Decoding $_F=__FILE__;$_X=’…’; eval base64_decode

This is a further supplement to my posts “Decoding eval gzinflate base64_decode” and “Decoding eval gzinflate base64_decode str_rot13” originally published on my Tangential Musings blog back in May 2007.

To decode files that look roughly like this:

<?php $_F=__FILE__;$_X=’encoded text’;eval(base64_decode(‘pointless crud’)); ?>

Just copy the text in between:

<?php $_F=__FILE__;$_X=’

and

 ‘;eval(base64_decode(‘encrypted junk’)); ?>”;

Then paste it into the $contents variable in the code below:

<?php
$contents = "in-between text goes here (e.g. 3e4jf+jFTYhf=)";
$contents = base64_decode($contents);
$contents = "<textarea rows=\"6\" cols=\"25\">".strtr($contents, "123456aouie", "aouie123456")."</textarea>";
echo $contents;
?>

Execute the code by saving it as a file (e.g. decode.php) and visiting it in your web browser. The code inside the textarea is the original text of the file.

I’m only providing this information so you can check to see if the freeware applications, templates/themes, etc. you download contain malware or spam, not so you can steal other people’s work.

Originally published at http://danilo.ariadoss.com on May 16, 2007.