Since I was just dealing with an encrypted footer.php file for the theme I use, I thought I would post how to decode encrypted Php files. This took me a few hours to find a source that actually worked. The most common way to decode a file is to create three files, decrypt.php, encode.txt, and decode.txt, to bad this didn’t work for me, and time consuming trying to figure out why it didn’t work. So as a result I found an easier way to get the information from encrypted php files.
I am posting this for legal use, if you use this for illegal use, keep it to yourself, because that’s not the reason I am putting this on here. I am posting it to keep WP theme creators honest, and not loading up the footer with links to webpages you do not support. In the case of this theme, they had lots of links to online casino and gambling websites. I have no problem keeping a link on my page to the theme creators website and Wordpress.org, but anything else is pushing it.
Update - Try this method before proceeding to the code below. Change the php encrypted code from eval to Echo and then open the file in a browser, when the page comes up, goto view, page source, and this should be the exact code for the encrypted information. If this did not work, then try the code entered below.
Note: If the code is $_F=__FILE__;$, this is another type of encoding that will not work with this code, it is encoded using Source Cop. You are welcome to paste the code on howbits forum, you do not need an account to post on there. I check it daily and I will help out as best that I can.
This is the easiest way I found to get the encoded information
Copy this code into notepad, or whatever editor you prefer to use.
<?php
$a = ‘Copy the encrypted code here’;
function a($a){ return gzinflate(base64_decode($a));}
while(!$b){
if(substr($a,0,4) == ‘eval’ || !$count){
$a = a(str_replace(Array(’eval(gzinflate(base64_decode(\”,’\')));’),”,$a));
$count++;
}else
$b = true;
}
echo $a;
?>
Now you want to copy the encrypted code after the 2nd line from the top where it says $a=’
Note: You want to copy everything between - <?php eval(gzinflate(base64_decode(’ and ‘)));?> Everything between ‘ and ‘.
Example of how it should look.
<?php
$a = ‘lVJNT8MwDD3TX2HCZUi0FVdIM8EEAgkJhKZxnLLWXSK1cUjSVfDrS
dvxJeBATo797Pf8MRcJr/QOdFWwmiigYyI5gPgSAG4Fr8kE8PoVC3bKoJZl
NFboKmnkCVw4LZsTuMFmh0GX0eOl8alHp2smHqhHhxVsXoBLUA7rgqk
Q7Fme9+Qq69D7zDpisLxd3l0V7NohwtN7CJYKW/Rsr6GkhlzBjhbjY+ITlw
xyJzDPB6zguRQZLBzKEPkvf+Hv+2wr202DijqPWUnth4qVLGXQZOARTZD
NnwLuTaMNTuwL6bWhb+yXjrqtCr92H9l7G0bFdex5oM8ZBB2aON3/D+B
H7x+m3S+TH6Yp8LlVFrBUBFsMa9O16+curgr97Pgc5gL2v2yPDLpFt/aB7
Ox0AngsyVQRkKZi6PuA5/F4xFj9aDqfMZR89XdG79B5hEzVGNcxAUaG3q
6nrNlxLD+kbah6iSeZq9A2YgQl8AY=’;function a($a){ return gzinflate(base64_decode($a));}
while(!$b){
if(substr($a,0,4) == ‘eval’ || !$count){
$a = a(str_replace(Array(’eval(gzinflate(base64_decode(\”,’\')));’),”,$a));
$count++;
}else
$b = true;
}
echo $a;
?>
Now save the file as run.php, and upload it to your website. Now you want to type in www.yourdomain.com/run.php
You will get a page with the code decrypted. Now you want to go to View then pagesource and you will see the code that is used to create the page, Php database calls, divs, etc. In the case of my Wordpress theme, I just opened up footer.php and deleted all the code, and pasted in the code I copied from Page source, and then proceeded to remove the links to Casinos.
Hope this helps some other people who have to deal with lame practices to get bank links to other websites.
Related Articles:
13 Comments
Great stuff. I don’t like those kind of wp-theme creators who lock their php code too. Thanks for sharing this
___________
Daniel
Trying to keep the Theme creators honest, but in my case the theme for this website had some fairly unsavory outbound links. Luckily I had a few hours to spend to get rid of them, even though I prefer to do other things with my time.
Can you paste the entire code you are trying to decrypt, everything from < ?php to the end ?>, to the Howbits Forum, Blogs and website General section. http://forum.howbits.com
Please Help….! to decode this php code
Can you post on the http://forum.howbits.com ?
Djames, you’re awesome!
I visited the howbits forum and your response to user “qtx” worked for me! I mean, I used the same footer.php you decoded for him and it worked for my WP theme. I suspected it was made by the same author because it had these links to ‘free degrees’ and other links, just like qtx theme, and both themes are very similar.
Just wanted to say … thanks!
Hey brett, can you post that on http://forum.howbits.com , posting it on the comments causes it go way off screen.
I used your formulas to remove some very annoying links.
Thanks for the help.
hey thanks for the help. of course i am only using it to see the code… not to change it…
I need to decode this kind of code
$_F=__FILE__;$
Where do I find the help
Do I have to register to paste my code in the forum. Can’t find a way out.
Hey Djames,
I posted some code in your forum.. think you can help us out with it… the footer is over 2000 characters, we had to split it into 3 posts, and is not only slowing the blog dow but also has the sidebar2 loaded into it which we need to make changes to…
thanks again!
P.S. I tried the script above with no luck,.. i think since our encrypted file is slightly different than you example.
Hey guys, i figured out anither easy way to decode footers. just replace the eval word with echo. now instead of giving the decoded code it will print it out. Now check your page source it will be there.
If you have a footer which does not have a eval function and have some thing starting like $o=”QAAA…… ” or $__F=__FILE__;$__C # then just run the php file as it is on server and them check page source!
but there are custom encryption where i can not help
More information:
http://www.karananand.co.cc/blog/2008/07/the-easiest-way-to-decode-decrypt-eval-gzinflate-str_rot13-base64_decode-or-__f__file____c/