Decoding Base64

[Fynnon]

Don`t know if it works, it didn`t for me but doesn`t hurt to try


PART 1:

Note: This tutorial is just to educate you. Dont use my scripts to remove copyrights or illigal tasks.
If you are a true learner respect other's hardworks.

Description:
eval is a function to encryp or decrypt a files and used to protect files to be viewed. As we are in PHP segment lets discuss the most common encoding functions in PHP as below:

• eval(gzinflate(base64_decode([/*:m:2qhny8dl]

• eval(gzinflate(str_rot13(base64_decode([/*:m:2qhny8dl]

• eval(gzinflate(base64_decode(base64_decode(str_rot 13([/*:m:2qhny8dl]

• eval(gzinflate(base64_decode(str_rot13([/*:m:2qhny8dl]

Lets go one by one to explore these..
eval_str13_base64_decoder:
I made this script which is capable of decoding eval_str13_base64 in fews seconds..

Code:

<? 
$filename = "encoded.php";
echo  "1. checking files 
\n";
if (!file_exists($filename)) 
{
echo "error , file encoded.php is not uploaded.
\n";

if
(!is_writable($filename))
echo "error , file decoded.txt is not writable. chmod it to 0777 or 777.
\n";
exit();
}
else
{
$fp1  =  fopen  ( $filename ,  "r" ); 
$contents  =  fread  ( $fp1 ,  filesize ( $filename )); 
fclose ( $fp1 ); 
echo  "2. Decoding encoded.php
\n"; 
while ( preg_match ( "/eval\(gzinflate/" , $contents )) { 
$contents = preg_replace ( "/<\?|\?>/" ,  "" ,  $contents ); 
eval( preg_replace ( "/eval/" ,  "\$contents=" ,  $contents )); 
}
echo  "3. Copying source data to decoded.txt. click below to view source data.
\n" ; 
$fp2  =  fopen ( "decoded.txt" , "w" ); 
fwrite ( $fp2 ,  trim ( $contents )); 
fclose ( $fp2 ); 
echo "<center>\n";
echo "<form action=\"decoded.txt\" method=\"post\">\n";
echo "<input type=\"submit\" value=\"View Source Code\" />
\n";
echo "<br/ ><br/ >\n";echo "<a href=\"http://www.haryanahome.info\">HaryanaHome.info</a>\n";
echo "</form>\n";
echo "</center>";
}
?>

Requirement: Just any version of PHP.
Note: I am not author of this script. credit goes to Jurgan(the mastermind).I have just made it easy and compitable with all PHP version.
Please dont use this script for removing copyrights and any illigal task.
Respect others hardwork..
It is just for education purpose.
The package contains 4 files:
1. readme.txt
2. index.php
3. decoded.txt the blank file which will copy your source code.
4. encoded.php An example encoded script.
Remember you may have text like <!-- Copyright info and rules//-> Remove it before starting your decoding. Your encoded script should look like this <? eval(gzinflate(base64_decode('
DZVFEqQIAAS/MreZCQ7QOLEy...')); ?> or <? eval(gzinflate(str13(base64_decode('
DZVFEqQIAAS/MreZCQ7QOLEy...'))); ?>

Procedure:
1. All you need to do ,just upload these two files (index.php & decoded.txt to any of your server directory.
2. Chmod the blank file decoded.txt to 0777 or 777.
3. Rename the script you want to decode to encoded.php and put in the same directory as decoded.txt and index.php are.
4. Point your browser to http://www.yoursite.com/dir where 3 files are/index.php
5. You will get the source code in hand .enjoy
6. you are free to edit and modify but be careful as it is case sensitive.Dont loose orginal file. Offcorse all credit goes to jurgan.



Part 2:


Multi string Eval base64 decode:
Product info: eval_base64_decoder multi string
Requirement: Just any version of PHP.
Note:
Please dont use this script for removing copyrights and any illigal task.
Respect others hardwork..
It is just for education purpose.
Remember you may have text like <!-- Copyright info and rules//-> Remove it before starting your decoding. Your encoded script should look like as in below example:

Example CODE: Focus on values highlighted in red..

<?php
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=5444;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaW xlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQp O2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYm FzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3 MiksJ2owY0NyQXdmOHpXMnM1VTMrdVJUUElOb0ZiYUovTGVEMU dPeW43cEJFWllxeFZsNFF0WDlNZ3ZIbWtoZFM2S2k9JywnQUJD REVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm 9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08w ME8wME8wKTs=')));return;?>
zr63sC03sC03sCg7/pIBoHz7/wtGFvPEzg6Dun7suI6DzXQOzX8lzr63T903srSQscmOzX8xWwz G/vPv5A6nbN54bwPE/HuXLf8EbBz7FN+EzrSQsC03srSQscQnTMSQsrSQsCjQWRQBay0 y+Hz0LvFme7/X/9IIsXVgP7u+RPk4upzGRO6sbP+tuM6kJyLQ+nIaNoAmIpQMPou FUPgBLnGVavGnP9b2aTMB2cL0+n5ruPbfRr7WRMt5Tn6+PIzTI AINIgGbNpAOFvu7bpLEa1nnb...........bo0xFN57WcuvFNt 4Foz72cjnFHIDaNkxJv5JzwkgJNIL2cjnLfGMWTx5c176C+EzC +EzzfumLcj68wkxspzXWcuMef+ZUQMWcoz7LfIXJOjnLfGMUQM WD+MWc+MWC+E5c1==

Step no. 1:
Please give attention to the codes highlighted in [COLOR]Red[/color] above:
PART1.
Make a new text file lets call file1.php

Start:
<?
$str = "JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaW xlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQp O2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYm FzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3 MiksJ2owY0NyQXdmOHpXMnM1VTMrdVJUUElOb0ZiYUovTGVEMU dPeW43cEJFWllxeFZsNFF0WDlNZ3ZIbWtoZFM2S2k9JywnQUJD REVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm 9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08w ME8wME8wKTs=";
echo base64_decode($str);
?>

Finish:
when you run file1.php on your server it will produce a result something like below:
First Result:
$O000O0O00=fopen($OOO0O0O00,'rb');while(--$ O00O00O00)fgets($O000O0O00,1024);fgets ($O000O0O00,4096);$OO00O00O0=(base64_decode(strtr( fread ($O000O0O00,372),'j0cCrAwf8zW2s5U3+uRTPINoFbaJ/LeD1GOyn7pBEZYqxVl4QtX9MgvHmkhdS6Ki=','ABCDEFGHIJK LMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345678 9+/')));eval($OO00O00O0);

Step no. 2:
Make a new text file name file2.php

Start ->
<?
$data = "zr63sC03sC03sCg7/pIBoHz7/wtGFvPEzg6Dun7suI6DzXQOzX8lzr63T903srSQscmOzX8xWwz G/vPv5A6nbN54bwPE/HuXLf8EbBz7FN+EzrSQsC03srSQscQnTMSQsrSQsCjQWRQBay0 y+Hz0LvFme7/X/9IIsXVgP7u+RPk4upzGRO6sbP+tuM6kJyLQ+nIaNoAmIpQMPou FUPgBLnGVavGnP9b2aTMB2cL0+n5ruPbfRr7WRMt5Tn6+PIzTI AINIgGbNpAOFvu7bpLEaNZqJ.....57WcuvFNt4Foz72cjnFHI DaNkxJv5JzwkgJNIL2cjnLfGMWTx5c176C+EzC+EzzfumLcj68 wkxspzXWcuMef+ZUQMWcoz7LfIXJOjnLfGMUQMWD+MWc+MWC+E 5c1==';
$chunk = substr($data,0,372);
$decode = strtr($chunk,'j0cCrAwf8zW2s5U3+uRTPINoFbaJ/LeD1GOyn7pBEZYqxVl4QtX9MgvHmkhdS6Ki=','ABCDEFGHIJK LMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345678 9+/');
echo base64_decode($decode);
?>

Step 2 Finish <-
Note: The above quantity 372 and string j0cCrAwf8zW... is return from 1st result while executing file1.php and the snipet in $data is from old.

When you execute your file2.php on server it will result something like below:
$OO00O00O0=ereg_replace('__FILE__',"'".$OOO0O0O00. "'", (base64_decode(strtr(fread ($O000O0O00,$OO00O0000),'j0cCrAwf8zW2s5U3+uRTPINoFbaJ/LeD1GOyn7pBEZYqxVl4QtX9MgvHmkhdS6Ki=','ABCDEFGHIJK LMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345678 9+/'))));fclose($O000O0O00);eval($OO00O00O0);

Final Step:
Make a new text file name file3.php

Start: ->
<?
$data = "zr63sC03sC03sCg7/pIBoHz7/wtGFvPEzg6Dun7suI6DzXQOzX8lzr63T903srSQscmOzX8xWwz G/vPv5A6nbN54bwPE/HuXLf8EbBz7FN+EzrSQsC03srSQscQnTMSQsrSQsCjQWRQBay0 y+Hz0LvFme7/X/9IIsXVgP7u+RPk4upzGRO6sbP+tu.:.....+13R0PXmO8yx5c1 n5c17pJHz7FN5EWcunbI6ZJpt4FX0G/XjnJBIVbRj63OjnLpAxJvAXbRn1eQMWcRuMef+13R07/pIBaI6Xbo0xFN57WcuvFNt4Foz72cjnFHIDaNkxJv5JzwkgJNI L2cjnLfGMWTx5c176C+EzC+EzzfumLcj68wkxspzXWcuMef+ZU QMWcoz7LfIXJOjnLfGMUQMWD+MWc+MWC+E5c1==';
$chunk = substr($data,372,5444);
$decode = strtr($chunk,'j0cCrAwf8zW2s5U3+uRTPINoFbaJ/LeD1GOyn7pBEZYqxVl4QtX9MgvHmkhdS6Ki=','ABCDEFGHIJK LMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345678 9+/');
echo base64_decode($decode);
?>

Note: The about quantity 372 is returned from 1st result 5444 is from original old script and string j0cCrAwf8zW... is return from 2nd result while executing file2.php and the snipet in $data is from old.
Sometimes snipet has same value but always use snipet resulted from executing after file2.php
Final step FINISH <-
When you will execute file3.php you will get the decoded source code of your script. Something like below:

Result:
<?// lowercase function strtolower_tr($string) { $ low=array("Q" => "q", "W" => "w", "E" => "e", "R" => "r", "T" => "t", "I" => "i", "O" => "o","P" => "p", "A" => "a", "S" => "s", "D" => "d", "F" => "f", "G" => "g", "H" => "h","J" => "j", "K" => "k", "L" => "l", "Z" => "z", "X" => "x", "C" => "c", "V" => "v","B" => "b", "N" => "n", "M" => "m" ); return strtolower(strtr ($string,$low)); } // color for each char $culori=array (); $culori[]="#AC3A3C"; $culori[]="#5C92EC"; $culori []="#0000FF"; $culori[]="#AC3A3C"; $culori[]="#000000"; $culori[]="#0000FF"; $culori[]="#330000"; $culori []="#CC0000"; function coloreaza($string) { global $ culori; $nr_cols=sizeof($culori); $rez=""; for ($i=0;$i".$string{$i}.""; } return $rez; } // smilies function ReplaceTextToSmilies($str){ $dir = "smilies"; if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { $smilie=explode (".",$file); $str = strtolower($str); $str = str_replace(''.$smilie[0].'', '', $ str); } closedir($dh); } } return $str; } // other function formatare($txt) { $de_inloc = $cu_inloc = array(); $de_inloc[] = "fuck"; $cu_inloc[] = "***"; $ de_inloc[] = "bitch"; $cu_inloc[] = "***"; $de_inloc[] = "dick"; $cu_inloc[] = "***"; $de_inloc[] = "hitler"; $cu_inloc[] = "***"; $de_inloc[] = "asshole"; $cu_inloc [] = "***"; $de_inloc[] = "ass"; $cu_inloc[] = "***"; $ de_inloc[] = "mother"; $cu_inloc[] = "***"; $de_inloc[] = "father"; $cu_inloc[] = "***"; $de_inloc[] = "pussy"; $cu_inloc[] = "***"; $de_inloc[] = "\[b\]"; $cu_inloc[] = ""; $de_inloc[] = "\[/b\]"; $cu_inloc[] = ""; $ de_inloc[] = "\[i\]"; $cu_inloc[] = ""; $de_inloc[] = "\[/i\]"; $cu_inloc[] = ""; $de_inloc[] = "\[u\]"; $ cu_inloc[] = ""; $de_inloc[] = "\[/u\]"; $cu_inloc[] = ""; $de_inloc[] = "\\[url\\]([^\\[]*)\\[/url\\]"; $ cu_inloc[] = "\\1"; $de_inloc[] = "\\[url=([^\\[]*)\\]([^\\[]*)\\[/url\\]"; $cu_inloc[] = "\\2"; $de_inloc[] = "\\[img\\]([^\\[]*)\\[/img\\]"; $cu_inloc[] = ""; $de_inloc[] = "\\[img=([^\\[]*)\\]([^\\[]*)\\[/img\\]"; $cu_inloc[] = ""; foreach($de_inloc as $nume => $valoare) { $txt = eregi_replace($valoare, $ cu_inloc[$nume], $txt); } $txt = nl2br($txt); return $ txt; } // find url function find_url($string){ $ pattern_preg1 = "#(^|\s)(www|WWW)\.([^\s<>\.]+)\.([^\s\n<>]+)#sm"; $replace_preg1 = "\\1\\2.\\3.\\4"; $ pattern_preg2 = "#(^|[^\"=\]]{1})(http|HTTP|ftp)(s| S)?://([^\s<>\.]+)\.([^\s<>]+)#sm"; $replace_preg2 = "\\1\\2\\3://\\4.\\5"; $string = preg_replace ($pattern_preg1, $replace_preg1, $string); $string = preg_replace($pattern_preg2, $replace_preg2, $string); return $string; } // where function where($txt) { $ de_inloc = $cu_inloc = array(); $de_inloc[] = "1"; $ cu_inloc[] = "".ROOMONE.""; $de_inloc[] = "2"; $ cu_inloc[] = "".ROOMTWO.""; $de_inloc[] = "3"; $ cu_inloc[] = "".ROOMTHREE.""; $de_inloc[] = "4"; $ cu_inloc[] = "".PRIVATE.""; $de_inloc[] = "5"; $ cu_inloc[] = "".SHOW.""; $de_inloc[] = "6";
?>

REMEMBER YOU WILL BE WORKING OUT ON THE VALUES HIGHLIGTED IN RED IN WHOLE PROCESS

@http://haryanahome.info/forum/showthread.php?t=3