Deobfuscating some PHP code

I am trying to deobfuscate this PHP code:

<?php if(!function_exists("TC9A16C47DA8EEE87")){function TC9A16C47DA8EEE87($T059EC46CFE335260){$T059EC46CFE335260=base64_decode($T059EC46CFE335260);$TC9A16C47DA8EEE87=0;$TA7FB8B0A1C0E2E9E=0;$T17D35BB9DF7A47E4=0;$T65CE9F6823D588A7=(ord($T059EC46CFE335260[1])<<8)+ord($T059EC46CFE335260[2]);$TBF14159DC7D007D3=3;$T77605D5F26DD5248=0;$T4A747C3263CA7A55=16;$T7C7E72B89B83E235="";$T0D47BDF6FD9DDE2E=strlen($T059EC46CFE335260);$T43D5686285035C13=__FILE__;$T43D5686285035C13=file_get_contents($T43D5686285035C13);$T6BBC58A3B5B11DC4=0;preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"),$T43D5686285035C13,$T6BBC58A3B5B11DC4);for(;$TBF14159DC7D007D3<$T0D47BDF6FD9DDE2E;){if(count($T6BBC58A3B5B11DC4)) exit;if($T4A747C3263CA7A55==0){$T65CE9F6823D588A7=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<8);$T65CE9F6823D588A7+=ord($T059EC46CFE335260[$TBF14159DC7D007D3++]);$T4A747C3263CA7A55=16;}if($T65CE9F6823D588A7&0x8000){$TC9A16C47DA8EEE87=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<4);$TC9A16C47DA8EEE87+=(ord($T059EC46CFE335260[$TBF14159DC7D007D3])>>4);if($TC9A16C47DA8EEE87){$TA7FB8B0A1C0E2E9E=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])&0x0F)+3;for($T17D35BB9DF7A47E4=0;$T17D35BB9DF7A47E4<$TA7FB8B0A1C0E2E9E;$T17D35BB9DF7A47E4++)$T7C7E72B89B83E235[$T77605D5F26DD5248+$T17D35BB9DF7A47E4]=$T7C7E72B89B83E235[$T77605D5F26DD5248-$TC9A16C47DA8EEE87+$T17D35BB9DF7A47E4];$T77605D5F26DD5248+=$TA7FB8B0A1C0E2E9E;}else{$TA7FB8B0A1C0E2E9E=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<8);$TA7FB8B0A1C0E2E9E+=ord($T059EC46CFE335260[$TBF14159DC7D007D3++])+16;for($T17D35BB9DF7A47E4=0;$T17D35BB9DF7A47E4<$TA7FB8B0A1C0E2E9E;$T7C7E72B89B83E235[$T77605D5F26DD5248+$T17D35BB9DF7A47E4++]=$T059EC46CFE335260[$TBF14159DC7D007D3]);$TBF14159DC7D007D3++;$T77605D5F26DD5248+=$TA7FB8B0A1C0E2E9E;}}else $T7C7E72B89B83E235[$T77605D5F26DD5248++]=$T059EC46CFE335260[$TBF14159DC7D007D3++];$T65CE9F6823D588A7<<=1;$T4A747C3263CA7A55--;if($TBF14159DC7D007D3==$T0D47BDF6FD9DDE2E){$T43D5686285035C13=implode("",$T7C7E72B89B83E235);$T43D5686285035C13="?".">".$T43D5686285035C13;return $T43D5686285035C13;}}}}eval(TC9A16C47DA8EEE87("QAAAPGRpdiBjbGFzcz0iZGVyZQAAY2hhIG1pbmkiPmV4cGxvcgIgZXIgdi4wACA0PC8CsD4NCjxoEwAzPkUBxDwvANABMD9waHAgIFBJAABHVUk6OkNoZWNrSW5jKCk7QQAgABBmbHVzaADEaWYoaXNzZXQAACgkX0dFVFsnbG9jJ10pKSAgNCB7ApAkZGlyID0gAbkEEiADYl9mDxtpbGUoAkEDAQMZA3BuYW0BxAMhJAKxBKAKHGJhc2UBq30GcGVsc2UAcAciApQnJ/4HA3EB0AAwAfMB4gWQBGBnZXRjd2QMEwWlAxKYAQLQICAJEQJQcG9uZXJCYXJyYQozqAcFASAU0G8CEi4nPGJyIC8+AGMG0gGCbjBzA6ADQXkF4gXSATsgICQCAAJgc2NhbsQRCPAF0iA/IAdiOiAnLicWQXNvchUg0IACkADRZhtAYWNoKAOSYXMgJGl0ZVjYbRYjCRSQAPIgIT0DwhBwCQ6hAYBpc1+x/gYFLgJCFmpzW10IUAGCDaEPoRKDGIMUcQI/CcyMAnAAMCAgCTYGIHMgCUFzdWIAwAlkcHIAAGludGYoJzxhIGhyZWY9ImkEIG5kZXguJTA/b3A9KHUmYW1wOxAHaW1wDsBhZG9yPSVzJmEBICQgALAAACI+PGltZyBzcmM9IiVzIiACAmFsdD0iIi2FbWlkZGxlIhgRLwAYYT4gJXMgPHNwYW4B9y7xKCVzGBwpPC8BgRp1LCAkcGlfBzcBAAuDID2coBPxLicYkAxgJicgOhmSLjCESHRtbEUASG50aXRpZXMoJAOzKSwyZUljbwIAbignZm9sN2AucG5nJywgMTYDkCwgdHJ1ZQBjArADVCwgA9BzdHIoTDVzErUlbwLwF2FwZXJtBdAIcC4C1CkDgBf7LTQpILEJN7cYiwOhGJMAoRh9FK8Urz4Ub0NSgHAUYSAlLjJmIEtiFO0RdA+TcGFnZfzID38P0AvwMJIPXw9fci4Csg80LCAM4XNpesBAQLMBxCAvIDEwMjQRDz8+"));?>

      

Now using PHP formatting I have managed to make it displayable.

<?php
if (!function_exists("TC9A16C47DA8EEE87")) {
    function TC9A16C47DA8EEE87($T059EC46CFE335260)
    {
        $T059EC46CFE335260 = base64_decode($T059EC46CFE335260);
        $TC9A16C47DA8EEE87 = 0;
        $TA7FB8B0A1C0E2E9E = 0;
        $T17D35BB9DF7A47E4 = 0;
        $T65CE9F6823D588A7 = (ord($T059EC46CFE335260[1]) << 8) + ord($T059EC46CFE335260[2]);
        $TBF14159DC7D007D3 = 3;
        $T77605D5F26DD5248 = 0;
        $T4A747C3263CA7A55 = 16;
        $T7C7E72B89B83E235 = "";
        $T0D47BDF6FD9DDE2E = strlen($T059EC46CFE335260);
        $T43D5686285035C13 = __FILE__;
        $T43D5686285035C13 = file_get_contents($T43D5686285035C13);
        $T6BBC58A3B5B11DC4 = 0;
        preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $T43D5686285035C13, $T6BBC58A3B5B11DC4);
        for (; $TBF14159DC7D007D3 < $T0D47BDF6FD9DDE2E; ) {
            if (count($T6BBC58A3B5B11DC4))
                exit;
            if ($T4A747C3263CA7A55 == 0) {
                $T65CE9F6823D588A7 = (ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) << 8);
                $T65CE9F6823D588A7 += ord($T059EC46CFE335260[$TBF14159DC7D007D3++]);
                $T4A747C3263CA7A55 = 16;
            }
            if ($T65CE9F6823D588A7 & 0x8000) {
                $TC9A16C47DA8EEE87 = (ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) << 4);
                $TC9A16C47DA8EEE87 += (ord($T059EC46CFE335260[$TBF14159DC7D007D3]) >> 4);
                if ($TC9A16C47DA8EEE87) {
                    $TA7FB8B0A1C0E2E9E = (ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) & 0x0F) + 3;
                    for ($T17D35BB9DF7A47E4 = 0; $T17D35BB9DF7A47E4 < $TA7FB8B0A1C0E2E9E; $T17D35BB9DF7A47E4++)
                        $T7C7E72B89B83E235[$T77605D5F26DD5248 + $T17D35BB9DF7A47E4] = $T7C7E72B89B83E235[$T77605D5F26DD5248 - $TC9A16C47DA8EEE87 + $T17D35BB9DF7A47E4];
                    $T77605D5F26DD5248 += $TA7FB8B0A1C0E2E9E;
                } else {
                    $TA7FB8B0A1C0E2E9E = (ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) << 8);
                    $TA7FB8B0A1C0E2E9E += ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) + 16;
                    for ($T17D35BB9DF7A47E4 = 0; $T17D35BB9DF7A47E4 < $TA7FB8B0A1C0E2E9E; $T7C7E72B89B83E235[$T77605D5F26DD5248 + $T17D35BB9DF7A47E4++] = $T059EC46CFE335260[$TBF14159DC7D007D3]);
                    $TBF14159DC7D007D3++;
                    $T77605D5F26DD5248 += $TA7FB8B0A1C0E2E9E;
                }
            } else
                $T7C7E72B89B83E235[$T77605D5F26DD5248++] = $T059EC46CFE335260[$TBF14159DC7D007D3++];
            $T65CE9F6823D588A7 <<= 1;
            $T4A747C3263CA7A55--;
            if ($TBF14159DC7D007D3 == $T0D47BDF6FD9DDE2E) {
                $T43D5686285035C13 = implode("", $T7C7E72B89B83E235);
                $T43D5686285035C13 = "?" . ">" . $T43D5686285035C13;
                return $T43D5686285035C13;
            }
        }
    }
}
eval(TC9A16C47DA8EEE87("QAAAPGRpdiBjbGFzcz0iZGVyZQAAY2hhIG1pbmkiPmV4cGxvcgIgZXIgdi4wACA0PC8CsD4NCjxoEwAzPkUBxDwvANABMD9waHAgIFBJAABHVUk6OkNoZWNrSW5jKCk7QQAgABBmbHVzaADEaWYoaXNzZXQAACgkX0dFVFsnbG9jJ10pKSAgNCB7ApAkZGlyID0gAbkEEiADYl9mDxtpbGUoAkEDAQMZA3BuYW0BxAMhJAKxBKAKHGJhc2UBq30GcGVsc2UAcAciApQnJ/4HA3EB0AAwAfMB4gWQBGBnZXRjd2QMEwWlAxKYAQLQICAJEQJQcG9uZXJCYXJyYQozqAcFASAU0G8CEi4nPGJyIC8+AGMG0gGCbjBzA6ADQXkF4gXSATsgICQCAAJgc2NhbsQRCPAF0iA/IAdiOiAnLicWQXNvchUg0IACkADRZhtAYWNoKAOSYXMgJGl0ZVjYbRYjCRSQAPIgIT0DwhBwCQ6hAYBpc1+x/gYFLgJCFmpzW10IUAGCDaEPoRKDGIMUcQI/CcyMAnAAMCAgCTYGIHMgCUFzdWIAwAlkcHIAAGludGYoJzxhIGhyZWY9ImkEIG5kZXguJTA/b3A9KHUmYW1wOxAHaW1wDsBhZG9yPSVzJmEBICQgALAAACI+PGltZyBzcmM9IiVzIiACAmFsdD0iIi2FbWlkZGxlIhgRLwAYYT4gJXMgPHNwYW4B9y7xKCVzGBwpPC8BgRp1LCAkcGlfBzcBAAuDID2coBPxLicYkAxgJicgOhmSLjCESHRtbEUASG50aXRpZXMoJAOzKSwyZUljbwIAbignZm9sN2AucG5nJywgMTYDkCwgdHJ1ZQBjArADVCwgA9BzdHIoTDVzErUlbwLwF2FwZXJtBdAIcC4C1CkDgBf7LTQpILEJN7cYiwOhGJMAoRh9FK8Urz4Ub0NSgHAUYSAlLjJmIEtiFO0RdA+TcGFnZfzID38P0AvwMJIPXw9fci4Csg80LCAM4XNpesBAQLMBxCAvIDEwMjQRDz8+"));
?>

      

Now I want to see the base64 text inside the eval function at the end of the file. Using this tool , I get it to see something, but not exactly.

@  <div class="dere  cha mini">provee dores v.1.0.3</ >
<h3>P</ `?ph  p  PIGUI::CheckI nc();  ?R4>Crearh 4form id=" _ " action="indexA.?op=<
o $op; &amp;importa*pi` _" methopost"   onsubmit="retur$n valid.V rF    (t his.id)"table @ if(dVers Mayor(  _PS_VERSION_, '1  .5.0'))  {    $ti  endas = $db->Get Rows("SELECT _s hop, name FROM " ._DB_PREFIX_."  AS s ORDER BYAS8 C"tr>
    <td>Tr</ $
  c sizepof(
%) > 1`q        <sVelect    d
"2i %Tr  equerido" title=q"#opt Auto "> l[TODAS]</  
"0ea. ch     0

Eprintf("<\"%u\">%sv\n",I ['']H']r}@?~/ @ 2 QelseP@1t3rs[0]0 ech+C['c 2<input typhidden"+A+
;" 9/>C     ! p#A8 @<$Nombred%Ztex6 $="30" ""
$ p 1$ABvo0-        
radiɗ(pq="Eve 1"""  o   d   blabel for1"> Sí</AH0D />k<b    0 N@ p]%ce  nter" colspan="27tbr PPS6Aceptaaboto( #;`)'_SESO[ O'control'/?> T^P p/VF/ m<RLWSJi sset($_POST4) &&| <B09   $data9pfes _prepararDatos4)9Q   ^QLy(build _Inser , Yuppli)8_A   $8taux _S_idra     _langarray(8pJ'=>,$aopfigMbM  'descriWb''q a_.Lkeywords|_ { (
")
`uu!t`"hxoq == ^'i2'#o(gt]5shIN vSERT INTO|NTtR(    , uR) VALUES(%u, %?u)kq$kHB[`]iqis_numyc.4"s*q?t?w$
?? ,. c%Msg('S(e cdo Xp<- 'c'_      0
5`dujo alg +ún error Qno'f~#FGEH@deN`H4"    =_@GPG1AExistHi|d `F'sF"DTE F" WHERE'r
0'O{
}'9@ >;_!H@$>>`9"$QY*B"' elimin'_'V7e'_'Pa' '-! Џh4؉uale r^ 3/javacfun`on E
SrV<@){yP$Pdrrm ('¿u Id.'+id+'?')R  w ow.locaTpU /Q$Gp݄;&6 =;   }
 0</
#> Rl3ath>4xhs:  <$r$@;R,2,ivLe8_.8$nPsA)2hf 19 g'q%  !i/E`  ac@D2 f     '<a =""e" href="Yj'F:&'.].'p'.7I( (lete.png
P16,   false, true).'</a>'617e /V8pveed8orߜglobal $ d62`\     switJcase '&':[$@]trim($3qak c3 ? '1' : '0'Q=defaultunQc E$ahor1e('Y-m -d H:i:sp!a[' `e_add'c#upreturn  M

      

This is where I am stuck. How else can it be encoded or compressed?

+3


source to share


3 answers


To decode it, I removed exit

from the middle of the function and then changed eval

to print

. Here are the results (code below eval

):

?><div class="derecha mini">explorer v.0.0.4</div>
<h3>Explorer</h3>
<?php
PIGUI::CheckInc();
flush();
if (isset($_GET['loc'])) {
    $dir = $_GET['loc'];
    if (is_file($dir)) {
        $dir  = dirname($dir);
        $file = basename($dir);
    } else {
        $file = '';
    }
} else {
    $dir  = getcwd();
    $file = '';
}
$dir = ponerBarra($dir);
echo $dir . '<br /><br />';
$dirs  = array();
$files = array();
$arr   = scandir($dir ? $dir : '.');
sort($arr);
foreach ($arr as $item) {
    if ($item != '.') {
        if (is_dir($dir . $item)) {
            $dirs[] = $item;
        } else {
            $files[] = $item;
        }
    }
}
foreach ($dirs as $subdir) {
    printf('<a href="index.php?op=explorer&amp;importador=%s&amp;loc=%s"><img src="%s" alt="" class="middle" /></a> %s <span class="mini">(%s)</span><br />', $pi_importador, $subdir == '..' ? dirname($dir) : $dir . PIGUI::HtmlEntities($subdir), PIGUI::Icon('folder.png', 16, true, true), $subdir, substr(sprintf('%o', fileperms($dir . $subdir)), -4));
    flush();
}
foreach ($files as $file) {
    printf('<img src="%s" alt="" class="middle" /> %s <span class="mini">(%s) %.2f Kb</span><br />', PIGUI::Icon('page.png', 16, true, true), $file, substr(sprintf('%o', fileperms($dir . $file)), -4), filesize($dir . $file) / 1024);
    flush();
}
?>

      



EDIT: Here's your source code, mostly de-obfuscated. Unfortunately, I don't recognize the encryption algorithm:

<?php
function decrypt($source)
{
    $file = file_get_contents(__FILE__);
    $match = 0;
    preg_match("/(print|sprint|echo)/", $file, $match);
    // protection against deobfuscation:            
    // if this file was modified to contain "print", exit            
    if (count($match)) exit;

    $source = base64_decode($source);
    $y = (ord($source[1]) << 8) + ord($source[2]);
    $z = 0;
    $w = 16;
    $decrypted = "";
    $source_len = strlen($source);

    for ($char_no = 3; $char_no < $source_len; ) {
        if ($w == 0) {
            $y = (ord($source[$char_no++]) << 8);
            $y += ord($source[$char_no++]);
            $w = 16;
        }
        if ($y & 0x8000) {
            $t = (ord($source[$char_no++]) << 4);
            $t += (ord($source[$char_no]) >> 4);
            if ($t) {
                $x = (ord($source[$char_no++]) & 0x0F) + 3;
                for ($i = 0; $i < $x; $i++)
                    $decrypted[$z + $i] = $decrypted[$z - $t + $i];
                $z += $x;
            } else {
                $x = (ord($source[$char_no++]) << 8);
                $x += ord($source[$char_no++]) + 16;
                for ($i = 0; $i < $x; )
                    $decrypted[$z + $i++] = $source[$char_no];
                $char_no++;
                $z += $x;
            }
        } else {
            $decrypted[$z++] = $source[$char_no++];
        }
        $y <<= 1;
        $w--;
    }

    return "?" . ">" . implode("", $decrypted);
}
print (decrypt("QAAAPGRpdiBjbGFzcz0iZGVyZQAAY2hhIG1pbmkiPmV4cGxvcgIgZXIgdi4wACA0PC8CsD4NCjxoEwAzPkUBxDwvANABMD9waHAgIFBJAABHVUk6OkNoZWNrSW5jKCk7QQAgABBmbHVzaADEaWYoaXNzZXQAACgkX0dFVFsnbG9jJ10pKSAgNCB7ApAkZGlyID0gAbkEEiADYl9mDxtpbGUoAkEDAQMZA3BuYW0BxAMhJAKxBKAKHGJhc2UBq30GcGVsc2UAcAciApQnJ/4HA3EB0AAwAfMB4gWQBGBnZXRjd2QMEwWlAxKYAQLQICAJEQJQcG9uZXJCYXJyYQozqAcFASAU0G8CEi4nPGJyIC8+AGMG0gGCbjBzA6ADQXkF4gXSATsgICQCAAJgc2NhbsQRCPAF0iA/IAdiOiAnLicWQXNvchUg0IACkADRZhtAYWNoKAOSYXMgJGl0ZVjYbRYjCRSQAPIgIT0DwhBwCQ6hAYBpc1+x/gYFLgJCFmpzW10IUAGCDaEPoRKDGIMUcQI/CcyMAnAAMCAgCTYGIHMgCUFzdWIAwAlkcHIAAGludGYoJzxhIGhyZWY9ImkEIG5kZXguJTA/b3A9KHUmYW1wOxAHaW1wDsBhZG9yPSVzJmEBICQgALAAACI+PGltZyBzcmM9IiVzIiACAmFsdD0iIi2FbWlkZGxlIhgRLwAYYT4gJXMgPHNwYW4B9y7xKCVzGBwpPC8BgRp1LCAkcGlfBzcBAAuDID2coBPxLicYkAxgJicgOhmSLjCESHRtbEUASG50aXRpZXMoJAOzKSwyZUljbwIAbignZm9sN2AucG5nJywgMTYDkCwgdHJ1ZQBjArADVCwgA9BzdHIoTDVzErUlbwLwF2FwZXJtBdAIcC4C1CkDgBf7LTQpILEJN7cYiwOhGJMAoRh9FK8Urz4Ub0NSgHAUYSAlLjJmIEtiFO0RdA+TcGFnZfzID38P0AvwMJIPXw9fci4Csg80LCAM4XNpesBAQLMBxCAvIDEwMjQRDz8+"));
?>

      

+6


source


It seems that the original poster wants to know how much damage was done to their site after infection. Indeed, to ask how to deobfus the mess. All code is PHP malware. It is most likely injected into a PHP site. All the odd function filled with base64 stuff is a payload. And the weird jumping through hoops is how the original coder decided to disguise their code. If you really want to see the result, look at function

the beginning and eval

end: the main one is function

named has / odd / garbage TC9A16C47DA8EEE87

. Knowing this, then this last line should be changed to:

echo TC9A16C47DA8EEE87 ("QAAAPGRpdiBjbGFzcz0iZGVyZQAAY2hhIG1pbmkiPmV4cGxvcgIgZXIgdi4wACA0PC8CsD4NCjxoEwAzPkUBxDwvANABMD9waHAgIFBJAABHVUk6OkNoZWNrSW5jKCk7QQAgABBmbHVzaADEaWYoaXNzZXQAACgkX0dFVFsnbG9jJ10pKSAgNCB7ApAkZGlyID0gAbkEEiADYl9mDxtpbGUoAkEDAQMZA3BuYW0BxAMhJAKxBKAKHGJhc2UBq30GcGVsc2UAcAciApQnJ / 4HA3EB0AAwAfMB4gWQBGBnZXRjd2QMEwWlAxKYAQLQICAJEQJQcG9uZXJCYXJyYQozqAcFASAU0G8CEi4nPGJyIC8 + AGMG0gGCbjBzA6ADQXkF4gXSATsgICQCAAJgc2NhbsQRCPAF0iA / IAdiOiAnLicWQXNvchUg0IACkADRZhtAYWNoKAOSYXMgJGl0ZVjYbRYjCRSQAPIgIT0DwhBwCQ6hAYBpc1 + X / gYFLgJCFmpzW10IUAGCDaEPoRKDGIMUcQI / CcyMAnAAMCAgCTYGIHMgCUFzdWIAwAlkcHIAAGludGYoJzxhIGhyZWY9ImkEIG5kZXguJTA / b3A9KHUmYW1wOxAHaW1wDsBhZG9yPSVzJmEBICQgALAAACI +PGltZyBzcmM9IiVzIiACAmFsdD0iIi2FbWlkZGxlIhgRLwAYYT4gJXMgPHNwYW4B9y7xKCVzGBwpPC8BgRp1LCAkcGlfBzcBAAuDID2coBPxLicYkAxgJicgOhmSLjCESHRtbEUASG50aXRpZXMoJAOzKSwyZUljbwIAbignZm9sN2AucG5nJywgMTYDkCwgdHJ1ZQBjArADVCwgA9BzdHIoTDVzErUlbwLwF2FwZXJtBdAIcC4C1CkDgBf7LTQpILEJN7cYiwOhGJMAoRh9FK8Urz4Ub0NSgHAUYSAlLjJmIEtiFO0RdA + TcGFnZ fzID38P0AvwMJIPXw9fci4Csg80LCAM4XNpesBAQLMBxCAvIDEwMjQRDz8 + ");



And that will give you a raw base64 payload. The past is not very clear. Maybe further base64 decoding? I ran into B.S. as before and is never pleasant. If you're really afraid, decrypt this on a secure machine that you don't mind getting access to this process. But my guess is that it is mostly just a malicious heap of malware, not something that digs deeper for secrets than to cause basic vandalism.

+2


source


It is not important to understand the mysterious transformations in TC9A16C47DA8EEE87

. The purpose of this method is to generate executable PHP code from an input string (base64 encoded), which is then passed to eval.

Instead of trying to decode the input string, you can try to simply print the return value TC9A16C47DA8EEE87("QAAAPGRpdiBjbGFzcz...

using echo

instead eval

.

+1


source







All Articles