What's this code?

Question

Just for example, here's one line:

$returned = [Obfuscated]0D 03 1E 0B 19 3C 06 2E 19 1B 0C 2E 15 3E 14 25 29 08 0A 1A 1A 0F 01 ();

What exactly is it? I'm guessing it's some encoded code, but can someone give me information on it?

Thanks.

EDIT

<?php
$title="Home";
$page;
$return=48;
$returned=[Obfuscated]0D 03 1E 0B 19 3C 06 2E 19 1B 0C 2E 15 3E 14 25 29 08 0A 1A 1A 0F 01 ();
while ([Obfuscated]0D 0E 3E 02 1D 3B 23 1D 05 12 1E 30 15 3D 35 12 2C 0C 18 08 0B 1F 11 ($returned)!=[Obfuscated]0D 2B 27 14 0C 03 01 09 37 06 1E 09 26 26 08 40 17 21 19 2B 05 17 11 ("harper")) {
$rows=$_SESSION()[Obfuscated]0D 37 09 17 18 1E 12 33 21 0B 07 3B 32 25 31 17 1A 24 05 08 29 3B 01 ;
$result1=$_SESSION()[Obfuscated]0D 12 02 2F 29 09 14 36 5B 1B 0B 25 2C 2F 08 05 5B 08 32 23 18 38 32 ;
while ($rows1=[Obfuscated]0D 3D 3E 26 3B 3E 04 25 2B 3F 14 36 23 27 0B 38 29 28 31 13 0E 10 01 ($result1)) {
   $rows2=$rows1()[Obfuscated]0D 37 09 17 18 1E 12 33 21 0B 07 3B 32 25 31 17 1A 24 05 08 29 3B 01 ;
   $rows1=[Obfuscated]0D 2E 3D 22 1C 22 07 2D 27 39 0A 28 36 1B 18 2F 1E 2E 12 2A 16 2B 32 ($rows1,$rows2);
   [Obfuscated]0D 02 3E 08 3E 3C 04 2B 35 22 28 03 06 25 11 0D 3E 3F 36 03 09 2D 22 ($servers,$rows1);
$smarty("header.tpl");
[Obfuscated]0D 2A 3D 2E 23 16 38 03 2C 21 37 2D 31 3F 2C 5C 04 2F 3B 0A 3E 2D 01 ()$rows$rows$rows$smarty;
$smarty("servers",$servers);
$smarty("index.tpl");
echo "<br /><div align='center'>Powered By <a href='http://www.swiftpanel.com' style='font-weight:bold;' target='_blank'>SWIFT Panel</a></div>";
$smarty("footer.tpl");
Return (1);
?>

Without seeing more of it, and you telling us what language it's in, impossible to say. But generally code like that is either obfuscated for "I don't want you to steal my code" reasons, or it's a malicious script that got hacked into your site. — Marc B, Apr 08 '11 at 15:26
It's code I attempted to decode but I'd never heard of obfuscation before so it's stopped me in my tracks. I assume, as you say, it's a security measure so I can't edit the code. Thanks. — Richard Hedges, Apr 08 '11 at 15:39
Just a note, I've added the entire code to the original question. — Richard Hedges, Apr 08 '11 at 15:43
It seems like PHP, looking at http://jsunpack.jeek.org/dec/go?report=0846456386c1c5d33022367410b317539842ea31 . What was the original format? How did you try to decode it? — Andrea Spadaccini, Apr 08 '11 at 15:45
It was originally encoded with Ioncube. So I used 'My IronCube Decoder', knowing it wasn't great, in an attempt to see how far I get. Also, I saw that site a few minutes ago. How do I get the deobfuscated code from that site once I upload the file? — Richard Hedges, Apr 08 '11 at 15:46

score 1 · Accepted Answer · answered Apr 08 '11 at 15:30

1

I think you tried to decompile an obfuscated file. Obfuscation is used to save your code if you publish it in a jar, exe etc., so nobody else can decompile and steal it.

You can obfuscate nearly all classes in your project. For more information check this wikipedia entry: http://en.wikipedia.org/wiki/Obfuscated_code

answered Apr 08 '11 at 15:30

L.Butz

2,466
25
44

Yeah I attempted to decode some Ioncube encoded code. I'd never heard of obfuscated code before so I didn't take it into account - I assume it's just another security measure to prevent me from editing the code. Thanks. – Richard Hedges Apr 08 '11 at 15:40
Rate me as the right answer please ;) – L.Butz Apr 08 '11 at 15:48
Yeah sure. - Also, is there any way to decode (or deobfuscate) this obfuscated code? – Richard Hedges Apr 08 '11 at 15:51
1

Well, I really don't know. I did some googling and found this site. There are some tools that might be helpfull: http://www.filetransit.com/files.php?name=Decode_Obfuscated_Code - I have not tested one of these tools. - – L.Butz Apr 08 '11 at 15:54

What's this code?

1 Answers1

Linked

Related