Saturday, June 27, 2015

How to Decode PhpCipher

PhpCipher is an encryption without a loader that can be decoded 100% correctly. It doesn’t matter if the files have been encoded with a license or not, they can be decoded without errors.

As you know, a script encoded with PhpCipher comes with an auxiliary file named “phpcipher.bin”. This files is loaded by all the php files encoded with PhpCipher like a functions file and, for a better protection, “phpcipher.bin” is encoded with Zend Guard and php 5.2

To decode a php file encrypted with PhpCipher you will have to make the following steps:

  • Decode “phpcipher.bin” and extract from it an encryption key, an array actually.
  • Extract the encrypted code from the target php file.
  • Place the two variables from above in a function which will give the decoded file.

Decode “phpcipher.bin”.

Phpcipher.bin is encoded with Zend Guard and php 5.2 and it can be decoded by any decoder made for IonCube and php 5.2. You can find, free on the internet, the following programs: iDezender_40 or iDezender8.

  • Change the extension “phpcipher.bin” to “phpcipher.php”.
  • Put the file into one of the decoders above and it will be decoded.

You can extract then this array: “$phpCipher2873a7e1e7e09b518d6c49ad2391d5d0“. Keep in mind that this key is unique for each script.

Extract the code from the php file.

In each php file encode with PhpCipher, you will find this variable: “$phpCipher“. Extract all the code.

PhpCipher Decoding Function

You will have to put the two variables from above in this function and to run it. You will get the decoded file, 100% accurately decoded.

The decoded file

Below, you will see the decoded file.

The files used in this article can be downloaded from here.

Paid PhpCipher decoding.

Tuesday, February 24, 2015

How to Decode PhpLockIt 2.2.0

I recently saw an entire WordPress theme encoded with PhpLockIt 2.2.0 and I realized that this encryption is still widely used and that someone could be interested to find out a way to decrypt it.

Since PhpLockIt 2.2.0 is practically a base64 encoding, it can be decoded without errors, 100% clean, and the output script will work without the need to correct syntax errors or make additional changes to the code.

How to decode PhpLockIt 2.2.0:

Original file – This is the original test file, unedited:

Step 1 - Determine the values ​​of the variables above "eval"
Below, you will see the edited file so that it can be read more easily. You will notice that I added "print_r ($ GLOBALS);”
Running this file will give you an array, and at the end of it you will notice the variables we are interested in:

  • $ GLOBALS ['OOO000000'] = 'fg6sbehpra4co_tnd';
  • $ GLOBALS ['OOO0000O0'] = 'base64_decode';
  • $ GLOBALS ['OOO000O00'] = 'fopen';
  • $ GLOBALS ['O0O000O00'] = 'fgets';
  • $ GLOBALS ['O0O00OO00'] = 'fread';
  • $ GLOBALS ['OOO00000O'] = 'strtr';
  • $ OOO0O0O00 = 'C: \ Documents and Settings \ mla \ Desktop \ How to decode phpLockIt 2.2.0 \ original.php';
  • $ OO00O0000 = 0xa8;

Step 2 - See what "eval" contains
I replaced the variables in the file above and as you see, "eval" is followed by a variable "$ GLOBALS ['OOO0000O0']" with the value "base64_decode".
I replaced it and changed also "eval" with "echo". Let’s run the file again.

Step 3 - Replace "eval"
I replaced "echo base64_decode ..." with the result obtained after running the file above. For clarity, I added two variables:

  • $ O000O0O00 = $ data;
  • $ OO00O00O0 = $ result;

Step 4 - Replace variables in "eval"
Replace $ GLOBALS ['OOO000O00'], $ GLOBALS ['OOO00000O'], etc. with corresponding values ​​"fopen", "strtr", etc.

Step 5 - Getting the decoded file
At the first glance, to obtain the decoded file we would need to replace "eval ($ result)" with "echo $result". By running the program you will see that this does not work, you will not get anything as a result. We need to add something.
In Step 1, we have obtained the variable "$ OO00O0000 = 0xa8".

  • I will change the "$ result = base64_decode (strtr (fread ($ date, 0x3a8)" with "$ result = base64_decode (strtr (fread ($ date, 0xa8)"
  • Also I will add "fread ($ date, 0x3a8)" under existing "fread ($ date, 0x501);"

Note: Before running this php file, make sure to change the path to the original file "C:\Documents and Settings\mla\Desktop\How to decode phpLockIt 2.2.0\original.php" with your own path.

Decoded file - if you run the file above, you will get you the decoded file below. You need to add "<? Php" and "?>".

I hope the explanation above is clear enough and useful at the same time. Download the example files presented in the steps above, here.

Wednesday, February 12, 2014

IonCube Decoder v8, v7, v6 |Decode PHP

The IonCube v8 decoder presented in this article is able to decode all the recent versions of IonCube encodings, including version 8.1 and 8.2. It can also decode files encrypted with a license, even if that license is expired.

The program is made by me and is based on the same idea that was used to build all IonCube decoders you can find on the internet. What makes it different from other similar programs, is that this software works with the latest types of IonCube loaders (version 4.6.0), so it decodes latest encoding version, IonCube v 8.2.

In brief, this IonCube v8 decoder is composed from 7 decoding cores: 5 cores that decrypt IonCube (php 5.2 and php 5.3), Zend Guard (php 5.2) and Nusphere, one core that decodes Zend Guard (php 5.3) and an old universal decoder that can decode base64 and some other types of encryptions without a loader.

  • It has errors in the output code, as all other decoding programs have (Dezender, iDezender, etc.). There is a difference though; the decoding core for php 5.3 that gives the most annoying errors has a program that fixes automatically almost 95% of them.

IonCube decoder v8, v7 and v6. Decode php files.

Decode IonCube v8, v7 and v6

First 5 options in this program, or the first 5 cores can decode IonCube v8, v7, v6 and earlier versions.

  • On the first option, the php 5.3 core decodes IonCube v8, v7 and v6. It decodes php files that were encoded with php 5.2 and php 5.3. Most of the errors are automatically fixed by software.
  • Options 2, 3 are based on modified RM and NWS cores and they can decrypt IonCube v8, v7 and v6, files that were encoded with php 5.2.
  • Options 4, 5 are similar to 2, 3, the only difference is that these cores are capable to decode encryptions that were released before IonCube v6.

Decode Zend Guard, Nusphere and other encryptions

  • Options 2, 3, 4, 5 can decode php files encrypted with Zend Guard (php 5.2) and Nusphere.
  • Option 6 can decode Zend Guard encrypted with php 5.3.
  • Option 7 decodes base64 encodings and some other encryptions without a loader.

Errors in the decoded php files

All decoders that can be found on the internet have errors (Dezender, iDezender, etc.). If you expect to find a decoder with 100% clean output code, then you will not find one. The decrypted files have to be corrected by someone with knowledge of php. Download sample decoded files.

Errors decoding IonCube v6 or earlier versions

These versions can be decoded very well. In a whole script, you will find only a few errors; many files are decoded without any error at all.

  • The script can be fixed easily.

Errors decoding IonCube v7

As a rule, IonCube v7 encoded files that can be decoded with the cores RM or NWS are relatively clean, almost like IonCube v6 and the script is easy to fix.

The files that have to be decoded with the php 5.3 core seem to have many errors although no part of the code is missing. The good thing is that the errors follow a pattern (classes, foreach, etc.) and they can be repaired using an autofixer program. 

Errors decoding IonCube v8 or v7.
  • Fixing the script is moderate-difficult.

Errors decoding IonCube v8

Files encoded with php 5.2, and php 5.3, have exactly the same errors as IonCube v7 above.

  • My program cannot decode php files encrypted with IonCube v8 and php 5.4.

Cheap IonCube decoding

Update 2014-02-24: I have a new and improved program that fixes errors. Decoded files are reasonably clean, no matter what version of IonCube you might have. In a large script, many files are without errors at all. Download sample decoded files

If you cannot find another way to decode your files and you wish to try my program, you can find me on the links below. It is better to contact me first. These are the prices:

1. Errors fixed manually. Click here: Decode IonCube, errors fixed.



Errors fixed manually




2. Errors not fixed manually. Click here: Decode IonCube.



Errors fixed manually










over 101



Monday, May 13, 2013

Ioncube Decoder

Despite the general belief that IonCube encoded files cannot be decoded or not decoded properly, I will show you here 3 very efficient and relatively accurate ionCube decoder programs:

  • Two of them are older versions of a program called iDezender that was developed by a person with the nickname of “Quarizma”. They are still very effective and work for ionCube 6x. The versions were released free.
  • A very new version of a program that can decode ionCube 7x called DeZend_Engine_CRACKED. This decoder is also known as “IonCube 7 Decoder + PHP Auto-fixer” and some people try to sell it for 50 euros (approx. $65).

Decode your encrypted php files with iDezender

Both iDezender versions presented below support the following type of encryptions:

  • ionCube 1.x-6.x,
  • Zend 5.x,
  • Nu-Coder 2.x,
  • XCACHE and ALL PHP based encryptions (without a loader).

These ionCube decoders are very precise compared with other similar programs that you can find on the internet. Are not perfect, but the percentage of errors is very low.

IonCube decoder iDezender_34

This decoder is not your best option when it comes to errors but is fast. You can put all the script in the “ENCODED” folder and the program decodes only the encoded php files, letting untouched the other files. It has only a few repetitive syntax errors but these became annoying in a large code.
How to use it:
1. If you have just one or two files to decode:

  • you can click DeZend
  • copy and paste your ionCube encoded file on the left screen.
  • click once again DeZend.

2. If you have a large script:

  • open the folder “iDezender_34” and you will find a folder called “ENCODED”.
  • copy and paste your entire encoded script there (does not matter if only some files are encoded and others are not).
  • click “DeZend Directory”.
  • you will find your decoded script in the folder “DECODED”.

ioncube decoder 2013

IonCube decoder iDezender_40

This decoder is the best thing you can find with respect to errors, if you use the “Dezender (RM Core) first button on left. It decodes multiple php files at once but you cannot copy and paste your entire script in the decoder, as it was possible with IDezender_34.
How to use it:

  • open iDezender_40
  • place the target files in the Encoded directory.
  • use one of the cores to decode. Just click.
  • output files are located in Decoded.


IonCube 7 Decoder + PHP Auto-fixer

This is the newest ionCube decoder and probably the most attractive because it can decode ionCube v7. Most people try to sell this program and it is very hard (or impossible) to find it free. It is called “DeZend_Engine_CRACKED”.

  • Sometimes it does not decode ionCube 6x.
  • This program gives enough decoding errors, unfortunately. They are not many but they will consume your time if you are decoding a large script. The decoded files have to be corrected by someone with good knowledge of php.

How to use:

  • place your files in the “encoded” directory.
  • click “DeZendEngine.exe”,
  • click “1” and ENTER.



Before trying to use any of the programs above you have to install all Microsoft Visual C++ Redistributable Packages 2006-2012 (both x64 and x86 if you have a x64 operating system): Softpedia

How to download ionCube decoder

  • Update 2014-09-21: New IonCube v8 Decoders.
  • Update 2013-11-25: New program. I have added a fully working iDezender 8.
  • The package called "all_dezenders.rar" contains now 4 programs: DeZend_Engine_CRACKED, iDezender 8, iDezender_40 and iDezender_34.
    Download files: zippyshare, depositFiles, datafilehost
    Download password file: password

The rar file above is passworded. You will have to complete a survey to download the password (a text file). I am sorry, but this is how the things are.
If by any reason, you do not want to do a survey, try to search the names of the programs. You will probably find a place to download them free. Best of luck!

Update: If you have any problems, here is a contact email address: Once again, I am sorry for the surveys.