1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Can someone tell me the original source code behind this obfuscated php file..

Discussion in 'Programming' started by OH Pavel, May 5, 2017.

0
  1. #1
    I just downloaded a php script, one of the file in the script is encoded and I want to ensure it doesn't have anything malicious! Any help would be much appreciated! 

    <?php
/*
Obfuscation provided by FOPO - Free Online PHP Obfuscator: http://www.fopo.com.ar/
This code was created on Friday, May 5th, 2017 at 8:50 UTC from IP 119.30.32.75
Checksum: 82d7d2ff182bd644af9f894ac11882edadb14f75
*/
$uf8e059e="\142\141\163\x65\66\x34\137\144\x65\143\x6f\144\145";@eval($uf8e059e(
"Ly9ORE5QLy8wSXZnTjd1cm9XQ1pDVVlKRmpVdXg1Kzk2dzJWbUo3c2hIK0YvNGZWa1JMTXF1QStJTVd
OZlhicUdBQWJyUXZlL3VlUzU5YkdidGNYQ2UxUmdMc0N6aXJTRXo1WTdKZ2hhTmtneHVKREg2V3orTk1
ZNFpMRW0wbEU1U05OQzlFMWhhUmhRNUZBdjZWYkpSMmV5aXNsMENYQjV2M2pxN3BlY3FjVm9uMWVTSUV
EbTVnS05YUGczZm1PUmJxQ2JpVEFTMWJXN3JQTXJ5REVWcHpqTHd6c1FIUjZTeG9yMU5oT3BHQmZ0Rjh
yMnh3SXdqZFk3bUVBVHFqK2p4Y01kUjVHQ013SlY2NWdJcnFreXcweTE2NjBFSUhqRldHTlk0dFJ3cTF
wZFM4ZkpVdFQzbW9HMzhCMHVybDYzYW0zbXJyZ0YzZU9QS0V3dlBHdHROMUZzR1VWV09OT28zMWE4MXF
1RVpuc2gvWTZ3WFpvNmlDV3pjSk1ZWVRSRHBJaGxPRXpQNTdJS2o0RXA1Nm9WaE9BRldxcDVCUE5PVXF
zV1p5bXdUNHl3Zlg0TVoyQ3ZBbXFxWEQwaVAxVVM0M2xKTFBDK2lKT200MHlVb0I2TVo4MStQakFZMVl
2dFNwbG5MN1g0ank4Y1EvKy9CRHp0YnM2TlJmMVlDMVFsQVdoT3d2Z0t1UFBuUC83cE93djIzeVNTV3R
HZCtWMnBZWnhKTllsVTduNGk3eDNVQmFPUmIvTUx2eiszOG5GR1I2TFd3MVl3bWxDdHBacGMwL3UrTjd
KaVpLa08zdkEyeFErcDR3RUpla3JmV0hjNTdzNkRrTjB1c1EvNXZtSmV6WVFhNmxVM1pkeW4va01jQzN
aYmFEQUMxVWozSGw2YXR1b2ZzUDkzYkwvYWhOZzdDMUQ9PTp4bGtDdm92L0tUSVE1aFZaSWZvKzJKcE8
6czY2b3NvOXAKJGoxZDhkYWUwPSJcMTYzIjskYWMzZjg0NDE9Ilx4NjciOyRnMDQxOGFmYj0iXHg3MCI
7JGwzMTdiYTUzPSJceDY1IjskdWY4ZTA1OWU9IlwxNDIiOyRqNTZlNWEwMT0iXDE2MyI7JHI2YjNmZGY
wPSJcMTYzIjskZWMyZWFlZmU9IlwxNDYiOyR5YThmNmIyYT0iXHg3MiI7JGoxZDhkYWUwLj0iXHg3NCI
7JGo1NmU1YTAxLj0iXHg3NCI7JHVmOGUwNTllLj0iXDE0MSI7JGcwNDE4YWZiLj0iXHg3MiI7JHI2YjN
mZGYwLj0iXDE1MCI7JGFjM2Y4NDQxLj0iXHg3YSI7JHlhOGY2YjJhLj0iXDE0NSI7JGVjMmVhZWZlLj0
iXDE1MSI7JGwzMTdiYTUzLj0iXHg3OCI7JGVjMmVhZWZlLj0iXDE1NCI7JGcwNDE4YWZiLj0iXDE0NSI
7JHVmOGUwNTllLj0iXHg3MyI7JHlhOGY2YjJhLj0iXDE2MyI7JHI2YjNmZGYwLj0iXDE0MSI7JGFjM2Y
4NDQxLj0iXHg2OSI7JGoxZDhkYWUwLj0iXDE2MiI7JGo1NmU1YTAxLj0iXHg3MiI7JGwzMTdiYTUzLj0
iXHg3MCI7JGoxZDhkYWUwLj0iXDE0MyI7JGcwNDE4YWZiLj0iXHg2NyI7JHlhOGY2YjJhLj0iXHg2NSI
7JGVjMmVhZWZlLj0iXHg2NSI7JGo1NmU1YTAxLj0iXDEzNyI7JHVmOGUwNTllLj0iXHg2NSI7JHI2YjN
mZGYwLj0iXHgzMSI7JGFjM2Y4NDQxLj0iXHg2ZSI7JGwzMTdiYTUzLj0iXHg2YyI7JGoxZDhkYWUwLj0
iXHg2ZCI7JGwzMTdiYTUzLj0iXHg2ZiI7JGcwNDE4YWZiLj0iXDEzNyI7JGo1NmU1YTAxLj0iXDE2MiI
7JGVjMmVhZWZlLj0iXDEzNyI7JHlhOGY2YjJhLj0iXHg3NCI7JGFjM2Y4NDQxLj0iXDE0NiI7JHVmOGU
wNTllLj0iXDY2IjskdWY4ZTA1OWUuPSJcNjQiOyRlYzJlYWVmZS49IlwxNDciOyRqNTZlNWEwMS49Ilw
xNTciOyRnMDQxOGFmYi49Ilx4NzIiOyRsMzE3YmE1My49Ilx4NjQiOyRqMWQ4ZGFlMC49Ilx4NzAiOyR
hYzNmODQ0MS49Ilx4NmMiOyRnMDQxOGFmYi49IlwxNDUiOyRqNTZlNWEwMS49Ilx4NzQiOyR1ZjhlMDU
5ZS49Ilx4NWYiOyRhYzNmODQ0MS49IlwxNDEiOyRsMzE3YmE1My49IlwxNDUiOyRlYzJlYWVmZS49Ilw
xNDUiOyR1ZjhlMDU5ZS49Ilx4NjQiOyRlYzJlYWVmZS49IlwxNjQiOyRqNTZlNWEwMS49Ilx4MzEiOyR
nMDQxOGFmYi49IlwxNjAiOyRhYzNmODQ0MS49IlwxNjQiOyR1ZjhlMDU5ZS49Ilx4NjUiOyRqNTZlNWE
wMS49Ilw2MyI7JGVjMmVhZWZlLj0iXHg1ZiI7JGFjM2Y4NDQxLj0iXDE0NSI7JGcwNDE4YWZiLj0iXDE
1NCI7JHVmOGUwNTllLj0iXDE0MyI7JGcwNDE4YWZiLj0iXDE0MSI7JGVjMmVhZWZlLj0iXHg2MyI7JHV
mOGUwNTllLj0iXHg2ZiI7JGVjMmVhZWZlLj0iXHg2ZiI7JGcwNDE4YWZiLj0iXHg2MyI7JHVmOGUwNTl
lLj0iXHg2NCI7JGcwNDE4YWZiLj0iXHg2NSI7JGVjMmVhZWZlLj0iXHg2ZSI7JGVjMmVhZWZlLj0iXDE
2NCI7JHVmOGUwNTllLj0iXDE0NSI7JGVjMmVhZWZlLj0iXDE0NSI7JGVjMmVhZWZlLj0iXHg2ZSI7JGV
jMmVhZWZlLj0iXHg3NCI7JGVjMmVhZWZlLj0iXHg3MyI7JHA3ZjdhMjk3PSRsMzE3YmE1MygiXHgyOCI
sX19GSUxFX18pO0BldmFsKCRqMWQ4ZGFlMCgkcjZiM2ZkZjAoJGcwNDE4YWZiKCJceDJmXDEzNFx4Mjh
ceDVjXHgyMlx4MmVcNTJcMTM0XHgyMlx4NWNcNTFceDJmIiwiXDUwXHgyMlw0Mlw1MSIsJGcwNDE4YWZ
iKCJceDJmXHhkXHg3Y1wxMlw1NyIsIiIsJGVjMmVhZWZlKCR5YThmNmIyYSgkcDdmN2EyOTcpKSkpKSw
iXHgzOVw2NFx4NjVcNjVceDM5XDcxXDYwXHgzOFx4MzVcNjZcNzBcMTQxXDE0MVwxNDZceDM2XDY2XHg
2Mlx4NjZcNzFceDMwXHgzNVwxNDRceDY1XHgzMFw2NFw3MFx4NjNceDY1XDcwXDE0Nlx4MzhcNjBcNzB
cNjRceDM5XDE0NVwxNDNcNzFcNjdceDM5Iik/JGFjM2Y4NDQxKCR1ZjhlMDU5ZSgkajU2ZTVhMDEoIkN
JQ1VkaEdWU2lsS0ZsOTYwUllyMEdqTHJNSVpGRmM1cEdzbDNjSjhpYTZkK21UR1JQREVGSER4Rk00c0o
wVXlSUjdhLy9pNnV3VXhOL3RvV2dRQ3dhOEdrQ3JXTGc4YUthamI5eHJQWnNHN1dWYkNDd2RPcy8zNlJ
ucWJESlJML1pxQ3NjOXgvTjN3OEJwai8vT0NOV1MrOEJVeGk0TFRXM1Y4dWE0b0dpV0c5UWhXRUM3c0R
2Ty8wYTllaW0wYitpS2U3M2xDaDUvLzFzbTg4citTcy82SzlDQlkwbEgxbTZHTkZmTVNJODRYRzlNRDI
xNkRIOTM4aW9MWnc3Q0RKQms0YmdwRXVBUDNGUVd1ZktwZGRTWElWZGR0OHhqVmJHUnlSUERXTEwyWWR
Pb1ZTWUdQU0RTUnhaU29ZUDdwSWF2ODQxSUhJc1M2dHViUFl3S3ZsSkYzemFrTjAxb2NkM0JCT3N6ZDZ
GNzJIQ3lhTytjaS80amMya1hBL3pIbGJaVGhQNVdGZTF5RmFvUVlzU1BoeStOcXdSV1YrbE9vZGxOTGp
KRVpOd1B0a3RwVzFoT2xZdEQ3ZEZaek5Jc2hpY2gyaHp4S1dkaW5CTUZ5OWJXSENFK0YwR25ZSGlnSkM
1NkxUd1ZuNnJmRVNFUkMvUnZCTmRwUGFRQ1owZnZIWFFBZ3RIU1ZjVE1uYy9yM0VKL0V4Z0hwQ0lXSHZ
NbXdsS0ozYlUyVXNPQ3QrSkE4aDVoUzBFWVNqSUU0WVFtSVV0WUhCVzZvd0w4Y3pZMjdlRlc1U1ZKbUF
nQnlVSEF6dDJma0svRDRGZEdrWVdXSGxodFZaQ2RvVWUzM3REKzc1andGUXpaQkI2bE1DVDllYno5RGp
6UG1qckhMTjNLSThadmdZaCtjN2hHWXFKK3hZSm0wM3hCVENCVlZuVkgyY0xiN3dJeWZGUm5SREcwVzN
nMzBwcmRnNXlVdm5PM1hsc0pKbGZGdVBVaFJselp3WE1idm80eXB5SHlwMTkwR1BnWGg3eGMvaEIxaEo
xQnNQeCtMYXBvdmlVY2VKbEV2WFQ1QXlwVFpmZ3dVNG9CeENCQlBKMWJsZzNaa2ZFKzB1a2N3TGRuamd
nTEdYY1Q1bURXMHY1QmxlbjU4dEl3dkxBa0tQbHBIUzBWbmJ6bHhCN3RyQkh0enhUSVdodzhXYVRJNnh
CNlp0YThWZVVkSGtIZnNITzNNSmVoNFRmVUlTQzNXaTcwN3hTdGVFL1FqOFNsd2x3dzlvdk5zazlYK3N
vOWN4Zk1HY3RTMVRUQ0FFVmx3RkhiRTU1ajQ3V2toaHB0aSs3ZWlXQW5uRXJkSEZTOEFmL0hSeU5FQnF
6T2Q0ZTBWRWFNQkcybVVxeW51ZERWQ2NuWEk3RFViazdzNDFUM1FyR0l1alJUeDRzWGdjVVYzckIxZTB
zYWYrQVBqajR5VmIwbHRBT0MxNVZJTmFldG1kZHBRaytyL0o3WVk5dzdOOElQZmt1MXRCbDRLTFpSTlc
2SzAwWmowdWwrL3BVcTY4UEpiM29lSXM0S2E1TUl0MEFVYlZoaDlabUFYemxJMzY3VDJDZjFVY1pZVlh
WSStqbTRmRVQwR3ErTU1hU3Y2UEFrOGcyQnFhTlR6WG5BblRycHQveGVOZ3FnOVo0cnpQazJoMjJIdEZ
ndVd5eThseUhTRG10anJwOVZKb3dsQzhFQTk3SUgyRGY4VFYyMmUvd2ppeXBlNzJHRXZPbDR3cmNOVXl
CZE9HVGtkY2pVRWJJMjhpMUlXSjR6YWQwVkxLN1B0cHRFbGVYR01YREZ5Zjc2dDd6YVZqdDV5aWQ1TE9
ON3hWOU1kTklLcDNPTzVwQ2NGcnNXSlY0d3A1NGRxRmtDSnFNOGMzcmxUZkpwT25WOHpkQmN2YnpzUWp
PSWxNTzljTWhrbXM5U3dEeWFFUFNaSU5EMndVME4zZnFOV05iOWdNWlg1UTF6YTdRRG5ucjZpTTh3QXF
6eEhmYjR5ZGdsSWZ4RGpYNHRMM2l4blFudU9CZUhGUjVNekVrOXIrUkd3bWpSSHVrcFp4TEtIcFFlYUZ
lMEhUOTFtdHJyeFcwNG5EWG5Yem0zOEtMMnZoSXZZeW12S1hPM25Qay9HNlF0NktVaDQ4SVhlcE9hV1Q
4bnJsNFRnclp1ZXVleCthYXMycnRiQ0I5K2tYTFBqSnVEb0N2ODNsZUpCd25LeVpld1ZKMXRPNlRtQU4
wNEh6SnR6MUhiYlRGYXBOWXhLYWVHSGVHamhXYjJkN1Y2ajBOWnY2Nm1mWmM5RGtLTEpwRXFwY1J3alJ
KMUZqaU11SmVFdHFuZlIxS01KZHFNODBNSXdpMDF0VDQrREU2L0dQZkRsQW9mUzZDS0JWYkRVVXVhQjZ
lVm5nb3dXNjZBRTVHYnN1ZTA1QXZaWkloMFJwRmNKclhKYmdmNHF6TFYzZDVVT21YQW1kQlpiNmFKZFB
mTGJWT3ZZMFZzK1daZFlkRlJab2FFRXJ1UnU2L2FtVlBoS2s5cEdBRWtKdHQzNDQrbmZBdGJSMTRvRnQ
wOXRONTFzSXk1Z1dncXp4dnhhNzRpOEdCZ2czSlAzM29UY1M5ZXBJT0hhY050TGFwVklVQ0Rld2c0SmF
jL2kwU0xpNTU3UnYwQmt5NDNNSW94QWF4TTJzSko5aFRRamNibm51YVJRSm4xSzRpN2xhaGNhQ2I0K3E
yQUhvcjhZZ2R6RkY5WTRZeXNITW1QSXZERDZqbVZ4ZS91ajZheXE4QmpkbnJFUk1BZHk2czNCZGtPeVB
EdGtFQ0xNU04vQWtyL0liVjJXaUxUeUV6UkRkUHZ0Slk3Kytka3Mvak49IikpKTokYWMzZjg0NDEoJHV
mOGUwNTllKCRqNTZlNWEwMSgiQ0lHTWVkWjRSQzJLZDM3YkhFN0x3TlQxSmNkamVrcFBXUk8wSzF3WlJ
pTGdSWTUrMHczZGd6RklHNTA2SUZLTTVKOWVtdlhwNWdRQ3dsOFB4Uzg3V1k0VkZZMGcvREt1U2pFc0I
1Mi9Sc3dnMks4bXMvVVV3MjlrRmhIZk5aRWlCc0IxWi9SS0RFQWlSZTAzc1cvTzIvL1RtTy9PdDRuVnd
pU3N0YzJ1M2VLck9SQytLK0pLL01LOUltUTFTeVVIazQ5LzBHQWhpaStnOC8zb2E0bi8vMDMxL0hCak9
OZ3lxK1FyK2NhaHl6ZVhXTC8wVTBkdVdNM2ZZc1g0M2NveDNRakwwdzI3TkszdlkyRkttM1dYQjR3d2d
RV3dSNDVkYXZZdGFENmVuQk5kUmtRb0pjQ25KYXBQVk5hbHVHQTJhZW56TXA1SXkzSkZ2VlYwa3VORFU
wRUlzeTFqSXZsQWtiQWhmdDJOcHpDRnFPeXBNQmJ0TmkxUTUya1UvM0QrZDBManVNekJJeHNSbWlCWU1
sQXBWRXhRMkRlT0dJSXlzR1dNd1RSOVdlRDFFRUhMSXpOY21wM2NONzA3Z2tKeDJuTUFYNXl6MXZqRUp
DSzVZemZvYUxXemM1aEdLNXNjSDBScTcxdlNoajRGUitkUHFVWlJtc25OZlc0NjI0a2I2cHVabjIyNzR
KVFJzVFdveWZpT1hjV0xYdlVaeHA0VENWQmsyQWphYkptSys5eGxqYlhSZmlwMG9xMzVNUmMwZEpGaGR
QaDVIWWFDYnF3aWw1M1k2dHNWM25nejkrZWFZQllNQlhFZWNxQmRoTGVrcVQ0c0xySjJRTmNEZWFjTWd
nQkdTRDA1MXFLalhxNGxnZnJLMWEzMXVFeG9rampWckFSejdlQjYwSkt3TDNveWI3QXJCOE93am5iZ3F
3aXcxMVRGVGVveCs5TkZrQzFMa0pneUpBUXRwd3Z5RW1EQUNQcFdWdlB5WWYxbnI4Z1plT0xpcFA2aU0
yQzJmZDFYMVYyUTJsaFgxaXBBV0hkSmxPZ21iSmo1aGxRTFNDRFZoRmhub2lRUmJXditJZml5U1lTM2x
uRXZybG1NcGZHaWM5STYwcHQvdzR4NU9TbXRpeFB4VUZEb21VYk5naEtISnRLakE1YVRONUkzd1VsN0V
pdU1IcUNUNGJsWklKL3gxU3c1MndUZzU4QWtGdWF3YlpnYU0raGRNcmdLbVBxczZkREpMaHBmeDJQWGZ
OcGMveWpRdGxWR0pMNEx3eC9aKytOVkdlS3BlV0J5VlkzTDZPcC84dXo3SEJhVEtnSmFhNTFSbXQycVI
yNE9JVUwwT1phKzhPZHRVdzdDZ1FEbER6eVVQbHNwdzRJY2tOM2wwVjloOXF0RDB1RndXRGVuQ0lDQmV
kWm94Rm9BZkpNQ1Bib0ZCODN2bkorOE80U3VtY3NLSmR2TFg3bnFWMktnWDNkdUZpT1lxOTlXeERlOGV
5OEF1TEJZREYzTFlkMmFQc1dHVDc0c2l1dUZEL2NSYXNKUmRmLzBJUVdMNXpyVitLejFRYitoSlpHZDh
OWFBUL21XOEw0ZkRIR0h6ZGltQlVFSFUzQWpKM1VKZytsSGhEWlNHNlRhNVVWN2xDZnFZL0xaamtzMjZ
KU0twakRaZlViL24wZ2tZdkJycElXbGRvcllkSFZxZmJQNitQK1pHbW9QMmxMd2F4cFZuekovci9OMkV
xckwzUGs4YTNCZ3NYb2tNV1VkbFNISzYrbmx2U2p5cGRRNDE2ZGRqTGEzT25janFQVittY2VSVTBHbys
zSU5NYm9makRkV2xlSkpWNW8xbTlKejNmeUpBODlxVzRmSzNORUhUY3g4Q3ZkM1Y0WTJuWWF2akd5N2R
tK3pyRldTampTSlcyaCtVMUlyNjN5ZGhjZmFxYzY5SGF6cmRZN2hhTXJ0Mi9VTGRkakw0ZUloeHRUZTc
3UmM5SmZRK2FsdGtiUjlVYTVmZDNmcStXUm9rcmgrVWFBMVl2c3FTWnlseTdZV0wwWm5TZXB6R2dTakV
IVVBFQ3FSb0tLbktzYTd1R0VQVk9SQkhPaW1wdGVTMmxnb2UzUkxLZUl2TjJzVEpDY0VQOWY1VFlZeUN
JT0N1NUtHRUNyelVxRVRKK0dRYk1qdm05RDdNVGRPcGhKTkJHOW1vVEtkSjF2blEyOHVnaXc5eEpTSXZ
0RFRCMzJYQzM5Ky9DQXJDLzRRIikpKSk7"));
?>
    PHP:
    The reason why I want to decode is to check what's being run and then edit if necessary.
     
    Last edited: May 5, 2017
    OH Pavel, May 5, 2017 IP
  2. OH Pavel

    OH Pavel Greenhorn

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    21
    #2
    any response from master?
     
    OH Pavel, May 6, 2017 IP
  3. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #3
    Without the decipher-key, you will not be able to de-obfuscate the code, unfortunately. Unless you start manually deciphering the content of the code - it is possible to reverse, but it will take quite a bit of work. Unfortunately, I don't know FOPO, so I can't help you there.
     
    PoPSiCLe, May 6, 2017 IP
  4. GameO.Over

    GameO.Over Active Member

    Messages:
    45
    Likes Received:
    7
    Best Answers:
    1
    Trophy Points:
    65
    #4 
    <?php

$data = pkgrab('http://m.egyoutube.com/ytapi.php?id='.$vid.'&site='.$siteName);

echo $data;

function pkgrab($url) {
    $agent= 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)';
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_USERAGENT, $agent);
    curl_setopt($ch, CURLOPT_URL,$url);

    return curl_exec($ch);

    curl_close($ch);
}
?>
    PHP:
    Does that look about right?

    Obviously I can't confirm whether this is accurate as I have no idea what the script is supposed to do?
     
    GameO.Over, May 6, 2017 IP
    qwikad.com likes this.
  5. qwikad.com

    qwikad.com Illustrious Member Affiliate Manager

    Messages:
    7,151
    Likes Received:
    1,656
    Best Answers:
    29
    Trophy Points:
    475
    #5
    If you had the cipher key it wouldn't be an issue. I assume you don't have it.

    http://fopo.com.ar/

    As @PoPSiCLe suggested, try do de-cipher it manually:

     
    qwikad.com, May 6, 2017 IP
  6. OH Pavel

    OH Pavel Greenhorn

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    21
    #6
    thanks gameo.over bro.it is
     
    OH Pavel, May 6, 2017 IP
  7. GameO.Over

    GameO.Over Active Member

    Messages:
    45
    Likes Received:
    7
    Best Answers:
    1
    Trophy Points:
    65
    #7
    No problem
     
    GameO.Over, May 6, 2017 IP