I have a problem trying to decode some code cos i want to see exactly what it is doing, i managed to decode the forst part of it but i think it is encrypted again or something, im not really an expert in this area, can anyone help?
sorry..... <?php $o="QAAADTtjbnEnZGtmdHQ6JWRrYgIYZnUlOTsoAUA5DQ4OAJcBECduYwHAOiVhaGhzYgIwAdAAMEB1YmJpZQAAYnV1fidjYnRuYGliYydlfgAA JztmJ291YmE6JW9zc3c9KAAAKHBwcCljaGt3b25pd3VoagAAaHNuaGl0KWRoKXJsKCU5JwQAUGJlJ0MD8ic7KGY5KydKZmMaEGInYQXABN8oBNJ iam5kBBhEZmtuHgBldWYFcQQkCcAIX3ApcG5rdGhpYQggbmJrYwf0ZGh1d2gDsGIoZHFmAAAqa252cm5jKmZjam5pKW9zQBxqCdBOaXRoa3Fia WQNcAnSBY9wKQAKdWhoYWVoaWMpZW59DSFVAQAnmyADoHJrCVINYQ0JMRWCDg0Vcw4ODg0NAEA7OHdvdydwd1gVky8uPCc4OYYAAhB laGN+AIEIUGs5DQ=="; eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKT skbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsb GwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsb GxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbG w9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsK ytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsb GxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxs KCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsb GxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXT skbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzY kQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?> PHP:
It's recursively-base64-encoded PHP, basically an attempt to obfuscate some code I suppose. I was too lazy to follow it all the way through and change the variable names (which are all like $lllllll and $lllllllll) to something easier to read. I would never run unknown code containing eval() calls on my machine so I didn't actually try executing it.
i replaced the eval with echo and the code reads this $o="QAAADTtjbnEnZGtmdHQ6JWRrYgIYZnUlOTsoAUA5DQ4OAJcBECduYwHAOiVhaGhzYgIwAdAAMEB1YmJpZQAAYnV1fidjYnRuYGliYydlfg AAJztmJ291YmE6JW9zc3c9KAAAKHBwcCljaGt3b25pd3VoagAAaHNuaGl0KWRoKXJsKCU5JwQAUGJlJ0MD8ic7KGY5KydKZmMaEGInYQXABN8oBNJiam5 kBBhEZmtuHgBldWYFcQQkCcAIX3ApcG5rdGhpYQggbmJrYwf0ZGh1d2gDsGIoZHFmAAAqa252cm5jKmZjam5pKW9zQBxqCdBOaXRoa3FiaWQNcAnSBY9w KQAKdWhoYWVoaWMpZW59DSFVAQAnmyADoHJrCVINYQ0JMRWCDg0Vcw4ODg0NAEA7OHdvdydwd1gVky8uPCc4OYYAAhBlaGN+AIEIUGs5DQ=="; $lll=0;eval(base64_decode("JGxsbGxsbGxsbGxsPSdiYXNlNjRfZGVjb2RlJzs="));$ll=0;eval($lllllllllll("JGxsbGxsbGxsbGw9J29yZCc7")); $llll=0;$lllll=3;eval($lllllllllll("JGw9JGxsbGxsbGxsbGxsKCRvKTs="));$lllllll=0;$llllll=($llllllllll($l[1])<<8)+$llllllllll($l[2]);eval($lllllllllll("JGxsbGxsbG xsbGxsbGw9J3N0cmxlbic7"));$lllllllll=16;$llllllll="";for(;$lllll<$lllllllllllll($l);){if($lllllllll==0){$llllll=($llllllllll($l[$lllll++])<<8);$llllll+=$llllllllll($l[$lllll++]) ;$lllllllll=16;}if($llllll&0x8000){$lll=($llllllllll($l[$lllll++])<<4);$lll+=($llllllllll($l[$lllll])>>4);if($lll){$ll=($llllllllll($l[$lllll++])&0x0f)+3;for($llll=0;$llll<$ll;$llll++) $llllllll[$lllllll+$llll]=$llllllll[$lllllll-$lll+$llll];$lllllll+=$ll;}else{$ll=($llllllllll($l[$lllll++])<<8);$ll+=$llllllllll($l[$lllll++])+16;for($llll=0;$llll<$ll;$llllllll[$lllllll+$llll++] =$llllllllll($l[$lllll]));$lllll++;$lllllll+=$ll;}}else$llllllll[$lllllll++]=$llllllllll($l[$lllll++]);$llllll<<=1;$lllllllll--;}eval($lllllllllll("JGxsbGxsbGxsbGxsbD0nY2hyJzs=")); $lllll=0;eval($lllllllllll("JGxsbGxsbGxsbD0iPyIuJGxsbGxsbGxsbGxsbCg2Mik7"));$llllllllll="";for(;$lllll<$lllllll;){$llllllllll.=$llllllllllll($llllllll[$lllll++]^0x07);} eval($lllllllllll("JGxsbGxsbGxsbC49JGxsbGxsbGxsbGwuJGxsbGxsbGxsbGxsbCg2MCkuIj8iOw=="));eval($lllllllll); PHP: