Guide to decode based64 encrypted Wordpress theme

Why am I writing this guide?

I really didn’t expect my post “Decode base64 encrypted PHP WordPress Theme files” will draw so much attention and it seems like more and more people want me to help them decode their WordPress themes.  As everyone could see in the following comments at the end of the post, I really tried to help my readers to decode the theme files; however, with more and more of the emails coming in my inbox, I start to feel the stress.  It’s not that I am not willing to help any more; it’s because Rockia has his own life as well and he couldn’t spend so much time in doing the decoding over and over again.

There is one old Chinese saying that “Teach ones fishing is better than giving ones fish.”; in this post, I will organize what I know about and type them all out.  Hopefully you know how to fish rather than just getting the fish from me.

Why the theme creators want to encrypt the files?

The reason same as the invention of password — they have something inside that they don’t want the public to see, or at least not that obviously. However, according to what I’ve seen, most of the time is not the creators who encrypted the theme files; instead, it’s those who put the theme online and allow people download them without paying to the theme author. Why they want to do that? They do that just to include their links at the bottom of the theme and so they could successfully spread out the name and draw more traffic to their websites.

Is it legal to decode the themes?

It really depends on the agreement with the theme author.  As on my side, I am not suggesting people to decode the theme files if the author doesn’t allow you to.  I call myself a programmer too and I know how difficult to create a piece of art; if I encrypt the files I come up with, there must be a reason for it.  So before you decide to decode the theme files, please think about the hard work of the creators first.

The initial reason I started it is because I wanted to add a <div> to the theme and not removing the copyright info of the theme. So unless absolutely necessary, please keep the copyright info and give credits back to the author.

OK, let’s get started…

In order to make it as simple as possible, I am gonna tell you the most straight forward way to decode a theme.  OK, maybe the word “Decode” or “Decrypt” sounds too complicated, we can just say “restore” the file to what it should look like.

Before we gets into the hands-on, I want you to understand that however complicated the encrypted script it may look like, it has to be understandable by the server so that the server could output the correct code back to the client terminal machines.

If you look at the code carefully, you should find there is always a eval() function approaching the end of the file.

eval() returns NULL unless return is called in the evaluated code, in which case the value passed to return is returned. If there is a parse error in the evaluated code, eval() returns FALSE and execution of the following code continues normally.

In a simple sentence, eval() will evaluate the string and output all valid PHP code.  This is the very trick used by the theme creators.

The trick

OK, now we know that the encoded text is really some sort of PHP code in a string form.  How about output the string instead of excute it? If you have a little bit of PHP background, you should know the most basic function is the output function echo(). So if I want to echo() it instead of eval() it. We can just simply change the function.

Yes, THAT IS THE TRICK!!

Why I don’t see anything when I do that?

Well, if you are just testing the theme file in your PHP server, it might not work because some of the theme author will use some variables and functions to detect whether you are using the theme; so if you are just testing the footer.php or header.php, you might just see a blank page. My suggestion is go and test out the theme with the modified theme file.

And at this moment, you might see the theme got distorted a bit because  part of the website structure is not being executed; but I believe you could see the decoded text. If you want to see it better, check the source code.

Post Note:

In this guide, we don’t really need any online base64 decoder, just use what we have in hand is good enough to decode any theme files.  Recently I am busy with my school and work, otherwise I could use a theme to explain more step by step.  Even though I am writing this post to give you a handy tool to solve the puzzle yourself, if you have tough time understanding my guide or decoding it yourself, send me a message and I will try my best to help you out.