Base64 Decode

Base64 represents binary data in an ASCII string. Very often malicious code is obfuscated and in Base64 format. In order to make the script human friendly you have to decode it using base64_decode. Note that:

- Often it is enough just to decode the first few lines of code
- Sometimes you might have to decode a string more than one time to see the code behind it

Here is an example script which you can use with PHP:

if ($_POST['string']) {
    echo '<pre>';
    echo htmlentities(base64_decode($_POST['string']));
    echo '</pre>';
	echo "<br><br><a href="base64_decode.php">New check</a>";
} else { ?>
<form method="post" action="base64_decode.php">
<textarea cols="66" rows="25" name="string"></textarea>
<input type="submit" value="Submit">
<br></form>
<? } 

Of course, obfuscated code is not only base64 encoded. It could be also gz inflated, rot13 encoded and so on. There are even some much complex obfuscating mechanisms which can make you lose a few hours trying to understand even a few lines of code.

blog comments powered by Disqus