Decoding Encrypted PHP Files

HowBits.com Offers Simplified Print Options For Articles.

Since I was just dealing with an encrypted footer.php file for the theme I use, I thought I would post how to decode encrypted Php files. This took me a few hours to find a source that actually worked. The most common way to decode a file is to create three files, decrypt.php, encode.txt, and decode.txt, to bad this didn’t work for me, and time consuming trying to figure out why it didn’t work. So as a result I found an easier way to get the information from encrypted php files.

I am posting this for legal use, if you use this for illegal use, keep it to yourself, because that’s not the reason I am putting this on here. I am posting it to keep WP theme creators honest, and not loading up the footer with links to webpages you do not support. In the case of this theme, they had lots of links to online casino and gambling websites. I have no problem keeping a link on my page to the theme creators website and WordPress.org, but anything else is pushing it.

Update – Try this method before proceeding to the code below. Change the php encrypted code from eval to Echo and then open the file in a browser, when the page comes up, goto view, page source, and this should be the exact code for the encrypted information. If this did not work, then try the code entered below.

Note: If the code is $_F=__FILE__;$, this is another type of encoding that will not work with this code, it is encoded using Source Cop. 

This is the easiest way I found to get the encoded information

Copy this code into notepad, or whatever editor you prefer to use.

<?php
$a = ‘Copy the encrypted code here’;
function a($a){    return gzinflate(base64_decode($a));}
while(!$b){
    if(substr($a,0,4) == ‘eval’ || !$count){
        $a = a(str_replace(Array(‘eval(gzinflate(base64_decode(\”,’\')));’),”,$a));
        $count++;
    }else
        $b = true;
}
echo $a;
?>

Now you want to copy the encrypted code after the 2nd line from the top where it says $a=’

Note: You want to copy everything between -  <?php eval(gzinflate(base64_decode(‘    and     ‘)));?>   Everything between ‘ and ‘.

Example of how it should look.

<?php
$a = ‘lVJNT8MwDD3TX2HCZUi0FVdIM8EEAgkJhKZxnLLWXSK1cUjSVfDrS
dvxJeBATo797Pf8MRcJr/QOdFWwmiigYyI5gPgSAG4Fr8kE8PoVC3bKoJZl
NFboKmnkCVw4LZsTuMFmh0GX0eOl8alHp2smHqhHhxVsXoBLUA7rgqk
Q7Fme9+Qq69D7zDpisLxd3l0V7NohwtN7CJYKW/Rsr6GkhlzBjhbjY+ITlw
xyJzDPB6zguRQZLBzKEPkvf+Hv+2wr202DijqPWUnth4qVLGXQZOARTZD
NnwLuTaMNTuwL6bWhb+yXjrqtCr92H9l7G0bFdex5oM8ZBB2aON3/D+B
H7x+m3S+TH6Yp8LlVFrBUBFsMa9O16+curgr97Pgc5gL2v2yPDLpFt/aB7
Ox0AngsyVQRkKZi6PuA5/F4xFj9aDqfMZR89XdG79B5hEzVGNcxAUaG3q
6nrNlxLD+kbah6iSeZq9A2YgQl8AY=’;function a($a){    return gzinflate(base64_decode($a));}
while(!$b){
    if(substr($a,0,4) == ‘eval’ || !$count){
        $a = a(str_replace(Array(‘eval(gzinflate(base64_decode(\”,’\')));’),”,$a));
        $count++;
    }else
        $b = true;
}
echo $a;
?>

Now save the file as run.php, and upload it to your website. Now you want to type in www.yourdomain.com/run.php

You will get a page with the code decrypted. Now you want to go to View then pagesource and you will see the code that is used to create the page, Php database calls, divs, etc. In the case of my WordPress theme, I just open up footer.php and deleted all the code, and pasted in the code I copied from Page source, and then proceeded to remove the links to Casinos, banks, porn sites, etc.