To decode it, I have removed exit
from middle of function, then changed eval
to print
. Here are the results (code under the eval
):
?><div class="derecha mini">explorer v.0.0.4</div>
<h3>Explorer</h3>
<?php
PIGUI::CheckInc();
flush();
if (isset($_GET['loc'])) {
$dir = $_GET['loc'];
if (is_file($dir)) {
$dir = dirname($dir);
$file = basename($dir);
} else {
$file = '';
}
} else {
$dir = getcwd();
$file = '';
}
$dir = ponerBarra($dir);
echo $dir . '<br /><br />';
$dirs = array();
$files = array();
$arr = scandir($dir ? $dir : '.');
sort($arr);
foreach ($arr as $item) {
if ($item != '.') {
if (is_dir($dir . $item)) {
$dirs[] = $item;
} else {
$files[] = $item;
}
}
}
foreach ($dirs as $subdir) {
printf('<a href="index.php?op=explorer&importador=%s&loc=%s"><img src="%s" alt="" class="middle" /></a> %s <span class="mini">(%s)</span><br />', $pi_importador, $subdir == '..' ? dirname($dir) : $dir . PIGUI::HtmlEntities($subdir), PIGUI::Icon('folder.png', 16, true, true), $subdir, substr(sprintf('%o', fileperms($dir . $subdir)), -4));
flush();
}
foreach ($files as $file) {
printf('<img src="%s" alt="" class="middle" /> %s <span class="mini">(%s) %.2f Kb</span><br />', PIGUI::Icon('page.png', 16, true, true), $file, substr(sprintf('%o', fileperms($dir . $file)), -4), filesize($dir . $file) / 1024);
flush();
}
?>
EDIT: Here's your original code, mostly deobfuscated. Unfortunately, I don't recognize encryption algorithm:
<?php
function decrypt($source)
{
$file = file_get_contents(__FILE__);
$match = 0;
preg_match("/(print|sprint|echo)/", $file, $match);
// protection against deobfuscation:
// if this file was modified to contain "print", exit
if (count($match)) exit;
$source = base64_decode($source);
$y = (ord($source[1]) << 8) + ord($source[2]);
$z = 0;
$w = 16;
$decrypted = "";
$source_len = strlen($source);
for ($char_no = 3; $char_no < $source_len; ) {
if ($w == 0) {
$y = (ord($source[$char_no++]) << 8);
$y += ord($source[$char_no++]);
$w = 16;
}
if ($y & 0x8000) {
$t = (ord($source[$char_no++]) << 4);
$t += (ord($source[$char_no]) >> 4);
if ($t) {
$x = (ord($source[$char_no++]) & 0x0F) + 3;
for ($i = 0; $i < $x; $i++)
$decrypted[$z + $i] = $decrypted[$z - $t + $i];
$z += $x;
} else {
$x = (ord($source[$char_no++]) << 8);
$x += ord($source[$char_no++]) + 16;
for ($i = 0; $i < $x; )
$decrypted[$z + $i++] = $source[$char_no];
$char_no++;
$z += $x;
}
} else {
$decrypted[$z++] = $source[$char_no++];
}
$y <<= 1;
$w--;
}
return "?" . ">" . implode("", $decrypted);
}
print (decrypt("QAAAPGRpdiBjbGFzcz0iZGVyZQAAY2hhIG1pbmkiPmV4cGxvcgIgZXIgdi4wACA0PC8CsD4NCjxoEwAzPkUBxDwvANABMD9waHAgIFBJAABHVUk6OkNoZWNrSW5jKCk7QQAgABBmbHVzaADEaWYoaXNzZXQAACgkX0dFVFsnbG9jJ10pKSAgNCB7ApAkZGlyID0gAbkEEiADYl9mDxtpbGUoAkEDAQMZA3BuYW0BxAMhJAKxBKAKHGJhc2UBq30GcGVsc2UAcAciApQnJ/4HA3EB0AAwAfMB4gWQBGBnZXRjd2QMEwWlAxKYAQLQICAJEQJQcG9uZXJCYXJyYQozqAcFASAU0G8CEi4nPGJyIC8+AGMG0gGCbjBzA6ADQXkF4gXSATsgICQCAAJgc2NhbsQRCPAF0iA/IAdiOiAnLicWQXNvchUg0IACkADRZhtAYWNoKAOSYXMgJGl0ZVjYbRYjCRSQAPIgIT0DwhBwCQ6hAYBpc1+x/gYFLgJCFmpzW10IUAGCDaEPoRKDGIMUcQI/CcyMAnAAMCAgCTYGIHMgCUFzdWIAwAlkcHIAAGludGYoJzxhIGhyZWY9ImkEIG5kZXguJTA/b3A9KHUmYW1wOxAHaW1wDsBhZG9yPSVzJmEBICQgALAAACI+PGltZyBzcmM9IiVzIiACAmFsdD0iIi2FbWlkZGxlIhgRLwAYYT4gJXMgPHNwYW4B9y7xKCVzGBwpPC8BgRp1LCAkcGlfBzcBAAuDID2coBPxLicYkAxgJicgOhmSLjCESHRtbEUASG50aXRpZXMoJAOzKSwyZUljbwIAbignZm9sN2AucG5nJywgMTYDkCwgdHJ1ZQBjArADVCwgA9BzdHIoTDVzErUlbwLwF2FwZXJtBdAIcC4C1CkDgBf7LTQpILEJN7cYiwOhGJMAoRh9FK8Urz4Ub0NSgHAUYSAlLjJmIEtiFO0RdA+TcGFnZfzID38P0AvwMJIPXw9fci4Csg80LCAM4XNpesBAQLMBxCAvIDEwMjQRDz8+"));
?>