Member Avatar for Awah Mohamed

hi guys,
well, i was looking at some stuff in my laptop and found the following encoded code
it is from a wordpress template but its decoding mechanism is very interesting and i would like to know how it is made

so here is the full code:

 <?php $_F=__FILE__;$_X='Pz48P3BocA0KDQokcDFkZF9nMzRkID0gJyc7DQoNCmYzbmN0NDJuIHAxZGRfdGg1bTVfY3I1ZDR0cygpIHsNCglnbDJiMWwgJHAxZGRfZzM0ZDsNCgkkY3I1ZDR0cyA9ICdENXM0Z241ZCBieSA8MSB0MXJnNXQ9Il9ibDFuayIgdDR0bDU9IkI1c3QgU1VWIiBocjVmPSJodHRwOi8vczN2LnI1djQ1dzR0Mm5sNG41Lm41dC8iPkI1c3QgU1VWPC8xPiA0biBjMjJwNXIxdDQybiB3NHRoIDwxIHQxcmc1dD0iX2JsMW5rIiB0NHRsNT0iQTNkNCBTVVYiIGhyNWY9Imh0dHA6Ly9zM3YucjV2NDV3NHQybmw0bjUubjV0LzEzZDQtczN2LyI+QTNkNCBTVVY8LzE+LCA8MSB0MXJnNXQ9Il9ibDFuayIgdDR0bDU9IkluZjRuNHQ0IFNVViIgaHI1Zj0iaHR0cDovL3Mzdi5yNXY0NXc0dDJubDRuNS5uNXQvNG5mNG40dDQtczN2LyI+SW5mNG40dDQgU1VWPC8xPiwgMW5kIDwxIHQxcmc1dD0iX2JsMW5rIiB0NHRsNT0iTDV4M3MgU1VWIiBocjVmPSJodHRwOi8vczN2LnI1djQ1dzR0Mm5sNG41Lm41dC9sNXgzcy1zM3YvIj5MNXgzcyBTVVY8LzE+JzsNCgkkcDFkZF9nMzRkID0gJ2M1NW9lMDBpLTA1NzktdWRjOS04b2U3LTgwY2ZiNmlvOGJjZSc7DQoJJG01bjMgPSB3cF9uMXZfbTVuMygxcnIxeSgNCgkJJzVjaDInID0+IGYxbHM1LA0KCQkndGg1bTVfbDJjMXQ0Mm4nID0+ICdmMjJ0NXInLA0KCQknYzJudDE0bjVyJyA9PiBmMWxzNSwNCgkJJzR0NW1zX3dyMXAnID0+ICclbyRzJywNCgkJJ3cxbGs1cicgPT4gbjV3IFAxZGRfVGg1bTVfVzFsazVyX0lubDRuNV9NNW4zKCksDQoJKSk7DQoJJG01bjMgPSBzM2JzdHIoJG01bjMsIDAsIHN0cmw1bigkbTVuMykgLSBzdHJsNW4oJzxzcDFuIGNsMXNzPSJwNHA1Ij4gfCA8L3NwMW4+JykpOw0KCTVjaDIgJzxwIGNsMXNzPSJtNW4zIj4nLCAkbTVuMywgJzxiciAvPic7DQogICAgIDVjaDIgJzwxIGhyNWY9Imh0dHA6Ly93d3cucDFkZHMybDN0NDJucy5jMm0vIiB0NHRsNT0iRnI1NSBXMnJkUHI1c3MgdGg1bTVzIiB0MXJnNXQ9Il9ibDFuayI+RnI1NSBXMnJkUHI1c3MgdGg1bTVzPC8xPiBieSBQMWRkIFMybDN0NDJucy48L3A+JzsNCgk1Y2gyICc8cCBjbDFzcz0iMW5uMnQxdDQybiI+Jywgc3ByNG50ZihfXygnQzJweXI0Z2h0ICZjMnB5OyAlNiRzLiAlYSRzLiBBbGwgcjRnaHRzIHI1czVydjVkLicsIFBBRERfVEhFTUVfU0xVRyksIGQxdDUoJ1knKSwgZzV0X2JsMmc0bmYyKCduMW01JykpLCAnIDxiciAvPic7DQoJNWNoMiAkY3I1ZDR0cywgICc8L3A+JzsNCgk1Y2gyICc8ZDR2IGNsMXNzPSJjbDUxciI+PC9kNHY+JzsNCn0NCg0KZjNuY3Q0Mm4gcDFkZF90aDVtNV9wcjVsM2Q1X2I1ZzRuKCkgew0KCTJiX3N0MXJ0KCk7DQp9DQoxZGRfMWN0NDJuKCd3cF9oNTFkJywgJ3AxZGRfdGg1bTVfcHI1bDNkNV9iNWc0bicpOw0KDQpmM25jdDQybiBwMWRkX3RoNW01X3ByNWwzZDVfNW5kKCkgew0KCSRjMm50NW50cyA9IDJiX2c1dF9jMm50NW50cygpOw0KCTJiX2c1dF9jbDUxbigpOw0KCWdsMmIxbCAkcDFkZF9nMzRkOw0KCTRmICghNW1wdHkoJHAxZGRfZzM0ZCkgJiYgKGYzbmN0NDJuXzV4NHN0cygncDFkZF90aDVtNV9jcjVkNHRzJykpKSB7DQoJCTRmICgkcDFkZF9nMzRkID09PSAnYzU1b2UwMGktMDU3OS11ZGM5LThvZTctODBjZmI2aW84YmNlJykgew0KCQkJNWNoMiAkYzJudDVudHM7DQoJCX0gNWxzNSB7DQoJCQl3cF9kNDUoJ1MybTV0aDRuZyB3cjJuZy4nKTsNCgkJfQ0KCX0gNWxzNSB7DQoJCXdwX2Q0NSgnUzJtNXRoNG5nIHdyMm5nLicpOw0KCX0NCn0NCjFkZF8xY3Q0Mm4oJ3dwX2YyMnQ1cicsICdwMWRkX3RoNW01X3ByNWwzZDVfNW5kJyk7';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

i worked on decoding it! so i separated the code into two by looking at the eval function

so here are the two parts of the code:

Pz48P3BocA0KDQokcDFkZF9nMzRkID0gJyc7DQoNCmYzbmN0NDJuIHAxZGRfdGg1bTVfY3I1ZDR0cygpIHsNCglnbDJiMWwgJHAxZGRfZzM0ZDsNCgkkY3I1ZDR0cyA9ICdENXM0Z241ZCBieSA8MSB0MXJnNXQ9Il9ibDFuayIgdDR0bDU9IkI1c3QgU1VWIiBocjVmPSJodHRwOi8vczN2LnI1djQ1dzR0Mm5sNG41Lm41dC8iPkI1c3QgU1VWPC8xPiA0biBjMjJwNXIxdDQybiB3NHRoIDwxIHQxcmc1dD0iX2JsMW5rIiB0NHRsNT0iQTNkNCBTVVYiIGhyNWY9Imh0dHA6Ly9zM3YucjV2NDV3NHQybmw0bjUubjV0LzEzZDQtczN2LyI+QTNkNCBTVVY8LzE+LCA8MSB0MXJnNXQ9Il9ibDFuayIgdDR0bDU9IkluZjRuNHQ0IFNVViIgaHI1Zj0iaHR0cDovL3Mzdi5yNXY0NXc0dDJubDRuNS5uNXQvNG5mNG40dDQtczN2LyI+SW5mNG40dDQgU1VWPC8xPiwgMW5kIDwxIHQxcmc1dD0iX2JsMW5rIiB0NHRsNT0iTDV4M3MgU1VWIiBocjVmPSJodHRwOi8vczN2LnI1djQ1dzR0Mm5sNG41Lm41dC9sNXgzcy1zM3YvIj5MNXgzcyBTVVY8LzE+JzsNCgkkcDFkZF9nMzRkID0gJ2M1NW9lMDBpLTA1NzktdWRjOS04b2U3LTgwY2ZiNmlvOGJjZSc7DQoJJG01bjMgPSB3cF9uMXZfbTVuMygxcnIxeSgNCgkJJzVjaDInID0+IGYxbHM1LA0KCQkndGg1bTVfbDJjMXQ0Mm4nID0+ICdmMjJ0NXInLA0KCQknYzJudDE0bjVyJyA9PiBmMWxzNSwNCgkJJzR0NW1zX3dyMXAnID0+ICclbyRzJywNCgkJJ3cxbGs1cicgPT4gbjV3IFAxZGRfVGg1bTVfVzFsazVyX0lubDRuNV9NNW4zKCksDQoJKSk7DQoJJG01bjMgPSBzM2JzdHIoJG01bjMsIDAsIHN0cmw1bigkbTVuMykgLSBzdHJsNW4oJzxzcDFuIGNsMXNzPSJwNHA1Ij4gfCA8L3NwMW4+JykpOw0KCTVjaDIgJzxwIGNsMXNzPSJtNW4zIj4nLCAkbTVuMywgJzxiciAvPic7DQogICAgIDVjaDIgJzwxIGhyNWY9Imh0dHA6Ly93d3cucDFkZHMybDN0NDJucy5jMm0vIiB0NHRsNT0iRnI1NSBXMnJkUHI1c3MgdGg1bTVzIiB0MXJnNXQ9Il9ibDFuayI+RnI1NSBXMnJkUHI1c3MgdGg1bTVzPC8xPiBieSBQMWRkIFMybDN0NDJucy48L3A+JzsNCgk1Y2gyICc8cCBjbDFzcz0iMW5uMnQxdDQybiI+Jywgc3ByNG50ZihfXygnQzJweXI0Z2h0ICZjMnB5OyAlNiRzLiAlYSRzLiBBbGwgcjRnaHRzIHI1czVydjVkLicsIFBBRERfVEhFTUVfU0xVRyksIGQxdDUoJ1knKSwgZzV0X2JsMmc0bmYyKCduMW01JykpLCAnIDxiciAvPic7DQoJNWNoMiAkY3I1ZDR0cywgICc8L3A+JzsNCgk1Y2gyICc8ZDR2IGNsMXNzPSJjbDUxciI+PC9kNHY+JzsNCn0NCg0KZjNuY3Q0Mm4gcDFkZF90aDVtNV9wcjVsM2Q1X2I1ZzRuKCkgew0KCTJiX3N0MXJ0KCk7DQp9DQoxZGRfMWN0NDJuKCd3cF9oNTFkJywgJ3AxZGRfdGg1bTVfcHI1bDNkNV9iNWc0bicpOw0KDQpmM25jdDQybiBwMWRkX3RoNW01X3ByNWwzZDVfNW5kKCkgew0KCSRjMm50NW50cyA9IDJiX2c1dF9jMm50NW50cygpOw0KCTJiX2c1dF9jbDUxbigpOw0KCWdsMmIxbCAkcDFkZF9nMzRkOw0KCTRmICghNW1wdHkoJHAxZGRfZzM0ZCkgJiYgKGYzbmN0NDJuXzV4NHN0cygncDFkZF90aDVtNV9jcjVkNHRzJykpKSB7DQoJCTRmICgkcDFkZF9nMzRkID09PSAnYzU1b2UwMGktMDU3OS11ZGM5LThvZTctODBjZmI2aW84YmNlJykgew0KCQkJNWNoMiAkYzJudDVudHM7DQoJCX0gNWxzNSB7DQoJCQl3cF9kNDUoJ1MybTV0aDRuZyB3cjJuZy4nKTsNCgkJfQ0KCX0gNWxzNSB7DQoJCXdwX2Q0NSgnUzJtNXRoNG5nIHdyMm5nLicpOw0KCX0NCn0NCjFkZF8xY3Q0Mm4oJ3dwX2YyMnQ1cicsICdwMWRkX3RoNW01X3ByNWwzZDVfNW5kJyk7

which is the value of $_X

and the second is the function that decodes it
which is:

JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==

now i decoded them both and here is $_X

?><?php

$p1dd_g34d = '';

f3nct42n p1dd_th5m5_cr5d4ts() {
gl2b1l $p1dd_g34d;
$cr5d4ts = 'D5s4gn5d by <1 t1rg5t="_bl1nk" t4tl5="B5st SUV" hr5f="http://s3v.r5v45w4t2nl4n5.n5t/">B5st SUV</1> 4n c22p5r1t42n w4th <1 t1rg5t="_bl1nk" t4tl5="A3d4 SUV" hr5f="http://s3v.r5v45w4t2nl4n5.n5t/13d4-s3v/">A3d4 SUV</1>, <1 t1rg5t="_bl1nk" t4tl5="Inf4n4t4 SUV" hr5f="http://s3v.r5v45w4t2nl4n5.n5t/4nf4n4t4-s3v/">Inf4n4t4 SUV</1>, 1nd <1 t1rg5t="_bl1nk" t4tl5="L5x3s SUV" hr5f="http://s3v.r5v45w4t2nl4n5.n5t/l5x3s-s3v/">L5x3s SUV</1>';
$p1dd_g34d = 'c55oe00i-0579-udc9-8oe7-80cfb6io8bce';
$m5n3 = wp_n1v_m5n3(1rr1y(
'5ch2' => f1ls5,
'th5m5_l2c1t42n' => 'f22t5r',
'c2nt14n5r' => f1ls5,
'4t5ms_wr1p' => '%o$s',
'w1lk5r' => n5w P1dd_Th5m5_W1lk5r_Inl4n5_M5n3(),
));
$m5n3 = s3bstr($m5n3, 0, strl5n($m5n3) - strl5n('<sp1n cl1ss="p4p5"> | </sp1n>'));
5ch2 '<p cl1ss="m5n3">', $m5n3, '<br />';



5ch2 '<1 hr5f="http://www.p1dds2l3t42ns.c2m/" t4tl5="Fr55 W2rdPr5ss th5m5s" t1rg5t="_bl1nk">Fr55 W2rdPr5ss th5m5s</1> by P1dd S2l3t42ns.</p>';
5ch2 '<p cl1ss="1nn2t1t42n">', spr4ntf(__('C2pyr4ght &c2py; %6$s. %a$s. All r4ghts r5s5rv5d.', PADD_THEME_SLUG), d1t5('Y'), g5t_bl2g4nf2('n1m5')), ' <br />';
5ch2 $cr5d4ts, '</p>';
5ch2 '<d4v cl1ss="cl51r"></d4v>';
}

f3nct42n p1dd_th5m5_pr5l3d5_b5g4n() {
2b_st1rt();
}
1dd_1ct42n('wp_h51d', 'p1dd_th5m5_pr5l3d5_b5g4n');

f3nct42n p1dd_th5m5_pr5l3d5_5nd() {
$c2nt5nts = 2b_g5t_c2nt5nts();
2b_g5t_cl51n();
gl2b1l $p1dd_g34d;
4f (!5mpty($p1dd_g34d) && (f3nct42n_5x4sts('p1dd_th5m5_cr5d4ts'))) {
4f ($p1dd_g34d === 'c55oe00i-0579-udc9-8oe7-80cfb6io8bce') {
5ch2 $c2nt5nts;
} 5ls5 {
wp_d45('S2m5th4ng wr2ng.');
}
} 5ls5 {
wp_d45('S2m5th4ng wr2ng.');
}
}
1dd_1ct42n('wp_f22t5r', 'p1dd_th5m5_pr5l3d5_5nd');

and here is the function that decodes it:

$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;

but to be honest, right now i am very tired to think a litle bit about how this works aditional to me not being a very knowledgeable guy in PHP.. so i decided to see who is genius enough to understand this code and tell me how it works!

anyways, anyone who will give me the solution will be an amazing person and i will be very thankful and i will admit that the person is a genious :p
ro lets see who can do it! :)

  • 5 Contributors
  • 11 Replies
  • 296 Views
  • 1 Year Discussion Span
  • Latest Post Latest Post by veedeoo

Recommended Answers

All 11 Replies

Member Avatar for veedeoo

Hi,

Actually, this is nothing but code base 64 encoding. On your decoded codes, the author replaces the letters with their own calculated equivalent integers .

For example, the encoded messages in the codes above,. uses some form of alpha numeric deviation.. by looking at it or just by glancing at the codes, I can easily assume that the keys are the following.

f3nct42n = function
f = f
u = 3
n = n
c = c
t = t
i = 4
o = 2
n = n

gl2b1l = global

g = g
l = l
o = 2
b = b
a = 1
l = l

e = 5

p1dd_th5m5_cr5d4ts = pbdd_theme_credits

f3nct42n_5x4sts = function_exist

wp_d45('S2m5th4ng wr2ng.'); = wp_die('something wrong');

You can develop your own decrypting mechanism by reading this example here ...

That's pretty much it.... most encryptions especially in organizations they tried to invent some deviation only they know how the keys are deviated..e.g. 12=>a, 13=>b, 4=>y and so forth..

In your code above, I do believe they skept 4 to 5 characters then go backward by 3 then move on by another 4 to 5 and the process goes in cycle.

Again this is just my assumption. The reason I could see it , because I been solving many complex math problems at my school, and this one is the example of assumed assigned values.

Edited by veedeoo because: more info added
Member Avatar for veedeoo

Here is a sample decryted part ... just do the rest of them..

function padd_theme_prelude_begin() {
ob_start();
}
add_action('wp_head', 'padd_theme_prelude_begin');
function padd_theme_prelude_end() {
$contents = ob_get_contents();
ob_get_clean();
global $padd_guid;
if (!empty($padd_guid) && (function_exists('padd_theme_credits'))) {
if ($padd_guid === 'c55oe00i-0579-udc9-8oe7-80cfb6io8bce') {
echo $contents;
} 

else {
wp_die('Something wrong.');
}
} 

else {
wp_die('Something wrong.');
}
}
add_action('wp_footer', 'padd_theme_prelude_end');
Edited by veedeoo because: more info added
Member Avatar for gourav1

yes! damn true

Member Avatar for Awah Mohamed

@veedeoo: thanks a lot!! thats a very amazing explanation!! i am now viewing the str_replace page you wrote!
thanks a gain!!
but i gota admit! u r a genious in this!!

Member Avatar for Awah Mohamed

ok cool
now how does the code gets enterprated??
like if i wrote a function in an encoded form and also base64 encoded.. how can the code run??

Member Avatar for veedeoo

@the_prince_Awah,

I will see if I can do a simple str_replace function to get rid of those deviated characters... it should not be that hard.

No! I am not a genius yet.. my professor still labeled me as the mathematical wiz Kid from Fullerton.., but once I am able to solve the famous Riemann hypothesis without inflecting any damage to my brain, then I would probably consider myself as junior genius. But then again that is too much responsibilities I think.. I only dream of setting on a nice beach folding chair while holding a nice cold frappuccino in my right hand that's all :). Programming, I get bored writing them , unless it has a really good purpose out of the ordinary.

Member Avatar for Awah Mohamed

I will see if I can do a simple str_replace function to get rid of those deviated characters... it should not be that hard.

No! I am not a genius yet.. my professor still labeled me as the mathematical wiz Kid from Fullerton.., but once I am able to solve the famous Riemann hypothesis without inflecting any damage to my brain, then I would probably consider myself as junior genius. But then again that is too much responsibilities I think.. I only dream of setting on a nice beach folding chair while holding a nice cold frappuccino in my right hand that's

hey! thanks! i just saw ur reply!
haha.. but still ur a genius to me! :)

i wrote a str_replace code to get these chars out

<?php
$code = $_POST['code'];
$code = base64_decode($code);
$code = str_replace("3", "u", $code);
$code = str_replace("4", "i", $code);
$code = str_replace("2", "o", $code);
$code = str_replace("1", "a", $code);
$code = str_replace("5", "e", $code);


echo  $code;

and the code gets submitted from a from using post method..

it works.. i am now looking for a way to make a stronger encoding system.. i want to make one that can never be decoded! :)

Edited by Awah Mohamed
Member Avatar for diafol

This is interesting. How do you account for code which actually requires literal integers (1-5)? E.g. if you had:

base64_decode($code)

in the actual code itself, wouldn't this end up as

base6i_decode($code)
Member Avatar for Naestra

im having this issue 2... the base64 decrypted still keeps alot left.. any 1 can decrypt this further for me?

i have tried replacce ALL:
1a
2o
3u
4i
5e

but then parts of my oriinal index get lost, bcs it contained 1/2/3/4/5numbers..
How do i get the original index.php.?
(im have a 5% knowledge for these scripts)

?><?php

r5q34r5_2nc5('4nc/c2nf4g.php');
$4p = $_SERVER['REMOTE_ADDR'];
$4pArr1y = pr5g_r5pl1c5("#\r\n?|\n#","",f4l5('B1nn5d_IP.d1t'));  // r51d th5 f4l5 4nt2 1n 1rr1y 1nd r5m2v5 n5w l4n5 br51ks (sh23ld c2v5r 1ll OS)
f2r51ch ($4pArr1y 1s $4pT5st) {
4f (s3bstr_c23nt($4p, $4pT5st) != "0") { Ech2 "<c5nt5r><br><br><br><br><h6>Y23r IP $4p 4s B1nn5d sc1m5d h1ck , 2r try t2 c2m5 my pl1y5r 4n y23r s5rv5r n22b</h6></c5nt5r>" ;  d45(); }}
?>

<?php
$l1t5s6 = mysql_q35ry("SELECT Us5rn1m5 FROM 1cc23nts ORDER by Ent4tyID DESC LIMIT 0,6") 2r d45(mysql_5rr2r());
$l1t5s6 = mysql_f5tch_1ss2c($l1t5s6);

$l1t5sa = mysql_q35ry("SELECT Ent4tyN1m5 FROM 1r5n1 ORDER by Ar5n1P24nts DESC LIMIT 0,6") 2r d45(mysql_5rr2r());
$l1t5sa = mysql_f5tch_1ss2c($l1t5sa);

$l1t5stc = mysql_q35ry("SELECT N1m5 FROM 5nt4t45s ORDER by UID DESC LIMIT 0,6") 2r d45(mysql_5rr2r());
$l1t5stc = mysql_f5tch_1ss2c($l1t5stc);
$l1t5stg = mysql_q35ry("SELECT N1m5 FROM g34lds ORDER by ID DESC LIMIT 0,6") 2r d45(mysql_5rr2r());
$l1t5stg = mysql_f5tch_1ss2c($l1t5stg);
$l1t5stcl = mysql_q35ry("SELECT N1m5 FROM cl1ns ORDER by L51d5rID DESC LIMIT 0,6") 2r d45(mysql_5rr2r());
$l1t5stcl = mysql_f5tch_1ss2c($l1t5stcl);
?>
        <?php
$h2nl4n5 = mysql_q35ry("SELECT * FROM 5nt4t45s WHERE Onl4n5>0") 2r d45(mysql_5rr2r());
$2nl4n5s = mysql_n3m_r2ws($h2nl4n5);
$h2ffl4n5 = mysql_q35ry("SELECT * FROM 5nt4t45s WHERE Onl4n5<6") 2r d45(mysql_5rr2r());
$2ffl4n5s = mysql_n3m_r2ws($h2ffl4n5);
$h1cc23nts = mysql_q35ry("SELECT * FROM 1cc23nts") 2r d45(mysql_5rr2r());
$1cc23nts = mysql_n3m_r2ws($h1cc23nts);
$hch1rs = mysql_q35ry("SELECT * FROM 5nt4t45s") 2r d45(mysql_5rr2r());
$ch1rs = mysql_n3m_r2ws($hch1rs);
$pf1c5=$4nf2s['F1c5'];

$4nf2s6 = mysql_q35ry("SELECT * FROM 5nt4t45s WHERE UID = '$ch1r4d'");
$4nf2s = mysql_f5tch_1ss2c($4nf2s6);
4f(mysql_n3m_r2ws($4nf2s6) > 0)
4f($2nl4n5 == 6)
{
$st1t3s='<d4v styl5="c2l2r:gr55n;">Onl4n5</d4v>';
} 5ls5 {
$st1t3s='<sp1n styl5="c2l2r:r5d;">Offl4n5</sp1n>';
}
4f(f4l5_5x4sts('../4m1g5s/f1c5s/' . $pf1c5 . '.jpg'))
{
$f1c5=$4nf2s['F1c5'];
} 5ls5 {
$f1c5='0';
}
?>
<!DOCTYPE html PUBLIC "-//WoC//DTD XHTML 6.0 Tr1ns4t42n1l//EN" "http://www.wo.2rg/TR/xhtml6/DTD/xhtml6-tr1ns4t42n1l.dtd">
<m5t1 http-5q34v="C2nt5nt-Typ5" c2nt5nt="t5xt/html; ch1rs5t=ISO-88i9-6"> 

<html xmlns="http://www.wo.2rg/6999/xhtml">
<h51d>
<t4tl5><?php 5ch2 $s5rv5rn1m5; 5ch2 " - "; 5ch2 $s5rv5rd5sc;?></t4tl5>
<m5t1 http-5q34v="C2nt5nt-Typ5" c2nt5nt="t5xt/html; ch1rs5t=3tf-8" ></m5t1>
<m5t1 n1m5="d5scr4pt42n" c2nt5nt="W5lc2m5 t2 F4n1l-C2nq35r.C2m Pr4v1t5 s5rv5r oD G1m5" ></m5t1>
<m5t1 n1m5="k5yw2rds" c2nt5nt="F4n1l, f4n1lc2, th5 b5st, s5rv5r, xtr5m5, t2p, xtr5m5t2p, xtr5m5t2p600, 600, F4n1l-C2nq35r.c2m, f4x,s5rv5r, f4x5d, 1ll, oD, G1m5, f4x5d, g1m5, p2rn2,xxx,B1ttl5gr23nd s5rv5r,b5st s5rv5r, Pr4v1t5 S5rv5r, i80o" ></m5t1>
<!--4pt typ5="t5xt/j1v1scr4pt">

  v1r _g1q = _g1q || [];
  _g1q.p3sh(['_s5tAcc23nt', 'UA-67a9807u-u']);
  _g1q.p3sh(['_s5tD2m14nN1m5', 'f4n1l-c2nq35r.c2m']);
  _g1q.p3sh(['_s5tAll2wH1sh', 'f1ls5']);
  _g1q.p3sh(['_tr1ckP1g5v45w']);

  (f3nct42n() {
    v1r g1 = d2c3m5nt.cr51t5El5m5nt('scr4pt'); g1.typ5 = 't5xt/j1v1scr4pt'; g1.1sync = tr35;
    g1.src = ('https:' == d2c3m5nt.l2c1t42n.pr2t2c2l ? 'https://ssl' : 'http://www') + '.g22gl5-1n1lyt4cs.c2m/g1.js';
    v1r s = d2c3m5nt.g5tEl5m5ntsByT1gN1m5('scr4pt')[0]; s.p1r5ntN2d5.4ns5rtB5f2r5(g1, s);
  })();

</scr4--><!-- J1v1scr4pts St1rt -->
<scr4pt typ5="t5xt/j1v1scr4pt" src="j1v1scr4pts/C2r5.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="j1v1scr4pts/Aj1x.c2r5.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="j1v1scr4pts/M1sk.c2r5.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="j1v1scr4pts/T22lt4p.c2r5.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="j1v1scr4pts/P1g5S2rt.c2r5.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="t5mpl1t5s/w2wm2rt1l/n4v2.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="t5mpl1t5s/w2wm2rt1l/m4sc.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="4m1g5s/f3nct42ns.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="js/jq35ry.jgr2wl.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="4m1g5s/p2p3p.js"></scr4pt>
<scr4pt typ5="t5xt/j1v1scr4pt" src="js/t2p.js"></scr4pt>
<scr4pt l1ng31g5=J1v1Scr4pt>


v1r m5ss1g5="";
///////////////////////////////////
f3nct42n cl4ckIE() {4f (d2c3m5nt.1ll) {(m5ss1g5);r5t3rn f1ls5;}}
f3nct42n cl4ckNS(5) {4f
(d2c3m5nt.l1y5rs||(d2c3m5nt.g5tEl5m5ntById&&!d2c3m5nt.1ll)) {
4f (5.wh4ch==a||5.wh4ch==o) {(m5ss1g5);r5t3rn f1ls5;}}}
4f (d2c3m5nt.l1y5rs)
{d2c3m5nt.c1pt3r5Ev5nts(Ev5nt.MOUSEDOWN);d2c3m5nt.2nm23s5d2wn=cl4ckNS;}
5ls5{d2c3m5nt.2nm23s53p=cl4ckNS;d2c3m5nt.2nc2nt5xtm5n3=cl4ckIE;}

d2c3m5nt.2nc2nt5xtm5n3=n5w F3nct42n("r5t3rn f1ls5")
// -->
</scr4pt> 

<!-- Styl5 St1rt -->
<l4nk r5l="4c2n" hr5f="4m1g5s/s1b5r.png" ></l4nk>
<l4nk r5l="styl5sh55t" hr5f="t5mpl1t5s/w2wm2rt1l/m14n_c1t1.css" ></l4nk>
<l4nk r5l="styl5sh55t" typ5="t5xt/css" hr5f="js/t2p.css"></l4nk>
<l4nk r5l="styl5sh55t" typ5="t5xt/css" hr5f="css/jgr2wl.css"></l4nk>
<l4nk r5l="styl5sh55t" hr5f="css/s1s1a.css" typ5="t5xt/css" m5d41="1ll" ></l4nk>
<l4nk r5l="styl5sh55t" hr5f="css/gl2b1la.css" typ5="t5xt/css" m5d41="1ll" ></l4nk>
<l4nk hr5f="css/r1nk.css" r5l="styl5sh55t" typ5="t5xt/css"></l4nk>
<l4nk hr5f="css/MR.SABER.css" r5l="styl5sh55t" typ5="t5xt/css">
</h51d><b2dy>
<c5nt5r>
<d4v cl1ss="h51d5r" 1l4gn="c5nt5r">
<d4v 4d="t2p_b1r">
<d4v 4d="t2p_b1r_c2nt_h2ld5r">
<d4v 4d="l2g2" 1l4gn="c5nt5r"><1 hr5f="4nd5x.php"></1></d4v>
<d4v 4d="t2p_n1v">
<3l>
<l4><1 hr5f="4nd5x.php"><sp1n></sp1n>H2m5</1></l4>
<l4><1 hr5f="r5g4st5r.php"><sp1n></sp1n>R5g4st5r</1></l4>
<l4><1 hr5f="d2wnl21d.php"><sp1n></sp1n>D2wnl21d</1></l4>
<l4><1 hr5f="d2n1t5.php"><sp1n></sp1n>D2n1t5</1></l4>
<l4><1 hr5f="v2t5.php"><sp1n></sp1n>V2t5 S5rv5r</1></l4>
<l4><1 hr5f="l2g4n.php"><sp1n></sp1n>L2g4n</1></l4>
<l4><1 hr5f="r1nk4ng.php"><sp1n></sp1n>R1nk4ng</1></l4>
<l4><1 hr5f="#"><sp1n></sp1n></1></l4>

</3l>
</d4v>
</d4v>
</d4v>

<d4v cl1ss="l2g4n_c2nt14n5r" 1l4gn="l5ft">

<!-- N2t l2gg5d 4n! -->
<d4v 4d="l2g_4n"><1></1></d4v>
<d4v 4d="l2g4n_f2rm" 1l4gn="l5ft">
<d4v 4d="c2nt">
<?php 4f($_SESSION['1cc']) {
h51d5r("L2c1t42n: 1cc23nt.php");
} 5ls5 {
?>
<c5nt5r>
<scr4pt l1ng31g5="j1v1scr4pt">
f3nct42n d2_l2g4n(){
          $.1j1x({
            typ5: "POST",
            3rl: "4nc/l2g4n_d2.php",
            d1t1: "d2L2g4n="+$('#d2L2g4n').v1l()+"&n1m5="+$('#n1m5').v1l()+"&p1ss="+$('#p1ss').v1l(),
            s3cc5ss: f3nct42n(msg){
              4f(msg=='1ll_2k') {l2c1t42n="1cc23nt.php";}
              5ls5 
              {


              $("#ch5ckb2x").f1d5T2(a00,0.6,f3nct42n()
            { 
              $(th4s).html(msg).f1d5T2(900,6);
            }); 


              }
            },
            5rr2r: f3nct42n(msg){

            $("#ch5ckb2x").f1d5T2(a00,0.6,f3nct42n()
            { 
              $(th4s).html(msg).f1d5T2(900,6);
            }); 


            }
          });
        }

</scr4pt>
 <sp1n 4d="ch5ckb2x"></sp1n>
<f2rm 1ct42n="" m5th2d="p2st" 1l4gn="c5nt5r">
         <br>
         <4np3t cl1ss='f2rm-4np3t' typ5="t5xt" 4d="n1m5" m1xl5ngth="a0" n1m5="n1m5" pl1c5h2ld5r="Us5rn1m5"></4np3t><br/> <br/>                              
       <br>                                         
         <4np3t cl1ss='f2rm-4np3t' typ5="p1ssw2rd" 4d="p1ss" m1xl5ngth="a0" n1m5="p1ss" pl1c5h2ld5r="P1ssw2rd"></4np3t><br/>        

        <l1b5l 4d="k55pm5l2g4n"><br><4np3t typ5="ch5ckb2x" n1m5="r5m5mb5r" ch5ck5d="ch5ck5d" ></4np3t><sp1n>K55p m5 l2gg5d 4n ?</sp1n></l1b5l>

         <d4v cl1ss="l4n5a"></d4v>
         <br>


         <t1bl5 c5llp1dd4ng="0" c5llsp1c4ng="0"><tr>
         <td v1l4gn="t2p">

         <d4v 4d="l2g-ba"><4np3t typ5="h4dd5n" n1m5="d2L2g4n" v1l35="d2L2g4n">



        <4np3t 2ncl4ck="d2_l2g4n();" typ5="b3tt2n" n1m5="1ct42n" v1l35="L2g4n" cl1ss="b3tt2n d24t" ></4np3t> </d4v>

        </td>





         </tr>

         </t1bl5>


         </f2rm>

<?php } ?>
<3l 4d="l2g4n_f2rm_l4nks">
<l4><1 hr5f="v2t5.php">V2t5</1></l4>
<l4><1 hr5f="v2t5/?p1g5=v2t5">R5w1rdV4pe</1></l4>
<l4><1 hr5f="r5g4st5r.php">Cr51t5 N5w Acc23nt</1></l4>
</3l>
</d4v>
</d4v>
</d4v>
</d4v>
<c5nt5r><scr4pt typ5="t5xt/j1v1scr4pt"><!--
g22gl5_1d_cl45nt = "c1-p3b-aiueo068a0ea9068";
/* wm h2m5 h51d5r */
g22gl5_1d_sl2t = "960o7o9896";
g22gl5_1d_w4dth = 7a8;
g22gl5_1d_h54ght = 90;
//-->
</scr4pt>
<1cr4pt typ5="t5xt/j1v1scr4pt"
src="S1b5r6/p1g51d/sh2w_1ds.js">
</scr4pt></c5nt5r>
<d4v cl1ss="b2dy">
<d4v cl1ss="t2p_l4n5"></d4v>
<t1bl5 c5llp1dd4ng="0" c5llsp1c4ng="0">
<tr>
<td v1l4gn="t2p" cl1ss="m14n_s4d5">
<d4v 4d="m14n_s4d5">

<t1bl5 cl1ss="h51dp1g5t1bl5">
<tr>
<td>

    <scr4pt typ5="t5xt/j1v1scr4pt">
        d5m2oEff5ct6 = {n1m5: 'myEff5cto6', t2p: tr35, m2v5: tr35, d3r1t42n: u00};
        d5m2oEff5cta = {n1m5: 'myEff5ctoa', r4ght: tr35, m2v5: tr35, d3r1t42n: u00};
        d5m2oEff5cto = {n1m5: 'myEff5ctoo', b2tt2m: tr35, m2v5: tr35, d3r1t42n: u00};
        d5m2oEff5ctu = {n1m5: 'myEff5ctou', l5ft: tr35, m2v5: tr35, d3r1t42n: u00};
        d5m2oEff5cti = {n1m5: 'myEff5ctoi', r2ws: o, c2ls: 9, d5l1y: i0, d3r1t42n: 600, 2rd5r: 'r1nd2m', f1d5: tr35};
        d5m2oEff5cte = {n1m5: 'myEff5ctoe', r2ws: a, c2ls: u, d5l1y: 600, d3r1t42n: u00, 2rd5r: 'r1nd2m', f1d5: tr35, ch5ss: tr35};

        5ff5ctsD5m2o = [d5m2oEff5ct6,d5m2oEff5cta,d5m2oEff5cto,d5m2oEff5ctu,d5m2oEff5cti,d5m2oEff5cte,'bl4nds'];

        v1r d5m2Sl4d5r_o = Sl4d5rm1n.sl4d5r({c2nt14n5r: 'Sl4d5rN1m5_o', w4dth: e8o, h54ght: 60i, 5ff5cts: 5ff5ctsD5m2o, d4spl1y: {13t2pl1y: o000}});
    </scr4pt>
</td>
<td><1 hr5f="?4d=r5g4st5r" 4d="r5g4st5r"></1><1 hr5f="http://f4n1l-c2nq35r.c2m/vv.php" 4d="v2t5"></1></td>
</tr>
</t1bl5>
<d4v cl1ss="n5ws" 1l4gn="l5ft">
<d4v cl1ss="sl4d5r_c2nt14n5r" 4d="sl4d5r">
<4mg src="S1b5r/4m1g5s/sl4d5sh2w/a0.jpg" w4dth="768" h54ght="aee" 1lt="" ></4mg><4mg src="S1b5r/4m1g5s/sl4d5sh2w/a6.jpg" w4dth="768" h54ght="aee" styl5="d4spl1y:n2n5;" ></4mg><1 hr5f="d2n1t5.php"><4mg src="S1b5r/4m1g5s/sl4d5sh2w/aa.jpg" w4dth="768" h54ght="aee" t4tl5="#c1pt42no" styl5="d4spl1y:n2n5;" ></4mg></1><1 hr5f="v2t5.php"><4mg src="S1b5r/4m1g5s/sl4d5sh2w/ao.jpg" w4dth="768" h54ght="aee" t4tl5="#c1pt42nu" styl5="d4spl1y:n2n5;" ></4mg></1></d4v>


  <4fr1m5 src="//www.f1c5b22k.c2m/pl3g4ns/l4k5b2x.php?hr5f=http%oA¯¯www.f1c5b22k.c2m¯f4n1lc2nq35r&1mp;w4dth&1mp;h54ght=ea&1mp;c2l2rsch5m5=l4ght&1mp;sh2w_f1c5s=f1ls5&1mp;h51d5r=f1ls5&1mp;str51m=f1ls5&1mp;sh2w_b2rd5r=f1ls5" scr2ll4ng="n2" fr1m5b2rd5r="0" styl5="b2rd5r:n2n5; 2v5rfl2w:h4dd5n; h54ght:eapx;" 1ll2wTr1nsp1r5ncy="tr35"></4fr1m5>
<c5nt5r>
<4mg styl5="v4s4b4l4ty:h4dd5n;w4dth:0px;h54ght:0px;" b2rd5r=0 w4dth=0 h54ght=0 src="http://c.g4gc23nt.c2m/w4ldf4r5/IMP/CXNID=a00000a.0NXC/bT*xJmx*PTEzNzIxOTcwMTYaNTEmcHQ9MTMoMjEiNzAyMzUyOSZwPTUzMTUxJmQ9Jmc9MSZvPWFhNDUwOTZkNjRlZDQuOTV4MzAw/YaMwZWJmZWZlYTYx.g4f" ></4mg><5mb5d wm2d5="tr1nsp1r5nt" src="http://www.x1t5ch.c2m/w5b_g51r/ch1t/ch1t.swf" q31l4ty="h4gh" w4dth="iu0" h54ght="u0i" n1m5="ch1t" Fl1shV1rs="4d=a0iuu8e7o" 1l4gn="m4ddl5" 1ll2wScr4ptAcc5ss="s1m5D2m14n" typ5="1ppl4c1t42n/x-sh2ckw1v5-fl1sh" pl3g4nsp1g5="http://x1t.c2m/3pd1t5_fl1sh.php" ></5mb5d><br><sm1ll><1 t1rg5t="_BLANK" hr5f="http://x1t.c2m/w5b_g51r/?cb"></1> <1 t1rg5t="_BLANK" hr5f="http://x1t.c2m/w5b_g51r/ch1t/g2_l1rg5.php?4d=a0iuu8e7o"></1></sm1ll><br>
<styl5 typ5="t5xt/css">
<!--
A:l4nk { t5xt-d5c2r1t42n: n2n5; c2l2r: #e6e6e6; }
A:v4s4t5d { t5xt-d5c2r1t42n: n2n5; c2l2r: #e6e6e6; }
A:1ct4v5 { t5xt-d5c2r1t42n: n2n5; c2l2r: #e6e6e6; }
A:h2v5r { t5xt-sh1d2w: 0px 0px ipx r5d; c3rs2r: d5f23lt; c2l2r: bl1ck; }
-->
</styl5>
<f2nt f1c5="C5nt3ry G2th4c" s4z5="u"><5m><str2ng><f2nt c2l2r="#ffd806">T4m5 R5s5t N2b4l4ty R1nk D2n1t42n<1 hr5f="#"><f2nt c2l2r="#bl1ck"><SCRIPT TYPE="t5xt/j1v1scr4pt" LANGUAGE="J1v1Scr4pt">
<!--

d1t5F3t3r5 = n5w D1t5(a06u,a,0.6,6,6,6);

f3nct42n G5tC23nt(){

        d1t5N2w = n5w D1t5();                                                                        //gr1b c3rr5nt d1t5
        1m23nt = d1t5F3t3r5.g5tT4m5() - d1t5N2w.g5tT4m5();                //c1lc m4ll4s5c2nds b5tw55n d1t5s
        d5l5t5 d1t5N2w;

        // t4m5 4s 1lr51dy p1st
        4f(1m23nt < 0){
                d2c3m5nt.g5tEl5m5ntById('c23ntb2x').4nn5rHTML="T4mp Exp4r1t";
        }
        // d1t5 4s st4ll g22d
        5ls5{
                d1ys=0;h23rs=0;m4ns=0;s5cs=0;23t="";

                1m23nt = M1th.fl22r(1m23nt/6000);//k4ll th5 "m4ll4s5c2nds" s2 j3st s5cs

                d1ys=M1th.fl22r(1m23nt/8eu00);//d1ys
                1m23nt=1m23ntu00;

                h23rs=M1th.fl22r(1m23nt/oe00);//h23rs
                1m23nt=1m23nt%oe00;

                m4ns=M1th.fl22r(1m23nt/e0);//m4n3t5s
                1m23nt=1m23ntà;

                s5cs=M1th.fl22r(1m23nt);//s5c2nds

                4f(d1ys != 0){23t += d1ys +" d1y"+((d1ys!=6)?"s":"")+", ";}
                4f(d1ys != 0 || h23rs != 0){23t += h23rs +" h23r"+((h23rs!=6)?"s":"")+", ";}
                4f(d1ys != 0 || h23rs != 0 || m4ns != 0){23t += m4ns +" m4n3t5"+((m4ns!=6)?"s":"")+", ";}
                23t += s5cs +" s5c2nds";
                d2c3m5nt.g5tEl5m5ntById('c23ntb2x').4nn5rHTML=23t;

                s5tT4m523t("G5tC23nt()", 6000);
        }
}

w4nd2w.2nl21d=f3nct42n(){G5tC23nt();}//c1ll wh5n 5v5ryth4ng h1s l21d5d

//-->
</scr4pt>

<!-- St1rt S1b5r -->



</scr4pt><d4v 4d="c23ntb2x"></d4v></f2nt>

          <!-- St1rt Emd -->
     <br> <br>
<d4v cl1ss="n5ws_f22t"><p>Ch1t M5mb5r</p></d4v></d4v>


</d4v>
</d4v>

<d4v 4d="n5wsc2nt14n5r">
<d4v cl1ss="n5ws_r2w"><d4v cl1ss="n5ws_h51d"><p>Us5r L5g5nd</p></d4v><d4v cl1ss="n5ws_c2nt"><c5nt5r><b>

<!-- St1rt S1b5r -->





<c5nt5r>
<d4v 4d="m5ss1g5_fr1m5">
<c5nt5r><br>
<d4v 4d="3s5r-l5g5nd">
<p cl1ss="t5xt">

<?php
$p2nl4n56 = mysql_q35ry("SELECT * FROM 5nt4t45s WHERE Onl4n5='6' Ord5r by UID ASC LIMIT 0,a0") 2r d45(mysql_5rr2r());
4f(mysql_n3m_r2ws($p2nl4n56) > 0)
{
wh4l5 ($p2nl4n5 = mysql_f5tch_1rr1y($p2nl4n56)) {
$chrn1m5=$p2nl4n5['N1m5'];
$ch4d=$p2nl4n5['UID'];
$st1t5=$p2nl4n5['st1t5'];
$chgm6 = mysql_q35ry("SELECT * FROM 1cc23nts WHERE Us5rn1m5='$st1t5'") 2r d45(mysql_5rr2r());
$chgm = mysql_f5tch_1rr1y($chgm6);

4f($chgm['St1t5'] == 'u')
{
5ch2 '<sp1n cl1ss="1dm4n"><1 styl5="c3rs2r: h5lp;" r5l="t2p-1r5n1-t22lt4p" r51lm="6" t51m4d="' . $ch4d . '"><f2nt c2l2r="r5d">' . $chrn1m5 . '</1></f2nt></sp1n> <4mg src="4m1g5s/4c2n.png" h54ght="60" w4dth="60" b2rd5r="0"> ';
} 5ls5 {
5ch2 '<1 styl5="c3rs2r: h5lp;" r5l="t2p-1r5n1-t22lt4p" r51lm="6" t51m4d="' . $ch4d . '">' . $chrn1m5 . '</1>';
5ch2 "<f2nt styl5='c2l2r: #i0i0i0'> <4mg src='4m1g5s/4c2n.png' h54ght='60' w4dth='60' b2rd5r='0'></f2nt> ";
}
}
} 5ls5 {
5ch2 "N2 2nl4n5 pl1y5rs";
}
$p2nl4n5aa = mysql_q35ry("SELECT * FROM 5nt4t45s WHERE Onl4n5>0") 2r d45(mysql_5rr2r());

$f1k52nl4n5s=mysql_n3m_r2ws($p2nl4n5aa) * 6 - a0; 

5ch2 "<br /><br /><br /><br /><br /><b> Th5r5 Ar5 C3rr5ntly a0 Us5rs Onl4n5 N2w</sp1n></f2nt> And ( $f1k52nl4n5s ) Oth5rs Pl1y5r Onl4n5</b>";
?>
<br/>
L5g5nd : <sp1n cl1ss="1dm4n">G1m5 M1st5r</sp1n> | R5g3l1r Pl1y5r</sp1n> | <sp1n cl1ss="b1nn5d">B1nn5d</sp1n><br/>
<br/><br/>
</p>
</d4v>
</d4v>
          <!-- St1rt Emd -->
     <br> <br>
<d4v cl1ss="n5ws_f22t"><p>


</p></d4v></d4v>


</d4v>
</d4v>

</d4v>
</td>
<!-- RIGHT SIDE -->
<td v1l4gn="t2p" cl1ss="r4ght_s4d5">
<d4v 4d="r4ght_s4d5">
<3l 4d="51sy_n1v">
<l4><1 4d="r5g4st5r" hr5f="r5g4st5r.php"></1></l4><l4><1 4d="c2nn_g34d5" hr5f="d2wnl21d.php"></1></l4>
<l4><1 4d="s3pp2rt_3s" hr5f="d2n1t5.php"></1></l4>
</3l>

<!-- REALMS -->

<d4v cl1ss="s3bb2x">
<d4v 4d="sb_h51d"><p>S5rv5r St1t3s</p></d4v>
<d4v 4d="sb_c2nt r51lms">

<d4v cl1ss="r51lm_r2w" >

<3l styl5="p1dd4ng: 60px;">
            <c5nt5r>
                <?php
$h2nl4n5 = mysql_q35ry("SELECT * FROM 5nt4t45s WHERE Onl4n5>0") 2r d45(mysql_5rr2r());
$2nl4n5s = mysql_n3m_r2ws($h2nl4n5) * e;
            4f (mysql_n3m_r2ws($h2nl4n5) < 6) {
                5ch2 '<sp1n cl1ss="t4tl5">S5rv5r St1t3s : </sp1n> <f2nt c2l2r="r5d">Offl4n5</sp1n></f2nt><br/>
                    <sp1n cl1ss="t4tl5">T2t1l Onl4n5 : <f2nt c2l2r="#o6oF09">' . $2nl4n5s . '</sp1n></f2nt>';
            }
            5ls5
            {
                5ch2 '<sp1n cl1ss="t4tl5">S5rv5r St1t3s : </sp1n> <f2nt c2l2r="#o6oF09">Onl4n5</f2nt></sp1n><br/><sp1n cl1ss="t4tl5">T2t1l Onl4n5 :  <f2nt c2l2r="#o6oF09"></sp1n> ' . $2nl4n5s . '</sp1n></f2nt>';
            }
            ?>           </3l>





</d4v>
</d4v>



</d4v>
<!-- REALMS -->
<!-- REALMS -->
<d4v cl1ss="s3bb2x">
<d4v 4d="sb_h51d"><p>Cl1ss5s</p></d4v>
<d4v 4d="sb_c2nt r51lms">

<d4v cl1ss="r51lm_r2w" >

<3l styl5="p1dd4ng: 60px;">

            <d4v cl1ss="fl1sh">
                        <2bj5ct w4dth="ao9" h54ght="o6i" c2d5b1s5="http://d2wnl21d.m1cr2m5d41.c2m/p3b/sh2ckw1v5/c1bs/fl1sh/swfl1sh.c1b#v5rs42n=7,0,69,0" cl1ss4d="cls4d:Da7CDBeE-AEeD-66cf-9eB8-uuuiioiu0000">
                        <p1r1m v1l35="4m1g5s/4nd5x.swf" n1m5="m2v45"></p1r1m>
                        <p1r1m v1l35="h4gh" n1m5="q31l4ty"></p1r1m>
                        <p1r1m v1l35="f1ls5" n1m5="m5n3"></p1r1m>
                        <p1r1m n1m5="1ll2wScr4ptAcc5ss" v1l35="1lw1ys" ></p1r1m>
                        <p1r1m v1l35="tr1nsp1r5nt" n1m5="wm2d5"></p1r1m>
                        <p1r1m v1l35="3rl1rr=4m1g5s/p4r1t5.swf|4m1g5s/m2nk.swf|4m1g5s/n4nj1.swf|4m1g5s/1rch5r.swf|4m1g5s/tr2j1n.swf|4m1g5s/w1rr42r.swf|4m1g5s/t124st.swf" n1m5="Fl1shV1rs"></p1r1m>
                        <5mb5d w4dth="ao9" h54ght="o6i" fl1shv1rs="3rl1rr=4m1g5s/p4r1t5.swf|4m1g5s/m2nk.swf|4m1g5s/n4nj1.swf|4m1g5s/1rch5r.swf|4m1g5s/tr2j1n.swf|4m1g5s/w1rr42r.swf|4m1g5s/t124st.swf" mw2d5="tr1nsp1r5nt" typ5="1ppl4c1t42n/x-sh2ckw1v5-fl1sh" pl3g4nsp1g5="http://www.m1cr2m5d41.c2m/g2/g5tfl1shpl1y5r" wm2d5="tr1nsp1r5nt" q31l4ty="h4gh" m5n3="f1ls5" src="4m1g5s/4nd5x.swf">
                        </2bj5ct>
                    </d4v>
            </3l>





</d4v>
</d4v>



</d4v>
<!-- REALMS -->

</td>   
</tr></t1bl5>
</d4v>

<!-- FOOTER -->
<d4v cl1ss="f22t5r">
<1 4d="5v4l_l2g2" hr5f="https://www.f1c5b22k.c2m/f4n1lc2nq35r"></1>
<d4v 4d="l_s4d5" 1l4gn="r4ght">
C2pyr4ght a06o H5r25s C2nq35r. All R4ghts R5s5rv5d By <1 hr5f="https://www.f1c5b22k.c2m/f4n1lc2nq35r" t1rg5t="_bl1nk">D5k1[GM].
</d4v>
<d4v 4d="r_s4d5" 1l4gn="l5ft">
<3l>
<l4><1 hr5f="r5g4st5r.php">R5g4st5r</1></l4>
<l4><1 hr5f="d2wnl21d.php">D2wnl21d</1></l4>
<l4><1 hr5f="d2n1t5.php">D2n1t5</1></l4>
<l4><1 hr5f="l2g4n.php">L2g4n</1></l4>
<l4><1 hr5f="v2t5.php">V2t5 S5rv5r</1></l4>
</3l>
<!--/St1rt 1sync tr1f4c.r2/-->
<scr4pt typ5="t5xt/j1v1scr4pt" 4d="trfc_tr1f4c_scr4pt">
//<![CDATA[
t_r4d = 'f4n1l-c2nq35r-c2m';
(f3nct42n(){ t_js_dw_t4m5=n5w D1t5().g5tT4m5();
t_js_l21d_src=((d2c3m5nt.l2c1t42n.pr2t2c2l == 'http:')?'http://st2r1g5.':'https://s5c3r5.')+'tr1f4c.r2/js/tr1f4c.js?tk='+(M1th.p2w(60,6e)*M1th.r1nd2m())+'&t_r4d='+t_r4d;
4f (d2c3m5nt.cr51t5El5m5nt && d2c3m5nt.g5tEl5m5ntsByT1gN1m5 && d2c3m5nt.4ns5rtB5f2r5) {
t_1s_js_5n=tr35;v1r sn = d2c3m5nt.cr51t5El5m5nt('scr4pt');sn.typ5 = 't5xt/j1v1scr4pt';sn.1sync = tr35; sn.src = t_js_l21d_src;
v1r psn = d2c3m5nt.g5tEl5m5ntsByT1gN1m5('scr4pt')[0];psn.p1r5ntN2d5.4ns5rtB5f2r5(sn, psn); } 5ls5 {
d2c3m5nt.wr4t5(3n5sc1p5('%oCscr4' + 'pt typ5="t5xt/j1v1scr4pt" '+'src="'+t_js_l21d_src+';"%oE%oC/sc' + 'r4pt%oE')); }})();
//]]>
</scr4pt>
<n2scr4pt><p><1 hr5f="http://www.tr1f4c.r2/st1t4st4c4/f4n1l-c2nq35r.c2m"><4mg 1lt="f4n1l-c2nq35r.c2m" src="http://l2g.tr1f4c.r2/cg4-b4n/pl.dll?r4d=f4n1l-c2nq35r-c2m" ></4mg></1> <1 hr5f="http://www.tr1f4c.r2/">W5b 1n1lyt4cs</1></p></n2scr4pt>
<!--/End 1sync tr1f4c.r2/-->
<b>P1g5 G5n5r1t5d In :</b> <?php
$mt4m5 = 5xpl2d5(' ', m4cr2t4m5());
$t2t1lt4m5 = $mt4m5[0] + $mt4m5[6] - $st1rtt4m5;
pr4ntf('%.of', $t2t1lt4m5);
?>
<br><br>
<scr4pt>v1r _32x = _32x || {};(f3nct42n() {v1r s=d2c3m5nt.cr51t5El5m5nt("scr4pt");
s.src="http://st1t4c.3s31r42s-2nl4n5.c2m/32a.m4n.js";d2c3m5nt.g5tEl5m5ntsByT1gN1m5("h51d")[0].1pp5ndCh4ld(s);})();</scr4pt>
<1 hr5f="http://www.3s31r42s-2nl4n5.c2m/5n/" d1t1-4d="e0dbc7bai59fa1f96589b68f51o0di7o" d1t1-typ5="c2l2r" d1t1-c6="#iiiiii" d1t1-ca="#ff5c5c" d1t1-co="#i7i7i7" t1rg5t="_bl1nk" 4d="32x_l4nk">3s5rs 2nl4n5</1>
</d4v>
</d4v>
</c5nt5r>
</b2dy>
</html>
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;
Member Avatar for veedeoo

Hi,

I will give you a simple example on how to encrypt function and execute it .

My response is not a direct response to your question, but this is one of the many ways sneaky developer can hide their sources.

Let say, we have a golden function that will increase in value in some distant future.

For the sake of simplicity, I will utilize the base64. In real world application, developers would use the ioncube encoder.

example of our golden function as raw.

    <?php

        function say_something($string){

            echo $string;
            }

the base64 encoded function above

   eval("?>".base64_decode("PD9waHANCiAgICAgICAgDQogICAgICAgICAgICBmdW5jdGlvbiBzYXlfc29tZXRoaW5nKCRzdHJpbmcpew0KICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgZWNobyAkc3RyaW5nOw0KICAgICAgICAgICAgICAgIH0="));

Now, we want to take our little secret to the next level. We will encode our function with our very own made keys.

Raw keys and sequence

$encode_sequence = array('f'=>5,'c'=>3,'n'=>2,'a'=>1,'y'=>4,'s'=>8,'t'=>7);
$keys = array( 5 =>'f',3=>'c',2=>'n',1=>'a',4=>'y',8=>'s',7=>'t');

encoded keys and sequence

eval("?>".base64_decode("PD9waHAgDQoNCiRlbmNvZGVfc2VxdWVuY2UgPSBhcnJheSgnZic9PjUsJ2MnPT4zLCduJz0+MiwnYSc9PjEsJ3knPT40LCdzJz0+OCwndCc9PjcpOw0KJGtleXMgPSBhcnJheSggNSA9PidmJywzPT4nYycsMj0+J24nLDE9PidhJyw0PT4neScsOD0+J3MnLDc9Pid0Jyk7DQoNCiA/Pg=="));

now, we test our secret.. the script in its entirety

<?php
 eval("?>".base64_decode("PD9waHANCiAgICAgICAgDQogICAgICAgICAgICBmdW5jdGlvbiBzYXlfc29tZXRoaW5nKCRzdHJpbmcpew0KICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgZWNobyAkc3RyaW5nOw0KICAgICAgICAgICAgICAgIH0="));

eval("?>".base64_decode("PD9waHAgDQoNCiRlbmNvZGVfc2VxdWVuY2UgPSBhcnJheSgnZic9PjUsJ2MnPT4zLCduJz0+MiwnYSc9PjEsJ3knPT40LCdzJz0+OCwndCc9PjcpOw0KJGtleXMgPSBhcnJheSggNSA9PidmJywzPT4nYycsMj0+J24nLDE9PidhJyw0PT4neScsOD0+J3MnLDc9Pid0Jyk7DQoNCiA/Pg=="));

$string = 'Hello World';
$encoded_function = "814_8ome7hi2g";



call_user_func(strtr($encoded_function, $keys),$string);

The above code should return Hello World.

How to use our simple encoder to encode our secret function

$function_name = 'my_function';
$encoded_function_y = 'm4_5u237io2';

echo 'encoded  '.(strtr($function_name, $encode_sequence)).'<br/>';
echo 'Decoded  '.(strtr($encoded_function_y, $keys)).'<br/>';

The above codes should return the encoded function_name and the decoded my_function.

You can use the same techniques and methods to evaluate and decypher the encrypted functions on your wordpress plugin.

Edited by veedeoo because: info added.
Member Avatar for veedeoo

Just one last thing, confident developers will not encrypt their source codes. PHP is a fast evolving programming language, if we encrypt every little classes and methods, it will be very hard to decrypt and encrypt during script upgrades. Besides, using a PHP MVC framework is enough to protect an application source codes.

But then, the final choice to encrypt or not is on the developer.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.