• First read this information.

    Seriously, READ THAT THREAD BEFORE POSTING HERE. That thread will give you details on how to decrypt these sort of things yourself. Almost everything posted here has been something that could have been easily decrypted by simply reading that post.

    We recommend that you do not use encrypted themes. Encryption is often used to insert malicious code. Decoding part of an encrypted theme does not mean that it is all clean. If you choose to use an encrypted theme, it is at your own risk.

    If your theme has been posted under a non-GPL license, it may be against the terms of the theme to attempt to decode it or to have someone else decode it for you.

    If you can’t decode your own encrypted themes using this information and still want to use one rather than pick from the thousands of themes that don’t have obfuscated code in them, post your request for decryption in here, and maybe someone will help you out.

    Note

    • Code should be place into a pastebin, not into this thread.
    • Decoding the theme does not guarantee safety from malicious code.
    • Seperate decoding threads will be closed.
    • Best practice is to avoid such websites that distribute malicious code in themes (most of them just provide ripped knockoff themes, why trust these people?)
Viewing 15 replies - 421 through 435 (of 448 total)
  • sorry and this one 2 https://pastebin.com/c3KgNc1f

    footer.php

    <?php
    
    $OO0OO000O00OO000O0O0 = true;
    if (file_exists(HESK_PATH . 'hesk_license.php'))
    {
    	$OO0OO0O0O000O000O0O0 = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
    	$OO0OO000O000O000O0O0 = str_replace('www.','',strtolower($OO0OO0O0O000O000O0O0));
    	include(HESK_PATH . 'hesk_license.php');
    
    	if (strpos($hesk_settings['license'],sha1($OO0OO000O000O000O0O0.'h3&Fp2#LaA&59!w(8.Zc]*+uR512')) !== false)
    	{
    		$OO0OO000O00OO000O0O0 = false;
    	}
        else
        {
        	echo '<p style="text-align:center;color:red;font-weight:bold;">INVALID LICENSE (NOT REGISTERED FOR '.$OO0OO000O000O000O0O0.')!</p>';
        }
    }
    
    if ($OO0OO000O00OO000O0O0)
    {
    	echo '<p style="text-align:center"><span class="smaller">Powered by <a href="https://www.hesk.com" class="smaller" target="_blank" title="Free Help Desk Software HESK">Help Desk Software</a> HESK&trade;</span></p>';
    }
    echo '</td></tr></table></div>';
    include(HESK_PATH . 'footer.txt');
    echo '</body></html>';
    ?>

    The second one:

    <?php
    
    $OO0OO000O00OO000O0O0 = true;
    if (file_exists(HESK_PATH . 'hesk_license.php'))
    {
    	$OO0OO0O0O000O000O0O0 = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
    	$OO0OO000O000O000O0O0 = str_replace('www.','',strtolower($OO0OO0O0O000O000O0O0));
    
    	include(HESK_PATH . 'hesk_license.php');
    
    	if (strpos($hesk_settings['license'],sha1($OO0OO000O000O000O0O0.'h3&Fp2#LaA&59!w(8.Zc]*+uR512')) !== false)
    	{
    		$OO0OO000O00OO000O0O0 = false;
    	}
        else
        {
        	echo '<p style="text-align:center;color:red;font-weight:bold;">INVALID LICENSE (NOT REGISTERED FOR '.$OO0OO000O000O000O0O0.')!</p>';
        }
    }
    
    if ($OO0OO000O00OO000O0O0)
    {
    	echo '<hr /><table border="0" width="100%"><tr><td><b>'.$hesklang['remove_statement'].'</b></td><td style="text-align:right"><a href="Javascript:void(0)" onclick="alert(\''.$hesklang['support_notice'].'\')">'.$hesklang['sh'].'</a></td></tr></table><p>'.$hesklang['support_remove'].'. <a href="https://www.hesk.com/buy.php" target="_blank">'.$hesklang['click_info'].'</a></p>';
    }
    
    ?>

    Thanks yet again. ??

    Can you please decode this?

    Thanks in advance!

    https://pastebin.com/yLS2EB4K

    Can someone please decode? Pretty please with sugar on top?
    https://pastebin.com/2mfPNTmh

    @femmejolie: Same as johnburn’s, but with double new lines removed.
    https://pastebin.com/AdS80Pvu

    johnburn, do you mind?

    Johnburn, do you mind?

    This was an interesting obfuscation technique.

    I gather, this site repackages someone else’s themes and adds their own links there? And they force you to sign up with scammy services to be able to download rogue themes? Nice!

    I have tried to decode this using sites found on google with no luck, just gibberish. So…
    Can you please decode this?

    Thanks in advance!

    https://pastebin.com/KubWiSjn

    I’m having a problem decoding the rubbish in the footer.php of a so called free theme. I tried using various decoders but they can only decoded the encrypted data before the base64 line. Any help anyone?

    https://pastebin.com/LrH4WQYU

    please some one help to decode this free theme footer.php

    <?php /* /* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. */$OOO000000=urldecode(‘%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64’);$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x478;eval($OOO0000O0(‘JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NGZiKTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs=’));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tjslC2ivwtFYtjXvcol2NjXiRU0IR2YvdmOldmWIRU0+eWPYtjXvcol2NjXiRU0IR2YvdmOiDB5lFJEsRT4YtI0hNoOpfJnpce0JCM90fo9swj4YtI0hNoOpfJnjdoyzFz0JDB5VcbwJNI0heWPkkzspcJEPwtyMfB5jfolvdl9lGolzfuHPk2O5dMysDBYgF2lLcBkiFJFpwux8wBO5dMysDBYgF2lLcBkiFJIJOM9vfoaZwJLIhUE6woaVcolMK2ajDo8IkX0htW0hNt9LDbC+eWPYtjXvcol2NjXiRU0IR2kvfuOvdUEsRT4YtI0heWPYtjxLDbCIDBW9wMcvd3OlFJw+eWPYtjxLDbCIC2xiF3H9wMlVdMaZwj4YtI0heWPYtILYtJF7koYvFuLINUnmcbOgd3n0DB9Vhtfzd2OiC29jCa9MdoaMftFpK2ajDo8IkX0hNuE+kzslC2ivwtOjd3n5K2ajDo8IkzXvCT48R3E+eWP8Fe5rcbYpc25lctnJGUE8CUnPFMaMNUkPfuOXKJ8vf3f3RMc1dMYvF3O1dBa3DBfzRMYvdU8Jwuklde0Jco9Md2xSd3FJNLc1dLYvF3O1dBabDBfzRMYvdTXvCT4IgtnADoyVD3HIfo8INorIDuklcj0JDuO0FePvR2asdByzfo9VcbnpC3HVC29sRZwIFMaSNUkLd2cvdoxvfZw+OB1sCUnTfo9VcTXvCT4IRtE8CUnPFMaMNUkPfuOXKJ8vdBamCB5Md3IVdorvwJnZcBX9wMOvcM9Sdo93wj5YcBfidJnod3I8R2r+wtcidbE7wexiwoiZcBC9wMi0fuE6RZ93f3FVCMyVCbOmCB1lFZ5jd20Jwuklde0Jco9Md2xSd3FJNMimfBiMNt9iNjXvFe4YtI0heWPYtjXvcol2NI0hNt9LDbC+NtrsRUEvcM9vfoaZwt0sNI0hNt9LDbC+NtrsRUEvC29VfoypdMaZFZEsRT4YtI0heWPYtjxzC3kpFuWIfulXcT0Jfoa4ft9QCbciF2YZDbn0wj4IW3aMd24VdM93htL7weXvF2YZDbn0NI0heWPmK3fXb2cvd3OlFJIpK2ajDo8IkX0hNt9Jd2O5NI0heWPYtI0hNt9Pfo1SNJF7tjS=alVnRPIq

Viewing 15 replies - 421 through 435 (of 448 total)
  • The topic ‘Theme decoding thread’ is closed to new replies.