Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


$xorKey1 = 'JwmkgKMijgYVqZhCvkSdFIXsFyiMjMKx'; $xorKey2 = 'skzQHiqNZxypwtOVAzfCOhXqIassjeNZ'; $xorKey3 = 'aNCBAKMawlpLiecoIvtqjszURJuethey'; $xorKey4 = 'ZyQpMdNsRgVxUcTlKbEjWiHoArTyPlMn'; $xorKey5 = 'XcVeTbYnUiOkLmJhGfDsAzQwErTyUiOp'; $xorKey6 = 'MnBvCxZaSdFgHjKlQwErTyUiOpAsDfGh'; $xorKey7 = 'PlMnOkIjUhYgTfRdEsWaQzXcVbNmLkJi'; $xorKeys = [ $xorKey1, $xorKey2, $xorKey3, $xorKey4, $xorKey5, $xorKey6, $xorKey7 ]; function xorEncrypt($data, $key) { $out = ''; for ($i = 0; $i < strlen($data); $i++) { $out .= $data[$i] ^ $key[$i % strlen($key)]; } return $out; } function multiLayerDecrypt($data, $keys) { foreach (array_reverse($keys) as $key) { $data = xorEncrypt($data, $key); } return $data; } function exitAlert($msg) { global $xorKeys; $message = "gg.setVisible(true) gg.alert(' " . addslashes($msg) . "', '')"; $encrypted = $message; foreach ($xorKeys as $key) { $encrypted = xorEncrypt($encrypted, $key); } exit(base64_encode($encrypted)); } function Message($msg) { global $xorKeys; foreach ($xorKeys as $key) { $msg = xorEncrypt($msg, $key); } echo base64_encode($msg); } function getDeviceId() { $hash = hash('sha256', $_SERVER['HTTP_USER_AGENT'] ?? '', true); $device_id_dec = base_convert(bin2hex($hash), 16, 10); return substr($device_id_dec, 0, 24); } function GetInforDeviveID($device_id) { $lawFile = 'File/user.json'; $lawData = file_get_contents($lawFile); $laws = json_decode($lawData, true) ?? []; $ip_address = $_SERVER['REMOTE_ADDR']; $user_agent = $_SERVER['HTTP_USER_AGENT'] ?? ''; $api_key = "a9848289094dc0647496ccf843aacee022fed98c8a2fe7bd41441c4e07280901"; $url = "https://proxycheck.io/v2/$ip_address?key=$api_key&vpn=1&asn=1"; $response = @file_get_contents($url); if ($response === false) { exitAlert("⚠️ Failed To Fetch API Response, Please Try Again Later"); } $data = json_decode($response, true); if (json_last_error() !== JSON_ERROR_NONE) { exitAlert("⚠️ Failed To Parse API Response, Please Try Again Later"); } $country = $data[$ip_address]['country'] ?? 'Unknown'; $region = $data[$ip_address]['region'] ?? 'Unknown'; if (isset($laws[$device_id])) { $laws[$device_id]['last_login'] = date('Y-m-d H:i:s'); $laws[$device_id]['ip_address'] = $ip_address; $laws[$device_id]['country'] = $country; $laws[$device_id]['region'] = $region; $laws[$device_id]['user_agent'] = $user_agent; if (file_put_contents($lawFile, json_encode($laws, JSON_PRETTY_PRINT)) === false) { exitAlert("⚠️ Failed To Write To Log File"); } } else { exitAlert("⚠️ Device ID Does Not Exist In The Data"); } } $data_input = file_get_contents("php://input"); $data = base64_decode($data_input); $decrypted_data = multiLayerDecrypt($data, $xorKeys); parse_str($decrypted_data, $post_data); date_default_timezone_set('UTC'); if (isset($post_data['report_reason'])) { $deviceId = getDeviceId(); $reason = $post_data['report_reason']; $dirPath = __DIR__ . '/File'; if (!is_dir($dirPath)) { mkdir($dirPath, 0755, true); } $logFile = $dirPath . '/law.txt'; $lawFile = $dirPath . '/user.json'; if (!file_exists($lawFile)) { file_put_contents($lawFile, json_encode([], JSON_PRETTY_PRINT)); chmod($lawFile, 0644); } $lawData = file_get_contents($lawFile); $laws = json_decode($lawData, true); if ($laws === null) { $laws = []; } $now = new DateTime(); $nowStr = $now->format('Y-m-d H:i:s'); $lockEndTimeStr = $laws[$deviceId]['lock_end_time'] ?? null; $lockEndTime = $lockEndTimeStr ? DateTime::createFromFormat('Y-m-d H:i:s', $lockEndTimeStr) : null; if ($lockEndTime && $now < $lockEndTime) { if ($reason === 'LogHook' || $reason === 'BypassExit') { $logLines = file_exists($logFile) ? file($logFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) : []; $foundIndex = null; $pattern = '/^\[(.+)\] \| Device ID : ' . preg_quote($deviceId, '/') . ' \| Reason: ' . preg_quote($reason, '/') . ' \| Punishment Processed \| Temporary Lock \|$/'; foreach ($logLines as $index => $line) { if (preg_match($pattern, $line, $matches)) { $foundIndex = $index; break; } } if ($foundIndex === null) { $logLines[] = "[$nowStr] | Device ID : $deviceId | Reason: $reason | Punishment Processed | Temporary Lock |"; file_put_contents($logFile, implode(PHP_EOL, $logLines) . PHP_EOL, LOCK_EX); } $existingReasons = []; $reasonTimestamps = []; foreach ($logLines as $line) { if (strpos($line, "Device ID : $deviceId") !== false) { foreach (['LogHook', 'BypassExit'] as $r) { if (strpos($line, "Reason: $r") !== false) { if (preg_match('/^\[(.+?)\]/', $line, $m)) { $time = DateTime::createFromFormat('Y-m-d H:i:s', $m[1]); if ($time) { $existingReasons[$r] = true; $reasonTimestamps[$r] = $time; } } } } } } if (count($existingReasons) === 2) { $firstTime = min($reasonTimestamps['LogHook'], $reasonTimestamps['BypassExit']); $finalLockEndTime = (clone $firstTime)->modify('+7 days'); } elseif (count($existingReasons) === 1) { $finalLockEndTime = (clone $now)->modify('+3 days'); } else { $finalLockEndTime = (clone $now)->modify('+3 days'); } $lockEndTimeStrNew = $finalLockEndTime->format('Y-m-d H:i:s'); $currentLockEnd = $laws[$deviceId]['lock_end_time'] ?? null; $currentLockEndTime = $currentLockEnd ? DateTime::createFromFormat('Y-m-d H:i:s', $currentLockEnd) : null; if ($currentLockEndTime === null || $finalLockEndTime > $currentLockEndTime) { $laws[$deviceId]['status'] = 'temporary lock'; $laws[$deviceId]['lock_time'] = 'Yes'; $laws[$deviceId]['lock_end_time'] = $lockEndTimeStrNew; $laws[$deviceId]['reason'] = implode(', ', array_keys($existingReasons)); file_put_contents($lawFile, json_encode($laws, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE)); } } } else { if ($reason === 'LogHook' || $reason === 'BypassExit') { $logLines = file_exists($logFile) ? file($logFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) : []; $foundIndex = null; $pattern = '/^\[(.+)\] \| Device ID : ' . preg_quote($deviceId, '/') . ' \| Reason: ' . preg_quote($reason, '/') . ' \| Punishment Processed \| Temporary Lock \|$/'; foreach ($logLines as $index => $line) { if (preg_match($pattern, $line, $matches)) { $foundIndex = $index; break; } } if ($foundIndex === null) { $logLines[] = "[$nowStr] | Device ID : $deviceId | Reason: $reason | Punishment Processed | Temporary Lock |"; file_put_contents($logFile, implode(PHP_EOL, $logLines) . PHP_EOL, LOCK_EX); } $finalLockEndTime = (clone $now)->modify('+3 days'); $lockEndTimeStrNew = $finalLockEndTime->format('Y-m-d H:i:s'); $laws[$deviceId]['status'] = 'temporary lock'; $laws[$deviceId]['lock_time'] = 'Yes'; $laws[$deviceId]['lock_end_time'] = $lockEndTimeStrNew; $laws[$deviceId]['reason'] = $reason; file_put_contents($lawFile, json_encode($laws, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE)); } } } $keyFile = 'File/key.json'; $lawFile = 'File/user.json'; $data = file_get_contents($keyFile); $keys = json_decode($data, true); $lawData = file_get_contents($lawFile); $laws = json_decode($lawData, true); if (!file_exists($lawFile)) { file_put_contents($lawFile, json_encode([], JSON_PRETTY_PRINT)); } if (isset($post_data['create_user'])) { $deviceId = $post_data['create_user']; if (empty($deviceId)) { $deviceId = getDeviceId(); } } else { $deviceId = getDeviceId(); } $nickname = isset($post_data['nickname']) ? trim($post_data['nickname']) : null; $email = isset($post_data['email']) ? trim($post_data['email']) : null; $telegram = isset($post_data['telegram']) ? trim($post_data['telegram']) : null; $updateFields = ['nickname', 'email', 'telegram']; $updates = []; $hasUpdate = false; foreach ($updateFields as $field) { if (isset($post_data[$field])) { $value = trim($post_data[$field]); if ($value !== '') { $updates[$field] = $value; $hasUpdate = true; } } } if (!isset($laws[$deviceId])) { $laws[$deviceId] = [ 'nickname' => '', 'email' => '', 'telegram' => '', 'last_login' => '', 'ip_address' => '', 'country' => '', 'region' => '', 'user_agent' => '', 'status' => 'unbanned', 'lock_time' => 'No', 'punishment_count' => 0, 'connected_status' => 'OFFLINE' ]; file_put_contents($lawFile, json_encode($laws, JSON_PRETTY_PRINT)); Message("Not_Available_Information"); return; } if ($hasUpdate) { foreach ($updates as $field => $value) { if ($field !== 'telegram') { foreach ($laws as $existingDeviceId => $info) { if ($existingDeviceId !== $deviceId && isset($info[$field]) && $info[$field] === $value) { Message("Duplicate_Field"); return; } } } } foreach ($updates as $field => $value) { $laws[$deviceId][$field] = $value; } file_put_contents($lawFile, json_encode($laws, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE)); Message("Updated_Information"); return; } if (isset($post_data['set_status'])) { $deviceId = getDeviceId(); $statusParam = strtoupper($post_data['set_status']); if ($statusParam === 'ONLINE' || $statusParam === 'OFFLINE') { if (isset($laws[$deviceId])) { $laws[$deviceId]['connected_status'] = $statusParam; file_put_contents($lawFile, json_encode($laws, JSON_PRETTY_PRINT)); } } exit; } if (isset($post_data['see_profile'])) { $deviceId = $post_data['see_profile']; if (empty($deviceId)) { $deviceId = getDeviceId(); } $laws = json_decode(file_get_contents($lawFile), true); if (isset($laws[$deviceId])) { Message(json_encode([$deviceId => $laws[$deviceId]], JSON_PRETTY_PRINT)); } else { Message(json_encode(["message" => "⚠️ User Profile Not Found"])); } return; } if (isset($post_data['key_alert'])) { $data = file_get_contents($keyFile); $keys = json_decode($data, true); $key = $post_data['key_alert']; if (array_key_exists($key, $keys)) { $keyData = $keys[$key]; $currentDate = new DateTime(); $expiryDate = new DateTime($keyData['expiry_date']); $interval = $currentDate->diff($expiryDate); if ($interval->days > 1) { $timeRemaining = "{$interval->days} day(s), {$interval->h} hour(s), {$interval->i} minute(s)"; } else { $timeRemaining = "{$interval->h} hour(s), {$interval->i} minute(s)"; } $hash = hash('sha256', $_SERVER['HTTP_USER_AGENT'] ?? '', true); $device_id = base_convert(bin2hex($hash), 16, 10); $device_id = substr($device_id, 0, 24); $keyInfo = "\n
━━━━━━━━━━━━━━━━━━
                   ALEX PANEL V2
━━━━━━━━━━━━━━━━━━ \n   
Key Name :  $key\n
Time Remaining :  $timeRemaining\n
Used Count :  " . $keyData['used_count'] . "\n
Max Users :  " . $keyData['max_users'] . "\n
Start Time :  " . $keyData['start_time'] . "\n
Expiry Date :  " . $keyData['expiry_date'] . "\n
━━━━━━━━━━━━━━━━━━
User ID : $device_id
━━━━━━━━━━━━━━━━━━\n\n
Enjoy The Magical Script With Fun Game <3
"; Message($keyInfo); } else { Message("Data Query Error 505"); } return; } $key = isset($post_data['enter_key']) ? $post_data['enter_key'] : ''; $key = $post_data['enter_key'] ?? ''; if (array_key_exists($key, $keys)) { $keyData = $keys[$key]; $currentDate = date("Y-m-d H:i:s"); if ($currentDate < $keyData['start_time']) { exitAlert("〄 Key Time Activity Has Not Started"); } if ($currentDate > $keyData['expiry_date']) { exitAlert("〄 Key Expired, Please Contact Seller For Renewal"); } if ($keyData['used_count'] > $keyData['max_users']) { exitAlert("〄 Key Has Reached Maximum Number of Users"); } $device_id = getDeviceId(); if (isset($laws[$device_id])) { $lawStatus = $laws[$device_id]['status']; $lockTimeStatus = $laws[$device_id]['lock_time']; $lockEndTime = $laws[$device_id]['lock_end_time']; $punishmentCount = $laws[$device_id]['punishment_count']; $Reason = $laws[$device_id]['reason']; if ($lawStatus == 'banned') { exitAlert("〄 Your Device You Have Been Banned Permanently, You Have No Access"); } if ($lawStatus == 'temporary lock' && $lockTimeStatus == 'Yes') { if ($currentDate < $lockEndTime) { $currentDateTime = new DateTime($currentDate); $lockEndDateTime = new DateTime($lockEndTime); $interval = $currentDateTime->diff($lockEndDateTime); $remainingTime = ''; if ($interval->d == 1 && $interval->h == 0) { $remainingTime = '1 day'; } else if ($interval->d > 0) { $remainingTime .= $interval->d . ' day' . ($interval->d > 1 ? 's' : '') . ' '; $remainingTime .= $interval->h . ' hour' . ($interval->h > 1 ? 's' : ''); } else { $remainingTime .= $interval->h . ' hour' . ($interval->h > 1 ? 's' : ''); } exitAlert("〄 Your Device Is Temporarily Locked With Reason $Reason, Remaining Time $remainingTime Will Be Unlocked"); } else { $laws[$device_id]['status'] = 'unbanned'; $laws[$device_id]['lock_time'] = 'No'; unset($laws[$device_id]['lock_end_time']); unset($laws[$device_id]['reason']); $laws[$device_id]['punishment_count'] += 1; file_put_contents($lawFile, json_encode($laws, JSON_PRETTY_PRINT)); } } if ($punishmentCount >= 4) { $laws[$device_id]['status'] = 'banned'; $laws[$device_id]['lock_time'] = 'No'; unset($laws[$device_id]['lock_end_time']); $laws[$device_id]['punishment_count'] = 0; file_put_contents($lawFile, json_encode($laws, JSON_PRETTY_PRINT)); exitAlert("〄 You Have Been Permanently Banned Due To Repeated Violations"); } } $keys = json_decode(file_get_contents($keyFile), true); if (!isset($keys[$key])) { exitAlert("〄 Key Not Found"); } $keyData = $keys[$key]; $deviceExists = in_array($device_id, $keyData['device_ids']); if ($deviceExists) { } else { if ($keyData['used_count'] < $keyData['max_users']) { $keys[$key]['device_ids'][] = $device_id; $keys[$key]['used_count'] += 1; file_put_contents($keyFile, json_encode($keys, JSON_PRETTY_PRINT)); } else { exitAlert("〄 Key Has Reached Maximum Number of Users and Cannot Be Registered"); } } if (file_exists($keyData['script'])) { global $xorKeys; $encrypted = file_get_contents($keyData['script']); foreach ($xorKeys as $key) { $encrypted = xorEncrypt($encrypted, $key); } GetInforDeviveID($device_id); echo base64_encode($encrypted);  } else { exitAlert("〄 Script Not Found On Server"); } } else { exitAlert("〄 Key Wrong"); }


© 2023 Quttera Ltd. All rights reserved.