“This is for the most common encoded method I’ve seen. This is the method that starts with $o=”blah blah.[…]1. Make a copy of the php file. Call it temp.php. Open it in a text editor.
2. Use search replace to find the semi-colons and replace them with semi-colons followed by a carriage return. In TextPad, I enable regular expressions and replace ; with ;\n . Easy.
3. You’ll get three lines of code. The second one starts with ‘eval’. Change that to ‘echo’ instead.
4. Run the php file in php. On the command line, this looks like “php temp.php”. You can also do it in a website/browser if you like.
5. You’ll get a big long line of code with a lot of $lllll stuff in it. Copy all that and paste it back in to the original file. You’re going to REPLACE the entire “echo” line with it. But only that line, you still need to have the $o=”blah” line at the top of the file.
6. Do the semi-colon replace thing again to get a lot of lines instead of one long one.
7. Right at the end, there’s a line that looks like eval($lllllllll); or similar, all by itself. Change that eval to an echo.
8. Run it again. Voila, you should have your unencrypted code now. Copy and paste it where you want it.”
August 11, 2009 • 12 comments