A light challenge: Can you describe what this PHP code does?

I was writing things for fun yesterday and i made this peace of code. It it does one simple and dangerous task (kidding, thats not so dangerous, you can run it on you computer and see what happens).

So, the challenge is: can you describe what this code is really doing? Can you shine a light on it describing as many steps as possible?

<?php $§=(rawurldecode('%24__%3D%5B%22%3D%22%2C%22s%22%2C%22T%22%2C%22K%22%2C%22f%22%2C%22R%22%2C%22C%22%2C%22K%22%2C%22r%22%2C%225%22%2C%22W%22%2C%22a%22%2C%22s%22%2C%225%22%2C%22W%22%2C%22d%22%5D%3B'));assert($§);$_=__FILE__;assert(base64_decode(strrev(implode($__))));

you can use ctrl+c + v, or use the string version below:

<?php $§=(rawurldecode('%24__%3D%5B%22%3D%22%2C%22s%22%2C%22T%22%2C%22K%22%2C%22f%22%2C%22R%22%2C%22C%22%2C%22K%22%2C%22r%22%2C%225%22%2C%22W%22%2C%22a%22%2C%22s%22%2C%225%22%2C%22W%22%2C%22d%22%5D%3B'));assert($§);$_=__FILE__;assert(base64_decode(strrev(implode($__))));

Is not big deal, but its not that easy too. Experienced developers maybe can find the answer fast, but i believe that can be specially fun to beginners.

Comments

[kip]

The code doesnt work in >= 7.2 versions.

The key here is assert, why ?

If the assertion is given as a string it will be evaluated as PHP code by assert().

With this in mind we can get the light to understand the behavior...

The argument to rawurldecode is just a variable declaration with an array as value:

'$__=["=","s","T","K","f","R","C","K","r","5","W","a","s","5","W","d"];'

But what is the content of the array ? Well, if you read the last statement you could get the answer...

Keep in mind we have the $__ declared, remember assert, so:

>>> $imploded = implode(["=","s","T","K","f","R","C","K","r","5","W","a","s","5","W","d"])
=> "=sTKfRCKr5Was5Wd"
>>> $reversed = strrev($imploded)
=> "dW5saW5rKCRfKTs="
>>> base64_decode($reversed)
=> "unlink($_);"
>>>

Yes, is a line of code, a call to unlink with $_ as parameter, but what is the value of $_ ?

$_=__FILE__

So you got it, the code delete the file where the code is called.

[Felippe Regazio]

uowww exactly what is happening. kip, you rock! : )

[Felippe Regazio]

about the assert() and 7.2 v. thats true, but using eval() would turn the code lesser funny.
do you have any suggestion?

[Lautaro Lobo]

Thanks kip, I just read the array, and that's it, couldn't figure out what the other functs were doing... I'm a newbie on PHP hehe

[Felippe Regazio]

ANSWER: Here is a repository with this code, and a file called "decode.php" explaining it line by line, (or you can read Kip's answer on this post which is a perfect explanation about what is happening).

github.com/felippe-regazio/php-har...