Japanese English

PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php namespace Mgt\Varnish\Model; use Laminas\Uri\Uri; class UrlQueue extends \Magento\Framework\Model\AbstractModel { const PRIORITY_HIGH = 1000; const PRIORITY_MEDIUM = 500; const PRIORITY_LOW = 100; protected $storeManager; protected $license; protected $licenseCache = []; public function __c...



Obfuscated php code

<?php
 namespace Mgt\Varnish\Model; use Laminas\Uri\Uri; class UrlQueue extends \Magento\Framework\Model\AbstractModel { const PRIORITY_HIGH = 1000; const PRIORITY_MEDIUM = 500; const PRIORITY_LOW = 100; protected $storeManager; protected $license; protected $licenseCache = []; public function __construct(\Magento\Framework\Model\Context $context, \Magento\Framework\Registry $registry, \Mgt\Varnish\Model\ResourceModel\UrlQueue $resource, \Magento\Store\Model\StoreManagerInterface $storeManager, \Mgt\Varnish\Model\License $license) { goto d1400; e885c: $this->license = $license; goto b66c2; d1400: parent::__construct($context, $registry, $resource); goto E4a9f; E4a9f: $this->storeManager = $storeManager; goto e885c; b66c2: } protected function _construct() { $this->_init("\x4d\147\164\134\x56\141\x72\x6e\151\x73\150\x5c\115\157\x64\145\x6c\134\122\145\x73\157\165\x72\x63\x65\115\157\x64\x65\x6c\134\x55\162\x6c\121\165\x65\165\x65"); } public function getId() { return parent::getData("\165\x72\154\137\x69\x64"); } public function addToQueue(array $urls) { goto Db209; a633e: $resource = $this->_getResource(); goto b3870; C3218: if (!$urls) { goto f51a0; } goto a633e; b3870: $resource->addToQueue($urls); goto bb9b4; Db209: $urls = $this->filterUrls($urls); goto C3218; bb9b4: f51a0: goto Dbfcf; Dbfcf: } protected function filterUrls(array $urls) { goto F0448; Bb6c7: return $filteredUrls; goto Ca374; cfa99: b385c: goto Bb6c7; F0448: $filteredUrls = []; goto Ece06; Ece06: foreach ($urls as $url) { goto C18db; C18db: $storeId = (int) $url["\163\164\157\162\x65\x5f\x69\144"]; goto Efd01; f0ef0: a6fb5: goto E03dd; f5836: $filteredUrls[] = $url; goto f0ef0; E03dd: Cfe52: goto c58bd; Efd01: $url["\160\x61\164\x68"] = ltrim($url["\160\141\x74\x68"], "\57"); goto c588f; e1751: if (!(true === $canAddUrlToQueue)) { goto a6fb5; } goto f5836; c588f: $canAddUrlToQueue = $this->canAddUrlToQueue($storeId); goto e1751; c58bd: } goto cfa99; Ca374: } protected function canAddUrlToQueue($storeId) { goto Bf500; F7bea: return true; goto A5f1e; E7d09: goto b4f24; goto d2ee2; b16c7: F7b8b: goto B363d; bd059: $store = $this->storeManager->getStore($storeId); goto c7acb; f2307: return $canAddUrlToQueue; goto D0361; D0361: Faeb0: goto e58aa; ecada: $host = $uri->getHost(); goto cdd86; f996a: if (true === $hasLicense) { goto Ad448; } goto E217a; cdd86: $hasLicense = $this->license->hasLicense($host); goto ff12c; B363d: $canAddUrlToQueue = $this->licenseCache[$storeId]; goto f2307; ba11e: goto Faeb0; goto b16c7; ff12c: $this->licenseCache[$storeId] = $hasLicense; goto f996a; c7acb: $uri = new Uri($store->getBaseUrl()); goto ecada; d2ee2: Ad448: goto F7bea; Bf500: if (isset($this->licenseCache[$storeId])) { goto F7b8b; } goto bd059; E217a: return false; goto E7d09; A5f1e: b4f24: goto ba11e; e58aa: } }

Decoded(de-Obfuscated) php code

<?php

namespace Mgt\Varnish\Model;

use Laminas\Uri\Uri;
class UrlQueue extends \Magento\Framework\Model\AbstractModel
{
    const PRIORITY_HIGH = 1000;
    const PRIORITY_MEDIUM = 500;
    const PRIORITY_LOW = 100;
    protected $storeManager;
    protected $license;
    protected $licenseCache = array();
    public function __construct(\Magento\Framework\Model\Context $context, \Magento\Framework\Registry $registry, \Mgt\Varnish\Model\ResourceModel\UrlQueue $resource, \Magento\Store\Model\StoreManagerInterface $storeManager, \Mgt\Varnish\Model\License $license)
    {
        parent::__construct($context, $registry, $resource);
        $this->storeManager = $storeManager;
        $this->license = $license;
    }
    protected function _construct()
    {
        $this->_init("Mgt\\Varnish\\Model\\ResourceModel\\UrlQueue");
    }
    public function getId()
    {
        return parent::getData("url_id");
    }
    public function addToQueue(array $urls)
    {
        $urls = $this->filterUrls($urls);
        if (!$urls) {
            goto f51a0;
        }
        $resource = $this->_getResource();
        $resource->addToQueue($urls);
        f51a0:
    }
    protected function filterUrls(array $urls)
    {
        $filteredUrls = [];
        foreach ($urls as $url) {
            $storeId = (int) $url["store_id"];
            $url["path"] = ltrim($url["path"], "/");
            $canAddUrlToQueue = $this->canAddUrlToQueue($storeId);
            if (!(true === $canAddUrlToQueue)) {
                goto a6fb5;
            }
            $filteredUrls[] = $url;
            a6fb5:
        }
        return $filteredUrls;
    }
    protected function canAddUrlToQueue($storeId)
    {
        if (isset($this->licenseCache[$storeId])) {
            $canAddUrlToQueue = $this->licenseCache[$storeId];
            return $canAddUrlToQueue;
        }
        $store = $this->storeManager->getStore($storeId);
        $uri = new Uri($store->getBaseUrl());
        $host = $uri->getHost();
        $hasLicense = $this->license->hasLicense($host);
        $this->licenseCache[$storeId] = $hasLicense;
        if (true === $hasLicense) {
            return true;
        }
        return false;
    }
}

Malware detection & removal plugin for WordPress

(C)2020 Wordpress Doctor All rights reserved.