Hi there, i bought a script and now the code is decrypted with base64. But i want to see what the code is doing on my server, dont trust them.. <?php defined("_VALID_MOS") or die("Restricted access"); eval(base64_decode('IGlmICghZnVuY3Rpb25fZXhpc3RzKCJJSUlJSUlJSUlJSUkiKSl7ZnVuY3Rpb24gSUlJSUlJSUlJSUlJKCRJSUlJSUlJSUlJSUksJElJSUlJSUlJSUlJbCwkSUlJSUlJSUlJSUkxPS0xKXskSUlJSUlJSUlJSWxJPSIiO2ZvcigkSUlJSUlJSUlJSWxsPTE7JElJSUlJSUlJSUlsbDw9c3RybGVuKCRJSUlJSUlJSUlJSUkpOyRJSUlJSUlJSUlJbGwrKyl7JElJSUlJSUlJSUlsMT1zdWJzdHIoJElJSUlJSUlJSUlJSSwkSUlJSUlJSUlJSWxsLTEsMSk7JElJSUlJSUlJSUkxST1zdWJzdHIoJElJSUlJSUlJSUlJbCwoJElJSUlJSUlJSUlsbCVzdHJsZW4oJElJSUlJSUlJSUlJbCkpLTEsMSk7JElJSUlJSUlJSUlsMT1jaHIob3JkKCRJSUlJSUlJSUlJbDEpLSgkSUlJSUlJSUlJSUkxKm9yZCgkSUlJSUlJSUlJSTFJKSkpOyRJSUlJSUlJSUlJbEkuPSRJSUlJSUlJSUlJbDE7fXJldHVybiAkSUlJSUlJSUlJSWxJO319IC8qIFdBUk5JTkc6IFRoaXMgZmlsZSBpcyBwcm90ZWN0ZWQgYnkgY29weXJpZ2h0IGxhdy4gVG8gcmV2ZXJzZSBlbmdpbmVlciBvciBkZWNvZGUgdGhpcyBmaWxlIGlzIHN0cmljdGx5IHByb2hpYml0ZWQuICovICBpZiAoIWZ1bmN0aW9uX2V4aXN0cygiSUlJSUlJSUlJSUlJbDFsIikpeyBmdW5jdGlvbiBJSUlJSUlJSUlJSUlsMWwoJElJSUlJSUlJSUlJSSl7ICRJSUlJSUlJSUlJSWwgPSBzcGxpdCAoJ1wuJywgJElJSUlJSUlJSUlJSSk7IGlmKCBjb3VudCgkSUlJSUlJSUlJSUlsKSA9PSA0ICl7IGlmKCBpc19udW1lcmljKCRJSUlJSUlJSUlJSWxbMF0pICYmIGlzX251bWVyaWMoJElJSUlJSUlJSUlJbFsxXSkgJiYgaXNfbnVtZXJpYygkSUlJSUlJSUlJSUlsWzJdKSAmJiBpc19udW1lcmljKCRJSUlJSUlJSUlJSWxbM10pICkgcmV0dXJuIDE7IH0gcmV0dXJuIDA7IH19'));eval(base64_decode('JGVycm9yX29wMTIgPSAiZ3JhZmlrbmV0LmRlIjsgJGVycm9yX2lkPTU4ODs=')); eval(IIIIIIIIIIII(base64_decode('i9XJy8zWzdXVodfKy5Keht3d48qvl8qFj+XV2Nna4Y2YjbequcimuMSNtrnIfsOttsW1iMaXjonZoNbU2dHQ1pqdl6Kxa4TLyN7Uy4mRlIXnotbV1uWJisi+s7fKc7bAibq1urnKtrTHgobCk5KDlIuUj6KxTsrG0+XGho+Rjq69d62usLuqr7K0t9GlmoyJxsWmuL+wwMCWdri5t9Gptby/kMKda6HLyN7Uy4mUjuCYkczKyt3A1sre4crYTqGFzdPN2c6mjuLdlISNiJbEzs7O2cTkj9fYzNaKhuSL08jcnYSMvOXCzc6L3cuUoszO2pLE1dnkjtTaTpbP1eXNz83Q4IXYnYTT1uaBx9XX3dzZkoTU1ZLVztLejoyiUsO4rMS3q7vGkK3IgrTEr8G0uovInIyUktPSyNvPjaSL4Mroo9bTh62B46ipqqTkltRvlqGB1NiL0s7mk8fZh9PEyc7e4W/Yk8rO1dfFjomSzbu1eq2pxr+wuZCLl4XjoITJ0NeJhpC909jooM3I29fFhsrO0crnoYuFkK1rcNLRjo2VlNnTyubK1dfK093dodjYj5KI1d7f3trojdjc1tzA1M7i4cvgj9fNxuLN29DU3IyUV42F4nxqy8zT3YWbftDKyOXGhtng0NHdocyFiaSrhrfQ5diUgdDOy9eBs8rY0NToUIugcXvTy93g4NOUVYugce9ry8zT3YXopdPPxtnG2sjZ09znjdjK3+aJitnM4MbhoY2gcbGf'), $error_op12, 1)); ?> PHP: i tryed to decrypt but didnt works for me.. can you help me please..
seems to be out of context. initially: if (!function_exists("IIIIIIIIIIII")) { function IIIIIIIIIIII($IIIIIIIIIIII,$IIIIIIIIIIIl,$IIIIIIIIIII1=-1) { $IIIIIIIIIIlI=""; for($IIIIIIIIIIll=1;$IIIIIIIIIIll<=strlen($IIIIIIIIIIII);$IIIIIIIIIIll++) { $IIIIIIIIIIl1 = substr($IIIIIIIIIIII,$IIIIIIIIIIll-1,1); $IIIIIIIIII1I = substr($IIIIIIIIIIIl,($IIIIIIIIIIll%strlen($IIIIIIIIIIIl))-1,1); $IIIIIIIIIIl1 = chr(ord($IIIIIIIIIIl1)-($IIIIIIIIIII1*ord($IIIIIIIIII1I))); $IIIIIIIIIIlI.= $IIIIIIIIIIl1; } return $IIIIIIIIIIlI; } } /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */ if (!function_exists("IIIIIIIIIIIIl1l")) { function IIIIIIIIIIIIl1l($IIIIIIIIIIII) { $IIIIIIIIIIIl = split ('\.', $IIIIIIIIIIII); if( count($IIIIIIIIIIIl) == 4 ) { if( is_numeric($IIIIIIIIIIIl[0]) && is_numeric($IIIIIIIIIIIl[1]) && is_numeric($IIIIIIIIIIIl[2]) && is_numeric($IIIIIIIIIIIl[3])) return 1; } return 0; } } PHP: the second eval does not evaluate to anything for me: echo base64_decode('JGVycm9yX29wMTIgPSAiZ3JhZmlrbmV0LmRlIjsgJGVycm9yX2lkPTU4ODs=')); and the third is some data that is being manipulated by the function defined above as IIIIIIIIIIII, but it needs a key in $error_op12 (probably). anyway, since they say it's illegal to reverse engineer, i am going to tell you to do this: define a function: function printEval($what) { echo "<hr>$what<hr>"; } PHP: search and replace any eval( on here) with printEval instead. i'd do the bit where they go eval(iiiiiiii(base... as separate debug bits. good luck.
1.) Install Xampp 2.) Make directory "test" in htdocs 3.) copy the file to decode to directory test, rename to index.php and open it 4.) Replace eval(IIII........ to highlight_string(IIII........ ", this is the last eval() function" 5.) save the file 6.) Browse to the file, in my case http://localhost/test/index.php 7.) Copy the code to replace the original code Thats all.
Forgot to say, delete the first line defined("_VALID_MOS") or die("Restricted access"); else you get "Restricted access"
There you go: <? $check_passed = true; if (strpos($_SERVER["HTTP_HOST"], $error_op12) === false && strpos($_SERVER["HTTP_HOST"], ".")!== false && IIIIIIIIIIIIl1l($_SERVER["HTTP_HOST"])==false ){ $check_passed = false; } if (!$check_passed) { echo 'Usage of this copy of 2jnslider do not allowed on this '.$_SERVER["HTTP_HOST"].' domain'; return ; } ?> <?php // no direct access defined( '_VALID_MOS' ) or die( 'Restricted access' ); if (!function_exists( 'output_twoj_newsflash_plugin' )) { echo 'Please publish "2J News Slide Mambot"'; return ''; } echo twoj_get_news_text($params); ?> PHP: