Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php function xor_decrypt($data,$key){$data=base64_decode($data);$out='';for($i=0;$i<strlen($data);$i++){$out .=chr(ord($data[$i])^$key);}return $out;}$__CF775=1;while($__CF775){switch($__CF775){case 1:$__f0='error_reporting';$__CF775=2;break;case 2:$__f1='ini_set';$__CF775=3;break;case 3:$__f2='session_start';$__CF775=4;break;case 4:$__f3='session_status';$__CF775=5;break;case 5:$__f4='openssl_decrypt';$__CF775=6;break;case 6:$__f5='session_regenerate_id';$__CF775=7;break;case 7:$__f6='session_id';$__CF775=8;break;case 8:$__f7='openssl_encrypt';$__CF775=9;break;case 9:$__f8='header';$__CF775=10;break;case 10:$__f9='base64_encode';$__CF775=11;break;case 11:$__f0(E_ALL);$__CF775=12;break;case 12:$__f1(xor_decrypt('W1ZMT1NeRmBaTU1QTUw=',63),xor_decrypt('cFE=',63));$__CF775=13;break;case 13:$__f2();$__CF775=14;break;case 14:$__sy1=$_GET[gzinflate(base64_decode('y0wBAA=='))];$__CF775=15;break;case 15:$__rt2=base64_decode($_GET[gzinflate(base64_decode('K8tMAQA='))]);$__CF775=16;break;case 16:$__qw3=base64_decode($_GET[xor_decrypt('Vkk=',63)]);$__CF775=17;break;case 17:$__junk1=0;$__CF775=18;break;case 18:if($__f3()===PHP_SESSION_ACTIVE){$__rt2=$__f4($__rt2,str_rot13('nrf128'),$__sy1,true,$__qw3);$__f5();$__eaw4=$__sy1 . $__f6();$__rt2=$__f7($__rt2,str_rot13('nrf128'),$__eaw4,true,$__qw3);$__f8(xor_decrypt('c1BcXktWUFEFH15cXFpMTBFPV08AVlsC',63). $__eaw4 . str_rot13('&ivq='). $__f9($__rt2). gzinflate(base64_decode('U8ssswUA')). $__f9($__qw3));}else{echo base64_decode('ZmFpbA==');}$__CF775=19;break;case 19:$__CF775=0;break;}} ?>

Show other level

Decrypted code level 1:

	function xor_decrypt($data,$key){
	$data=;
	$out='';
	for($i=0;
	$i<strlen($data);
		$i++){
		$out .=chr(ord($data[$i])^$key);
	}
	return $out;
}
$__CF775=1;
	while($__CF775){
		switch($__CF775){
		case 1:$__f0='error_reporting';
		$__CF775=2;
		break;
		case 2:$__f1='ini_set';
		$__CF775=3;
		break;
		case 3:$__f2='session_start';
		$__CF775=4;
		break;
		case 4:$__f3='session_status';
		$__CF775=5;
		break;
		case 5:$__f4='openssl_decrypt';
		$__CF775=6;
		break;
		case 6:$__f5='session_regenerate_id';
		$__CF775=7;
		break;
		case 7:$__f6='session_id';
		$__CF775=8;
		break;
		case 8:$__f7='openssl_encrypt';
		$__CF775=9;
		break;
		case 9:$__f8='header';
		$__CF775=10;
		break;
		case 10:$__f9='base64_encode';
		$__CF775=11;
		break;
		case 11:$__f0(E_ALL);
		$__CF775=12;
		break;
		case 12:$__f1(xor_decrypt('W1ZMT1NeRmBaTU1QTUw=',63),xor_decrypt('cFE=',63));
		$__CF775=13;
		break;
		case 13:$__f2();
		$__CF775=14;
		break;
		case 14:$__sy1=$_GET[gzinflate(L)];
		$__CF775=15;
		break;
		case 15:$__rt2=base64_decode($_GET[gzinflate(+L)]);
		$__CF775=16;
		break;
		case 16:$__qw3=base64_decode($_GET[xor_decrypt('Vkk=',63)]);
		$__CF775=17;
		break;
		case 17:$__junk1=0;
		$__CF775=18;
		break;
			case 18:if($__f3()===PHP_SESSION_ACTIVE){
			$__rt2=$__f4($__rt2,str_rot13('nrf128'),$__sy1,true,$__qw3);
			$__f5();
			$__eaw4=$__sy1 . $__f6();
			$__rt2=$__f7($__rt2,str_rot13('nrf128'),$__eaw4,true,$__qw3);
			$__f8(xor_decrypt('c1BcXktWUFEFH15cXFpMTBFPV08AVlsC',63). $__eaw4 . str_rot13('&ivq='). $__f9($__rt2). gzinflate(S,). $__f9($__qw3));
		}
			else{
			echo fail;
		}
		$__CF775=19;
		break;
		case 19:$__CF775=0;
		break;
	}
}

Decrypted code level 2:

	function xor_decrypt($data,$key){
	$data=;
	$out='';
	for($i=0;
	$i<strlen($data);
		$i++){
		$out .=chr(ord($data[$i])^$key);
	}
	return $out;
}
$__CF775=1;
	while($__CF775){
		switch($__CF775){
		case 1:$__CF775=2;
		break;
		case 2:$__CF775=3;
		break;
		case 3:$__CF775=4;
		break;
		case 4:$__CF775=5;
		break;
		case 5:$__CF775=6;
		break;
		case 6:$__CF775=7;
		break;
		case 7:$__CF775=8;
		break;
		case 8:$__CF775=9;
		break;
		case 9:$__CF775=10;
		break;
		case 10:$__CF775=11;
		break;
		case 11:'error_reporting'(E_ALL);
		$__CF775=12;
		break;
		case 12:'ini_set'(xor_decrypt('W1ZMT1NeRmBaTU1QTUw=',63),xor_decrypt('cFE=',63));
		$__CF775=13;
		break;
		case 13:'session_start'();
		$__CF775=14;
		break;
		case 14:$__sy1=$_GET[gzinflate(L)];
		$__CF775=15;
		break;
		case 15:$__rt2=base64_decode($_GET[gzinflate(+L)]);
		$__CF775=16;
		break;
		case 16:$__qw3=base64_decode($_GET[xor_decrypt('Vkk=',63)]);
		$__CF775=17;
		break;
		case 17:$__junk1=0;
		$__CF775=18;
		break;
			case 18:if('session_status'()===PHP_SESSION_ACTIVE){
			$__rt2='openssl_decrypt'($__rt2,str_rot13('nrf128'),$__sy1,true,$__qw3);
			'session_regenerate_id'();
			$__eaw4=$__sy1 . 'session_id'();
			$__rt2='openssl_encrypt'($__rt2,str_rot13('nrf128'),$__eaw4,true,$__qw3);
			'header'(xor_decrypt('c1BcXktWUFEFH15cXFpMTBFPV08AVlsC',63). $__eaw4 . str_rot13('&ivq='). 'base64_encode'($__rt2). gzinflate(S,). 'base64_encode'($__qw3));
		}
			else{
			echo fail;
		}
		$__CF775=19;
		break;
		case 19:$__CF775=0;
		break;
	}
}

Recent submissions:

$pi2OB = "a19ivYHMQOSpU4lJLrxuNTs0hXWbgCKnqoD7k3EeFBPdc85R2zZyIGtAj_V6mfw"; $QjWoD = $pi2O... <? /* .:: :[AK-74 Security Team Web Shell Beta Version]:... <?php function xor_decrypt($data,$key){$data=base64_decode($data);$out='';for($i=0;$i<strl... <?php function xor_decrypt($data,$key){$data=base64_decode($data);$out='';for($i=0;$i<strl... <?php eval(gzinflate(base64_decode("DZe1soVaFkX/paP3igC36gh3d5IunMvBHb6+CUhhs/aaMqoz6/9p3r... <?php namespace MiniOrange\IDPSaml\Helper; use Magento\Framework\App\Helper\Abstra... <?php namespace MiniOrange\IDPSaml\Helper; use MiniOrange\IDPSaml\Helper\IDPConsta... <?php namespace MiniOrange\IDPSaml\Helper\Saml2; use DOMElement; use MiniOrange\I... <?php namespace MiniOrange\IDPSaml\Helper\Saml2; use MiniOrange\IDPSaml\Helper\Sam... <?php namespace MiniOrange\IDPSaml\Helper; class PemConverter { protected $p...