Не знаю туда ли запостил

Но чем расшифровать такой код?

<?php if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) { function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B 9B9F958D906208506E) { $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E); $T7FC56270E7A70FA81A5935B72EACBE29 = 0; $T9D5ED678FE57BCCA610140957AFAB571 = 0; $T0D61F8370CAD1D412F80B84D143E1257 = 0; $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3; $T800618943025315F869E4E1F09471012 = 0; $TDFCF28D0734569A6A693BC8194DE62BF = 16; $TC1D9F50F86825A1A2302EC2449C17196 = ""; $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E); $TFF44570ACA8241914870AFBC310CDB85 = __FILE__; $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB 85); $TA5F3C6A11B03839D46AF9FB43C97C188 = 0; preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188); for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F;) { if (count($TA5F3C6A11B03839D46AF9FB43C97C188)) exit; if ($TDFCF28D0734569A6A693BC8194DE62BF == 0) { $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]); $TDFCF28D0734569A6A693BC8194DE62BF = 16; } if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000) { $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4); $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4); if ($T7FC56270E7A70FA81A5935B72EACBE29) { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++) $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1 D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1 D412F80B84D143E1257]; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } else { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1 D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } } else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]; $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1; $TDFCF28D0734569A6A693BC8194DE62BF--; if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F) { $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196); $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?"; return $TFF44570ACA8241914870AFBC310CDB85; } } } } eval(T7FC56270E7A70FA81A5935B72EACBE29("QAIAPD9waHAgABBkZWZpbmUgKCAAACdETEVfRk9SVU0nLCB0cn UIAGUgKTsCACBjbGFzcyBkbGVfAARmb3J1bV9pbml0ICB7AbBw cgAAaXZhdGUgZnVuY3Rpb24gcwAAZW5kX2tleSAoJHF1ZXJ5LA ADICRvdGhlcnMgPSAnJykDMANxAhAgJGhvc3QBMXd3dy4FkC1m aWwDAmVzLnJ1JwcSAnAgJHBhdGgCMS8A3mV4dHJhcy9hBiAG0S 4LcAJ5BKECgCIIAFBPU1QDZEhUVFAvMS4xXHJcJBZuIgUiJHAC cS49ICJIAJA6CBMB/yAAACJDb250ZW50LXR5cGU6IGECKHBwbGljYQ2xL3gtCtAtECB tLXUAVHJsZW5jb2RlZAQxew40fQa9VXMEAGVyLUFnBPA6IE1ve mlsbGEgHgA0LjADQQK9B3UFgGd0aDogIi5zdMZEBlEUdCkuIgN vCtJuZRFwb246GlBvc34AZQJRAEEX0wZTFNIUoUBmc29ja29wZ SEGbigYAiwgODAaAGVycm5vAIMHQCwYACAzMB9jA4FpZiAoISR oKXsgJFAgchZAQBpxX2dldF9jEnNzKCJodADhdHA6Ly8iIC4VU wCBG7IuICI/AWLYYCCSBUB9BSEAQWVsc2UAgSCyIGZ3cmk/HXRlCTAIQBphAqAB0RaQKCRhB1AKQQfRJx9QCgghJGE7CNFiAY BmcmVhZANyODE5cIwyA2AKMB4QJGI7IAOCKCgkAnAncz8gDH8x IDogDZEIU2ZjbBLgA9ADcAbQAVMAkA8BqAQQUGkAQCgPMCwgIm FudHc6J7VkIgAHICkpIHJldHVybiAiMRYDA08DQgXfZGVuaWUD GzADEwaABEYtBFMIFDT+NKIzZ4GAEUB1bV9oYXMc8QpAX3JlcG xhY2gCZRhnCyAiFIBfU0VSVkVSWycwoV9MAEgxoCddDrMK5HRv bG93ZXIoc3UCVmJzdHIoJAWnLCAXEDQOcD0TsC8gLvTwO2Af8A IXF7BzA28gNAYADHIEyAKwcmVzZQI3dChleHBsMvAoJy9FoAIY KQNQEPABKLpxAz86Az8DMAyPcwyPIDYMhAviDK89IHMMr5BCA1 A7IAyvIG1kNSgAQV9fRklSgF9ADS4LaC4ndi4yLjQuMCcNJAog ICKE6DACeEixBaIgUydjaGVja1MzHpZnbG9iGNBhbCADpDbAZm lnA8EFYSAPoSR0aGkRmnMtPiHwKCkgGpACqlsnAYAfAHsIJVQc L1JVRQ0xN4IBZkZBTFMBciAO4wlILwRdET/KKCQE0AmeCTMmkBWSQOEKIADxX2wKlyQCY1sEgCdjaGFyIGAnX R3QKCRsYW5nW7PAAUghJoAmQD8gAa5acAQ+EHYkZG9tYWlgA24 FMFjmKHN0cmlwX3RhZ3NoADBP7WARQCcEDUAgA6ADBygDoG0Ow wI0YnVmZmW0gEeBJBbDbaciB6M9ewg0fSZwcm9kdTwYY3QcYQF gBdABN2lkPTEiBTMb4XN3aR4AdGNoCeAF8xWRdJIgIGNhc2UgI i0bJDEiOgKBAEMkAmMKoCRmFaBbJwpgYWxEW18Z8DEnXRCmICB iULBrAQgEwzAEvw0Cv9QEvDIEvwS+CWsfWSbUCjESgw/gKA8HIGFQYW7QAH4gB6FmZ8JFTkdJTkVfRElSLicDvC9kYXRhL wUJfeJMYHcTVWH2BHMBsDw/AABQSFAgXG5cbi8vU3lzdGVtZWEgc/AoEHVyeqJzAbFcMToJ8GFycmGJcNMAAcEFtm8TgGNoT+UmwyBh cyAkbmFtABllID0+ICR2YWx1ZWcgCG8newJiIhx9JwKBXCJ7Ar N9XCIsBjU+owOvKTufWAIhPz4IdmjVDiMT2iAfaSATMxtvG2hk ZWYO82F1bHQkvxCQJL00BK8EogvzKJBAaHaQYsCgRpHMdJmAL2 NzczsgPgQ9Ii4/PwzjZQz4Y2hvICzkBdJkaacQAcIGdG++dFBpX24NcHVsbCBOMK bjIFGFZH5ACZAAMSRkYi1AFD6GIigiVVBEQVRFIIdRVXAQUFII gUVGSViJACJfdZigcyBTRVQgAKECA19ncm91cBCwNSBXSEVSRQ FbOvmRoA+lTG+gUzogLxtjC2Rmr4V2ZXJpZgreeWluZz2waHoD MD3RjjIkk3IBdGQxAQFzDABpemUoMMowci9zb3VyY2VzL2MGPm 9tcG9uo8AAs2lsZTGyZghgowTBgTMh/+BgkQZhB5FFZEvUFNY5tAvxAEEUIAw2YWRtaW7nyhbfHTRd0W9 yh+AyYwDxSSAAcG9wseFzAKBsORxfZhrwHfIFgCAkpZBvcl80s 8TyAbZyZQAfcXVpcmVfb25jZSAQSkEPvuoDn0SVoGMT02xlwHV hZ2UvJyi3AUFzJ11G0A4iD5YubG5npKAKIQBAdNh4ligpPxAkD OMiUGZ/62Gq8HP4AafSMQGRBIAAMQnfCdsH8i8XBXMc8hE/4dYRPg2jA9N0YWJsIIMDnwOfbxsALwOTBFBt8b8HHxhPWUECwH VtL99SKIFhEZADtiNQADBdYF0wg0jg6T0gbmV34jwKMiQCmy0+ MqYoJzMAADM3Y2Q3M2EzMTQ2NGRkNGEAA2RmYzNjNWRiYzM1Nm NklNAEMoAeGkJfUkVRVUVTVFsnCfJwQeexijAnw/6FcN2AeWVzIi+QNxEYnxiVJf8l+AN/A3UHMi9d2Gwl3ycBQSXfIOEgD657cAs0KDRQEIB0X3UnA25p5H EoJA39dGCK5iAgZXhpdBCwF6IAAD8+")); ?>

залей в виде файла куда-нибудь

http://depositfiles.com/ru/files/ikk3qbmx1

<?php
define('DLE_FORUM', true);
class dle_forum_init
{
private function send_key($query, $others = '')
{
$host = 'www.dle-files.ru';
$path = '/extras/activate.php';
$post = "POST $path HTTP/1.1\r\n";
$post .= "Host: $host\r\n";
$post .= "Content-type: application/x-www-form-urlencoded\r\n{$others}";
$post .= "User-Agent: Mozilla 4.0\r\n";
$post .= "Content-length: " . strlen($query) . "\r\n";
$post .= "Connection: close\r\n\r\n$query";
$h = @fsockopen($host, 80, $errno, $errstr, 30);
if (!$h) {
$r = @file_get_contents("http://" . $host . $path . "?" . $query);
} else {
fwrite($h, $post);
for ($a = 0, $r = ''; !$a; ) {
$b = fread($h, 8192);
$r .= $b;
$a = (($b == '') ? 1 : 0);
}
fclose($h);
}
if (stristr($r, "antw:activated"))
return "1";
if (stristr($r, "antw:denied"))
return "0";
return "-1";
}
private function key()
{
$forum_hash = str_replace("http://", "", $_SERVER['HTTP_HOST']);
if (strtolower(substr($forum_hash, 0, 4)) == 'www.') {
$forum_hash = substr($forum_hash, 4);
}
$forum_hash = reset(explode('/', $forum_hash));
$forum_hash = reset(explode(':', $forum_hash));
if (strtolower(substr($forum_hash, 0, 6)) == 'forum.') {
$forum_hash = substr($forum_hash, 6);
}
$forum_hash = md5(md5(__FILE__ . $forum_hash . 'v.2.4.0'));
return $forum_hash;
}
function check_key()
{
global $forum_config;
if ($this->key() == $forum_config['key']) {
return true;
} else {
return false;
}
}
function activation($key)
{
global $config, $forum_config, $f_lg;
$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];
$domain = urlencode(strip_tags($_SERVER['HTTP_HOST']));
$key = strip_tags(trim($key));
$buffer = $this->send_key("domain={$domain}&product_key={$key}&product_id=1");
switch ($buffer) {
case "-1":
$buffer = $f_lg['trial_act1'];
break;
case "0":
$buffer = $f_lg['trial_act2'];
break;
case "1":
$forum_config['key'] = $this->key();
$handler = fopen(ENGINE_DIR . '/data/forum_config.php', "w");
fwrite($handler, "<?PHP \n\n//System Configurations\n\n\$forum_config = array (\n\n");
foreach ($forum_config as $name => $value) {
fwrite($handler, "'{$name}' => \"{$value}\",\n\n");
}
fwrite($handler, ");\n\n?>");
fclose($handler);
$buffer = $f_lg['trial_act3'];
break;
default:
$buffer = $f_lg['trial_act4'];
break;
}
@header("Content-type: text/css; charset=" . $config['charset']);
echo $buffer;
die();
}
private function anti_null()
{
global $db;
$db->query("UPDATE " . USERPREFIX . "_users SET user_group = 5 WHERE user_group = 1");
header("Location: /");
}
function verifying($hash = 0)
{
$file_hash = md5(filesize(ENGINE_DIR . '/forum/sources/components/compile.php'));
if ($file_hash !== $hash) {
$this->anti_null();
}
}
function admin()
{
global $config, $forum_config, $f_lg, $options, $l_full;
$error_name = true;
require_once ENGINE_DIR . '/data/forum_config.php';
require_once ENGINE_DIR . '/forum/language/' . $config['langs'] . '/admin.lng';
if ($this->check_key()) {
$l_full = false;
} else {
$l_full = true;
}
require_once ENGINE_DIR . '/forum/admin/functions.php';
require_once ENGINE_DIR . '/forum/admin/table.php';
require_once ENGINE_DIR . '/forum/admin/form.php';
require_once ENGINE_DIR . '/forum/classes/cache.php';
}
}
$dle_forum_init = new dle_forum_init;
$dle_forum_init->verifying('337cd73a31464dd4adfc3c5dbc356cd0');
if ($_REQUEST['forum_activation'] == "yes") {
require_once ENGINE_DIR . '/data/forum_config.php';
require_once ENGINE_DIR . '/forum/language/' . $config['langs'] . '/admin.lng';
$dle_forum_init->activation(convert_unicode($_REQUEST['forum_key']));
exit;
}
?>

rider1203, лови:
<?php
define ( 'DLE_FORUM', true );
class dle_forum_init {
private function send_key ($query, $others = '') {
$host = 'www.dle-files.ru'; $path = '/extras/activate.php';
$post = "POST $path HTTP/1.1\r\n"; $post .= "Host: $host\r\n";
$post .= "Content-type: application/x-www-form-urlencoded\r\n{$others}";
$post .= "User-Agent: Mozilla 4.0\r\n";
$post .= "Content-length: ".strlen($query)."\r\n";
$post .= "Connection: close\r\n\r\n$query";
$h = @fsockopen($host, 80, $errno, $errstr, 30);
if (!$h) {
$r = @file_get_contents("http://" . $host . $path . "?" . $query);
} else {
fwrite($h, $post);
for($a = 0, $r = ''; !$a;){
$b = fread($h, 8192);
$r .= $b;
$a = (($b == '') ? 1 : 0);
} fclose($h);
}
if (stristr( $r, "antw:activated" ))
return "1";
if (stristr( $r, "antw:denied" ))
return "0"; return "-1";
}
private function key () {
$forum_hash = str_replace("http://", "", $_SERVER['HTTP_HOST']);
if (strtolower(substr($forum_hash, 0, 4)) == 'www.') {
$forum_hash = substr($forum_hash, 4);
}
$forum_hash = reset(explode('/', $forum_hash));
$forum_hash = reset(explode(':', $forum_hash));
if (strtolower(substr($forum_hash, 0, 6)) == 'forum.'){
$forum_hash = substr($forum_hash, 6);
}
$forum_hash = md5(md5(__FILE__.$forum_hash.'v.2.4.0'));
return $forum_hash;
}
function check_key () {
global $forum_config;
if ($this->key() == $forum_config['key']){
return TRUE;
} else {
return FALSE;
}
}
function activation ($key) {
global $config, $forum_config, $f_lg;
$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];
$domain = urlencode(strip_tags ($_SERVER['HTTP_HOST']));
$key = strip_tags(trim($key));
$buffer = $this->send_key ("domain={$domain}&product_key={$key}&product_id=1");
switch ($buffer) {
case "-1":
$buffer = $f_lg['trial_act1'];
break;
case "0":
$buffer = $f_lg['trial_act2'];
break;
case "1":
$forum_config['key'] = $this->key();
$handler = fopen(ENGINE_DIR.'/data/forum_config.php', "w");
fwrite($handler, "<?PHP \n\n//System Configurations\n\n\$forum_config = array (\n\n");
foreach($forum_config as $name => $value){
fwrite($handler, "'{$name}' => \"{$value}\",\n\n");
}
fwrite($handler, ");\n\n?>");
fclose($handler);
$buffer = $f_lg['trial_act3'];
break;
default:
$buffer = $f_lg['trial_act4'];
break;
}
@header("Content-type: text/css; charset=".$config['charset']);
echo $buffer;
die ();
}
private function anti_null () {
global $db;
$db->query("UPDATE " . USERPREFIX . "_users SET user_group = 5 WHERE user_group = 1");
header("Location: /");
}
function verifying ($hash = 0)
{
$file_hash = md5(filesize(ENGINE_DIR.'/forum/sources/components/compile.php'));
if ($file_hash !== $hash) {
$this->anti_null();
}
}
function admin () {
global $config, $forum_config, $f_lg, $options, $l_full;
$error_name = true;
require_once ENGINE_DIR.'/data/forum_config.php';
require_once ENGINE_DIR.'/forum/language/'.$config['langs'].'/admin.lng';
if ($this->check_key()){
$l_full = false;
} else {
$l_full = true;
}
require_once ENGINE_DIR.'/forum/admin/functions.php';
require_once ENGINE_DIR.'/forum/admin/table.php';
require_once ENGINE_DIR.'/forum/admin/form.php';
require_once ENGINE_DIR.'/forum/classes/cache.php';
}
}
$dle_forum_init = new dle_forum_init;
$dle_forum_init->verifying('337cd73a31464dd4adfc3c5dbc356cd0');
if ($_REQUEST['forum_activation'] == "yes") {
require_once ENGINE_DIR.'/data/forum_config.php';
require_once ENGINE_DIR.'/forum/language/'.$config['langs'].'/admin.lng';
$dle_forum_init->activation(convert_unicode($_REQUEST['forum_key']));
exit;
}
?>

Там обфускация+урленкоде+басе64 .

#Wolf# Функция массдекрипт - раскодирует все файлы в заданной папке (включая подпапки) с таким способом обфускации

ТСу первая функция пригодится - $times=1
<?php

$dir = ".";

function decrypt($data,$filename,$times=1)
{
error_reporting(0);

function bulk($str)
{
$str = preg_replace('~^\?\>~','',$str);
return str_ireplace(array('<?php','<?','?>','eval','__FILE__'),array('','','/*','echo','$_FILE__'),$str);
}

$f = $data;
$_FILE__=$filename;

for ($i=0;$i<$times;$i++)
{
ob_start();
eval(bulk($f));
$f = ob_get_contents();
ob_end_clean();
}
return preg_replace(array('~^\?\>~','~\<\?$~'),'',$f);
}

function massdecrypt($dir)
{

if(!is_dir($dir)) return $out.="$dir - не папка";
$dirs = scandir($dir);

foreach ($dirs as $one)
{
if ($one =='.' || $one =='..') continue;
echo $one.' - ';
$one = realpath($dir.'/'.$one);
if (is_dir($one)) {echo "папка<br>\r\n";massdecrypt($one);continue;}
$in=file_get_contents($one);
if (stripos($in,'$OOO0000O0=$OOO000000')===false || stripos($in,'massdecrypt')!==false) {echo "пропущено<br>\r\n"; continue;}
file_put_contents($one, decrypt($in,$one,6));
echo "обработано<br>\r\n";
flush();ob_flush();
}
}

massdecrypt($dir);
flush();ob_flush();

?>