diff --git a/encoder/firewall.php b/encoder/firewall.php
index 090c66f..1b0c13f 100644
--- a/encoder/firewall.php
+++ b/encoder/firewall.php
@@ -106,7 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         padding: 14px;
         border-radius: 8px;
         border: 1px solid #ccc;
-        font-size: 17px;
+        font-size: 13px;
         line-height: 1.5;
         resize: vertical;
     }
@@ -184,7 +184,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                         <label>Port <?= htmlspecialchars($port) ?></label>
                         <textarea
                             name="port_<?= $port ?>"
-                            rows="3"
+                            rows="2"
                             placeholder="IPv4, IPv6 (comma separated)"><?= htmlspecialchars($value) ?></textarea>
 
                         <small>Example: 192.168.1.10/24, 2001:db8::1</small>
diff --git a/encoder/firmware.php b/encoder/firmware.php
index a8d0e2b..f27780b 100755
--- a/encoder/firmware.php
+++ b/encoder/firmware.php
@@ -93,11 +93,72 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $restoreDir = __DIR__ . '/var/www/encoder/';
             $tmpZip     = sys_get_temp_dir() . '/restore.zip';
 
-            $privateKey = file_get_contents('/var/www/backup_private.pem');
+            $upload = $_FILES['shree_bhattji_encoder'];
 
-            if (!file_exists($inputFile)) {
-                die("Backup file not found\n");
+            if ($upload['error'] !== UPLOAD_ERR_OK) {
+                die('Upload failed');
             }
+
+            if (pathinfo($upload['name'], PATHINFO_EXTENSION) !== 'bin') {
+                die('Invalid file type');
+            }
+
+            $privateKeyPem = file_get_contents('/var/www/backup_private.pem');
+            if (!$privateKeyPem) {
+                die('Private key not found');
+            }
+
+            $privateKey = openssl_pkey_get_private($privateKeyPem);
+            if (!$privateKey) {
+                die('Invalid private key');
+            }
+
+            $payloadRaw = file_get_contents($upload['tmp_name']);
+            $payload    = json_decode($payloadRaw, true);
+
+            if (
+                !is_array($payload)
+                || !isset($payload['key'], $payload['iv'], $payload['data'])
+            ) {
+                die('Invalid backup file format');
+            }
+
+            $encryptedKey  = base64_decode($payload['key'], true);
+            $iv            = base64_decode($payload['iv'], true);
+            $encryptedData = base64_decode($payload['data'], true);
+
+            if ($encryptedKey === false || $iv === false || $encryptedData === false) {
+                die('Corrupt backup data');
+            }
+
+            if (!openssl_private_decrypt($encryptedKey, $aesKey, $privateKey)) {
+                die('Key mismatch or wrong private key');
+            }
+
+            $zipBinary = openssl_decrypt(
+                $encryptedData,
+                'AES-256-CBC',
+                $aesKey,
+                OPENSSL_RAW_DATA,
+                $iv
+            );
+
+            if ($zipBinary === false) {
+                die('Failed to decrypt data');
+            }
+            $tmpZip = sys_get_temp_dir() . '/restore_' . uniqid() . '.zip';
+            file_put_contents($tmpZip, $zipBinary);
+
+            $zip = new ZipArchive();
+            if ($zip->open($tmpZip) !== true) {
+                unlink($tmpZip);
+                die('Invalid ZIP archive');
+            }
+
+            $zip->extractTo(__DIR__);   // overwrites existing JSON
+            $zip->close();
+
+            unlink($tmpZip);
             break;
     }
 }
@@ -136,7 +197,7 @@ include 'header.php';
                 <label>Select restore file (.bin only):</label><br><br>
 
                 <input type="file"
-                    name="shree_bhattji_encoder.bin"
+                    name="shree_bhattji_encoder"
                     accept=".bin"
                     required><br><br>