1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can somebody help me decode Flexibility Theme? Seems to be "eval(base64_decode"

Discussion in 'Blogging' started by jabroni, Dec 1, 2010.

  1. jabroni

    jabroni Registered Member

    Joined:
    Jan 13, 2010
    Messages:
    77
    Likes Received:
    15
    Hey guys hope all is well. I'm struggling to decode the flexibility theme. The only encryption I can see that looks strange is the functions file. I have attached it here for anyone who is interested in seeing what it looks like.

    I've tried decoding it using an online script to no avail :(

    Any help would be muchos appreciated!

    Thanks!
     

    Attached Files:

    Last edited: Dec 1, 2010
  2. _Biju_

    _Biju_ Junior Member

    Joined:
    Nov 18, 2010
    Messages:
    171
    Likes Received:
    67
    Location:
    Here
    Home Page:
    it's actualy quite simple.

    1) rename that file to functions.php
    2) change eval() to echo()
    3) upload on a server and run it in your browser

    It will echo the php code generated by that :D
     
  3. jabroni

    jabroni Registered Member

    Joined:
    Jan 13, 2010
    Messages:
    77
    Likes Received:
    15
    ok kool! Thanks..Yeah I just had to change the file to txt due to not being able to attach php files.

    Is this the best way then? I'm gonna try it now
     
  4. jabroni

    jabroni Registered Member

    Joined:
    Jan 13, 2010
    Messages:
    77
    Likes Received:
    15
    Ok I think I fudged it up..

    Sorry I'm a noob when it comes to php..So I did the echo thing then just re-uploaded the file onto my server.

    Then when I checked my site there was all this wierd code on the site on top of my header. Also even on my WP dashboard there was wierd code above it and on my login page.

    What did I do wrong? I don't get the run on a browser part?
     
  5. dirtbag

    dirtbag Senior Member

    Joined:
    Jul 24, 2008
    Messages:
    990
    Likes Received:
    525
  6. jabroni

    jabroni Registered Member

    Joined:
    Jan 13, 2010
    Messages:
    77
    Likes Received:
    15
    Thanks dirtbag but I just don't get it - It doesn't work for me. I copy the eval code into the box and I just get this message :

    Sorry, it just wasn't possible to decode that string. Please let us know if you think this is a bug in our code.

    I tried a few different combinatoions but still no luck - I suck at this stuff
     
  7. Gringa

    Gringa Newbie

    Joined:
    Sep 3, 2010
    Messages:
    8
    Likes Received:
    0
    Location:
    France
    Look for "tarreeinternet", she's edited a script that will just decode whatever you want, then you can just copy paste the php to your footer.

    Sorry, can't add the link I'm a newbie...

    Hope it helps!
     
  8. jabroni

    jabroni Registered Member

    Joined:
    Jan 13, 2010
    Messages:
    77
    Likes Received:
    15
    Nope, tried that script already..just returns the same code to me when i press decode. Thanks anyway

    Is there anyone at all who knows how to decode this piece of shit?? I've never had a ranking site with this gay theme but it has some features I really like

    Thanks guys
     
  9. nufaman

    nufaman Elite Member

    Joined:
    May 29, 2009
    Messages:
    1,697
    Likes Received:
    1,185
    Are you sure that is the correct code? Doesn't seem so
     
  10. jabroni

    jabroni Registered Member

    Joined:
    Jan 13, 2010
    Messages:
    77
    Likes Received:
    15
    have you checked the functions file I attached...if so, yeah that's the only strange code I can find in the whole theme! I copy and pasted it exactly as it is in the functions file :(

    Maybe just some really good encryption?
     
  11. Gibbzee

    Gibbzee Regular Member

    Joined:
    Jun 17, 2009
    Messages:
    399
    Likes Received:
    142
    Code:
    http://www.functions-online.com/base64_decode.html
    Put the code in there. It will work.
     
  12. jabroni

    jabroni Registered Member

    Joined:
    Jan 13, 2010
    Messages:
    77
    Likes Received:
    15
    Thanks but I give up, that didn't work either!

    Just got some wierd symbols as output..I've heard of people encrypting the same code multiple times? Is this what has possibly happened here?
     
  13. Gibbzee

    Gibbzee Regular Member

    Joined:
    Jun 17, 2009
    Messages:
    399
    Likes Received:
    142
    PHP:
    <?php
    function list_pings($comment$args$depth) {
           
    $GLOBALS['comment'] = $comment;
    ?>
    <li id="comment-<?php comment_ID(); ?>">
    <?php comment_author_link(); ?>
    <?php 
    ?>
    <?php 
    if (function_exists('wp_list_comments')) :
    add_filter('get_comments_number''comment_count'0);
    function 
    comment_count$count ) {
        global 
    $id;
        
    $get_comments get_comments('post_id=' $id);
        
    $comments_by_type = &separate_comments($get_comments);
        return 
    count($comments_by_type['comment']);
    }
    ?>
    <?php 
    endif; ?>
    <?php
    add_filter
    ('comments_template''legacy_comments');
    function 
    legacy_comments($file) {
        if ( !
    function_exists('wp_list_comments') ) 
            
    $file TEMPLATEPATH '/legacy.comments.php';
        return 
    $file;
    }
    ?>
    <?php

    $url_base 
    get_bloginfo('template_directory');

    // Widget Settings

    if ( function_exists('register_sidebar') )
        
    register_sidebar(array(
            
    'name' => 'Sidebar_top',
            
    'before_widget' => '<div class="widget">',
            
    'after_widget' => '</div>'
            
    'before_title' => '<div class="toptitle"><h5>',
            
    'after_title' => '</h5></div>',
        ));
        
    if ( 
    function_exists('register_sidebar') )
        
    register_sidebar(array(
            
    'name' => 'Sidebar_left',
            
    'before_widget' => ''
            
    'after_widget' => ''
            
    'before_title' => '<h5>',
            
    'after_title' => '</h5>',
        ));

    if ( 
    function_exists('register_sidebar') )
        
    register_sidebar(array(
            
    'name' => 'Sidebar_right',
            
    'before_widget' => ''
            
    'after_widget' => ''
            
    'before_title' => '<h5>',
            
    'after_title' => '</h5>',
        ));
        
    if ( 
    function_exists('register_sidebar') )
        
    register_sidebar(array(
            
    'name' => 'Feature_top',
            
    'before_widget' => '<div class="feat_box">',
            
    'after_widget' => '</div>'
            
    'before_title' => '<h2>',
            
    'after_title' => '</h2>',
        ));
        
    if ( 
    function_exists('register_sidebar') )
        
    register_sidebar(array(
            
    'name' => 'Footer',
            
    'before_widget' => '<div class="foot_box">',
            
    'after_widget' => '</div>'
            
    'before_title' => '<h2>',
            
    'after_title' => '</h2>',
        ));


    if (
    current_user_can("manage_options")){include( TEMPLATEPATH '/includes/theme_options.php' );}

    if ( !
    is_admin() ) { // instruction to only load if it is not the admin area
       // register your script location, dependencies and version
       
    wp_register_script('superfish',
           
    get_bloginfo('template_directory') . '/js/superfish.js',
           array(
    'jquery'),
           
    '' );
       
    // enqueue the script
       
    wp_enqueue_script('superfish');

    }



    function 
    flexibility_wp_head() { ?>
      
      <!--[if lte IE 6]>
      <link rel='stylesheet' type='text/css' href="<?php bloginfo('template_directory'); ?>/ie6style.php" />
      <script type="text/javascript" src="<?php bloginfo('template_directory'); ?>/js/DD_belatedPNG_0.0.8a-min.js"></script> 
      <script>
      DD_belatedPNG.fix('#header, #searchform, img, #feature, .topshadow, .postMeta, .commentcount, .postdate, #footer, #footerdark, .scshadow, #sidebar-top h5, li, #wp-pagenavi a, #wp-pagenavi .current, input, .subbox, .subbox2, .contentbox');
    </script>
      <![endif]-->

    <script type="text/javascript">
    //<![CDATA[
         jQuery(document).ready(function(){ 
            
            jQuery("ul.sf-menu").superfish({ 
                autoArrows: <?php if (get_option('flex_nav_showarrow')) { echo get_option('flex_nav_showarrow'); } else { echo 'true'; } ?>,
                dropShadows: false,
                speed:       300, 
                delay:       500, 
                animation:   {height:'show'}
            }); 
            jQuery("#nav a").removeAttr("title"); 
            
            
        }); 
    //]]>
    </script>

      <?php }

    if (
    function_exists('add_theme_support')) {
        
    add_theme_support('nav-menus');
    }


    if (
    function_exists('register_nav_menu')) {
    function 
    register_my_menu() {
        
    register_nav_menu'primary-menu'__'Primary Menu' ) );
    }

    add_action'init''register_my_menu' );
    }

    function 
    flex_menu() {
        echo 
    '<ul class="sf-menu">';
        if (
    get_option('flex_nav_home') == "yes") { 
        echo 
    '<li';
        if (
    is_home()) { 
        echo 
    ' class="current_page_item"'
        } 
        echo
    '><a href="';
        echo 
    get_settings('home'); 
        echo 
    '"><span>Home</span></a></li>';
         } 
        echo 
    preg_replace('@\<li([^>]*)>\<a([^>]*)>(.*?)\<\/a>@i''<li$1><a$2><span>$3</span></a>'wp_list_pages('echo=0&orderby=name&exclude=&title_li='));
          echo 
    '</ul>';
    }

    add_action('wp_footer''rss_construct');

    function 
    rss_construct() {
        if (
    is_front_page()) {
      
    $content '<p class="footlinks"><a href="http://www.insuranceagentsquote.com/states/california.html">California Insurance Agents</a> | <a href="http://www.justdreamweaver.com/small-business-web-hosting.html">Small Business Web Hosting</a> | <a href="http://www.floridainsurancequest.com/">Florida Insurance Quotes</a></p>';
      echo 
    $content;
        }
    }


    global 
    $allowedtags;
    $allowedtags['form'] = array( 'class' => array () );

    add_action('wp_head''flexibility_wp_head');
    if (
    current_user_can("manage_options")){add_action('admin_menu''flexibility_add_admin'); }
            
    ?>
     
    • Thanks Thanks x 6
  14. jabroni

    jabroni Registered Member

    Joined:
    Jan 13, 2010
    Messages:
    77
    Likes Received:
    15
    You = The MAN!!!

    Thanks a lot dude. Did you use that same script decoder that you posted for me? What did I do wrong? What code did you put in there?

    Thanks again
     
  15. secondfire

    secondfire Newbie

    Joined:
    Nov 23, 2010
    Messages:
    19
    Likes Received:
    1
    i done have any idea...
     
  16. amommy

    amommy Newbie

    Joined:
    Feb 6, 2008
    Messages:
    1
    Likes Received:
    0
    The above methods were not working for me either. I tried everything. keeping the php, removing it, keeping the eval, removing it, the $###= and remvoing it. NOTHING worked for me.
    How did you get it to decode so I know what to do in future please????:D
     
  17. Gibbzee

    Gibbzee Regular Member

    Joined:
    Jun 17, 2009
    Messages:
    399
    Likes Received:
    142
    • Thanks Thanks x 1
  18. pttugas

    pttugas Junior Member

    Joined:
    Apr 14, 2010
    Messages:
    145
    Likes Received:
    20
    if you need help just send me the files and i decode it for our with pleasure.
     
    • Thanks Thanks x 2
  19. Psipherious

    Psipherious Newbie

    Joined:
    Sep 28, 2009
    Messages:
    6
    Likes Received:
    25
    Reason some of you are having trouble decoding this is because it's base64 encoded something like 6 times and also gzip compressed 3 times.

    Notice if you run the original php script and change the eval to an echo, but wrap an html <textarea> around it, you basically get another "file" that is very similar to this first one you're trying to decode (which you can copy easily out from the textarea once you've executed it)

    Then you run it again (with the new decoded date from the first file). And then... again a 3rd time... and the final result is the fully decoded code you see posted above by Gibbzee.

    Here try this, at the bottom of the php file, change the eval line to:
    PHP:
    $decoded base64_decode(gzuncompress(base64_decode($Q7B2ADBA49F6F1333506E3B82B20CCFFB)));
    echo 
    "<textarea rows=30 cols=120>" $decoded "<textarea>";
    ?>
    Have fun!
     
    • Thanks Thanks x 1
    Last edited: Mar 11, 2011
  20. cleverliving

    cleverliving Regular Member

    Joined:
    Jan 24, 2010
    Messages:
    262
    Likes Received:
    73
    Occupation:
    Internet Marketer/Disabilities Career
    Location:
    Where The Wind Blows
    ok for those that have no idea what you are talking about is it possible you can simply upload the flexibilit 3 theme for us to use, so we dont have to decode anything