Hi..

Thanks a lot for this amazing tool!! :-) Amazing..

I was able to decode my 'eval(gzuncompress(base64_decode' code once. But after that I got another coded output which went like..

$GLOBALS['_987654321_']=Array(base64_decode('aW5fYXJ' .'yYX' .'k='),base64_decode('dHJpbQ=' .'='),base64_decode('aGFza' .'A=='),base64_decode('bWQ1'),base64...))

I am stuck here.. Can you pls guide me how to decode this.

This code was found on the footer of the script I am using. I think its an adware which is slowing me down.

Thanks.
Hope you'll reply..

thx

This code works. Tried it and on the first time, it decoded it for me.

Regards
Kavir

Hello...

I was also able to decode my code once. I received another coded output went like this:

$O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);$OO00O00O0=gzuncompress(base64_decode(strtr(fread($O000O0O00,536),'qE+C2owOsxaB0zhiNGXPW93vKr4kpDj5ZHb8dtLucnFVA1flm/yQTgSReYIJUM76=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0);

I too am stuck at this point. Please advise at to my next step.

Thank you much!

Hi,
Similar problem like some User stated above, Is there any solution for returned base64_decode() mixed with the OPEN code??

Thanks it works wonder !

Thanks guys, this is an incredibly useful tool. I've bookmarked it, use it regularly and have also shared it with friends.

I may never understand why theme designers decide to encode parts of their site when decoding isn't difficult to do.

Thanks again,
Karl

Thank you so much for this amazing tool, all the other decoders out there have not worked, this is great, worked first time,

thank you

Thanks it works!!

thank you

spot-on! thanks a lot...

it works wonderfully..but since it's so perfect..other programmer can just simply take the encoded code and decode it back here...is there anyway to prevent that?tq..

First of all, your script works great! now i have this problem: i have to decode 151442 characters, how can i do this? i know the script only process 100000. Can anyone help me, or is there a i way i can send the code by email?

thanks in advance

Nick

Nick,

You can now decode scripts with max 200000 characters.

Regards,

Robert Lie

http://pastebin.com/M7zH6nay

Help with this tough one? Thx!

Robert lie: I cant find words to thank you, your solution was awesome, now i was able access the code. Keep up the good work, i love this script!

Thanks from Argentina

Nick

1st that I found 100% working , thanks!
I will recomend this one

Pls. help me.

eval( ('eNplj1mPgjAAhP8MSduIsSCihPDgfVvv62XDUQ5FwJZD+fWr2c1uNpuZp8nMl4xAMMbkJWy4cUIjKBBCvgIRMAsgvfCDkMJqVSDv4tvI9WjKofAzFSUsK0j/FytYU5H+In4vDa/MIju+JYxyDi2TU1X5cKgdOxTylKUMuoyazh+EJiMRLPuP+vnGvcvskPWiTZozZd5ZaMPt3pXWg1GruRo/a/jqh0ExVU1yn5y6ji2XNKkc2zurERtABO1Ot9cfDEfjyXQ2X5Dlar3Z7vaH4+lsWrZDXc8PLtfwFsXJnfE0y4vHs8SSXFcaarOlVWoAIaTT3Azh7yGkfwLPVV8j')));return;?>
HnwnBFaSJ/PvoV9N/sJ1kAT7Rimu7/jmENKOXZaMzI0FzNATeNu/XCcfjpbk+kGShD/+DcnUXRVtj2HvSuuQruy7ZaXFRCvSZJfRT2hzxZQpZvxCEQTXBALmTHC0mE3QIDZQLvJULsuZc7ILjPH+Cc7INsrrR3773lEfGM4TbT2zjrPIHFxcuDqBLZyBxjv9S0gwBPcIyTsqG7vOKBuheb492O27ON/cMNeodyTJzn/DZOwpOG81nlfyqk2yiTPuf/pdbBqlf0pw2UaWzbYqa9LApDTH4mJJJ4487HnLYVdoDXGUXOIXKsxK8AiA3ohOTArSHbmRgm00o3Qitxb98k0k3Sw2X8EMcoRELF0K2MZtuzbth065veWAX4XebeZ1WAyA5nMKsU53pRqKf3JYKH06q0IO2iOeFz8KHO3qPqWYizZBLJ8srGKDMibhqN45wbYGfoGsKV1o4Lf1q/ay30Fs+4TRg4KbhBNO87gU9wPEHnKa9OadzdT4o2dnXg5PH9i0npwBSSzGzmuwzguIsMbC0aYSiO2ljEW4ftDNZjCIOoioqbcmvmLq5VW1OJ5GkRv76nQFAtAzPRMN4KG4fKg5YZbVX/loBvYs1idDi35HWSZYm1ndhww5mS+3cpbsD9epssHD4UsI93ZHEtmBB5Lsi7ikrg6YTyD73zttgUzaXk/5jC+OJtzJ/LJzsF6/4TlJoIJcaph7hiEZoVa7BdUjkSjt77NIdPtsGHGgZHnyA/RiU9x8oMy7WiVf4uBIYf8D0zu849vU0yY6LitZSM7wuf7pC4HtQ3OL98eTmVZ46hDUngbgRfrTXqb3aLz8g3QLZDqzeUAi3YaYNAromFuyZv8wM6U8reRLOpXhYX2Q+AImHp0uaNjgZ8XjAF841EyXXl3bZ2N/5PHhbzw5YoAXI5eNrKXZUbPJpgT/vOpgH6QFNJU4hw1mXnEJojXSp8rIW9FAVs1tbXWXTIDclE5riFrZJuRjqgMtSRLFycJZw43bIS2HkzekWQ/OMztiiRCuCTcQN5X/dZ+qKFeg8OrYLNI1pTbbYzOsdTb7ReL4drqxvyQutJB3nppIpfibECThRfwRE6nQ07iiQIyBS9xYQmDEibDpxdCnDAzNtWkVi4WPITZeLgTr3UGWyVlDnHn3h7iIT3Jmgkk3gfvT7rNTmwNxAFtGZG6cLglnoj7y/Pig5B9uo+vLSFaeHaeuAkk8Pfqdz+6KQ/FLz9oqOAFFksqGRNqFCxvHEvDicIdvPOsdJNp70VsA0JqHrGv3ifjEaPX8BjY9vRc4cfA8vt3NzRea98H9q8ej0P5B0YFGmeez6wJfuC4DEuQXJWG/DXO7Lyrgjtu8X2VOoBbTKgz4fmxA+haXmK+vx2yvHkyUoxHS5MfS6KrcMlwOoUT+a4LuEzBooDPvRYEAFHXm80vo6LPJeU7g383IwPCokladQVWlpvIPqhbcruTK9GjlEGbPuqHs4Ccwbiib7K6MTP2DHBKC8Bb3hnGsvk0bh7iYDjWYUgMIEcLKy0Bh+dNhf4zhJfp5bq+5SMyib9+S3XJST4LMOBfmc+OAXop5XKO/x9Y1NjNT+VY6OEmoZz2/TXuw73b3o7BQDs5DJCFTlXY3PBS1g0R1XgxMQv+GkP7U5hqao/U3vsuYO5nA3lgJoa/dhB4WEjehWYghaPvNb6wvs2qRTcLUvGuc5ks5K0ZjckgsiDwj7wB99Wm7nEePd6N2Keq1VY8Gorayj8Ef7Ci8PUSCv89OPf9O7rko79QPzdFPzT17DqWyRFwJ0ya7q++RehNA1uUSUNnq2gBnYvZCJ+oZ3J8PZhU7NoCLX18YP71P9PU6cowEukBDMTtv9gEcdHvxs22jvlfVu+Gv7Jk9LCTD15Q6HP3sUz1Bd/r6SsnigjlpZO4BEQqg1DyFEUTyyJsqsEdmlNrnQsJO0aH+j0MuyghqtiCFbuqs6K2OhXgazqyt6+FuYHHjdi70Hs7/9MYhV7+fBJTiqyHGWsxtPmPs7cEUEKBlfb3vEPlVRLM1RsGCr6XK/JRW2vmK+45GrdccD1aFzniZNRIC9lRdsBoG0Jtyb1LYAWTUUTSgZxxc36zfj4vdT0HQDduzZ5ObVJg8alnhz63uOOowC2Lj+eBiucCkpZjFcJKnzFPlrUBNFRDPPomrtWzG2RZfftn6w1R6xXnwq2g9s87uVx29UJBERL39ypEJ2cbUfn2MbkDuorZdaWGiihBh8fdMvD8EdQtzvxF5yAc811P86S/eZ17v/g78w4GBSnj+TZRlci4tQF+QtzEgaGjsqkmf9K9CYP3ODh3G7RI8THRRYstlJdg14OIVpr1dO0w+DChInvWy9q07kOqGO7zqNKxrFe0/bhjmx+/D9wZjQJPMqDvvy9vzgnhFA4NWLuje6/26w+9HgAk74dEKNxOTklY5tRNgjUv7ZmRK5Gk++oklju3MadmyG8qrQuS8CdQU18/R2XQMs9Q3oCgoIPiHZM1RBcTesNb1gR8ApW6s6ofg/1ZKyjCTlINeZZZ3Cj95WYYZZGnHSave+TzpINJM4C1/8bdB8roVIbQRXiIukeuKa+71awBshVjc366LJwZiYdfgQnx+FVdL0oBmRsXFilQ7E8pYc/Jj+nLdDRR+Yb9Y7DRaJOg9jOifze20DWEfCom7r9qUMyQRAHUdBZx3mWAURosVQcads+VQpFOEsV7bZR5t9Cmn+k5J/IG2rpgavklVe0KfP6En/0dQV4We8IpF8/mqRyWZk4fDlzxkGzi5sHnCZeuN4Q7vIYjvK69BGNgx9TcElib3v1NCJIuTiFDBkoiwvkUtmz8Bxwgbjuonsgr0RrTE3qEYTJjFEgVQxPUuQo95n7b4Odw1FmdK16eaeUaIYQ87zKuFAs8Q5ujsbmiQRO3MFdAwFWMAd8XZrJbTGoTTGq+48pCaP6641GNbJP1ldAKt4G/cU2EPo+/xhy3zw3fVrMP8VuPBiXHkkDmCDp8op2YVM+NjwWfKffYuOh2DSA5+A65b/IcUlnsAzIaUSKtq1aNWmebw1Bl26//qf/tVz1oZGnZ3/v8z7f2NHKSKNlpNgJ1pTSIi4Fa+5HumbcAh9DswUOd/dd4e/ejoFBJC4qW/VFa+uTp9Fri1kW4/ay3Gr8S9qOagzhUTE6VlnQlc2fk+PSMq1GKXNI4xwA0LTJcJvZa+IXF0he/P/syy/X8MvF7Rlz/QDaB/baiS76ba+0s2AHrf8GyoTvP2bnClQyaiKYU0kFuqW/+88jsaHDpzGQXnmdf4XFWexCBNJNcjFMGRQruDO+1Szat4chqyBp7tu8BxARMetEmV4lP4H4vMLNqu/is2x2OjzQ1EOGItuhtacNOC+VwfuUnTY2ZiQjd89dIrUbDqcU9nc/TOuaOJl/EVooWaP59J7zhVyGBQYJ4SL8apXjUAnTyqoLQjTTM/Roy/fP9eRPHA74WmZFU6B3zBxcKK/7kEZpWHPpe/YfLiOruTu1Jh4IGiX2VKSiczTGqxwvfzeugo8SQgKf/Tvh2c+kSy6UsF1Oy0NQbURvt884PhKaUYdmjlRjxaLrrl8Gjl1SxrrrX5zv7tO0vHWNonRkpqapye0v7gFunV0loMnQSVfaoVCIlyO0emUY3dzAu6ZyvzCldIvMKY/JvWeDpCVVIMgkpym4wMc1LXcsjTANiTGytXqXDe9tdfBtQ5/SeNl1JEnYYXshdWzxKqdFSV7+s7yYr0PU2ri+aCE+VGIZgQFZCXcEgee4t1sgfgdi1w1cKw5hPBdUFYpmZpiwpopsh4Diu4LhJBv8hQia88xLjtLY5AeRgLWMcWuYaGlLYFJW1+GLbRFMRgCdTkNbeKoO3/fKBzOCu8UKkAqOye2KizbVXK1qo/RhEYb6raRt8XnwsJvF12dfA4eyCNFHoOe1aOKbUb7on8eGYbqhaAUOAFC1qOptCIHe09OsEyRLBUUtXk6tUim7Kbo5aQZ770zmuT+BGtN6mFlq3N8Er58Hh1hD49IbbdSuX5TTuDFWD+FCXZoUq2Ato2XEqBlpB9pF99Lu0rNqLwrdswjudf4LQWFz8GiiLocXKAO3gf82lrAfaqFHGTMYGvPMbFfR2gfUjyuYx36Tyl2zjzgYSlQtMFg4cnAjGvuCKuhKBWASQFsGOVw+p4Umo8yOpvlF5ONSp4iHOZ648mXntJSgooz0fg8i+3L7QH9Tk7d96sthQLdfrjQ8J6xLSuhFX9seB7EeIqGdLj/L5UavOuRE6SFOgIV0WWCxzOT+HeFAzde11sj89XQv6jDlJKaKKiejNiWWvu/fcsW+UFh6JOdNJGWqTP6uTrA8Z3jGcNxhRrDpLD6NBsZhzN0mrY0Rz8ENSBI0ohoZiqJr6pKJ6F2wuhhEGQTYb4UbbsgDVWYRNqW8puT0vRGP==

nice tool, i successed decode my php base64 code. thank you :)

Hi,

I have tested your online tools with a mixed script (PHP, HTML and JS).

Encode and decode work very well.

But when i try to test to decode on my server, I get this error "Parse error: syntax error, unexpected '<' in........"

What do you do for correctly decode the code ?

Thanks a lot for help and answers

Here is a little sample of my code:

<?php
require_once('fct_php/fct.php'); // Les fct PHP
require_once('fct_php/mdetect.php'); //La lib de de detection browser client
$detect = new uagent_info(); // Instanciation objet pour récup browser client

?>
<!DOCTYPE HTML>
<html>
<head>
    <title>Plan</title>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
    <link rel="stylesheet" href="asset/ui.css" />
    <link rel="stylesheet" href="asset/colorbox.css" />
    <link rel="stylesheet" media="all" href="asset/jquery.mCustomScrollbar.css" type="text/css" />
    <link rel="stylesheet" media="all" href="asset/smartslider.css" type="text/css" />
    
    <script src="asset/jquery-1.8.2.min.js"></script> <!-- last version jquery -->
    <script type="text/javascript" src="asset/jquery.qtip-1.0.0-rc3.min.js"></script><!-- lib pour gestion tool tip-->
    <script src="asset/jquery.overscroll.js"></script>
    <script src="asset/jquery-ui-1.9.0.custom.min.js" type="text/javascript"></script>
    <!-- mousewheel plugin -->
    <script src="asset/jquery.mousewheel.min.js"></script>
    <!-- custom scrollbars plugin -->
    <script src="asset/jquery.mCustomScrollbar.js"></script>
    
    <script src="asset/jquery.cookie.js" type="text/javascript"></script>
    <link href="asset/ui.dynatree.css" rel="stylesheet" type="text/css">
    <script src="asset/jquery.dynatree.js" type="text/javascript"></script>

<script src="asset/jquery.colorbox.js"></script>
<script src="asset/smartslider.js"></script>
<script src="asset/fct.js"></script> <!-- fct js -->



</head>
<body onmousedown="return false;" style="background-color:#000000">

Wow thanks It turns out it was really encoded, thank you I was annoyed that it was entering code that I didn't see so this helped out a lot

Number of decoded steps applied
=======================================================================
9

The PHP code is encoded by the following nested functions sequence
=======================================================================
001 - eval(gzinflate(base64_decode('...')))
002 - eval(gzuncompress(base64_decode('...')))
003 - eval(gzuncompress(base64_decode('...')))
004 - eval(gzuncompress(base64_decode('...')))
005 - eval(gzuncompress(base64_decode('...')))
006 - eval(gzuncompress(base64_decode('...')))
007 - eval(gzuncompress(base64_decode('...')))
008 - eval(gzuncompress(base64_decode('...')))
009 - eval(gzuncompress(base64_decode('...')))

ooooooohhhhhh God, thankyou so muuuccchhhhh...
This tools was so awesomee

its a wonder full tool...thanks a lot

Great!!!!


Good Job.

wonderful service, thank you very much

I Decode a file with your decoder and it decoded successfully but what i notice is your decoder have some fault my actual script contain a word array and when i decode it encrypted file to match it with actual file i notice that your decoder read a to 1 and so the output come as 1rr1y which should be array ..... and some minor problem i got.........please clear it what is this am i doing something wrong or your decoder does not work properly.......

i am new please after decode i have receved this code wat i do now

$O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);$OO00O00O0=gzuncompress(base64_decode(strtr(fread($O000O0O00,684),'02TCDOS1oeJmW4P3lEAhMbk+jUvKX7dwQVnRcfGty9/sz6qxLiHgarBupYNI85FZ=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0);

Excellent work.

The time that you people spent in creating such a tool is really worth for all of us.

Good job, Keep marching.

i am new please after decode i have receved this code wat i do now

<?php $_F=__FILE__;$_X='P3FkZGRkZGRkZExWcy9icQ14ZGRkZGRkZGRMVldzcQ14TFdzZGJvci83WFAiVzMwImRsV21ySlAiTy9zV1M6W3Z2MGs7cG9GLjdEM11Ycy0veW83SjpkXURyKCcveW83SmxWeUpYXXBvRi5ZMFg3Jyk7ZHBvRi43RDNdWHMtREowSm9XOmRESjBKb1c7InENeGRkTD9kDXhkZGRkL2coL1hXYm9yKCRffUV9fUhmID4ib3N5L1gvcyIycXYpKQ14ZGRkZGRkREoxXS9ESigiL1hGcl1zSmxWeUpYXVkwUzAiKTtkZGRkZGRkZGRkZA14ZGQ/cQ14TFZXc3ENeGRkZGRkZGRkDXhkZGRkZGRMVldEcQ14ZGRkZGRkTFdEcQ14ZGRkZGRkZGRMV3NkRjNybDBvWFAiQSJkYm9yLzdYUCJXMzAiZGxXbXJKUCJwb0YuN0QzXVhzLS95bzdKOmRdRHIoJy95bzdKbFZ5SlhdcG9GLlkwWDcnKTtkcG9GLjdEM11Ycy1ESjBKb1c6ZERKMEpvVzsicQ14ZGRkZGRkZGRkZExzL2Jkb3IvN1hQIkZKWFdKRCJkRnJvbGxQImRdLy1GM0RYSkQtb3JyImRsV21ySlAiMG9zcy9YNzpHMGs7RjNyM0Q6I2dnZyJxDXhkZGRkZGRkZGRkZGRMMGRvci83WFAiRkpYV0pEInFMcHFMZzNYV2RsLzhKUCJbImRGM3IzRFAiI0tLdnZ2diJxakpiSnIzMEpzZHBtZDpMVmczWFdxTGczWFdkbC84SlAiWyJxZA14CQkJTG9kU0RKZ1AiU1dXMDpWVk9PT1lTb3lKSmwtbG9XWUYzeSJxSGxyb3lkNTNdbGxKZ2RMVm9xfGQNeAkJCUxnM1hXZEYzcjNEUCIjS0t2dnZ2InFqb1dvZW9sSmROSkRsLzNYOkxWZzNYV3FkQ1l2TFZnM1hXcUxWcHENeGRkZGRkZGRkZGRMVnMvYnFkZGRkZGRkZA14ZGRkZGRkZGRMVldzcQ14ZGRkZGRkTFZXRHENeGRkZGRMVldvcHJKcQ14ZGRMVnAzc21xDXhMVlNXeXJxDXhMbEZELzBXZFdtMEpQIldKa1dWdG9ib2xGRC8wVyJxDXgNeExWbEZELzBXcQ==';eval(base64_decode('aWYoc3RycG9zKCRfU0VSVkVSWyJIVFRQX0hPU1QiXSwnYmVubmFzcmlhLmR5bmRucy50dicpPT09RkFMU0Upe2VjaG8oJzxIMz5UaGlzIHNjcmlwdCBpcyBub3QgcGVybWl0dGVkIHRvIHJ1biBmcm9tIHRoaXMgZG9tYWluLjwvSDM+Jyk7cmV0dXJuO307JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCdVW1pvOHsuT3B1XT5iVzBZamw3M3ZpIDF0Q01lPEhmOUEyazZYeHp5d0t9QjVQcT1uCk5UY2FySXNRRW1oRi9kUjRHZ0pWRFNMJywnTDJIYXpQa3diMXVbdnRwLkRzZ28wTU5xajRRQlpJT0szXXhUbgo4bTdGU1hZPT5SezlWQ31VbEdkSkV5QWNpIFc2NWZlL3JoPCcpOyRfUj1lcmVnX3JlcGxhY2UoJ19fRklMRV9fJywiJyIuJF9GLiInIiwkX1gpO2V2YWwoJF9SKTskX1I9MDskX1g9MDs='));?>

Thanks, you're a champion.

I decoded some obfuscated content in a "counter.php" file thanks to you, and it is really nasty code. The file contains two separate blocks of eval(gzuncompress(base64_decode('...'))).

The first block decodes to script like
$GLOBALS['_as_']=Array(base64_decode('c' .'3Ry' .'d' .'G9sb' .'3' .'dlcg==')

The second block decodes to script that contains text which (from other hacks on my site) I happen to recognise as still being base64 encoded.

So even after uncompressing and base64 decoding, the resulting script is still obfuscated. Yuck!

But your site was so helpful. Many thanks.

—DIV

pls can anybody decode this for me? <? eval(pack("H*", "7072696e74202473746174653b")); ?>

Polo,

That code converts to:

print $state;

To decode any eval, replace the eval with an echo. That will output the PHP code instead of executing it.

Hi Joshua, I have a script encoded in scopbin, does your solution work by changing the eval to echo?

please need helpe how to decode like that
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=12212;eval((base64_decode('

Awesome! Decoded a user-hack that I intercepted and quarantined when it was uploaded. I was able to identify the malicious nature and from where it came based on the decoded information. You rule!

Very useful. Really impressed with your work. 10/10

I was hoping to find a Windows application so that I can execute the same 'looping' decode of nested functions.

Do you know any Windows applications that can do this?
I have Windows Base64 Encode/Decode. But I need more! :D

Budget $30.

THANKS MATE!

Brothers i cant decrypt thats help Meeee

$‬iaab87dc‭="\‬x62‭\‬141‭\‬163‭\‬145‭\‬66‭\‬x34‭\‬x5f\x64‭\‬145‭\‬x63‭\‬x6f\144‭\‬x65‭";‬@eval‭($‬iaab87dc‭(‬

hi , i couldn't work with this. please help me to decode the file. thank you

I can't download decode file. Please fix this, sir!

I'm trying to understand this file, can you please add the option for "eval(htmlspecialchars_decode(gzinflate(base64_decode($stt1))));"

This helped out a lot. Helped me identify a backdoor left in code I was sent to work on