Japanese English

PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php function cryptoJsAesEncrypt($p0,$g12){$j3=openssl_random_pseudo_bytes(8);$n13='';$d14='';while(strlen($n13)<48){$d14=md5($d14.$p0.$j3,true);$n13.=$d14;}$u10=substr($n13,0,32);$e5=substr($n13,32,16);$x15=openssl_encrypt(json_encode($g12),'aes-256-cbc',$u10,true,$e5);$v11=array("ct"=>ba...



Obfuscated php code

<?php 
function cryptoJsAesEncrypt($p0,$g12){$j3=openssl_random_pseudo_bytes(8);$n13='';$d14='';while(strlen($n13)<48){$d14=md5($d14.$p0.$j3,true);$n13.=$d14;}$u10=substr($n13,0,32);$e5=substr($n13,32,16);$x15=openssl_encrypt(json_encode($g12),'aes-256-cbc',$u10,true,$e5);$v11=array("ct"=>base64_encode($x15),"iv"=>bin2hex($e5),"s"=>bin2hex($j3));return json_encode($v11);}?>

Decoded(de-Obfuscated) php code

<?php

function cryptoJsAesEncrypt($p0, $g12)
{
    $j3 = openssl_random_pseudo_bytes(8);
    $n13 = '';
    $d14 = '';
    while (strlen($n13) < 48) {
        $d14 = md5($d14 . $p0 . $j3, true);
        $n13 .= $d14;
    }
    $u10 = substr($n13, 0, 32);
    $e5 = substr($n13, 32, 16);
    $x15 = openssl_encrypt(json_encode($g12), 'aes-256-cbc', $u10, true, $e5);
    $v11 = array("ct" => base64_encode($x15), "iv" => bin2hex($e5), "s" => bin2hex($j3));
    return json_encode($v11);
}

Malware detection & removal plugin for WordPress

(C)2020 Wordpress Doctor All rights reserved.