Help me Decode 1 FILE ?

erkan · Jan 17, 2012

Functions.php

PHP:

<?php //0046b
if(!extension_loaded('ionCube Loader')){$__oc=strtolower(substr(php_uname(),0,3));$__ln='ioncube_loader_'.$__oc.'_'.substr(phpversion(),0,3).(($__oc=='win')?'.dll':'.so');if(function_exists('dl')){@dl($__ln);}if(function_exists('_il_exec')){return _il_exec();}$__ln='/ioncube/'.$__ln;$__oid=$__id=realpath(ini_get('extension_dir'));$__here=dirname(__FILE__);if(strlen($__id)>1&&$__id[1]==':'){$__id=str_replace('\\','/',substr($__id,2));$__here=str_replace('\\','/',substr($__here,2));}$__rd=str_repeat('/..',substr_count($__id,'/')).$__here.'/';$__i=strlen($__rd);while($__i--){if($__rd[$__i]=='/'){$__lp=substr($__rd,0,$__i).$__ln;if(file_exists($__oid.$__lp)){$__ln=$__lp;break;}}}if(function_exists('dl')){@dl($__ln);}}else{die('The file '.__FILE__." is corrupted.\n");}if(function_exists('_il_exec')){return _il_exec();}echo('Site error: the file <b>'.__FILE__.'</b> requires the ionCube PHP Loader '.basename($__ln).' to be installed by the website operator. If you are the website operator please use the <a href="http://www.ioncube.com/lw/">ionCube Loader Wizard</a> to assist with installation.');exit(199);

?>
4+oV54cTbg6/OckMKYy3WYUcQ7VKGrvCxNwdY/+9YjIzMlmIgvKCuTdQ81YmDt9KQ5ma8YYH7AqH
qkEVLzQZAw93vYcZxNIjpkyMH8pCFNTWs7/GUD/3zM+/TkmZf+Me6TlGPNkZHxgOHS5TAQnB80Hh
1FG8uwyfMxdOmcQEKHu7TUVO/UOZ68BmxeqP0/tGtKUGiKOZM55np2Ui8ICdrpZtC7ksxRQO8ZVw
hOpV3HwkjDMdDO7dS2tLJzg8l1ZEhXcknnTE6EDA+5BePOMi90vhNvfDQxbC/kFnQFzkO49jttY0
l8sLGzHx5432vmOkHXINREdgfWC7HLLfinadB+ua/kDThqjdpMJgAdmD3/28CGHiuQFww8L7Gaah
2PRI80ELIlnf16cjCdJko1v4e1b5QuGb84oRnZ/EhvRpJB6edlsarJha3lbC9ly3CM+g5jjabNUq
qNfuhCfucWc/+7GD+COQaXd9J8NZo3hOzyw8T75FX4CaqYixOqw02XmnJPziciBI8MlDpwsnOtiz
W2PyRx3ACc9wHNDuLE1ql3e1zD1aJ0ZwGQ//3nkPrn5kRdkLLf9hQfclyYQQAYrdi1AghYa1xtXM
PcFVum/gPkAq5/n425dR2knIs+fjh+HTtUpygfYGrS4ZYf7s0rkw72LD4m9t/H+uaaa+sbc5QebX
1/yHKAZA2ceIHUPDWuupf8beeItozt2HVKRxnu+dmwOf0X6dPAb0PVMQlroRVt40dr9Bh1eLtAqR
cjD7eFoQ/KCiLrEqiKfsp7vSibSE8b+yDN3wdYSgIP8vwqrz7KGGGVciFMiqdVZDIXNZZ54OPPnW
VvWcUPv8FTLUh8OUMm8RhzU4vT1ZKHY0n2ADzmTFPAF2tm84pzioJUdwYpgRVlyFY9WuguKmqiT0
Qgcveqg3xBXC+NI7dgVoheQgjgzUKsea4Mchz3qEYVi7W03RDn1D9BzQS3dhFszBS3dI9ty6L4Pe
X48hdrHpe5govFEvor5X/RYLmqtdQFfugrQCgoNvPcxdeX/TbURvOSqaaaPTRCn5q3CltUHgOhSa
CuBfD7hyHFUCPMN6kLK7Wa85C9dzM5RFLuQLlyJDe7uL0jOjfwrQ1icvJatXPCDwwPl7dmTp7Srr
767VBGODBB+JpOSWpLE0Y168UwrzajrUg7FLcHcg4JkO1jynieO1QRlKkQgzvMBnvZgTUCIJQKDN
qHirHeeTRyhUKFjHqLWO2UoTPYm3WYOVAufzLIYbOjJLoPEEL77mohmqPUKCKQjPYFIJw/XOvX1D
stXrtH/QXQVxfjGiB2keN+a8MU9nOM4AEHYXZOe4KEkxS5RaYhaatKRrPd4LsJ2quSYBNXVEMHX6
PDGIJ0Sh/2QZK3ipc0X66rGvkClf1cTFqBqL6CH+SLkw9mHI8TRb5Igq0lOAJh3YYn/0tuTqR+QF
gYyr+ogFCr3zExxGb1v6UK2WnB4JcEkHNxFiQUX85vfzbnt1pxwu8wlgpRfj2I89Bs37LyRaxmQk
wdSh6Wd23e+O8sXqFIygn+h3q5R7Lam09Mbczd0aDjZbGxOU8/YgbwsPy6ekFXWrVc7IhYe76b4a
03ArdiHkzRMIqb+SQOMHJtdeFe+hAy/qaq2gRGDwz6jYdiyIIDxka9vt4z6juVoAeNUBy9gCkGID
Fz1XUYqMPGoLZZ3hGb320kaXopP4urQIq543C5DVwR14HrFWX4j342L2wnz/PSvxUQ75XU2sShds
AsbG+6Z1w62t3tvdBZjXtCa4Ax2+SuNGFledgf21f+8M2QwIkrvS/tn2QiKC5kIBg5NJbZi8cOy8
Y1YoiWgUnif+oj/7U92cMVjMel+rlwSVp8x2bFRK1aSw+PM/AIXmB/E44gVu2GUVcrCtee0/TZFV
v/axXHIHQIysmG7UHaluJUStl0sjRSOXcowV2qKQSkpEloN+9EQJxPUCQuwzkDSwkyGHzvObuBV/
UpEuLpKDmqTxYBA4aN1n6rFD0jY6ZURffr01UKsn9SJWgWgbcqF2t1tyggpdukry+5uxJBKnLVwo
/dXSowJLrgBGSOAmitW7z0n1c/R91w1Y07vRoHxC7egrZdsqDx+1zCODEAVXKJhjHdOUe1TrB8Hj
AuB7Mo+Jwot93AgJKOijofRZi2if/us7v0TaorJZ97ee5gJ8Gx0mZBsWdKrknCTKsmEEzkShwsga
aCUqJQ+1+UI6X/u9m/jXGhuScZkwnieCNVLzPKgCHpecOx/s2tiD54PKsrxd+5V7s3T76iM7sP/1
rAnIugo3y40x7B4KgYZpJm99jCYbnb18EGSqM4K6DthKAOMw6DhQ6mmgS2muWGt73lIdtCT8qt8E
lfDGlAdarXi+Hv060Iaw/meeZmcxs2iQS6az2s/l5vxYRuk9J1htKK7D99Piq+pzxmBSTi2KB8tg
pYjBDyx8nQr5Gkmqz4bCjb2nUO6QGZ1jy0Q2kGxAQ343MNMhVEajmb5xnO++fyZw2L/o2YoCSt0e
djyt2ZhhlIPE3+e/02YIqeK27fgKjQ7XmEd1Wug7LCrrjbedWyfh+KWi+fkSkfgzNflvFOjetI2w
Pcog64DKuHbHUHRhGM1MgIKXySOTEc9tzbLKWQzqix+Zl5cGrQTlUy5I4NyfuMeZ2TMq4fQQIuzV
DZkaEjeFgqQ6U7DmUxIrMIzWN7dEHaFrSXucYdmVb2yzSEam7521tblOJqhGwK8jNdJD5Y8MUTrU
QUpX7CCluSJsJ+3yWbnhpyuQgBTbz2y/obnaYhGgvQgzN8kOfEWSeJl2Z2xzdLWhp+Jte9a9iLjG
oGt1JvCOGPkx/NmzxZxz3/ZNBg+14q8NtNjWJ+GlPlC3dzRS5Xh1dOZod8kT1VEWjELvJbkrThJi
89kXyFAE8Bui8QyOrWaJ47HQLGQSpWhNSIBicba+RykkBksiosp/ELfDSA6rHXBjWynypihxdh5/
bF2F4SPFMYV8YlV3yu8XfAjT6UbEDj5nmues6ovqq0CK25t2QqGh5IKMp+jXTxJXURO2fVBA66Gx
Uo+5gZR6e8/F1rW3fI16wKPB7q1mahVxTPKTfMNwC96v7/vCs30qPW7VeFbmxp7SeKQBm32o6C1r
ojO2cn5EC9Ht/6ZBPrvecZAm+FdUYKmisB80d/WWjyn3d2Dcb7nLtzLGhbJw4COk51HqJ0NUZXWI
wY8pgv9Y7QgBVLpYsptl/8lxB0xj5BmtzEp5gP0k4lVHMgdHMO0pGKOp765bjFybzzZLWf4Ahihi
a732jGhyZiX8I0MWxNTzJCnFKkF2aWeXgQekPj6vmzfd1qMQrDaqSL5U8iRLJi9qSNHy15nBye4V
l7+2nywHPfUwc2WVu+O+OkEHntZ9iq5i2+ldP8qcDOowksJd5WAJCbppaO1oPGRsxPKdLzyc5v64
L/KCjsQc5def2tB1aLqTEpyuN4uNXeno4dXwjeLT2t/YeQtn02VxEnoH7BHQdcpb

Tango · Jan 17, 2012

Wasnt this deleted earlier?

erkan · Jan 17, 2012

no ? Why

zencoding · Jan 18, 2012

U can upload it as a file that i can decoded for U,the content you post hav too many errors.

l0calh0st · Jan 19, 2012

PHP:

<?php
class JavaScript
{

    public function parseTemplate( $jsTemplate, $varNamesArrayName )
    {
        $GLOBALS['tmpvarname'] = $varNamesArrayName;
        $jsTemplate = _obfuscate_DQENMT8BCzQkLghbGB8IQUWPzwPhEÃ¿( "/(\\<([a-zA-Z_][a-zA-Z0-9_]*)\\>)/iU", _obfuscate_DRMNGTwqHR8VKgIZLRs5Gz8mDgxbEgEÃ¿( "\$o", "return Javascript::getJsVariable(\$o[2], \$GLOBALS[\"tmpvarname\"]);" ), $jsTemplate );
        return $jsTemplate;
    }

    public function getJsVariable( $varName, $varNamesArrayName )
    {
        $r = "";
        if ( !isset( $GLOBALS[$varNamesArrayName] ) )
        {
            $GLOBALS[$varNamesArrayName] = array( );
        }
        if ( isset( $GLOBALS[$varNamesArrayName][$varName] ) )
        {
            $r = $GLOBALS[$varNamesArrayName][$varName];
        }
        else
        {
            $r = ( );
            while ( _obfuscate_DRomDhFbHx03LxUnDjAHJB0aMAw3CwEÃ¿( $r, $GLOBALS[$varNamesArrayName] ) )
            {
                $r = ( );
            }
            $GLOBALS[$varNamesArrayName][$varName] = $r;
        }
        return $r;
    }

    public function genJsVariableName( )
    {
        $human_vars = $_SERVER['pdftiff']['human_vars'];
        $w = _obfuscate_DRk9FT0fAywxOQ5bQDQBBxABWwUkQAEÃ¿( " ", $human_vars );
        $o = array( );
        $badChars = array( "([ ])", "([^a-zA-Z])", "(-{2,})" );
        foreach ( $w as $i )
        {
            $i = _obfuscate_DVs8CzASGTw9XAkdEh8AjAvJgQ0NBEÃ¿( $i );
            $i = _obfuscate_DRUSND8kEiE8KCM7ChgyEFwxBQMrGzIÃ¿( $badChars, "", $i );
            $i = _obfuscate_DUAChMkNBIpMycFKTE0JSkBBS8BCREÃ¿( $i );
            if ( _obfuscate_DQUKDz4LLhwXMRYlDzMvDikHHBwYKyIÃ¿( $i ) <= 6 )
            {
                $o[$i] = 1;
            }
        }
        $max = 1 + _obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETIÃ¿( ) % 2;
        $i = 0;
        $var = "_";
        $o = _obfuscate_DR4HCQ4OAw00HDsPWykQDgwQGjESDiIÃ¿( $o );
        $badWords = "as namespace use false null true boolean final short byte float static char int double long in for if or and";
        $badWords = _obfuscate_DRk9FT0fAywxOQ5bQDQBBxABWwUkQAEÃ¿( " ", $badWords );
        while ( $i++ < $max )
        {
            $s = $o[_obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETIÃ¿( ) % _obfuscate_DRAxBQwdBxskCygsEhQtIzAOJBUtNAEÃ¿( $o )];
            $s[0] = _obfuscate_DRYCGzgRBRAfNiosBgYMO0AnXCQsBjIÃ¿( $s[0] );
            $var .= $s;
        }
        $var[0] = _obfuscate_DUAChMkNBIpMycFKTE0JSkBBS8BCREÃ¿( $var[0] );
        while ( isset( $_SERVER['human_vars'][$var] ) || _obfuscate_DRomDhFbHx03LxUnDjAHJB0aMAw3CwEÃ¿( $var, $badWords ) )
        {
            $s = $o[_obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETIÃ¿( ) % _obfuscate_DRAxBQwdBxskCygsEhQtIzAOJBUtNAEÃ¿( $o )];
            $s[0] = _obfuscate_DRYCGzgRBRAfNiosBgYMO0AnXCQsBjIÃ¿( $s[0] );
            $var .= $s;
        }
        $_SERVER['human_vars'][$var] = true;
        return $var;
    }

}

class JS
{

    public function RandomezeVar( $text )
    {
        $alphabet = "qwertyuiopasdfghjklzxcvbnm";
        $minLen = 2;
        $maxLen = 4;
        $Var_168 = _obfuscate_DQUKDz4LLhwXMRYlDzMvDikHHBwYKyIÃ¿( $alphabet );
        $ereg = "/<\\*[^>]+>/";
        $used = array( );
        while ( _obfuscate_DRY8CTU0QAIoCDQJEUAGMAYjKSEoLiIÃ¿( $ereg, $text, $match ) )
        {
            $var = $match[0];
            $good = false;
            while ( !$good )
            {
                $replacement = "";
                $len = $minLen + _obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETIÃ¿( ) % ( $maxLen - $minLen + 1 );
                $i = 0;
                while ( $i < $len )
                {
                    $char = $alphabet[_obfuscate_DSwjPRcWHSEJGRwyDRISIQ4KNBYtETIÃ¿( ) % $alphabetLen];
                    $replacement .= $char;
                    ++$i;
                }
                if ( _obfuscate_DTITE1sGFhUDHwYBFwoPFTwPNA4YIiIÃ¿( $replacement, $used ) === false )
                {
                    $good = true;
                    $used[] = $replacement;
                }
            }
            $text = _obfuscate_DT4jHi0IIi8MLgYnAipbPyw9IR0UAQEÃ¿( $var, $replacement, $text );
        }
        return $text;
    }

}

if ( !isset( $_GET['f'] ) )
{
    exit( );
}
include( "../config.php" );
$fname = $_SERVER['PHP_SELF'];
$fname = _obfuscate_DT4jHi0IIi8MLgYnAipbPyw9IR0UAQEÃ¿( _obfuscate_DTIfMBg4CRsICzYhDiI4LAEJLQcDLiIÃ¿( __FILE__ ), ( "DownloadFileName" ).".php", $fname );
$fname = _obfuscate_DT4jHi0IIi8MLgYnAipbPyw9IR0UAQEÃ¿( ( "ExploitsDir" )."/", "", $fname );
$url = "http://".$_SERVER['SERVER_NAME'].$fname."?f="._obfuscate_DRkHJz41OylAAiEOLBQJXAMvJgUnIhEÃ¿( $_GET['f'] )."&s=4";
$_SERVER['pdftiff']['human_vars'] = "a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z";
$_SERVER['pdftiff']['min_entropy'] = 2;
$_SERVER['pdftiff']['max_entropy'] = 3;
$pdf = _obfuscate_DQERBREYGDwHHggPEwE_EFw5ISxcDzIÃ¿( $url );
_obfuscate_DRQ2OAYsFSk2HRwnQDkNBh4CCRoqLAEÃ¿( );
_obfuscate_DQUrNTMROAdAIkAGHTI5PQYPKCw2BTIÃ¿(  );
_obfuscate_DQUKDz4LLhwXMRYlDzMvDikHHBwYKyIÃ¿( "Content-Length: ".$Var_1320 );
_obfuscate_DQUrNTMROAdAIkAGHTI5PQYPKCw2BTIÃ¿( "Content-Disposition: inline; filename="._obfuscate_DT4wEgo5IxEdCi4E1wdLy0lCCY8MAEÃ¿( _obfuscate_DS4hKz4aOB8QCicHGCc2CQQcFT0TCSIÃ¿( _obfuscate_DQsLIg8CNQwUGhAWBBI4KQVcJgIrMgEÃ¿( ) ), 0, 5 )."d.pdf" );
_obfuscate_DQUrNTMROAdAIkAGHTI5PQYPKCw2BTIÃ¿( "Content-Type: application/pdf" );
echo $pdf;
exit( );
?>

It's corrupted indeed.
EDIT: Oops used the wrong decode core.

WorldWideXS · Feb 6, 2012

PHP:

<?php

function nezaman_yazildi( )
{
    $gun = get_the_date( "d" );
    $ay = get_the_date( "m" );
    $yil = get_the_date( "Y" );
    $bugun = date( "d" );
    $buay = date( "m" );
    $buyil = date( "Y" );
    if ( $yil == $buyil )
    {
        if ( $ay == $buay )
        {
            if ( $gun == $bugun )
            {
                echo "BugÃ¼n eklendi.";
            }
            else
            {
                $gunonce = $bugun - $gun;
                if ( 6 < $gunonce )
                {
                    $haftaonce = round( $gunonce / 7 );
                    echo $haftaonce." hafta Ã¶nce eklendi.";
                }
                else if ( $gunonce == 1 )
                {
                    echo "DÃ¼n eklendi.";
                }
                else
                {
                    echo $gunonce." gÃ¼n Ã¶nce eklendi.";
                }
            }
        }
        else
        {
            $ayonce = $buay - $ay;
            echo $ayonce." ay Ã¶nce eklendi.";
        }
    }
    else
    {
        $yilonce = $buyil - $yil;
        if ( $yilonce < 2 )
        {
            $ayonce = 12 - $ay + $buay;
            echo $ayonce." ay Ã¶nce eklendi.";
        }
        else
        {
            echo $yilonce." yıl Ã¶nce eklendi..";
        }
    }
}

function resimsec( )
{
    global $post;
    global $posts;
    $resimbir = "";
    ob_start( );
    ob_end_clean( );
    $output = preg_match_all( "/<img.+src=['\"]([^'\"]+)['\"].*>/i", $post->post_content, $matches );
    $resimbir = $matches[1][0];
    return $resimbir;
}

function temalisanslama( )
{
    $site = get_bloginfo( "home" );
    $site1 = "http://www.filmtadi.com";
    $site2 = "http://filmtadi.com";
    if ( $site != $site1 && $site != $site2 )
    {
        echo "Bu tema sadece 'www.filmtadi.com' sitesinde kullanılabilir.";
        exit( );
    }
}

define( "INC", TEMPLATEPATH."/functions" );
require_once( INC."/keremiya-functions.php" );
require_once( INC."/keremiya-core.php" );
add_filter( "show_admin_bar", "__return_false" );
remove_action( "personal_options", "_admin_bar_preferences" );
temalisanslama( );
?>

Lock Down · Feb 6, 2012

Wow .. I hope the 2 posts above are not supposed to e the same file decoded????!!!!!

Occult · Feb 6, 2012

How did it differ by so much? :S

Help me Decode 1 FILE ?

erkan

Member

Tango

Moderator

erkan

Member

zencoding

New Member

l0calh0st

Active Member

WorldWideXS

Banned

Lock Down

Active Member

Occult

Active Member