How to decode ugly eval(gzinflate(base64_decode
PHP, WordpressI just installed this great new theme, and i though everything is gonna be easy in customizing it. I don’t have a problem with keeping the authors link in the footer because its his credit and he diserve’s it but when he forces me trough this coded footer it becomes a problem. So i decided i want to remove this shit from my footer file. Where to start ? i didnt knew anything about gzinflate or base64_decode, so i googled after this things and came across this nice script that does all the job for you. As the author says a little disclaimer is needed so you don’t understand this wrong.
Disclaimer: I don’t condone modifying and distributing copyright files, this is simply provided so you can view the plain source to ensure your script isn’t doing anything malicious on your property ie server.
And here is the script and Link to authors page.
<?php
echo "\nDECODE nested eval(gzinflate()) from Taree Internet\n\n”;
echo “1. Reading coded.txt\n”;
$fp1 = fopen (”coded.txt”, “r”);
$contents = fread ($fp1, filesize (”coded.txt”));
fclose($fp1);
echo “2. Decoding\n”;
while (preg_match(”/eval\(gzinflate/”,$contents)) {
$contents=preg_replace(”/<\?|\?>/”, “”, $contents); eval(preg_replace(”/eval/”, “\$contents=”, $contents)); } echo “3. Writing decoded.txt\n”; $fp2 = fopen(”decoded.txt”,”w”); fwrite($fp2, trim($contents)); fclose($fp2);
?>
Now the first step you need to take is to save this code in a file named decrypt.php
Second step is to save your encoded file inside a file name coded.txt (make sure you get all the code, i noticed when working with notepad and very long code lines some of the code gets skiped, and you dont want that to happen as the script wont work)
And the third step is to create an empty file named decoded.txt
Now upload all three files on your webserver and chmod the decoded.txt file with 666
Next you need to run the decrypt.php file from your server like this : http://yourdomain.com/path-to-script/decrypt.php. It should display a message about the operation and say “Writing Decoded.txt”. Now you are done the decoded.txt file that was empty should now have inside it the HTML code that you need to place inside your footer.php file and edit at your needs.
Related posts
Thursday, February 21st, 2008 at 6:51 pm and is filed under PHP, Wordpress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
This is like veeeeeeeerrryyyy usefull, very very usefull :), withouth this script i would not manage to remove those links from my theme, thank you very much
Usefull resource, i dont get it why do they force us to keep their links and god knows what other hidded code ?, thats not ok with me, good job with this decoder
Yes, its a very good script, but I dont understand something. I tried this script, but I get an another obfuscated code in the decode.txt.
So, what can I do?
Unfortunately the script cant decrypt every code, sometimes all you get its just another scrambled code. Im guessing that happenes when the code was crypted two times but i dont know for sure and i did not find any solution on this yet.
Hey guys glad you are finding the script useful.
With the few failures to decrypt i have found some were resolved when the user sent me his whole footer.php file and i decrypted it from his original. So obviously some of the original was lost, or their text file editor wordwrapped and broke the code somehow causing it not to decrypt.
If this is happening another thing you can try is, get a backup copy of your encrypted footer.php and just directly rename it coded.txt without editing it or copying/pasting with your text editing program.
Then just upload it and run the decrypt script against it. If that works you will just need to remove the opening and closing php tags and re-save your plain source file as footer.php and you are good to go.
The one case i have come across it hasn’t worked, it appears an encrypt program was used that done “something” to the code before applying the regular Eval encryption.
Because they didn’t encrypt the file, they don’t know what program was used which makes it hard for me to reverse what’s going on.
But this should work on 98% of eval(gzinflate(base64_decode encrypted files.
Thank’s its very-very helfull
[...] http://www.proxyutza.com/how-to-decode-ugly-evalgzinflatebase64_decode/ Posted in: Misc By Vina [...]
[...] take a look to these links Decoding eval gzinflate base64_decode str_rot13 | Tangential Musings How to decode ugly eval(gzinflate(base64_decode | Proxyutza blog Decoding eval gzinflate base64_decode - Web Design & SEO Company cyborgworkshop.org
I followed your instructions exactly as you wrote them and made sure that I used to original footer file as coded.txt to make sure there were no inadvertent changes, but I’m getting this error:
Parse error: syntax error, unexpected $end in /home/itscoldi/public_html/decrypt/decrypt.php on line 14
Do you have any ideas of what I might be doing wrong?
please try to get the code for decrypt.php from the original site located here http://www.tareeinternet.com/forum/knowledgebase/274-decoding-eval-gzinflate-base64_decode.html
than rerun the script. If any other error occurs from PHP please paste the respective line in a comment here
Thanks a lot, the original formatting worked perfectly.
you’re welcomed Eric
i had the same error
and i copied the script from the webpage that u guys said
Parse error: syntax error, unexpected $end in /home/defenestrando/www/thais/wp-content/themes/nap/decrypt.php on line 10
its probably a syntax error, try and paste a few lines before and after line 10, here, to see where’s the error
Hi there,
I got a good one for ya…
Apparently it doesn’t work the decodign script you gave us.
here is the link to the file:
http://djinsanity.nl/decrypt/footer.php
Just type it in your url line, then view page source.
As you all can see I set the eval to echo so everyone could see the coded lines.
To decode you probably need to set it back again to eval…
However… I was wondering if you all could give it a try…
It dpesn’t seem to work for me, but then again… I’m not a scripter
Hope to read more about it soon :O
Greetz,
insanity
nevermind… I got it already myself..And actually even in an easier way then we all might have thought…
Next time if anyone has a coded footer.php file, just go to your weblog or what so ever, just rightclick your weblog and view source page.
If you know wordpress a little you might already know a bit how a footer.php file should loook like.
Welll…. Just scroll down to the bottem of the page and just copy past the things that you need
That’s how I did it n the file above (A)
GL & HF all
yes insanity, but what if your footer contains php code, while looking at the page source you’re only seeing the result of the parsed code. this could mess-up your theme.
normaly the footer is php code, and the endresult is what you see in the sourcecode of the website.
I just copied what was logical: div class=”footer” and so on.
Copied all that and just pasted that in the footer.php file of the theme. The result remains the same because the output is the same, but then viewed in normal html. The theme doesn’t see the difference.
i understand that but what i meant is that sometimes(it happened to me) you have a php code like wp_footer that closes something from above and if you just take the output you mess`up the footer.
could you give me a link of a template that has that problem.
I’m just started to make videotutorials so I could share all the info with everyone. And if I found a solution to that then I”ll make a tutorial on that as well
Mail me at insanity@mxinflict.nl
i think its the theme from the blog but i don’t remember exactly because it happened some time ago.
i am working on something now so i don’t have time to test it. We’ll leave it for some other time
Sorry
No probs m8. I’ll just make a video tutorial, and if you like we could work togehter on that decoding stuff.. It seems you are a scripter.. I’m totally not, how ever I can make video tutorials to what ever means
Let me know if you are up for that..
thnx
Thanks a lot for this! It would be very helpful once it works but I’m having a little problem.. i think my encrypted code is too BIG (the file is 151k) … i’m getting this error
DECODE nested eval(gzinflate()) from Taree Internet 1. Reading coded.txt 2. Decoding
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 53593088 bytes) in /home/vsmines/public_html/decrypt.php(9) : eval()’d code on line 1
is there anything I can do about it? thanks for your help!
Kerahna i think you need to increase the memory on your php.ini settings
Muito bom!!!
Parabéns pelo post.
Abraço!
Hey guys, i figured out anither easy way to decode footers. just replace the eval word with echo. now instead of giving the decoded code it will print it out. Now check your page source it will be there.
If you have a footer which does not have a eval function and have some thing starting like $o=”QAAA…… ” or $__F=__FILE__;$__C # then just run the php file as it is on server and them check page source!
but there are custom encryption where i can not help
More information:
http://www.karananand.co.cc/blog/2008/07/the-easiest-way-to-decode-decrypt-eval-gzinflate-str_rot13-base64_decode-or-__f__file____c/
Unfortunately that doesn’t always work.
What is the code was like 34 in word pages like I had?
Boaaaaa!!!
Greetings from brasil !!!