How to decode this PHP code?

Question

I want to decode this code. I have no idea what it is, except that it is some kind of code. Can someone help me please?

    <?php    if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29"))  
{
   function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E)   
    {   
        $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E);
        $T7FC56270E7A70FA81A5935B72EACBE29 = 0;
        $T9D5ED678FE57BCCA610140957AFAB571 = 0;
        $T0D61F8370CAD1D412F80B84D143E1257 = 0;
        $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]);
        $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3;
        $T800618943025315F869E4E1F09471012 = 0;
        $TDFCF28D0734569A6A693BC8194DE62BF = 16;
        $TC1D9F50F86825A1A2302EC2449C17196 = "";
        $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E);
        $TFF44570ACA8241914870AFBC310CDB85 = __FILE__;
        $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB85);
        $TA5F3C6A11B03839D46AF9FB43C97C188 = 0;
        preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188);
        for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F;)
        {
            if (count($TA5F3C6A11B03839D46AF9FB43C97C188))
                exit;
            if ($TDFCF28D0734569A6A693BC8194DE62BF == 0)
            {
                $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8);
                $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]);
                $TDFCF28D0734569A6A693BC8194DE62BF = 16;
            }
            if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000)
            {
                $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4);
                $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4);
                if ($T7FC56270E7A70FA81A5935B72EACBE29)
                {
                    $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3;
                    for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++)
                        $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1D412F80B84D143E1257];
                        $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571;
                    }
                else{
                    $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8);
                    $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16;
                    for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571;$TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]);       $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571;      }     }     else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++];     $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1;     $TDFCF28D0734569A6A693BC8194DE62BF--;     if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F)     {      $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196);      $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?";      return $TFF44570ACA8241914870AFBC310CDB85;     }    }   }  }  eval(T7FC56270E7A70FA81A5935B72EACBE29("QAAAPGRpdiBzdHlsZT0iY2xlYQAQcjpib3RoOyI+PC8BoD4NCg1ABQoCMmlkPSJmb290ZXIiAVIJAWIACGNsYXNzPSJiaW5mbwMwYSBoAAByZWY9Ijw/cGhwIGVjaG8gAABnZXRfb3B0aW9uKCdob21lAAwnKTsgPz4vIiB0aXQHQQKzYmwhuG9nBEEoJ25hAkUGgSAAGAKvAqU8L2EAAD4gQWxsIHJpZ2h0cyByZXMEAGVydmVkDDUJRGVzaWduZWQgCABieSA8ClVodHRwOi8vd3d3LgAAd2ViaG9zdGluZ3JhbGx5LgBAY29tL1dlYi1IAVMvQnVzaW4IBWVzcy0BWC5odG1sIiA+AcUgAcBgwCADFAkRLiBDb2QHPwcxbW1vaHV0wAIGYQQARnJlZSBNTU9SUEdzA4EgYAp8Cj8KMGNvbnZleWFuYwpQLhSRcwAKb25zYWxlLmNvLnVrBIBDAhggAGBTb2xpY2l0b3IFPw9ncGhvdG8YkGFkcwQ3HOFpZmkLYEFkA6IuIFBvHCB3ZXIBEBOvE6NvcmRwFwBzLm9yZwtwLyI+VwEAUAEBDLEuI+IkhyFiZG9fYUcEYyEDd3BfJTMhUwLsL2JvZHkmwDwvgAAWoT4="));  ?>

Answer 1

It's a footer that belongs to the free WordPress template you downloaded. If you want one without a footer, you have three options:

Find one
Make one
Buy one

(I always find footers like this really cute because they're so easy to get rid of - but it would seem there at least one person who hasn't figured how to do that yet. And the thing even tried to prevent me from decoding it by actively looking for such an attempt!)

Answer 2

That's what it looks like when de-obfuscated. As Matti pointed out already, it's a footer, haha. All that bitshifting is done to remove non-printable characters which I have substituted with # in the argument string to the end of the code.

<?php
    if (!function_exists("fn"))  {
        function fn($arg) {
            $arg = base64_decode($arg);
            $fn = 0;

            $x = 0;
            $y = 0;
            $z = (ord($arg[1]) << 8) + ord($arg[2]);
            $i = 3;
            $j = 0;
            $k = 16;
            $str = "";
            $strlen = strlen($arg);
            $file = __FILE__;
            $file = file_get_contents($file);
            $matches = 0;

            preg_match(/(print|sprint|echo)/, $file, $matches);

            for (;$i<$strlen;) {
                // THIS LINE HERE'S HILARIOUS!!!
                // IT TRYS TO PREVENT ONE FROM ECHOING ANYTHING WITHIN THAT CODE
                if (count($matches)) exit;
                if ($k == 0) {
                    $z = (ord($arg[$i++]) << 8);
                    $z += ord($arg[$i++]);
                    $k = 16;
                }

                if ($z & 0x8000) {
                    $fn = (ord($arg[$i++]) << 4);
                    $fn += (ord($arg[$i]) >> 4);

                    if ($fn) {
                        $x = (ord($arg[$i++]) & 0x0F) + 3;

                        for ($y = 0; $y < $x; $y++)
                            $str[$j+$y] = $str[$j-$fn+$y];

                        $j += $x;
                    } else  {
                        $x = (ord($arg[$i++]) << 8);
                        $x += ord($arg[$i++]) + 16;

                        for ($y = 0; $y < $x; $str[$j+$y++] = $arg[$i]); 

                        $i++;
                        $j += $x;
                    }
                } else $str[$j++] = $arg[$i++];

                $z <<= 1;
                $k--;

                if ($i == $strlen) {
                    $file = implode("", $str);
                    $file = "?".">".$file."<"."?";

                    return $file;
                }
            }
        }
    }

    $obfusc = <<<EOT
@##<div style="clea##r:both;"></##>

@#
#2id="footer"#R #b##class="binfo#0a h##ref="<?php echo ##get_option('home##'); ?>/" tit#A##bl!#og#A('na#E## ######</a##> All rights res##erved#5    Designed ##by <
Uhttp://www.##webhostingrally.#@com/Web-H#S/Busin##ess-#X.html" >## ##`# ## #. Cod#?#1mmohut###a##Free MMORPGs## `
|
?
0conveyanc
P.##s#
onsale.co.uk##C## #`Solicitor#?#gphoto##ads#7##ifi#`Ad##. Po# wer######ordp##s.org#p/">W##P####.##$#!bdo_aG#c!#wp_%3!S##/body&#</####>
EOT;
    eval(fn($obfusc));

Answer 3

if its a wordpress footer,

Click on view source and copy footer html in this decoded php, and then just edit it

How to decode this PHP code?

Question

3 answers

solution1
8 2010-12-06 07:18:50

solution2
6 ACCPTED 2010-12-06 07:49:37

solution3
0 2010-12-06 08:20:52

How to decode this PHP code?

Question

3 answers

solution1 8 2010-12-06 07:18:50

solution2 6 ACCPTED 2010-12-06 07:49:37

solution3 0 2010-12-06 08:20:52

solution1
8 2010-12-06 07:18:50

solution2
6 ACCPTED 2010-12-06 07:49:37

solution3
0 2010-12-06 08:20:52