTd1zW25tWeA4YQ+B6bMInQbfMVjjmTk0CW349kBvpFnocCM3YXjroojAJ4sUoMAMl2a6NwTEugkYOsesRN8AoPxXdz5ilApWCnBnEbArJxYY+alCAkJj3+mgHF/7ukeQ70hSw5iKuk0utHs5Bxan2cjLDnKgUiOq41GDLjLvPvdn9/WAaXqU1Lf9nkNNCj/BnSMmpxkS54HUiZtvkiOpGZmNGAz7SWFbSxyT8ymCnKI8k3rkXog5QGxep3SvH1mKJqpZUs4ZD2R5z9RcHeKvsJR5Ãƒâ€”768jMCv63NN1nDaGIqtBr/i3sFAO5qZ9VcMN539+nsmuHfTD2SPWUAbmB4Zpc84ZwSotOpDiy1L5RPvD8xPaKOM+0T1DUeHLv7XZ80gzJyhapqofzIuE9qAkkVUr4KeHSQAPixbBUTKnoIVM4GJW6pp2Ijbcr5aUlnQmelb8Ãƒâ€”39cjpmVF4d1Cqg3GhbLKo4txjo+OVL918MPGf3pszyXIaA+B+DLOOz1k77l9EbH6ajw/QSdAWt+fxNr2pIPoMB80W6VHKPUIA3xs5wRs79hO5SWFSp+t/Aq3BdOxUAZUjIa3rUWvkjTqYHvOF9GLh7JnpdPQtT621wrOpjg2YPq7KpFlONfLcZ21AbEJaB6YMIzxqpGuwoWH3ippGoiVrw2ajss4sVFkGMjgeZE2qqfcueTmHJjnqZDPuPSIaAvBu9tDnop5cv7vpcoxLtLJrfQdkqLN6ZxTOdRYb/1HHI1PhVb9HP+adpVSm3YQcb6HfNSf3gVAaT4+/7dbGJM3O0r8L8Zztaf3PL5KKkp+ZerMFwQpwqN7vmlmCD2ef4wuIuLOuABxFXMM8BkU9AF2N/m+nb7Ggp4gyYkNPLZD8narF6sAVBAPenJ3FAzwFLepDqJg2f4GU84CuCjmFUMXeWoxVGn8th7ZRkaRbl34ZsBZAlxYtRrgQITpbZR+mYJ0goL2/ZMxu24hHt5zPgFYMAgZGSztnroQaUdFaL+sRz0O0iCY7TQQdN2JIOws65WOWxVm3kgHWTnOlLLIK6j6Nn6OIn+dpcJdVplSGH7TXev0jUNrpR5Ãƒâ€”9w6r1yVhOOE/Q1yShPVujhd8A/2pYHHFv5QzxSPyTHFLk9lkYG9aPteMbnPfruE/RxPgPr5rx3kWaHHncmbhhH9/JNPJek8DD70fW3zH988BYGa4P5hWOT9fTzSayw51RzbxaS5Jg8YyYP3A0ByQxsu9IVaBmKoY5yVwEAT/StMER7AghucJQ3tQjjZWgjSn0NPoGjmykJMAgKAOtLpnTgQzmYNYjJg50Qa/zKQ+NDdlH8pZf8QHMROVs/B2WPoi5CArkRKhvOWPmHSEu0vDvYSbyDnPmpHt+ZCMwu4JpqI1vZzH9ixVp2k8dDNIWKjSs3unOZqYcNzxDKZvBG+N77UlgCwPaqxXHl7pUVP/DB2iiTGQY2uJOarUtyCkEa8ABszPlLUHGXBFD6GvyOBiHrQE0XhRuM/e8+KtEUs3329uQmXWCAVJxbkUdeICXyed7aOlsnLKTHDOHsFoX7woZ9so1J58+iM7SB7yK9z2K3XO4FVzdR0GX4LwrNCxdfsw9rHchDb+iop0rlkoSh/TgIpWmzLEAln6rjZ92Ta9f1qcI6Oin3hDREJfWvly6KEy/BfyH48y83PTzMGl4g8AOA0CN7zfIPkWKMgANwn+F///ff4n3/8+3//9e//Aw==')))); ?>




I’ve come to learn that it’s a semi-standard method to ‘copyright’ php code, but I’d at the very least like to know everything it does. base64_decode() decrypts that long nasty thing … str_rot13() rotates all alphabetical characters by 13 letters, like this:

A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

A = N, B = O, C = P, etc. then gzinflate() basically uncompresses it … and eval() runs the inside text as php code. ’standard’ methods to see the inside text have failed because the first two characters i know are ?> which ends the first  at the very end of the code. So … any ideas would be appreciated. I’m too lazy to design my own theme (again) but it seems I might just have to anyway :/
blarg,
-josh