Wednesday, October 24th 2012


Decoding $_F=__FILE__;$_X= Encoded PHP Files
posted @ 7:27 am in [ Decryption -Fixing Things -Magento -PHP -Technology -Web Design ]

Some PHP files we get from Extension developers for Magento have Bytecode encoding on them, which means if we want to change the functionality or layout of certain parts of the code, even if we’ve paid for it, we can’t.

Obviously this is rather frustrating, however it is possible to reverse engineer the files as follows to make the changes you need.

1. The three component parts

Each file has 3 main parts to it:


$_F=__FILE__;

$_X='a-string-of-text-and-numbers';

eval(base64_decode('a-string-of-text-and-numbers');

These parts are as follows:


$_F - a holder to do the ereg_replace of the obfuscater code with the unencryption keys

$_X - the encrypted PHP code

eval(base64_decode() - the decryption code for $_X

2. Getting the decryption code

To get the decryption code, we need to change the eval(base64_decode()); code to be an echo instead.

In our case above this would be:

echo(base64_decode(‘a-string-of-text-and-numbers’);

and this gives us the decryption code for the main $_X values;


$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;

If we break this apart into it’s core lines we have:


//decode our main string with base64_decode
$_X=base64_decode($_X);

//replace obfuscater characters in the result with the correct ones
$_X=strtr($_X,'123456aouie','aouie123456');

//replace the contents of $_R with our unencrypted file/PHP code
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);

//run the contents of the unencrypted file/PHP code
eval($_R);

//clear the contents of $_R so you can't access it
$_R=0;

//clear the contents of $_X so you can't access it
$_X=0;

3. Decrypting the encoded code

So now we just need to run the decryption code as far as it replacing the contents of $_R with the un-encrypted result, and echo that out to the screen.

Here’s the code:


//decode our main string with base64_decode
$_X=base64_decode($_X);

//replace obfuscater characters in the result with the correct ones
$_X=strtr($_X,'123456aouie','aouie123456');

//replace the contents of $_R with our unencrypted file/PHP code
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);

//print the contents of the unencrypted file/PHP code
echo($_R);

4. Final code

So we end up with:



And we can now make the changes we need