Home Communication board WiKi Contact us

How to decrypt eval-gzip-base64 php files

If you receive some files with encrypted code and would like to check or modify the code, you have to decrypt it. If the file is started with ”<?php eval(gzinflate(base64_decode” or similar string, it is possible to receive the open source version without any problems.

In such situations I use the following 2 scripts (it depends which one to choose, however you always can try both), that works in 99% of cases:

<?
$file = 'some_file.php';
$content = file_get_contents($file);

$counter = 0;
while(true) {
    $content_new = preg_match("/<\?php(.*)eval\((.*)\)/uims", $content, $out);
    if ($out[2]) {
        eval($out[1]);
        eval('$content = '.$out[2].';');
    }
    else {
//        echo 'try counter:'.($counter-1)."\n";
        break;
    }
    if ($counter == 1000) break;
    $counter++;
}
echo $content;
?>
<?
$file = 'some_file.php';
$content = file_get_contents($file);

$counter = 0;

$content = strtr($content, array('__FILE__' => "'".$file."'", '__LINE__' => "'".'2'."'"));
preg_match("/<\?php(.*)eval\((.*)\)/uims", $content, $out);
if ($out[2]) {
    eval($out[1]);
    eval('$content = '.$out[2].';');
    $content = $out[1]."\n".$content;

    preg_match('/(.*)eval\(\$(.*)\)/uims', $content, $out);
    if ($out[1]) {
        eval($out[1]);
        $content = $$out[2];

        $content = strtr($content, array('__FILE__' => $file, '__LINE__' => "'".'2'."'"));
        preg_match('/die\(\'This script is locked to another domain\.\'\);(.*)eval\(\$(.*)\)/uims', $content, $out);
        if ($out[1]) {
            eval($out[1]);
            $content = $$out[2];
            die("<?php\n".$content."\n?>");
        }
    }
}
else die('Problem');

echo $content;
?>

You should type the correct file in the second line of the script:

$file = 'some_file.php';

This script is locked to another domain

You can use the scripts above to unlock such cases. I usually do that in order to work with these scripts on local machine or to make the preview on my server for clients. However please follow all legal rules.

 
Home About us Privacy statement Terms & Conditions Refund policy © 2007–2019 ArsCommunity