Home/ Questions/Q 9128593
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T07:33:06+00:00

situation very simple – Previous programmer was fired. And the best thing that he

  • 0

situation very simple – Previous programmer was fired. And the best thing that he did – it obfuscated PHP code and deleted the source files. I try to decode the scripts by my self, but the code doesn’t work after my changes. Maybe someone can help with the decoding?

pastebin.com/pfQtzgGx

pastebin.com/wPaQ9L6Y

pastebin.com/sgiEaCG0

pastebin.com/xC0q55U2

pastebin.com/pVXtk78k

For decoding i try this extention: evalhook

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Emm I wanted to do just one, but I got sort of hooked in this 🙂
    It should be readable.
    Try it out, but I would be really surprised if there was no mistake. But it’s easy to guess what it’s for now and how to repair it.

    Here’s first one: (pfQtzgGx)

    require_once('config.php');
if (isset($_GET['lang'])) {
    $get_lang = mysql_escape_string($_GET['lang']);
} else {
    $get_lang = 'ru';
}
$name1 = 'name1_'. $get_lang;
$name2 = 'name2_' . $get_lang;
$get_step = 0;
$code_len = 0;
if (isset($_GET['step'])) {
    $get_step = mysql_escape_string($_GET['step']);
}
if (isset($_GET['code_len'])) {
    $code_len = mysql_escape_string($_GET['code_len']);
}
if (isset($_GET['term'])) {
    $get_term = mysql_escape_string($_GET['term']);
}
if ($get_step == 3 or $get_step == 4) {
    $get_term_b64dec = base64_decode($get_term);
    $get_term_binary = '';
    for ($i = 0; $i < strlen($get_term_b64dec) - 1; $i += 2) {
        $get_term_binary .= chr(hexdec($get_term_b64dec[$i] . $get_term_b64dec[$i + 1]));
    }
    $_9  = preg_split('/[.]/', $get_term_binary, -1, PREG_SPLIT_NO_EMPTY);
    $_10 = $_9[4];
    if ($get_step == 3) {
        $get_step = 0;
    } else {
        $get_step = 1;
    }
} else {
    $_10 = substr($get_term, 0, strpos($get_term, '.'));
}
if ($get_step == 0) {
    $query = "SELECT DISTINCT 
        pt_len.$name1 AS code, 
        pt_len.$name1 AS field 
        FROM feconi.pt_sort1 
        LEFT OUTER JOIN feconi.pt_len ON pt_sort1.id_pt_standard = pt_len.id_pt_standard 
        WHERE pt_sort1.id = \"$_10\"
            AND pt_sort1.size1 BETWEEN pt_len.s1_min 
            AND pt_len.s1_max 
            AND pt_sort1.id_pt_type = pt_len.id_pt_type";
} else {
    $query = "SELECT DISTINCT 
        pt_len.ID AS code, 
        pt_len.$name2 AS field 
        FROM feconi.pt_sort1 
        LEFT OUTER JOIN feconi.pt_len ON pt_sort1.id_pt_standard = pt_len.id_pt_standard 
        WHERE pt_sort1.id = \"$_10\" 
            AND pt_len.$name1 = \"$code_len\"
            AND pt_sort1.size1 
                BETWEEN pt_len.s1_min AND pt_len.s1_max 
            AND pt_sort1.id_pt_type = pt_len.id_pt_type";
}
$result = @mysql_query($query);
if (mysql_num_rows($result) > 0) {
    for ($i = 0; $i < mysql_num_rows($result); $i++) {
        $row = mysql_fetch_array($result);
        if (mysql_num_rows($result) == 1) {
            $output = '[{"value":"' . $row['code'] . '","text":"' . $row['field'] . '"}';
        } else {
            if ($i == 0) {
                $output = '[{"value":"' . $row['code'] . '","text":"' . $row['field'] . '"}';
            } else {
                $output = $output . ',{"value":"' . $row['code'] . '","text":"' . $row['field'] . '"}';
            }
        }
    }
    $output = $output . ']';
    echo $_GET['jsoncallback'] . '(' . $output . ');';
}

    Here’s the second one: wPaQ9L6Y

    <?
require_once('config.php');

if (isset($_GET['term'])) {
    $get_term = mysql_escape_string($_GET['term']);
}

if (isset($_GET['lvl'])) {
    $get_lvl= mysql_escape_string($_GET['lvl']);
} else {
    $get_lvl= 1;
}

if (isset($_GET['term1'])) {
    $get_term1 = mysql_escape_string($_GET['term1']);
}

if (isset($_GET['term2'])) {
    $get_term2 = mysql_escape_string($_GET['term2']);
} else {
    $get_term2 = 1;
}

if ($get_term2 == 2) {
    $term1_b64dec = base64_decode($get_term1);

    $term1_binary = '';
    for ($i = 0; $i < strlen($term1_b64dec) - 1; $i += 2) {
        $term1_binary .= chr(hexdec($term1_b64dec[$i] . $term1_b64dec[$i + 1]));
    }

    $term1_ID = preg_split('/[.]/', $term1_binary, -1, PREG_SPLIT_NO_EMPTY);
    $sort1_ID = $term1_ID[4];

    if ($get_term2 == 3) {
        $get_term2 = 0;
    } else {
        $get_term2 = 1;
    }
} else {
    $sort1_ID = substr($get_term1, 0, strpos($get_term1, '.'));
}

$query  = "SELECT 
    pt_len.code_len AS code_len, 
    pt_len.w_min AS w_min, 
    pt_len.w_max AS w_max, 
    pt_len.l_min AS l_min, 
    pt_len.l_max AS l_max, 
    pt_len.w_step AS w_step, 
    pt_len.l_step AS l_step, 
    pt_len.width AS width, 
    pt_len.len AS len, 
    pt_len.default_w AS default_w, 
    pt_len.default_l AS default_l, 
    pt_sort1.weight AS weight, 
    pt_sort1.measure2 AS measure2 
    FROM feconi.pt_len 
    INNER JOIN pt_sort1 ON pt_len.id_pt_standard = pt_sort1.id_pt_standard 
        AND pt_len.id_pt_type = pt_sort1.id_pt_type 
    WHERE pt_len.ID = \"$get_term\" 
        AND pt_len.level <= \"$get_lvl\" 
        AND pt_sort1.ID = \"$sort1_ID\"";
$result = @mysql_query($query);

if (mysql_num_rows($result) > 0) {
    $row = mysql_fetch_array($result);

    $output = '{"code_len":"' . $row['code_len'] . '","w_min":"' . $row['w_min'] . '","w_max":"' . $row['w_max'] . '",';
    $output = $output . '"l_min":"' . $row['l_min'] . '","l_max":"' . $row['l_max'] . '","w_step":"' . $row['w_step'] . '",';
    $output = $output . '"l_step":"' . $row['l_step'] . '","width":"' . $row['width'] . '","len":"' . $row['len'] . '",';
    $output = $output . '"default_w":"' . $row['default_w'] . '","default_l":"' . $row['default_l'] . '",';
    $output = $output . '"weight":"' . $row['weight'] . '","measure2":"' . $row['measure2'] . '"}';

    echo $_GET['jsoncallback'] . '(' . $output . ');';
}
?>

    Third one: (sgiEaCG0)

    require_once('config.php');

if (isset($_GET['lang'])) {
    $get_lang = mysql_escape_string($_GET['lang']);
} else {
    $get_lang = 'ru';
}

$name_lang = 'name_' . $get_lang;
$_2 = 0;
$_3 = 0;
if (isset($_GET['term'])) {
    $get_term = mysql_escape_string($_GET['term']);
}
$query = "SELECT 
    pt_unt.$name_lang AS `text`, 
    pt_unt.id AS value 
    FROM rol_lenunt 
    LEFT OUTER JOIN pt_unt ON rol_lenunt.unt = pt_unt.id 
    RIGHT OUTER JOIN pt_len ON pt_len.code_len = rol_lenunt.len 
    WHERE pt_len.id = \"$get_term\"";
$result = @mysql_query($query);
if (mysql_num_rows($result) > 0) {
    $output = '[';
    for ($i = 0; $i < mysql_num_rows($result); $i++) {
        $row = mysql_fetch_array($result);
        if (strlen($output) <> 1) {
            $output .= ',';
        }
        $output .= '{"text":"' . $row['text'] . '","value":"' . $row['value'] . '"}';
    }
    $output .= ']';
    echo $_GET['jsoncallback'] . '(' . $output . ');';
} else {
    echo 'sorry';
}

    #4: (xC0q55U2)

    if (isset($_GET['q'])) {
    $get_q = mysql_escape_string($_GET['q']);
}
$get_q = base64_decode($get_q);
$q_binary = '';

for ($i = 0; $i < strlen($get_q) - 1; $i += 2) {
    $q_binary .= chr(hexdec($get_q[$i] . $get_q[$i + 1]));
}
$q_splitted = preg_split('/[.]/', $q_binary, -1, PREG_SPLIT_NO_EMPTY);
$_4 = $q_splitted[4];
$_5 = $q_splitted[6];
$_6 = $q_splitted[15];
$_7 = $q_splitted[16];
$_8 = '{"value":"' . $_4 . '.' . $_5 . '","APclass":"' . $_6 . '","apOther":"' . $_7 . '"}';
echo $_GET['jsoncallback'] . '(' . $_8 . ');';

    And finaly: pVXtk78k

    require_once('config.php');
if (isset($_GET['q'])) {
    $get_q = mysql_escape_string($_GET['q']);
}
$query = "SELECT 
lc_region.adv_supplier AS adv_supplier , 
lc_region.adv_supplier_web AS adv_supplier_web , 
lc_region.adv_stock AS adv_stock , 
lc_region.adv_stock_web AS adv_stock_web , 
lc_region.adv_producer AS adv_producer , 
lc_region.adv_producer_web AS adv_producer_web 
FROM lc_region 
WHERE lc_region.id = $get_q";
$result = @mysql_query($query);
if (mysql_num_rows($result) > 0) {
    for ($i = 0; $i < mysql_num_rows($result); $i++) {
        $row = mysql_fetch_array($result);
        $output = '{"trade_0_filed_2":"' . $row['adv_supplier'] . 
            '","trade_0_filed_2_web":"' . $row['adv_supplier_web'] . 
            '","trade_1_filed_2":"' . $row['adv_stock'] . 
            '","trade_1_filed_2_web":"' . $row['adv_stock_web'] . 
            '","trade_2_filed_2":"' . $row['adv_producer'] . 
            '","trade_2_filed_2_web":"' . $row['adv_producer_web'] . '"}';
    }
    echo $_GET['jsoncallback'] . '(' . $output . ');';
}
    • 0