Japanese English

PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php function ht_substart($subno,$sno,$val,$val2,$sel,$mes) { global $svcmode; global $ht_jump_cur; if ($svcmode["service_debug"] == 1) { echo_msg(2,"cur : $ht_jump_cur subno : $subno sno : $sno sel : $sel [$mes]"); if (is_array($val)) { ht_print_r($val,"val"); ht_print_r($val2,"val2"); } else {...



Obfuscated php code

<?php function ht_substart($subno,$sno,$val,$val2,$sel,$mes) {
global $svcmode;
global $ht_jump_cur;
if ($svcmode["service_debug"] == 1) { echo_msg(2,"cur : $ht_jump_cur  subno : $subno  sno : $sno  sel : $sel [$mes]");
if (is_array($val)) { ht_print_r($val,"val");
ht_print_r($val2,"val2");
} else { echo_msg(2,"val : $val  val2 : $val2");
} msgx("<hr>");
}
}

Decoded(de-Obfuscated) php code

<?php

function ht_substart($subno, $sno, $val, $val2, $sel, $mes)
{
    global $svcmode;
    global $ht_jump_cur;
    if ($svcmode["service_debug"] == 1) {
        echo_msg(2, "cur : {$ht_jump_cur}  subno : {$subno}  sno : {$sno}  sel : {$sel} [{$mes}]");
        if (is_array($val)) {
            ht_print_r($val, "val");
            ht_print_r($val2, "val2");
        } else {
            echo_msg(2, "val : {$val}  val2 : {$val2}");
        }
        msgx("<hr>");
    }
}

Malware detection & removal plugin for WordPress

(C)2020 Wordpress Doctor All rights reserved.