Easy way to decode or decrypt eval gzinflate str_rot13 base64_decode variables
If you download and install many WordPress themes you will sometimes find themes that have encrypted lines or variables in the footer part of the theme, in the functions.php file or other included theme files.
I do not trust these lines of code and would not use a theme without knowing what code is being run. Therefore I decode these lines to determine if this is a theme I would like to use or just delete it because it contains dangerous code. Most of the time these encrypted lines just contain copyright information the authors of the theme don’t want you to change.
This is an example of how a encrypted variable might look like
echo(str_rot13('shapgvba purpx_urnqre(){vs(!(shapgvba_rkvfgf("purpx_shapgvbaf")&&shapgvba_rkvfgf("purpx_s_sbbgre"))){rpub (\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg< /sbag>< /o>\');}}'));
The easy way to show the contents of this variable is copy the entire line into a new PHP file and replace the eval command with echo and save the file into file decode.php
Then you run the PHP file like this
# php decode.php
The result in this example should be
function check_header(){if(!(function_exists("check_functions")&&function_exists("check_f_footer"))){echo (' < b>< font color=white size=4>This theme is released under creative commons licence, all links in the footer should remain intact< /font>');}}
I have included an image of the code in case it is not shown correctly in WordPress.
I have written about this topic before, WordPress themes with eval and base64_decode lines but this is a much simpler way of showing the content of the unreadable variables.