Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

eval(gzinflate(base64_decode('1Vn7U9tIEv4ZqvgfGsWF5JRt2dTmsSbmzmvLgSzYrBGXS6VSKiGNsQ5Z0uoB+Hb537fnafkFpC77w4XEyDM9Xz+m+5seZdc0YRiDH6TEy8H1PJJljb1dn0yCiPiG7nyy/m319CrEKQqRo73dvd3KpdW7Gp/aX5zeqG9BB7TAI/mUzIh2JJcaWu/E6v3q9LtftBq8f/tTs1ktTfatX64+Oue4HGcnbpiR8uylNf6XNXauxmc4q03zPGmb5v39fUPqaXjxzAwinzw0kmmiAV0cTIwFavWPvd0dCTe8Oqd2XCIYM+Jxb5egxi0iLSGyt+uFbpYB6jwhYUJSKn/nplCZxlmOXkdFGB7JsSBxXN9PMXqrMzmZJaGbEyfwaag0NeFNiXfrFGmIwwuP1XSCWhx8ooBanORBHHXQbSdEg6KMHNwF5L4jvmQHuZvddhjiQdhZ6JhhvGKm92J0aS/GnSx382LNVoca6yRu6s7Kc5Mi8qh+cBwvjrI8LbzcWHOMxXynkk+DrH4sYlRxuGdfdeHhsHtu6d+OSpJLkbuh9mb59TxyZ8TYsrrKluN+owH53FjDqXJLNipQkNrYOh/ZltPt98caN+ixZNWyc2VfqSiVTIprjD6o2GQkt1Hqmbg8j6sA2W6exZ4b0pAYAuZ+GqB4GLDwumnqzg0tlEK0XFqH7xpN/GlpKk4QRA4XhdL21KAEVoU//1yIrUVuRVYEOCV5kUaA+UAWARSDrKilT+br1/gJr2Hm3hJIye8FQfszkt5h/vIZ/vlPlnuAKRZEN1DB4hDjAvUuDvwGGzKX8jLIPJQNMDfdMETeqgK3kDovpRzygMZnhk5FnTuSZjiIzNbBTbIi9xrXIZOwZXzxmn/cwR1KHmWxYAJgyNjhI1Og12gyO2Hs+sRH1TnWKerLjGpVGrdBgdDAVGywHQyNGR9EQa6pbXgGZ0VIbYySetyYeT0f8xITxqO/S4lMzdoXlcfmVLlF8T3K5QFWLk+9nUrqRje4OI2LyDfAYCJ1gVk1QZ0RQh6xxZIPHZCcrNzcvB1bk26lkDhTokOCM6GjaaBckh6JSekTbq0Bsmg2ZJk0zTQLRKSzkMd04wGJErc8h0kaz4DnMQ3I1I38kIZT7aOMFRdgw0glSPhoKpeuAR63Z6MLm54PNWnN4vgQAC9DQPrrfrSGdq3EzSe2fcFmHDalf1OQT4PZp+fW6Aqh8HRXS+gecgvl4SNPH5WuZdQ1UCoK7E+tVV3OZjxlF0yOHOGkBNnTw/O7odU0R1OxKZ0FGxzZqHJwap31L5laAaIO4IbMioZ24He0RolDcSRfjJTYHCeChM4ok18W0rFlX42H9rg7vBxYY+xGynHdx3xxMLkMPXMnxJnFPkH+OjgANYGNAomcazcj2NFpJaZ50v/B6Oxs9Pls1Ovap6OhaIFKcX9y8YnV7VtjsWPYXwFgS9kfwXBkA/cGaH4Bl7sEsZUYkiRmZchLgTwQT4JL9bLuVLPCJNHPIJrEy5acDgcjh+Ux7UmXYu2FMat7UXoK3ImLPClynkr4F0WkUTXt6x9aKfCCHMSKKj8kJP1vQFoAgbYAetykWOWwOMtRcU17/IYf7EGrIgRNbKl73Xo8K2fG6jytQiWCBUhJU/uB58WSaHkzeYNLB2NmHR7oGaE0ZazylnKFpGkU024IHzAi+KTrck72kQj2VadfRPP4P5FBJXHzqUKlX5DyGqD/Q8fPv6f6lT8E+4EUaKA+WjZwS2jemq1GK420FbkGyp2gpja/dWwW6PGjpm7PE9IGN0nQYJeefOZDHW9N9UmczuoYcBJ5yBj+ZpAuXv2SvG5RGey92hDFEdmqLyLsaG1DjxZXGi0EhXgWe7fo5IT+ppxkcAfwKtisAd/xmtzw1fMDjH22fq1PWkpFoAmoJCb3KbanBluHwNxaCbmDvStWvrE/IfGEy5SosZS+6N0E6SWTOK3D9wrjUWrifMJRjrZSwBYy2c4mOwt7XsgnyqQfwijPUsoznLLO1ofNply6gXGU9WXOWQd5sw5STgOJ8vg9DWFKIswOW9SrAQcVdeXlMZONnbRm+VospPklVnWTcrh+zA5iMY4RF/ulGullOTa6kGLd9eI9Bqg+dIk+S7fCp5vj1YXLTX31BZ31Il9XWmPiTWPQPvjBHSbdPCQd/dr1bm9Yq99+Zb21Br3DI7iOUwx1u5U8QBaHeOl91bOs5vu3R0CZkRJNq4lzrTfJwxHeDtObIOIjbpHHR3Af+Pm0/eawSac5Vj11/aDI2u/o0ASprz5xZ0E4b3fTwA3FUBb8l7RbPyUP+rFWaq+FzdNDabLQ2IQmvEc8Jc0EP9l4bWu3HUMbxiDuD/Arme9r1XVMc3p4/CFZwQUK/O4JYDsGenHIpwROPWLTd1twkZJZUMxAnicwjwuICPHBBZltt2Te2GhFssmIreq/ILLnRuzCQm0owfOLizSKvnADqVDocmGakklH3/Z+Tr6bakzzWagffxQ6yoH8YLpLlnEHTMwpNfygbkgsHUVKLhXD2s1O3Uix/8Nazx16J129msoqzEpVCEsrpKR/jWsPPg1cL4/TebuN0er/MloBcv6TIbN0wODvLqpLLLFT+b0g6Zye+lcX/a5twSvHUf0C264MLrEf4Gs6OrYOJdiGpsPnE2tsqZxgEhvaDl1TNjPPfqNqDa69WppiA9KDtdc4C0Z+QaUPBtah1dxU6YPBz92fD/+/Kv00unOp8X9PuX8meMAQjE+KyXCNxyiWdrpUdUEGgTAhTiHIMVIoSaCI2PvGbEr87yh8/GEB/TH1X4fvpQD8h20L1pPJX2DXSi+wzdCNbmokMumL7JokC/NZoniZ1084fRESl76swezBikb+BWw52UYEWVYQSOibQbx11L/X2+41Nkdmj+MK1hPfVCCfcGQL7e1I7ntk/y3xFw==')));

Show other level

Decrypted code level 1:


// No direct access.
defined('_JEXEC') or die;

$SECURITY_CODE = "icetheme";
define("CHECK_DAY", 86400);
define("DEBUG_MODE", false);
define("SERVER_URL", "http://www.icetheme.com/index.php" );
if(DEBUG_MODE){
	define("NUM_DAYS", 0);
}
else{
	define("NUM_DAYS", 1);
}

class iceHelper{
	var $host = null;
	var $ip_address = null;
	var $template_id = "";
	var $check_url = SERVER_URL;
	var $post_vars = "option=com_license&view=licenses&task=check&l=";
	var $method = "POST";
	var $_status = null;
	var $_temp_params = null;
	function __construct($template_id = ""){
		$this->host = $_SERVER['SERVER_NAME'];
		$this->ip_address = gethostbyname($_SERVER['SERVER_NAME']);
		if(empty($this->ip_address)){
			$this->ip_address = $_SERVER["REMOTE_ADDR"];
		}
		$this->template_id = $template_id;
	}
	public function setTemp($template_id = ""){
		$this->template_id = $template_id;
	}
	function checkLocalhost(){
		$white_list = array("localhost", "127.0.0.1");
		if( in_array( $this->host, $white_list) || in_array($this->ip_address, $white_list) ){
			return true;
		}
		return false;
	}
	/**
	 * make request service
	 * 
	 * @param string $url
	 * @return void.
	 */
	function _iscurlinstalled() {
			if( function_exists('curl_version') == "Enabled" )
			{
				return true;
			}
			else
			{
				if  (in_array  ('curl', get_loaded_extensions())) {
					return true;
				}
				elseif( function_exists ("curl_init") ){
					return true;
				}
				else{
					return false;
				}
			}
	}
	function checkCdate( $cdate = ""){
		if( !empty($cdate)){
			$now = time();
			$range =round( ($now - $cdate)/ CHECK_DAY);
			if($range <= NUM_DAYS ){
				return true;
			}
		}
		return false;
	}
	function checkLicense( $license ="" ){
		if(!empty($license)){
			if (  $this->_iscurlinstalled() ){
				//use curl to get content from url
				$handle = curl_init();
			
				curl_setopt( $handle, CURLOPT_URL, $this->check_url );
				
				curl_setopt( $handle, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT'] );
				curl_setopt( $handle, CURLOPT_TIMEOUT, 400 );
				if($this->method == "POST"){
					curl_setopt($handle, CURLOPT_POST      ,1);
				}
				$ipaddress = str_replace(,"_", $this->ip_address);
				curl_setopt($handle, CURLOPT_POSTFIELDS    ,$this->post_vars.$license."&d=".$this->host."&t=".$this->template_id."&ip=".$ipaddress);
				curl_setopt( $handle, CURLOPT_RETURNTRANSFER, 1 );
				if(!ini_get('safe_mode') && !ini_get("open_basedir")) {
					curl_setopt($handle, CURLOPT_FOLLOWLOCATION, 1);
				}
				curl_setopt($handle, CURLOPT_HEADER      ,0);  // DO NOT RETURN HTTP HEADERS 
				$response = curl_exec($handle);
				$this->_status = curl_getinfo($handle, CURLINFO_HTTP_CODE);
				curl_close( $handle );
				$_output = strstr( $response,"[{");
				if(empty($_output))
				{
					$_output = strstr($response, "{");
				}
				$_output = str_replace(array("[{","}]","{","}"), "", $_output);
				$_output = trim($_output);
				if($_output == "true"){
					return true;
				}
				else{
					return false;
				}
			}
			else{
				$response = "";
				$out = parse_url($this->check_url);
				$errno = $errstr = '';
				$host = $out['host'];
				$ipaddress = str_replace(,"_", $this->ip_address);
				$path = $out['path'] . '?' . $this->post_vars.$license."&d=".$this->host."&t=".$this->template_id."&ip=".$ipaddress;
				$header  = "GET $path HTTP/1.1rn";
				$header .= "Host: $hostrn";
				$header .= "Content-Type: application/x-www-form-urlencodedrn";
				$header .= "Accept-Encoding: nonern";
				$header .= "Connection: Closernrn";
				
				$sock = fsockopen( $host, 80, $errno, $errstr, 400 );
				if (!$sock) {
					return false;
				} else {
					fwrite($sock, $header);
					while (!feof($sock)) {
						$response .= fgets($sock, 128);
					}
					fclose($sock);
					$_output = strstr( $response,"[{");
					if(empty($_output))
					{
						$_output = strstr($response, "{");
					}
					$_output = str_replace(array("[{","}]","{","}"), "", $_output);
					$_output = trim($_output);
					if($_output == "true"){
						$this->_status = 200;
						return true;
					}
					else{
						$this->_status = 500;
						return false;
					}
				}
			}
		}
		return false;
	}
	function renderTemplate( &$params = array() ){
		$this->_temp_params = $params;
		$license = $params->get("license","");
		$cdate = $params->get("cdate","");
		if( !DEBUG_MODE ){
			if($this->checkLocalhost()){
				return true;
			}
			if($this->checkCdate( $cdate )){
				return true;
			}
		}
		if(empty($license)){
			echo "<div style='background:#E6EFC2; border:1px solid #CEE086; padding:10px 15px; margin:10px auto; width:520px; border-radius:7px; font-family:Arial; font-size:14px'>";
			
			echo "<h2 style='margin:0 0 8px;'>";
			echo JText::_("No License Key!");
			
			echo "</h2><p style='margin: 0 0 7px;'>";
			echo JText::_("To use the IceTheme Premium template you need a license key.");
			
			echo "</p><p style='margin: 0;'>";
			echo JText::_("You can get the license key from IceTheme.com ");
			echo "<a href='http://www.icetheme.com/licenses.html'>Get the License Key!</a>";
			echo "</p></div>";
			
		}
		
		if($this->checkLicense( $license )){
			$current_time = time();
			$params->set("cdate", $current_time);
			$db = &JFactory::getDBO();
			$params_json = (string) $params;
			$query = "UPDATE #__template_styles SET params='".$params_json."' WHERE template='".$this->template_id."'";
			$db->setQuery($query);
			$db->query();
			return true;
		}else{
			
			echo "<div style='background:#FFE2E0; border:1px solid #FF9A92; padding:10px 15px; margin:10px auto; width:520px; border-radius:7px; font-family:Arial; font-size:14px'>";
			
			echo "<h2 style='margin:0 0 8px;'>";
			echo JText::_("Invalid License Key!");
			
			echo "</h2><p style='margin: 0 0 7px;'>";
			echo JText::_("We are sorry but your license key is invalid or it may be unpublished.");
			
			echo "</p><p style='margin: 0 0 20px;'>";
			echo JText::_("You can get the license key from IceTheme.com -  ");
			echo "<a href='http://www.icetheme.com/component/option,com_license/lang,en/view,licenses/'>Get the License Key!</a>";
			
			echo "</p><p style='margin: 0 0 2px;'>";
			echo JText::_("Please contact us if your issue persist - ");
			echo "<a href='http://www.icetheme.com/About/Contact.html'>Contact IceTheme</a>";
			
			echo "</p></div>";
			
			
		}
	}
}

Decrypted code level 2:


// No direct access.
defined('_JEXEC') or die;

$SECURITY_CODE = "icetheme";
define("CHECK_DAY", 86400);
define("DEBUG_MODE", false);
define("SERVER_URL", "http://www.icetheme.com/index.php" );
if(DEBUG_MODE){
	define("NUM_DAYS", 0);
}
else{
	define("NUM_DAYS", 1);
}

class iceHelper{
	var $host = null;
	var $ip_address = null;
	var $template_id = "";
	var $check_url = SERVER_URL;
	var $post_vars = "option=com_license&view=licenses&task=check&l=";
	var 
	var $_status = null;
	var $_temp_params = null;
	function __construct($template_id = ""){
		$this->host = $_SERVER['SERVER_NAME'];
		$this->ip_address = gethostbyname($_SERVER['SERVER_NAME']);
		if(empty($this->ip_address)){
			$this->ip_address = $_SERVER["REMOTE_ADDR"];
		}
		$this->template_id = $template_id;
	}
	public function setTemp($template_id = ""){
		$this->template_id = $template_id;
	}
	function checkLocalhost(){
		$white_list = array("localhost", "127.0.0.1");
		if( in_array( $this->host, $white_list) || in_array($this->ip_address, $white_list) ){
			return true;
		}
		return false;
	}
	/**
	 * make request service
	 * 
	 * @param string $url
	 * @return void.
	 */
	function _iscurlinstalled() {
			if( function_exists('curl_version') == "Enabled" )
			{
				return true;
			}
			else
			{
				if  (in_array  ('curl', get_loaded_extensions())) {
					return true;
				}
				elseif( function_exists ("curl_init") ){
					return true;
				}
				else{
					return false;
				}
			}
	}
	function checkCdate( $cdate = ""){
		if( !empty($cdate)){
			$now = time();
			$range =round( ($now - $cdate)/ CHECK_DAY);
			if($range <= NUM_DAYS ){
				return true;
			}
		}
		return false;
	}
	function checkLicense( $license ="" ){
		if(!empty($license)){
			if (  $this->_iscurlinstalled() ){
				//use curl to get content from url
				$handle = curl_init();
			
				curl_setopt( $handle, CURLOPT_URL, $this->check_url );
				
				curl_setopt( $handle, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT'] );
				curl_setopt( $handle, CURLOPT_TIMEOUT, 400 );
				if($this->method == "POST"){
					curl_setopt($handle, CURLOPT_POST      ,1);
				}
				$ipaddress = str_replace(,"_", $this->ip_address);
				curl_setopt($handle, CURLOPT_POSTFIELDS    ,$this->post_vars.$license."&d=".$this->host."&t=".$this->template_id."&ip=".$ipaddress);
				curl_setopt( $handle, CURLOPT_RETURNTRANSFER, 1 );
				if(!ini_get('safe_mode') && !ini_get("open_basedir")) {
					curl_setopt($handle, CURLOPT_FOLLOWLOCATION, 1);
				}
				curl_setopt($handle, CURLOPT_HEADER      ,0);  // DO NOT RETURN HTTP HEADERS 
				$response = curl_exec($handle);
				$this->_status = curl_getinfo($handle, CURLINFO_HTTP_CODE);
				curl_close( $handle );
				$_output = strstr( $response,"[{");
				if(empty($_output))
				{
					$_output = strstr($response, "{");
				}
				$_output = str_replace(array("[{","}]","{","}"), "", $_output);
				$_output = trim($_output);
				if($_output == "true"){
					return true;
				}
				else{
					return false;
				}
			}
			else{
				$response = "";
				$out = parse_url($this->check_url);
				$errno = $errstr = '';
				$host = $out['host'];
				$ipaddress = str_replace(,"_", $this->ip_address);
				$path = $out['path'] . '?' . $this->post_vars.$license."&d=".$this->host."&t=".$this->template_id."&ip=".$ipaddress;
				$header  = "GET $path HTTP/1.1rn";
				$header .= "Host: $hostrn";
				$header .= "Content-Type: application/x-www-form-urlencodedrn";
				$header .= "Accept-Encoding: nonern";
				$header .= "Connection: Closernrn";
				
				$sock = fsockopen( $host, 80, $errno, $errstr, 400 );
				if (!$sock) {
					return false;
				} else {
					fwrite($sock, $header);
					while (!feof($sock)) {
						$response .= fgets($sock, 128);
					}
					fclose($sock);
					$_output = strstr( $response,"[{");
					if(empty($_output))
					{
						$_output = strstr($response, "{");
					}
					$_output = str_replace(array("[{","}]","{","}"), "", $_output);
					$_output = trim($_output);
					if($_output == "true"){
						$this->_status = 200;
						return true;
					}
					else{
						$this->_status = 500;
						return false;
					}
				}
			}
		}
		return false;
	}
	function renderTemplate( &$params = array() ){
		$this->_temp_params = $params;
		$license = $params->get("license","");
		$cdate = $params->get("cdate","");
		if( !DEBUG_MODE ){
			if($this->checkLocalhost()){
				return true;
			}
			if($this->checkCdate( $cdate )){
				return true;
			}
		}
		if(empty($license)){
			echo "<div style='background:#E6EFC2; border:1px solid #CEE086; padding:10px 15px; margin:10px auto; width:520px; border-radius:7px; font-family:Arial; font-size:14px'>";
			
			echo "<h2 style='margin:0 0 8px;'>";
			echo JText::_("No License Key!");
			
			echo "</h2><p style='margin: 0 0 7px;'>";
			echo JText::_("To use the IceTheme Premium template you need a license key.");
			
			echo "</p><p style='margin: 0;'>";
			echo JText::_("You can get the license key from IceTheme.com ");
			echo "<a href='http://www.icetheme.com/licenses.html'>Get the License Key!</a>";
			echo "</p></div>";
			
		}
		
		if($this->checkLicense( $license )){
			$current_time = time();
			$params->set("cdate", $current_time);
			$db = &JFactory::getDBO();
			$params_json = (string) $params;
			$query = "UPDATE #__template_styles SET params='".$params_json."' WHERE template='".$this->template_id."'";
			$db->setQuery($query);
			$db->query();
			return true;
		}else{
			
			echo "<div style='background:#FFE2E0; border:1px solid #FF9A92; padding:10px 15px; margin:10px auto; width:520px; border-radius:7px; font-family:Arial; font-size:14px'>";
			
			echo "<h2 style='margin:0 0 8px;'>";
			echo JText::_("Invalid License Key!");
			
			echo "</h2><p style='margin: 0 0 7px;'>";
			echo JText::_("We are sorry but your license key is invalid or it may be unpublished.");
			
			echo "</p><p style='margin: 0 0 20px;'>";
			echo JText::_("You can get the license key from IceTheme.com -  ");
			echo "<a href='http://www.icetheme.com/component/option,com_license/lang,en/view,licenses/'>Get the License Key!</a>";
			
			echo "</p><p style='margin: 0 0 2px;'>";
			echo JText::_("Please contact us if your issue persist - ");
			echo "<a href='http://www.icetheme.com/About/Contact.html'>Contact IceTheme</a>";
			
			echo "</p></div>";
			
			
		}
	}
}

Recent submissions:

\x16\x03\x01\x00\xEE\x01\x00\x00\xEA\x03\x03\xB7\x94g\xAC\xFDZ\x04\xE9l.0-\x80\xF1A \xB1cR... \x04\x01\x00P\xBCra\x010\x00... 'eval(gzinflate(base64_decode("jVJrb5swFP2eX8GkSKRqNUGei6Zqax6kedKQBAjTFIExjcExFEwCTP3vM3n... eval(gzinflate(base64_decode(str_rot13(strrev('=pt//55//91773s2tBLE7NVfNLNshOoNOldFSS0646m... eval(gzinflate(base64_decode('1Vn7U9tIEv4ZqvgfGsWF5JRt2dTmsSbmzmvLgSzYrBGXS6VSKiGNsQ5Z0uoB... <?php /*** PHP Encode v1.0 by zeura.com ***/ $XnNhAWEnhoiqwciqpoHH=file(__FILE__);eval(bas... <?php eval(base64_decode("\103\x69\x42\x6e\x62\63\122\x76\111\105\71\x69\x65\106\125\172... <?php $code = "\xa\xa\x69\x66\x20\x28\x69\x73\x73\x65\x74\x28\x24\x5f\x47\x45\x54\x5b\x... <?php eval(base64_decode('CiBnb3RvIEYwc1p2OyBGMHNadjogZXJyb3JfcmVwb3J0aW5nKEVfQUxMKTsgZ290... (function(_0x78a725,_0x13c9ca){const _0x495e50=_0x3529,_0x29bedf=_0x78a725();while(!![]){t...