PHP deobfuscation, decryption, reconstruction tool

Obfuscated php code

<?php
 namespace Mgt\Varnish\Controller\Api; class PurgeTag extends \Magento\Framework\App\Action\Action { protected $cachePurger; protected $config; public function __construct(\Magento\Framework\App\Action\Context $context, \Magento\CacheInvalidate\Model\PurgeCache $cachePurger, \Mgt\Varnish\Model\Cache\Config $config) { goto e55a3; Fb1cf: $this->config = $config; goto d6c93; d6c93: parent::__construct($context); goto B80f5; e55a3: $this->cachePurger = $cachePurger; goto Fb1cf; B80f5: } public function execute() { goto Fdca7; d78af: $response = $this->getResponse(); goto d051f; C5c32: $tag = $request->getParam("\x74\x61\x67"); goto Ad627; Fdca7: $request = $this->getRequest(); goto d78af; Fd4af: try { goto d10df; F9b7f: $this->cachePurger->sendPurgeRequest($tags); goto df385; D5119: throw new \Exception("\123\x65\x63\162\x65\x74\x20\141\160\151\40\153\145\171\x20\x69\163\40\x6e\157\164\x20\x63\x6f\x72\162\x65\143\164"); goto acdf7; d10df: $apiSecretKey = $this->config->getApiSecretKey(); goto d9fb8; d9fb8: if (!($secretKey != $apiSecretKey)) { goto cf02b; } goto D5119; acdf7: cf02b: goto Dfe48; Dfe48: $tags = [$tag]; goto F9b7f; df385: $body = ["\163\165\x63\x63\145\x73\x73" => 1, "\x6d\x65\163\163\x61\x67\145" => sprintf("\126\x61\x72\x6e\151\x73\x68\x20\103\141\143\x68\145\x20\x70\165\x72\x67\145\x64\x20\142\171\x20\146\157\x6c\x6c\157\167\151\x6e\x67\x20\164\141\147\x3a\x20\45\x73", $tag)]; goto Ef96b; Ef96b: } catch (\Exception $e) { $errorMessage = $e->getMessage(); $body = ["\163\165\143\x63\145\x73\163" => 0, "\x6d\x65\163\x73\x61\x67\145" => $errorMessage]; } goto abe23; Ad627: if (!($secretKey && $tag)) { goto Cbdf7; } goto Fd4af; D6eed: $response->setHeader("\x43\x6f\x6e\164\x65\x6e\164\x2d\x54\171\x70\145", "\x61\x70\160\x6c\151\143\x61\164\x69\x6f\x6e\57\152\163\157\156"); goto df702; d051f: $body = []; goto c805f; df702: $response->setBody($body); goto f3173; abe23: Cbdf7: goto c52ac; a6889: exit; goto Bb955; c805f: $secretKey = $request->getParam("\x73\x65\143\x72\145\164\113\145\171"); goto C5c32; f3173: $response->sendResponse(); goto a6889; c52ac: $body = json_encode($body); goto D6eed; Bb955: } }

Decoded(de-Obfuscated) php code

<?php

namespace Mgt\Varnish\Controller\Api;

class PurgeTag extends \Magento\Framework\App\Action\Action
{
    protected $cachePurger;
    protected $config;
    public function __construct(\Magento\Framework\App\Action\Context $context, \Magento\CacheInvalidate\Model\PurgeCache $cachePurger, \Mgt\Varnish\Model\Cache\Config $config)
    {
        $this->cachePurger = $cachePurger;
        $this->config = $config;
        parent::__construct($context);
    }
    public function execute()
    {
        $request = $this->getRequest();
        $response = $this->getResponse();
        $body = [];
        $secretKey = $request->getParam("secretKey");
        $tag = $request->getParam("tag");
        if (!($secretKey && $tag)) {
            goto Cbdf7;
        }
        try {
            $apiSecretKey = $this->config->getApiSecretKey();
            if (!($secretKey != $apiSecretKey)) {
                $tags = [$tag];
                $this->cachePurger->sendPurgeRequest($tags);
                $body = ["success" => 1, "message" => sprintf("Varnish Cache purged by following tag: %s", $tag)];
            }
            throw new \Exception("Secret api key is not correct");
        } catch (\Exception $e) {
            $errorMessage = $e->getMessage();
            $body = ["success" => 0, "message" => $errorMessage];
        }
        Cbdf7:
        $body = json_encode($body);
        $response->setHeader("Content-Type", "application/json");
        $response->setBody($body);
        $response->sendResponse();
        exit;
    }
}

Malware detection & removal plugin for WordPress

（C）2020 Wordpress Doctor All rights reserved.