SitePoint Sponsor

User Tag List

Results 1 to 10 of 10

Hybrid View

  1. #1
    SitePoint Member
    Join Date
    May 2011
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    DEcoding encrypted information

    ok i have some encrypted stuff in this free theme i have downloaded.
    How can i decode this or remove the links to other websites. I dont want to be leaking google page ranks and having adsense code encrypted into the site,

    can anyone help me, i googled and found someone here who had decoded something similar.

    <?php if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) { function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E) { $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E); $T7FC56270E7A70FA81A5935B72EACBE29 = 0; $T9D5ED678FE57BCCA610140957AFAB571 = 0; $T0D61F8370CAD1D412F80B84D143E1257 = 0; $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3; $T800618943025315F869E4E1F09471012 = 0; $TDFCF28D0734569A6A693BC8194DE62BF = 16; $TC1D9F50F86825A1A2302EC2449C17196 = ""; $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E); $TFF44570ACA8241914870AFBC310CDB85 = __FILE__; $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB85); $TA5F3C6A11B03839D46AF9FB43C97C188 = 0; preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188); for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F { if (count($TA5F3C6A11B03839D46AF9FB43C97C188)) exit; if ($TDFCF28D0734569A6A693BC8194DE62BF == 0) { $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]); $TDFCF28D0734569A6A693BC8194DE62BF = 16; } if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000) { $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4); $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4); if ($T7FC56270E7A70FA81A5935B72EACBE29) { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++) $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1D412F80B84D143E1257]; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } else { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } } else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]; $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1; $TDFCF28D0734569A6A693BC8194DE62BF--; if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F) { $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196); $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?"; return $TFF44570ACA8241914870AFBC310CDB85; } } } } eval(T7FC56270E7A70FA81A5935B72EACBE29("QAAAPD9waHAgIGZ1bmN0aW9uIAAAdGhlX3RyZW5kX2NhdGVnbwAAcmllcyAoJGVjaG89dHJ1ZQAgKXsgICAkcG9zdAIRID0gZ2UwgHRfA1EC9HkoKTsCIGlmIChpc18CIGFycmF5KAL2KSk6AcAgZm9yZRgIYWNoBXAEhmFzICRucGMCAyAkbEMgaQYAdGNbXQYQAYEtPgXwX25hbWW8/AXRIAnwBEQA8QDgaWYAkQdRCqIEcwtBBLcwXYQOAjFlbHNlCEJyZXR1cm4B/QWhBMJ9wngKghFVYmxvZwfRICgP8wEGD/MA8WluZhQwbygiAlEiEBIkZXhwC9AAYGxvZGUBxCgiICIsICQCkQIxAiN0b3QCIGNvEgF1bnQWEHhwAWNsYXN0d29yZAGwyMANkAGZZWYDAWltcAUnFgJfc2xpY2WEcAKiLDAsIAUYLTEpBVIQpAQRLiAiIABzPHNwYW4+IiAuD/AG5QGAPC8BgxKAQCB9D/pyZW1vdmVfbRtwX2xpbmsAECgkY29udGVudCkgIOEgZ2xvGCBiYWwhYwPQICRtYXQd8D0gcHJlIABnXwDSKCcvPGEgaHJlZj0iKAIpLispIiBjDpBzPSIFUS0FUSI+AYEeei9pJxKABfQAoAPSZXMMYh3yARIHhCQcUF8IA2RhdGESwHN0cl9yZXBsYRChAlIADWVzWzBdLCAnPC9wPgVYBLIgBMEEC3Nob3dfKCJpbWFnZSgp5CAFYCGy2ygAgAXjLgRQC9UnE2EGBTFdAOAnDM9zIiALYmlkPSIuYGQOAgZRLQOiAKI+SUQDg3QACWl0bGU9IlJlYWQgTRXgIj4AtgVxPC9hPicU0SArNiAJEAmbAgNuZGkv8vgAG1ECNRQkAhABYGFkZF9maWx0ZXIodP0nOrIb4xFQJx29JykDMED4Ek4fER8OAmFJFEHgohiQQQEOYV9tZXRhP7MtDxAsICICYS37BBayMMBEwgbBGKEkAbEEEj09ImZhOkAiKf/DKCEM5AEiAsEBSAQBATAN4AroDdF0YWJfBlJF8AhEdz04MiRQaD01NwBwZGVmCgAiTiUCbyAGsiBGN6BkCLAka2V5PScDQif7Mz4CDg4BwgPADc90DcMEMSwgCUEUAiRnAtA+0RAQZGlyHqAidGh1bWIuVpA/c3JjcAE9N5IFMzdgJmFtcDtoPSRoJmEAkAIEdz0kdyZhAJB6Yz0xJmEAkHE9BHUxMDAmYQCgbm1UA8MMkA+wID1jZwCw2AEQbxUQclmAJgEoJGxpbWl0PTI2EECbDQNBPTEAkCezJw8TGEFlbXB0WrABgikQcjgGICQA0gywNdBpcF90YWdzKBYyBXInPwgnLAAwGcJGYwhhBKEC4GxlbigD4yk8Pd4OCAMFMn0s0SQxBc8FwHN1YnN0PHcGvyGQKUPHLDSALi4nLAVkFwIHpV/SPT0xBsISBAxCvKgSQCAHxyV0ChMBsiAgBDEgcGZzCKNlbGwRxmlwc1Wwc3RyE0ANYEejaWYoASAA8ChEvCQAgCkgPlSQZW4BwyABMRNBBDICEiwgoh9ZcCQC8C0zKSDxLi4uIgd0PUYEgAEwCGKAHy0cbmV3X2V4Y2VycGJwHLMhIA4yHOEveSBzBpJfCsUqQROhAzUpC5EgERKmDnd3cF0AoCp2oHBP8HNfdHdlYWszYGGAonMMQCfJvxPSAkA9JgaxPTAi8zhwJAMyAjAEOgPXBtICU+CPgFMCsGDic3BsaXRg4FxuL0gAAiMC02uC/UACcACCQ5AJQm4SAgNpAcAwEkAgd2hpbGUA3CAoICRpIDwgaLB0ACAXxAmgADAkZRgabyAuZ+RhRScvPGxpIGYxZocnATEkaE4xYeOO43kK41skaV0aslxuGqIFUAAxJBcJaSsrCCF9ANAREWGAIS0tUAqhIFQT4Rb/LS0+KfAgCBIB0y8B7APwA+EEECbWGuGPEo5A9/+XJBjGATcfEiQBBAp0ESAVXxEwDMOboBOjFSICwACC/8h70AHzBEQCMxXfFd8LQAAwPiF9nHVsfOQoXCcLc3wiKWMaAGSkMADjL30jB0oV8CsxFhAbav7gE2MbfxtwgsMFAxwxAKM+BbIcUgITJDFoYXNBey0H8iAkMiQzHZ95B6AHgFdwHZt9dmKM4+/5DkAANBxyPRUGExQEMTxhBC0DVLHgImhGtCc8IoB840MQQxlwIt8i1AI/PicjI3xBOZMgKCc3VSDk/j8FIDTAfbIkjz1AfVQEPWZvb4EwA6EFAADTJ4MDAtCEKfYB3CCwQj8+DQoAAAggPGRpdiEUImMA+mxlYXIiPjwvAUADPxMyAc8BciABjyD4DAFOAk0JVwhZDcFBZHNlbnNlCL8CmWNvACJweXJpZ2h0Ij4mAME7IEMBJSB6OTzSkj9ipzC9IFm+kD8+IK12AhhYQW9w1QECBCgnaG9tZRURPz4vIiAgVRI9ItPoAsOCIWnDgSduzaACUwoQBpIBzz8UYGE+LgIAIEFsbCBSClFzIFJlc2VydmUAJGQgfCBEZXNpZ24AsGJ5CTdodAQAdHA6Ly9GEG1lcy5yb2NrLWsAwGl0dHkubmV0COAI1EZSRUUgV8CCxzBEwHNzIFRoZQLgIiB0YXIMgD0AcCJfYmxhbmsiPgJ/AnCqcSBhbmSAAQdOd3d3Lmplbm5pbmdzLWYF0AAALmNvLnVrL3VzZWRzYWxlcwBAL3N1bW1hcnkvAdFmb2N1cy4MdGFzcHgHgIXhPSJGA0CaMAGAIAIgIFP+QANAAcAJTQJfCSEheQDFDQoAqHNjcmlwdAgCIHR5cLfwdGV4dC9qYXZhAWMiXAEgmlI8GHIfAhjBZGlyOz8+anMvMYULfXMuanMa0C8DUy3APACjBV8GsQVfBVpIFDAAP2VsR290aGljRUYFrwr/Cv+l8I8zBaqHcC/BYmFsbAVODfKPcySFsGHwdsIgKDIsAOA0LDYsOCwxMGGygucFgV9zZXR0hXodQF93YXIdwShcMyQmMgHVg7EjsF8wNCB+ASIDoQOQA4DRoAViZGJpc19hZG1pbgRQCO8mJiAhAPFycmGoUSgxBOYpfeUY0jRQQIDiiETw1jFPQW1lLQjUJ0dkJ3VwOjFkIGYAAGFkZSc+PHA+PHN0cm9uZz4CAiIuX18oJy4iIGlzIG5vdPLwbgQDZmlndXIzsHlldC4nKS4i8JAC8wAQICIuc3ByaW50ZigDgVlvdSAI4m11c3Qu1yUxJCBQ1tAEMyB0aAVgdOl2C+EocSuSaSZwbyD9IGsFwNBgAeJzwNKUQT2j/BHBLRKjcyIpB9EK8FLyUHGH4oMQADBb9ygnt/ATcl8L8P+Qc1whBGETFRnFRREEQAOPaW5pdMm2A1H54GlzYDBfdAshA/VzA4IudSACXyABc/wAG0C8ggYQbyAEGyTAJF9SRVFVRVNUW2WfJwmxH9QnXWzQIJ9SAkJHRQIAEGEBlG4UdzD88AP3AUMCEwbQI5IEJD0gJaIT5iKFAkInU2F2EO9lIFMq83MnID0FYATDAnUgInMqf0sw4XHGIQ1bK3IgIGj6wPSAIkxvd9Bpb246H0DicFMBHR8B0HMmcwhQZD3hkWLgC/AgIGRpLXBlKATDfdDRCsNSXJB0Ct8EMArWZGVsZTzjdGUK3wrRBQMJ3zogIpIJzwWQcyZyB1EJz/6AGjFBgidACyAAYwCQyXttCLVzX2Nzc19qp0IhFD9QknR5uhBV2AIgIgGQCS5tZfnwbwCAeC1ob2xkZXKXAA0KCQl3aWQAAHRoOiAzNTBweDsgZmxvYXQBmzogbGVmdDsB4WJAZ2kWcAHScCzQRGAnYDogAOAgMQBRAEQCsX0C8AYtLnBvc3QABWJveCAuaW5zaWRlIHsCUAkEf/XMBHEFAQSGHeBPfCJzCmAKI9dgJTsgEHfBOjEAADg0cHghaW1wb3J0YW50OyDw/wfiA2YDX4VgOjEzMgNeRtES8BHwZyMXshbyFxgkB3NwUqBkX3DQdG9tX2JveDf06JBaBsTH4lA84HMoIEHgZF8WoQKRJyApWjMFMhPw8ToBpgKQBXAFN19zcEFQIlATECimMHAnAlBpDBZubmVyB+gCsGFuaXNoAwAnFhEAgW4F/m9ybWFsAKFoEhAHcCSCB2AkEAAwDNsFH3DH2QUSDXRnbG9rQEKQCMAEcV+SJ3YViPBndddAEAQ9ImpwZz5qUXVlcnkoIoLQbSPACAlRVNBhdHRyKCJlbmN0fpAiLCIAS211bHRpcGFydIdRbS1iUGE5cBgg8Ah2ArayCxB0Yyc8aW5wdXQgA7E9ImgBIGlkZGVuIiCakT0iETBub25jZbDxAOEiaIEBLHZhbHWFkOCxBQC0EGNyZb/QwRFbEANQKCBwbHUtMF9iYakwYW1lZcACBkZJTEVfX26RLiAnIiAvCL1hMGwMYGFiZWxlIZkgbm92h7BtRE5vIG9mAMggVmlzaXRzOrIgAXQ8LwMiPjwvdJBwBOMUVI7hYQjwIHM6YT0iLcMgOTUlGdU7aGUboDfAMjU4kA2DCzB2D2VfFWEt5FJ+AGW9QA3hfmEBYSVS+0Bvc3QtPklELCD4hyFyAsUhUFAh9REnPC8IFT48YnIOoABjzmH2wBKwADEKhA88ZhQQelFfq1IP51Nob3cgSV4pbSDwPwSjHOB70xAfY2hv1oBzVJBjdA//6VYP/R3RFsBzBhAtaQYRIhSKb0HiIB60DgEi/FgMUgvyEY8RhQT3EWU9PSID4j+iQAmyZWQ9IDBcIgpjZWRcIiI6IoBiBZInPlllGj9zPC8H0wkPbgkFZmFsztAJHxqfCR8JEAPzkb8JL2N0CS8+Tm8JHxaALwwzHn5A0kD7cmEl4sMBOSEkc19pZCxAE0v4IGlmICggITUQAwZ2ZXJpZnkp4DUSJF9QT1OEsDmJJy71XSw2n182lgVj+fQkLEErkUbRCgQgBtMnifLpgIPiBlQCwV9BYSddedUJc2N1cnJlbnRkH1/OMFLQYW5WEGVkaXRfBCIM1AZRWSEukL5/B88gX8CBQWPQAgAFX19jBVg2sCQgC6YFXyciDRrE3wVQADYkbXkW0VsnDPE6ll2ZchTTGRIBpwSh/gQDViNYAzoBiQMRBvZZYGVhY2ggKAQ0IGEAHXMgJGtleSA9PiAkNEIZExdhKB+DOEwtPgmxFqIX8SdyZXZOQG9uZbCpUHR1PAVybgYjA/MLkHjQbG9kZSgnLBGQKMziY8ApAdOSBGlmKDmfEnIZ4AjQLCBGQUxTf5VFcxeiFAiCdREpsxxBAxUGCX0gG9cgl6BkFCL+vzcuD3ED8A9TDDInIgnQIQTkIJ7EB49VoAPxDQMDcvc/AFIWcX2xrgMogBDVYAeQbnUQoHwRAdF+p74SATH8IAMFOAYC9AEGIjEBQDEsIDIHQj8+")); ?>

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    If you cannot figure it out even tho it really is not that hard. Go to the place you got it and ask for them to decrypt it otherwise. WE CANNOT HELP YOU.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Member
    Join Date
    May 2011
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    its not that hard if you know, but if you dont know it is that bit harder.
    I know is obfusicated somehow, but im not sure how to deobfusicate it, ive been searhing and it lead me here.
    Few points might help, not asking you to do it for me unless you'd like to .
    Any help is appreciated

    Thanks

  4. #4
    SitePoint Guru
    Join Date
    Aug 2009
    Posts
    669
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This really isn't the best of places to be asking. Most php coders here want to protect their work so if they go to the lengths of encoding it then most people here will have enough respect for their fellow programmers to not help decode someone elses work.

    If you'd worked long and hard for months on end to create something would you want someone else stealing your work?

    You either need to ask the author for a different version of get creative on google because i very much doubt anyone here will assist you.
    I'll do anything to avoid working on my own code

    Are you using: if (isset($_POST['submit'])) ?
    IE has a bug and does not always send the value.

  5. #5
    SitePoint Member
    Join Date
    May 2011
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    but what they have done is sneak in google adsense banner and a link to someone else's website for SEO, so it makes me wonder what else is in there, just want to know how to decompile it

  6. #6
    SitePoint Guru
    Join Date
    Aug 2009
    Posts
    669
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well that is clearly their choice to do so. Thats the risk you take using other peoples code i'm afraid.

    You're telling us about this google banner but we have no proof of this and for all we know you could simply be using this as an excuse to get help in decoding the code. For all we know that code could be from your competitor.
    I'll do anything to avoid working on my own code

    Are you using: if (isset($_POST['submit'])) ?
    IE has a bug and does not always send the value.

  7. #7
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It might be base_64 encoded. You should not be using this theme. You're executing code that you cannot see the function of and for all you know it's stealing passwords. There have been a few blog posts about how most of the themes available via sites from the first page when you Google 'Free WordPress themes' have these security issues.

    Delete the theme and find something reputable. Seriously.

  8. #8
    SitePoint Member
    Join Date
    May 2011
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i dont have any competitors im making a site for a local football team for the local kids, as they have asked for help, they really like this football theme.
    I didnt realise this was encrypted / obfusicated untill the theme was up and in the source of the page it clearly has a space for a adsense banner.
    I know you probably dont want to help me, all i want to do is sort this website out for this local team, they are good people. If i had of know it ws going to be hassle, i would have told them but they really have thier heart set on this theme.
    I've been up for the last 4 hours googling this, but i just cant find anything to help me decode it.
    all i want to do is convert it to unobfusicated and remoce the bad stuff.
    jsut a ferw pointers that may help?
    As i said i would really appreciate it, im not a web developer i dont run a company, just a person who is trying to help set this website up... as said, im not out to hurt anyone or cause problems, just asking for a little help

  9. #9
    SitePoint Guru
    Join Date
    Aug 2009
    Posts
    669
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When you say 'theme' what do you mean?

    Is this a plugin for something like wordpress or just simply a html template with graphics and images?

    If its the latter then in theory you can delete the php completely.
    I'll do anything to avoid working on my own code

    Are you using: if (isset($_POST['submit'])) ?
    IE has a bug and does not always send the value.

  10. #10
    SitePoint Member
    Join Date
    May 2011
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    its a football wordpress theme, not a plugin.
    this is based in a file called blog-cms.php
    when i delete the file it removed the sidebar and also changed the fonts and stuff about


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •