Rick is supporting a Magento-based e-commerce site. As many such sites, it uses a lot of third party plugins. One of those third party plugins wants to make sure no one "steals" its code, and thus obfuscates the code.
$_F=__FILE__;$_X="JF9GPV9f...oJF9EKCRfWCkpOw==";$_D=strrev('edoced_46esab');eval($_D($_X));
This stores the actual code inside that Base64 encoded string. And it "cleverly" hides the fact that it's Base64 encoded by reversing the name of the decode function into "edoced_46esab".
But now, as clever hackers, you might be wondering: what is the actual code?
$_F=__FILE__;$_X="JF9GPV9fRklMRV9fOyR...RfRCgkX1gpKTs=";$_D=strrev('edoced_46esab');eval($_D($_X));
It's not a quine, it's another Base64 encoded string, surrounded by decoding code. And when you decode that?
$_F=__FILE__;$_X="LyoqDQogKiBA...KCdPSycpOyB9IH0=";$_D=strrev('edoced_46esab');eval($_D($_X));
Look familiar? When you decode it one more time, it outputs code. But that code has also been altered, so that all the variable names are $_0e91566a8fd5270e1fde008c1f93b7c9
.
Every file in the plugin has been run through this obfuscator. It includes many files. So each file needs to be Base64 eval
ed and decoded three times.
"Needless to say," Rick writes, "I'll be removing it and looking for another extension."