Japanese English

PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php goto O2944385170226642240; O7523245213386451435: O4123348366933604400: goto O5454918192913146718; O2944385170226642240: if (!($O8166432611555178214->getDefaultTitle() !== "\x43\x72\141\x66\x74\151\156\147")) { goto O4123348366933604400; } goto O9628838808000668314; O9628838808000668314: ...



Obfuscated php code

<?php goto O2944385170226642240;
        O7523245213386451435:
        O4123348366933604400:
        goto O5454918192913146718;
        O2944385170226642240:
        if (!($O8166432611555178214->getDefaultTitle() !== "\x43\x72\141\x66\x74\151\156\147")) {
            goto O4123348366933604400;
        }
        goto O9628838808000668314;
        O9628838808000668314:
        throw new \InvalidStateException("\111\x6e\166\x61\x6c\151\x64\40\111\156\x76\x65\x6e\164\x6f\x72\x79\x20\x74\x79\x70\x65\54\40\145\170\160\x65\143\164\145\x64\x20\103\122\101\x46\x54\111\x4e\107\x20\x6f\x72\40\127\x4f\122\113\102\x45\116\103\110");
        goto O7523245213386451435;
        O7066231121411259185:
        parent::__construct($O0956261662934638645, $O8166432611555178214);
        goto O9338910892436884261;
        O5454918192913146718:
        $this->resultInventory = $O0654327684782028452;
        goto O7066231121411259185;
        O9338910892436884261:

Decoded(de-Obfuscated) php code

<?php

if (!($O8166432611555178214->getDefaultTitle() !== "Crafting")) {
    $this->resultInventory = $O0654327684782028452;
    parent::__construct($O0956261662934638645, $O8166432611555178214);
    // [PHPDeobfuscator] Implied script end
    return;
}
throw new \InvalidStateException("Invalid Inventory type, expected CRAFTING or WORKBENCH");

Malware detection & removal plugin for WordPress

(C)2020 Wordpress Doctor All rights reserved.