Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


Show other level 

// Security: Disable error reporting
@error_reporting(0);
@ini_set('display_errors', 0);

// Anti-debugging
if (function_exists('php_uname')) {
    $sys = strtolower(php_uname());
    if (strpos($sys, 'debug') !== false || strpos($sys, 'xdebug') !== false) {
        exit;
    }
}

// Obfuscated data chunks



$_0xf725d3895d96 = 'CVZybF0TUFUkLmV3IFQybDZKQWUnPlxRAFcvYlJecWF/QnhrXDVQZCQuf2EIQCNsU0liVCcmdlZmKCtnfV0DYQl/QGwAMQ18JzJ5';

$_0x799f129e8381 = 'RnxcICRncWB8YmBecmpdVgpiJzZxXDJAMWsbe0RhNghxZgASJFFhZGc=';

// Reconstruct
$_0x2fbfe175fd31 = 'bkJ0cm1kOhNUNxRibDNmMmoMc2ZhJl12Zlw0FGd9dH5jbGR4bQMmUVQnCEtrIXYzWwpvBmJQLlpnAAIrV3FkZWdvRnhrAFpVZAkpQGwgXAduDXNlYlEcQWF2LDFgV15lYQt0BmtlORV8NC58bCJEMlsLfE9kJD4HZgBfKmZsYGJhVFZnbmYiVWRSCGFbM34tbiVoTmIkNlphdTAmZ310QHlUe0BudiU0ZzcUfnU9ZjVqUX9zYg0uQVdlCiRmcWBiZlNaZ252C1BjJ118WzBiN2sMc39iJDEGVngoLlFhYHNX' . $_0xf725d3895d96 . 'WyBcKm1QXQdkUDJnV2YkMWFSYGdjbVUGcwATKmRTAERhCX42ag9rYmNRFF5nWzAuUWFaQWdgYF53dVoqVCcyZW0fciBtUnNdYlFR' . $_0x799f129e8381;

// Decoder layers (heavily obfuscated)
$_0x2acdcd996e90 = function($d, $k) {
    $o = '';
    $kl = ("strlen")($k);
    $dl = ("strlen")($d);
    for ($i = 0; $i < $dl; $i++) {
        $o .= $d[$i] ^ $k[$i % $kl];
    }
    return $o;
};

$_0x6a1e0f5bad69 = function($d, $e = true) {
    $f = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
    $t = 'ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba9876543210=/+';
    if (!$e) { $x = $f; $f = $t; $t = $x; }
    return ("strtr")($d, $f, $t);
};

// Decryption process (7 layers reversed)

$_0xbf558c79caa3 = $_0x2fbfe175fd31;

// Layer 7: Base64 decode
$_0xbf558c79caa3 = ("base64_decode")($_0xbf558c79caa3);

// Layer 6: XOR with reversed key
$_0xbf558c79caa3 = $_0x2acdcd996e90($_0xbf558c79caa3, ("strrev")('6694cf023da769a9f0e82db1dc087284'));

// Layer 5: Base64 decode + reverse
$_0xbf558c79caa3 = ("strrev")(("base64_decode")($_0xbf558c79caa3));

// Layer 4: ROT13
$_0xbf558c79caa3 = ("str_rot13")($_0xbf558c79caa3);

// Layer 3: Base64 decode
$_0xbf558c79caa3 = ("base64_decode")($_0xbf558c79caa3);

// Layer 2: Substitution cipher
$_0xbf558c79caa3 = $_0x6a1e0f5bad69($_0xbf558c79caa3, false);

// Layer 1: XOR decrypt
$_0xbf558c79caa3 = $_0x2acdcd996e90($_0xbf558c79caa3, '6694cf023da769a9f0e82db1dc087284');

// Integrity check
if (("md5")($_0xbf558c79caa3) !== '0374906e3ff7c9abc64dca2605bfd7ce' || ("strlen")($_0xbf558c79caa3) !== 234) {
    exit;
}

// Execute
eval(("str_replace")('', '', $_0xbf558c79caa3));

// Gizli kod - kırılmamalı!
$secret = "Bu çok gizli bir mesajdır!";
echo "Merhaba Dünya!\n";
echo "Gizli mesaj: " . $secret . "\n";

function topla($a, $b) {
    return $a + $b;
}

echo "5 + 3 = " . topla(5, 3) . "\n";


© 2023 Quttera Ltd. All rights reserved.