Monday, June 06, 2011

How to Decrypt Encrypted eval( (str_rot13() data.

When I’m working with a wordpress template site, I wants to change the footer links of that site. But when I tries to edit it, the whole site is disappears. I checked my footer.php file. But there is nothing special in it. Then I checked the functions.php file and surprised that there are some encrypted codes!

So here I am explaining how to decrypt those codes. You need a little bit knowledge in php to do this, but I don’t think it was necessary. By the following step by step instructions you can do it easily.

1) Check footer.php file or functions.php file for eval(str_rot13 code

If there is any line which starts with “eval(str_rot13 “ then it is ROT encrypted code. We can decrypt it using any online decryption method say - Online ROT13 encoder and decoder. Just copy the code after eval(str_rot13( and go to Online ROT13 encoder and decoder and paste it. Now click ROT -13 transformation button. Hurray!!! You got the original code. Now check the functions used inside that code.

Another Way

You can do this in another way also without using any Online ROT13 encoder and decoder.

Every encrypting function in PHP will will be seen by the “eval()” function. Therefore you just have to write echo instead of “eval”. That’s it. Now execute the PHP file. Now you will see the decoded code on the page.

2) Now check the decrypted code. There may be a function like check_footer(); Simply remove that function and reload the site. That’s all.

An encrypted code is shown below

eval(str_rot13('shapgvba purpx_sbbgre(){$y=\'Jrofvgr Qrfvta ol YNAFPerngvir.va | Jrofvgr qrfvtavat ol ynafperngvir.va\';$s=qveanzr(__SVYR__).\'/sbbgre.cuc\';$sq=sbcra($s,\'e\');$p=sernq($sq,svyrfvmr($s));spybfr($sq);vs(fgecbf($p,$y)==0){rpub \'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\';qvr;}}purpx_sbbgre();'));

The decrypted code is:

function check_footer(){$l=\'Website Design by LANSCreative.in | Website designing by lanscreative.in\';$f=dirname(__FILE__).\'/footer.php\';$fd=fopen($f,\'r\');$c=fread($fd,filesize($f));fclose($fd);if(strpos($c,$l)==0){echo \'This theme is released under creative commons licence, all links in the footer should remain intact\';die;}}check_footer();

Here you can simply remove the check_footer() function. Then this function will not check for it. Remember if you try to delete all the code you decrypted, it will not resolve the problem.

9 comments:

  1. I have a template with a slightly different problem. Hope you can help.

    The page will populate hundreds of outgoing links in the source code, but they are not visible on the page. It seems to have a counter of some sort, as it does not populate the links every time.

    Hope you can help.

    ReplyDelete
  2. @Muskrat37
    Yeah.. I will help you. Can you tell me about your problem in details?

    Please copy the source code also.

    ReplyDelete
  3. Hello,
    im using WordPress 3.0.4 with custom theme. today when i try to edit footer.php from WordPress admin panel (http://www.dhakapost24.com/wp-admin/theme-editor.php?file=/themes/newswire/footer.php&theme=News&dir=theme) it shows file update successfully but my footer goes empty (nothing shows on my website footer )
    when i check via ftp (/wp-content/themes/newswire/footer.php) its shows 0 byte. when i try by uploading footer.php footer.php.BAK and footer.php.BAK.BAK those file also shows 0 byte. Please help me, how can i fix it. My css and function.php file codes mentioning below

    CSS: http://pastebin.com/G31eZdVA

    and function.php http://pastebin.com/fh8q5F2Z

    Please help me website address http://www.dhakapost24.com

    ReplyDelete
  4. @Lupael I had checked your site(http://www.dhakapost24.com/). I didn't saw any problem in your footer. It looks great. I had also checked your function.php file. There is no encrypted code in it.

    So I think the wordpress editor may crash when you tries to update the footer.php file.

    Please update your wordpress to the latest version. If you still have problem with your footer, please send me the footer.php code also.

    Thank You.

    ReplyDelete
  5. The theme runs, I decoded everything, however, it only runs with having this, eval(str_rot13('function check_footer...........

    As soon I remove eval(str_rot13 and have it like this: function check_footer.....
    it doesnt work anymore. Thanks for any idea.

    ReplyDelete
  6. @rm Can you post your encrypted code here, so that I can check it.

    ReplyDelete
  7. I found a code similar in header.php
    I resolve the problem deleting the lines "eval(str_rot13..." in header.php & footer.php
    Now, I can edit the footer with no more problems.

    ReplyDelete
  8. Hello,

    Can you help me pls..
    I did everything you said, but I could not ..

    ReplyDelete
  9. It really works. thank you from Colombia, South America

    ReplyDelete

Social Media

Share