Base64 double coded... I got stuck

Hello,

Can somebody help me with a base64 decode because I got stuck on a "double coded" base64 eval. Thanks for help.

$o="QAAAO2NucSdka2Z0dDolZGtiZgQAdSU5OygBQDkNOzh3b3cnbmkAAGRrcmNiJy9TQkpXS0ZTQlcAAUZTTycpJyAoZWhzc2hqKQJQAKAgLjwnODkODQOUDQVCbmM6JWELgGhoc2IFIA0BwAVABoVha2JhcyU5AAQNRGh3fnVuYG9zJyFkALA8J4AEBzNiZG9oJ2Nmc2IvIF4FsDg5gAEBhGVraGBuaWFoLyBpZmpiAaIIADtldSgKoGYnb3ViYTolb3NzAAB3PSgocHBwKXBiZTVhYmJrAAApZGhqKCU5J0F1YmInUGh1AABjV3VidHQnU29iamJ0JzsoDQBmOScnBGQPAiMLQSc6J2Bic1hoABp3c25oaS8ga2V1WAFxBzAnCdJ0BDpzdW53dBNQb2J0LwMiECIQG2QCAHTuARBADiIO4DsKZQ5jDOd1dHQ1WHJ1awXxAAA4OSU5VHJldGR1bmViJ3NoANgnV2h0c3Q7KApwCmInBG8RRGRoagNsamJpc3RYBP8E+EQCZAUnDQUmE+hldQG2aGpoaWJ+KQVgE+FFAQQTE3sIZwNIYYGGFiBkYmtrd28DoBwwbmRidAQFF+JEk1IB0CdXAeF0JwSfG7diB7JkDNB1ZhwGSAAAaWtuaWInVGZxbmlgdCdGZB/5ZGhyDuAEkxeVJ5IXhCzcLUQAcijgHsJwdx1yEIJidS8b9WVoY34lAChvc2prIZAnAAAnJw==";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

Code (markup):

 

Just don't use it. There's about 50 more eval(base64's in there as well.

Realistically if you don't have 100% control over what scripts your server is running, don't run them. If someone builds a template or anything else that is good enough for people to link to them, then they wont include this resource eating garbage. Also, it probably includes a file_get_contents somewhere on there, so this person could take over your server and execute whatever they want on there. Even if that's not their intention, if their site gets hacked, yours just did also. May as well just post your ssh and ftp usernames and passwords all over the internet.

 

But I want to use this. If someone helps me to decode this php file I can use it without problems. Thanks

 

Just start at the top. Use a test.php page and manually decode each one as you get to the next level. You can manually echo out the content into a textarea to see what it contains.

 

I'm Stuck here:

$lll=0;
$lllllllllll='base64_decode';
$ll=0;
$llllllllll='ord';
$llll=0;
$lllll=3;
$l=$lllllllllll($o);
$lllllll=0;
$llllll=(ord$l[1])<<8)+ord$l[2]);
$lllllllllllll='strlen';
$lllllllll=16;
$llllllll="";

for (;$lllll<strlen($l);)
{
		if ($lllllllll==0)
		{
			$llllll=(ord$l[$lllll++])<<8);
			$llllll+=ord$l[$lllll++]);
			$lllllllll=16;
		}

		if ($llllll&0x8000)
			{
			$lll=(ord$l[$lllll++])<<4);
			$lll+=(ord$l[$lllll])>>4);
			}
		if ($lll)
			{
			$ll=(ord$l[$lllll++])&0x0f)+3;
			for ($llll=0;
			$llll<$ll;
			$llll++)$llllllll[$lllllll+$llll]=$llllllll[$lllllll-$lll+$llll];
			$lllllll+=$ll;
			}
			else
			{
			$ll=(ord$l[$lllll++])<<8);
			$ll+=ord$l[$lllll++])+16;
			}
			for ($llll=0;$llll<$ll;
			$llllllll[$lllllll+$llll++]=ord$l[$lllll]));
			$lllll++;$lllllll+=$ll;
	}

else $llllllll[$lllllll++]=ord$l[$lllll++]);
{
$llllll<<=1;
$lllllllll--;
}
$llllllllllll='chr';
$lllll=0;
$lllllllll="?".$llllllllllll(62);
$llllllllll="";
for (;$lllll<$lllllll;)
{
	$llllllllll.=chr$llllllll[$lllll++]^0x07);
}
$lllllllll.=$llllllllll.$llllllllllll(60)."?";
eval($lllllllll);

PHP:

 

Job done! Topic closed.