Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
include 'Assertion.php';
class SAML2SPResponse
{
private $assertions;
private $destination;
private $certificates;
private $signatureData;
public function __construct(DOMElement $l3 = NULL, $NI)
{
$this->assertions = array();
$this->certificates = array();
if (!($l3 === NULL)) {
goto PT1;
}
return;
PT1:
$rl = SAMLSPUtilities::validateElement($l3);
if (!($rl !== FALSE)) {
goto GoF;
}
$this->certificates = $rl["\x43\x65\x72\164\x69\146\151\143\x61\x74\145\x73"];
$this->signatureData = $rl;
GoF:
if (!$l3->hasAttribute("\x44\145\163\x74\x69\156\x61\x74\x69\157\x6e")) {
goto x58;
}
$this->destination = $l3->getAttribute("\x44\145\163\x74\x69\156\x61\x74\x69\157\156");
x58:
$Kp = $l3->firstChild;
pkH:
if (!($Kp !== NULL)) {
goto qlO;
}
if (!($Kp->namespaceURI !== "\x75\x72\156\x3a\x6f\141\163\151\163\72\156\141\155\145\x73\72\x74\143\72\x53\101\x4d\x4c\x3a\x32\56\60\x3a\x61\x73\x73\145\162\164\151\x6f\156")) {
goto lCJ;
}
goto QxD;
lCJ:
if (!($Kp->localName === "\x41\x73\163\145\162\164\151\x6f\156" || $Kp->localName === "\105\x6e\143\x72\x79\160\164\145\x64\x41\163\x73\145\162\x74\x69\x6f\x6e")) {
goto scq;
}
$this->assertions[] = new SAML2SPAssertion($Kp, $NI);
scq:
QxD:
$Kp = $Kp->nextSibling;
goto pkH;
qlO:
}
public function getAssertions()
{
return $this->assertions;
}
public function setAssertions(array $bK)
{
$this->assertions = $bK;
}
public function getDestination()
{
return $this->destination;
}
public function getCertificates()
{
return $this->certificates;
}
public function getSignatureData()
{
return $this->signatureData;
}
}<?php
include 'Assertion.php';
class SAML2SPResponse
{
private $assertions;
private $destination;
private $certificates;
private $signatureData;
public function __construct(DOMElement $l3 = NULL, $NI)
{
$this->assertions = array();
$this->certificates = array();
if (!($l3 === NULL)) {
$rl = SAMLSPUtilities::validateElement($l3);
if (!($rl !== FALSE)) {
goto GoF;
}
$this->certificates = $rl["Certificates"];
$this->signatureData = $rl;
GoF:
if (!$l3->hasAttribute("Destination")) {
goto x58;
}
$this->destination = $l3->getAttribute("Destination");
x58:
$Kp = $l3->firstChild;
pkH:
if (!($Kp !== NULL)) {
// [PHPDeobfuscator] Implied return
return;
}
if (!($Kp->namespaceURI !== "urn:oasis:names:tc:SAML:2.0:assertion")) {
if (!($Kp->localName === "Assertion" || $Kp->localName === "EncryptedAssertion")) {
goto scq;
}
$this->assertions[] = new SAML2SPAssertion($Kp, $NI);
// [PHPDeobfuscator] Implied goto
goto scq;
}
scq:
$Kp = $Kp->nextSibling;
goto pkH;
}
return;
}
public function getAssertions()
{
return $this->assertions;
}
public function setAssertions(array $bK)
{
$this->assertions = $bK;
}
public function getDestination()
{
return $this->destination;
}
public function getCertificates()
{
return $this->certificates;
}
public function getSignatureData()
{
return $this->signatureData;
}
}Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.