PHPDeobfuscator
1.0.0
该DEOBFUSCATOR试图逆转应用于PHP源代码的常见混淆技术。
它是在PHP-Parser的帮助下在PHP中实施的。
1 + 2被3取代base64_decodeeval表达式$var1 = 10; $var2 = &$var1; $var2 = 20;可以确定$var1等于20 )PHP DeoBfuscator使用作曲家来管理其依赖性。确保首先安装作曲家。
在该项目的根部运行composer install以获取依赖关系。
php index.php [-f filename] [-t] [-o]
required arguments:
-f The obfuscated PHP file
optional arguments:
-t Dump the output node tree for debugging
-o Output comments next to each expression with the original code
DEOBFUSCAT的输出被打印到Stdout。
index.php输出一个简单的textarea,将php代码粘贴到。提交表单时打印了Deobfusated代码
<?php
eval ( base64_decode ( " ZWNobyAnSGVsbG8gV29ybGQnOwo= " )); <?php
eval /* PHPDeobfuscator eval output */ {
echo " Hello World " ;
}; <?
$ f = fopen ( __FILE__ , ' r ' );
$ str = fread ( $ f , 200 );
list (,, $ payload ) = explode ( ' ?> ' , $ str );
eval ( $ payload . '' );
?>
if ($doBadThing) {
evil_payload();
} <?php
$ f = fopen ( " /var/www/html/input.php " , ' r ' );
$ str = " <? n$ f = fopen(__FILE__, 'r'); n$ str = fread( $ f, 200); n list(,, $ payload) = explode('?>', $ str); n eval( $ payload . ''); n ?> n if ( $ doBadThing) { n evil_payload(); n } n" ;
list (, , $ payload ) = array ( 0 => " <? n$ f = fopen(__FILE__, 'r'); n$ str = fread( $ f, 200); n list(,, $ payload) = explode(' " , 1 => " ', $ str); n eval( $ payload . ''); n" , 2 => "n if ( $ doBadThing) { n evil_payload(); n } n" );
eval /* PHPDeobfuscator eval output */ {
if ( $ doBadThing ) {
evil_payload ();
}
};
?>
if ($doBadThing) {
evil_payload();
} <?php
$ x = ' y ' ;
$ $ x = 10 ;
echo $ y * 2 ; <?php
$ x = ' y ' ;
$ y = 10 ;
echo 20 ; <?php
goto label4;
label1:
func4 ();
exit ;
label2:
func3 ();
goto label1;
label3:
func2 ();
goto label2;
label4:
func1 ();
goto label3; <?php
func1 ();
func2 ();
func3 ();
func4 ();
exit ;
