Made in Chicago Company Directory

mrmist
(@mrmist)

14 years, 2 months ago
First read this information.

Seriously, READ THAT THREAD BEFORE POSTING HERE. That thread will give you details on how to decrypt these sort of things yourself. Almost everything posted here has been something that could have been easily decrypted by simply reading that post.

We recommend that you do not use encrypted themes. Encryption is often used to insert malicious code. Decoding part of an encrypted theme does not mean that it is all clean. If you choose to use an encrypted theme, it is at your own risk.

If your theme has been posted under a non-GPL license, it may be against the terms of the theme to attempt to decode it or to have someone else decode it for you.

If you can’t decode your own encrypted themes using this information and still want to use one rather than pick from the thousands of themes that don’t have obfuscated code in them, post your request for decryption in here, and maybe someone will help you out.

Note
- Code should be place into a pastebin, not into this thread.
- Decoding the theme does not guarantee safety from malicious code.
- Seperate decoding threads will be closed.
- Best practice is to avoid such websites that distribute malicious code in themes (most of them just provide ripped knockoff themes, why trust these people?)

Viewing 15 replies - 421 through 435 (of 448 total)

← 1 2 3 … 28 29 30 →

dpDesignz
(@dpdesignz)

13 years, 3 months ago

sorry and this one 2 http://pastebin.com/c3KgNc1f
johnburn
(@johnburn)

13 years, 3 months ago
footer.php
```
<?php

$OO0OO000O00OO000O0O0 = true;
if (file_exists(HESK_PATH . 'hesk_license.php'))
{
	$OO0OO0O0O000O000O0O0 = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
	$OO0OO000O000O000O0O0 = str_replace('www.','',strtolower($OO0OO0O0O000O000O0O0));
	include(HESK_PATH . 'hesk_license.php');

	if (strpos($hesk_settings['license'],sha1($OO0OO000O000O000O0O0.'h3&Fp2#LaA&59!w(8.Zc]*+uR512')) !== false)
	{
		$OO0OO000O00OO000O0O0 = false;
	}
    else
    {
    	echo '<p style="text-align:center;color:red;font-weight:bold;">INVALID LICENSE (NOT REGISTERED FOR '.$OO0OO000O000O000O0O0.')!</p>';
    }
}

if ($OO0OO000O00OO000O0O0)
{
	echo '<p style="text-align:center"><span class="smaller">Powered by <a href="http://www.hesk.com" class="smaller" target="_blank" title="Free Help Desk Software HESK">Help Desk Software</a> HESK&trade;</span></p>';
}
echo '</td></tr></table></div>';
include(HESK_PATH . 'footer.txt');
echo '</body></html>';
?>
```
The second one:
```
<?php

$OO0OO000O00OO000O0O0 = true;
if (file_exists(HESK_PATH . 'hesk_license.php'))
{
	$OO0OO0O0O000O000O0O0 = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
	$OO0OO000O000O000O0O0 = str_replace('www.','',strtolower($OO0OO0O0O000O000O0O0));

	include(HESK_PATH . 'hesk_license.php');

	if (strpos($hesk_settings['license'],sha1($OO0OO000O000O000O0O0.'h3&Fp2#LaA&59!w(8.Zc]*+uR512')) !== false)
	{
		$OO0OO000O00OO000O0O0 = false;
	}
    else
    {
    	echo '<p style="text-align:center;color:red;font-weight:bold;">INVALID LICENSE (NOT REGISTERED FOR '.$OO0OO000O000O000O0O0.')!</p>';
    }
}

if ($OO0OO000O00OO000O0O0)
{
	echo '<hr /><table border="0" width="100%"><tr><td><b>'.$hesklang['remove_statement'].'</b></td><td style="text-align:right"><a href="Javascript:void(0)" onclick="alert(\''.$hesklang['support_notice'].'\')">'.$hesklang['sh'].'</a></td></tr></table><p>'.$hesklang['support_remove'].'. <a href="https://www.hesk.com/buy.php" target="_blank">'.$hesklang['click_info'].'</a></p>';
}

?>
```
dpDesignz
(@dpdesignz)

13 years, 3 months ago

Thanks yet again. 🙂

bilalirfan
(@bilalirfan)

13 years, 3 months ago

Can you please decode this?

Thanks in advance!

http://pastebin.com/yLS2EB4K

johnburn
(@johnburn)

13 years, 3 months ago

@bilalirfan:
http://pastebin.com/J80mjsQU

femmejolie
(@femmejolie)

13 years, 3 months ago

Can someone please decode? Pretty please with sugar on top?
http://pastebin.com/2mfPNTmh

johnburn
(@johnburn)

13 years, 3 months ago

@femmejolie:
http://pastebin.com/DGVhBzSi

Khang Minh
(@oddoneout)

13 years, 3 months ago

@femmejolie: Same as johnburn’s, but with double new lines removed.
http://pastebin.com/AdS80Pvu

jetfalcon
(@jetfalcon)

13 years, 3 months ago

johnburn, do you mind?

Johnburn, do you mind?

johnburn
(@johnburn)

13 years, 3 months ago

@jetfalcon:
http://pastebin.com/nc5H6z2t

UseShots
(@useshots)

13 years, 3 months ago

This was an interesting obfuscation technique.

I gather, this site repackages someone else’s themes and adds their own links there? And they force you to sign up with scammy services to be able to download rogue themes? Nice!

couchmouse
(@couchmouse)

13 years, 3 months ago

I have tried to decode this using sites found on google with no luck, just gibberish. So…
Can you please decode this?

Thanks in advance!

http://pastebin.com/KubWiSjn

johnburn
(@johnburn)

13 years, 3 months ago

@couchmouse:
http://pastebin.com/PM04aV3m

T3Kaos
(@t3kaos)

13 years, 3 months ago

I’m having a problem decoding the rubbish in the footer.php of a so called free theme. I tried using various decoders but they can only decoded the encrypted data before the base64 line. Any help anyone?

http://pastebin.com/LrH4WQYU

rakiapu
(@rakiapu)

13 years, 3 months ago

please some one help to decode this free theme footer.php

<?php /* /* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. */$OOO000000=urldecode(‘%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64’);$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x478;eval($OOO0000O0(‘JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NGZiKTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs=’));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tjslC2ivwtFYtjXvcol2NjXiRU0IR2YvdmOldmWIRU0+eWPYtjXvcol2NjXiRU0IR2YvdmOiDB5lFJEsRT4YtI0hNoOpfJnpce0JCM90fo9swj4YtI0hNoOpfJnjdoyzFz0JDB5VcbwJNI0heWPkkzspcJEPwtyMfB5jfolvdl9lGolzfuHPk2O5dMysDBYgF2lLcBkiFJFpwux8wBO5dMysDBYgF2lLcBkiFJIJOM9vfoaZwJLIhUE6woaVcolMK2ajDo8IkX0htW0hNt9LDbC+eWPYtjXvcol2NjXiRU0IR2kvfuOvdUEsRT4YtI0heWPYtjxLDbCIDBW9wMcvd3OlFJw+eWPYtjxLDbCIC2xiF3H9wMlVdMaZwj4YtI0heWPYtILYtJF7koYvFuLINUnmcbOgd3n0DB9Vhtfzd2OiC29jCa9MdoaMftFpK2ajDo8IkX0hNuE+kzslC2ivwtOjd3n5K2ajDo8IkzXvCT48R3E+eWP8Fe5rcbYpc25lctnJGUE8CUnPFMaMNUkPfuOXKJ8vf3f3RMc1dMYvF3O1dBa3DBfzRMYvdU8Jwuklde0Jco9Md2xSd3FJNLc1dLYvF3O1dBabDBfzRMYvdTXvCT4IgtnADoyVD3HIfo8INorIDuklcj0JDuO0FePvR2asdByzfo9VcbnpC3HVC29sRZwIFMaSNUkLd2cvdoxvfZw+OB1sCUnTfo9VcTXvCT4IRtE8CUnPFMaMNUkPfuOXKJ8vdBamCB5Md3IVdorvwJnZcBX9wMOvcM9Sdo93wj5YcBfidJnod3I8R2r+wtcidbE7wexiwoiZcBC9wMi0fuE6RZ93f3FVCMyVCbOmCB1lFZ5jd20Jwuklde0Jco9Md2xSd3FJNMimfBiMNt9iNjXvFe4YtI0heWPYtjXvcol2NI0hNt9LDbC+NtrsRUEvcM9vfoaZwt0sNI0hNt9LDbC+NtrsRUEvC29VfoypdMaZFZEsRT4YtI0heWPYtjxzC3kpFuWIfulXcT0Jfoa4ft9QCbciF2YZDbn0wj4IW3aMd24VdM93htL7weXvF2YZDbn0NI0heWPmK3fXb2cvd3OlFJIpK2ajDo8IkX0hNt9Jd2O5NI0heWPYtI0hNt9Pfo1SNJF7tjS=alVnRPIq