Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
/* __________________________________________________
| Built by Clearly IP Inc. |
| on 2023-01-02 21:42:57 |
|__________________________________________________|
*/
namespace FreePBX\modules\Clearlysp\CIP\Clients; use SplFileObject; use GuzzleHttp\Client; class MMSClient { protected $acrobitsurl = "\150\164\x74\x70\x73\72\57\57\155\x6d\x6d\x73\147\56\141\143\x72\x6f\142\x69\x74\x73\56\156\145\164"; protected $client = null; public function __construct($url = '') { goto p0gml; AcXq5: $this->client = $client; goto sgfOr; SefmS: jfWYi: goto fgGfT; p0gml: if (empty($url)) { goto jfWYi; } goto rDa5Q; rDa5Q: $this->acrobitsurl = $url; goto SefmS; fgGfT: $client = new Client(array("\164\151\x6d\x65\157\165\x74" => 2.0)); goto AcXq5; sgfOr: } public function getClient() { return $this->client; } public function checkUpload($path) { goto EKDEq; StCGH: $response = $this->client->post($this->acrobitsurl, array("\152\x73\157\156" => array("\x63\157\x6e\x74\145\x6e\164\124\x79\160\x65" => $fileData["\164\171\160\x65"], "\x63\x6f\156\164\145\x6e\164\55\x73\x69\x7a\145" => $fileData["\163\x69\x7a\145"]))); goto IhJG5; IhJG5: return json_decode($response->getBody(), true); goto Wl6mV; EKDEq: $fileData = $this->getFileData($path); goto StCGH; Wl6mV: } public function pushUpload($path, $url, $encrypted = '', $key = '') { goto Dh6iM; k1icL: $withkey = false; goto ZwkA_; h7ynY: curl_setopt($curl, CURLOPT_BINARYTRANSFER, 1); goto m99M_; Y8Nq9: curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($fields)); goto A3mAV; BlFpW: goto luO2Y; goto ilRYy; TysDb: curl_close($curl); goto WXhTV; D1T_m: $withkey = true; goto uhXWP; j8RmA: $fields = array("\156\141\x6d\145" => "\146\151\x6c\145", "\x66\x69\154\145\x6e\141\155\x65" => $fileData["\x66\151\154\x65"]->getBasename()); goto yfe8x; rMOFL: M6IhM: goto SMS2X; m99M_: curl_setopt($curl, CURLOPT_URL, $url); goto ejbdI; tyHdr: $fileData = $this->getFileData($path); goto BcLAm; A3mAV: curl_setopt($curl, CURLOPT_HTTPHEADER, array("\x43\157\156\x74\145\156\164\55\x54\x79\160\145\72\40" . $fileData["\164\171\160\145"])); goto FfZsH; Ukq7k: curl_setopt($curl, CURLOPT_INFILESIZE, filesize($path)); goto Y8Nq9; SMS2X: $curl = curl_init(); goto s6iea; ilRYy: laMwr: goto D1T_m; BcLAm: if (!empty($encrypted) && is_file($encrypted)) { goto laMwr; } goto k1icL; yfe8x: if (!$withkey) { goto M6IhM; } goto wtdHv; YDevJ: TIDK2: goto TysDb; Dh6iM: $f = fopen($path, "\x72"); goto tyHdr; AlFTt: luO2Y: goto j8RmA; ejbdI: curl_setopt($curl, CURLOPT_PUT, 1); goto Rj5KU; WXhTV: return $key; goto YZa7z; liux6: dbug("\143\x75\162\154\105\x72\162\x6f\162", curl_error($curl)); goto YDevJ; ZwkA_: $f = fopen($path, "\162"); goto BlFpW; uhXWP: $f = fopen($encrypted, "\162"); goto AlFTt; QJqIn: curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); goto h7ynY; Yap11: curl_setopt($curl, CURLOPT_HEADER, false); goto QJqIn; s6iea: curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2); goto Yap11; FfZsH: $result = curl_exec($curl); goto E1H8P; E1H8P: if (!($result === false)) { goto TIDK2; } goto liux6; Rj5KU: curl_setopt($curl, CURLOPT_INFILE, $f); goto Ukq7k; wtdHv: $fields["\x65\x6e\143\x72\x79\x70\164\151\157\x6e\55\x6b\x65\171"] = $key; goto rMOFL; YZa7z: } public function getFileData($path) { $file = new SplFileObject($path); return array("\146\x69\x6c\145" => $file, "\163\151\172\145" => $file->getSize(), "\x74\x79\x70\145" => mime_content_type($path)); } }<?php
/* __________________________________________________
| Built by Clearly IP Inc. |
| on 2023-01-02 21:42:57 |
|__________________________________________________|
*/
namespace FreePBX\modules\Clearlysp\CIP\Clients;
use SplFileObject;
use GuzzleHttp\Client;
class MMSClient
{
protected $acrobitsurl = "https://mmmsg.acrobits.net";
protected $client = null;
public function __construct($url = '')
{
if (empty($url)) {
goto jfWYi;
}
$this->acrobitsurl = $url;
jfWYi:
$client = new Client(array("timeout" => 2.0));
$this->client = $client;
}
public function getClient()
{
return $this->client;
}
public function checkUpload($path)
{
$fileData = $this->getFileData($path);
$response = $this->client->post($this->acrobitsurl, array("json" => array("contentType" => $fileData["type"], "content-size" => $fileData["size"])));
return json_decode($response->getBody(), true);
}
public function pushUpload($path, $url, $encrypted = '', $key = '')
{
$f = fopen($path, "r");
$fileData = $this->getFileData($path);
if (!empty($encrypted) && is_file($encrypted)) {
$withkey = true;
$f = fopen($encrypted, "r");
goto AlFTt;
}
$withkey = false;
$f = fopen($path, "r");
AlFTt:
$fields = array("name" => "file", "filename" => $fileData["file"]->getBasename());
if (!$withkey) {
goto M6IhM;
}
$fields["encryption-key"] = $key;
M6IhM:
$curl = curl_init();
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_PUT, 1);
curl_setopt($curl, CURLOPT_INFILE, $f);
curl_setopt($curl, CURLOPT_INFILESIZE, filesize($path));
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($fields));
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: " . $fileData["type"]));
$result = curl_exec($curl);
if (!($result === false)) {
goto TIDK2;
}
dbug("curlError", curl_error($curl));
TIDK2:
curl_close($curl);
return $key;
}
public function getFileData($path)
{
$file = new SplFileObject($path);
return array("file" => $file, "size" => $file->getSize(), "type" => mime_content_type($path));
}
}Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.