Decoding eval gzinflate base64_decode

This is an article I originally published on my Tangential Musings blog back in January 2006 when I ran across a freeware web application written in PHP that utilized the following method to obfuscate spam in its source code:

<?php eval(gzinflate(base64_decode(‘encoded text‘))); ?>

Fortunately, I was able to decode it with this PHP snippet:

Taken from
1. Save this snippet as decrypt.php
2. Save encoded PHP code in coded.txt
3. Create a blank file called decoded.txt (from shell do CHMOD 0666 decoded.txt)
4. Execute this script (visit decrypt.php in a web browser or do php decrypt.php in the shell)
5. Open decoded.txt, the PHP should be decrypted: https:[email protected]/decoding-eval-gzinflate-base64-decode-a4eb07997b87
echo "\nDECODE nested eval(gzinflate()) by DEBO Jurgen <[email protected]>\n\n";
echo "1. Reading coded.txt\n";
$fp1 = fopen ("coded.txt", "r");
$contents = fread ($fp1, filesize ("coded.txt"));
echo "2. Decoding\n";
while (preg_match("/eval\(gzinflate/",$contents)) {
$contents=preg_replace("/< \?|\?>/", "", $contents); eval(preg_replace("/eval/", "\$contents=", $contents)); } echo "3. Writing decoded.txt\n"; $fp2 = fopen("decoded.txt","w"); fwrite($fp2, trim($contents)); fclose($fp2);

Originally published at on January 4, 2006.