This document describes how to decode an obfuscated PHP web backdoor shell file to recover the original source code and encrypted password. It involves using URL decoding and string manipulation techniques to gradually decrypt encoded variables and eval statements within the PHP file. After multiple levels of decoding, the document recovers the password hash, which is identified using an online tool as the plaintext password "3cadev", allowing access to the backdoor shell. The process demonstrates how cyber criminals hide backdoor code and the steps security researchers take to decode obfuscated files.