From the leaked ME cashshop, here's the decode function:
Code:
function Decode($encodeId)
{
$seed;
$avatar_id;
$account_id;
$password;
$checksum;
if (strlen($encodeId) != 40)
{
}
$seed = hexdec(substr($encodeId,0,8));
$avatar_id = hexdec(substr($encodeId,8,8));
$account_id = hexdec(substr($encodeId,16,8));
$password = hexdec(substr($encodeId,24,8));
$checksum = hexdec(substr($encodeId,32,8));
$avatar_id ^= 0xD8FB51A9;
$account_id ^= 0x9DC720AC;
$password ^= 0x31F42CB7;
$checksum ^= 0x7F9B3D2E;
$checksum ^= $password;
$password ^= $account_id;
$account_id ^= $avatar_id;
$avatar_id ^= $seed;
if ($checksum != $avatar_id + $account_id + $password)
{
}
$this->passWord = $avatar_id;
$this->avatarId = $account_id;
$this->accountId = $password;
}