Obfuscated PHP Backdoor

Hi, I recently found a malicious PHP code [ LINK ] injected in some webpages, I tried to formate and deobfuscate it and understand how it works, It seems that is using Cookies to execute PHP code (Cookie: cipher=serialized+encrypted PHP code), I just want to know how they are making this kind of backdoors and how to generate this Cookie.

function cs_decrypt_phase($data, $key)
    $out_data = "";

    for ($i = 0; $i < strlen($data);) {
        for ($j = 0; $j < strlen($key) && $i < strlen($data); $j++, $i++) {
            $out_data .= chr(ord($data[$i]) ^ ord($key[$j]));

    return $out_data;

This a readable function to decrypt it.

Hi i had the same code injected in one of my webpage. Do you have more information on how the code works?