Quantcast
Channel: Pario TechnoBlob » eval
Viewing all articles
Browse latest Browse all 2

Easy way to decode or decrypt eval gzinflate str_rot13 base64_decode variables

0
0

If you download and install many WordPress themes you will sometimes find themes that have encrypted lines or variables in the footer part of the theme, in the functions.php file or other included theme files.
I do not trust these lines of code and would not use a theme without knowing what code is being run. Therefore I decode these lines to determine if this is a theme I would like to use of just delete the theme because it contains dangerous code. Most of the time these encrypted lines just contain copyright information the authors of the theme don’t want you to change.

This is an example of how a encrypted variable might look like

echo(str_rot13('shapgvba purpx_urnqre(){vs(!(shapgvba_rkvfgf("purpx_shapgvbaf")&&shapgvba_rkvfgf("purpx_s_sbbgre"))){rpub (\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\');}}'));

Wordpress eval decode

The easy way to show the contents of this variable is copy the entire line into a new PHP file and replace the eval command with echo and save the file into file decode.php

Then you run the PHP file like this

# php decode.php

The result in this example should be

function check_header(){if(!(function_exists("check_functions")&&function_exists("check_f_footer"))){echo (' This theme is released under creative commons licence, all links in the footer should remain intact');}}

I have included an image of the code in case it is not shown correctly in WordPress.
Wordpress eval result

I have written about this topic before, WordPress themes with eval and base64_decode lines but this is a much simpler way of showing the content of the unreadable variables.


Viewing all articles
Browse latest Browse all 2

Latest Images

Trending Articles





Latest Images