PHP deobfuscation, decryption, reconstruction tool

Obfuscated php code

<?php
 namespace Mgt\Varnish\Model; class License { const MODULE_NAME = "\x4d\147\164\137\126\141\162\x6e\x69\x73\150"; protected $dirReader; protected $domains = []; public function __construct() { $objectManager = $this->getObjectManager(); $this->dirReader = $objectManager->get("\134\x4d\141\147\x65\156\164\x6f\x5c\x46\x72\x61\x6d\145\x77\x6f\x72\x6b\134\115\x6f\x64\165\x6c\145\134\x44\151\162\x5c\x52\x65\x61\144\x65\x72"); } public function hasLicense($currentHost) { goto e4522; Ec5de: $expireDate = new \Zend_Date(); goto d684c; A0c55: $isHostValid = $this->_isHostValid($currentHost, $license["\144\x6f\155\x61\x69\156\x73"]); goto e8b67; e8b67: if (!(is_array($license) && $license["\x6d\x6f\x64\x75\154\x65"] == self::MODULE_NAME && $isHostValid && (!$license["\145\x78\160\x69\x72\145\104\141\x74\145"] || $license["\145\170\160\151\162\x65\104\141\164\x65"] && $expireDate->isLater(Zend_Date::now())))) { goto f766f; } goto Fdb76; c7af6: $today = new \DateTime(); goto Cf94f; A0fd2: eval(gzinflate(base64_decode(file_get_contents($licenseFile)))); goto b0a00; d684c: $expireDate->setTimestamp($license["\145\x78\x70\151\x72\x65\x44\x61\x74\145"]); goto a75b9; a76bf: return $hasLicense; goto E93ac; Fdb76: $hasLicense = true; goto b18c7; e4522: $hasLicense = false; goto dda45; Cf94f: if (!(isset($license["\x65\170\x70\151\x72\x65\x44\x61\164\x65"]) && $license["\x65\170\160\151\x72\x65\104\141\164\145"])) { goto Ca531; } goto Ec5de; a75b9: Ca531: goto A0c55; deb25: if (!(true === file_exists($licenseFile))) { goto E9d99; } goto A0fd2; b0a00: $currentHost = str_replace("\x77\167\x77\x2e", '', $currentHost); goto c7af6; Aa1ed: E9d99: goto a76bf; dda45: $licenseFile = $this->dirReader->getModuleDir('', self::MODULE_NAME) . "\57\x6c\x69\x63\145\x6e\x73\145\56\x6d\147\164"; goto deb25; b18c7: f766f: goto Aa1ed; E93ac: } protected function _isHostValid($currentHost, array $domains) { goto F0fc6; Edd99: foreach ($domains as $domain) { goto e9c49; Ac936: De926: goto dae8b; e9c49: if (!strstr($currentHost, $domain)) { goto De926; } goto e927b; e927b: $isHostValid = true; goto c8d86; dae8b: Ae1af: goto B93c5; c8d86: goto A2f48; goto Ac936; B93c5: } goto D2302; F0fc6: $isHostValid = false; goto Edd99; D43d6: return $isHostValid; goto Fbe6b; D2302: A2f48: goto D43d6; Fbe6b: } public function getDomains() { goto Ab33d; B4d97: fc4c2: goto a190a; F5ea4: if (!(isset($license["\144\x6f\155\x61\151\156\x73"]) && $license["\144\157\155\141\151\x6e\x73"])) { goto A4d8b; } goto a798b; Dc134: $licenseFile = $this->dirReader->getModuleDir('', self::MODULE_NAME) . "\57\x6c\x69\143\x65\x6e\163\145\56\x6d\147\164"; goto d8e41; a190a: return $domains; goto f512b; d07f7: eval(gzinflate(base64_decode(file_get_contents($licenseFile)))); goto F5ea4; Ab33d: $domains = []; goto Dc134; d8e41: if (!(true === file_exists($licenseFile))) { goto fc4c2; } goto d07f7; a798b: $domains = $license["\x64\157\x6d\141\x69\x6e\163"]; goto ff79f; ff79f: A4d8b: goto B4d97; f512b: } protected function getObjectManager() { $objectManager = \Magento\Framework\App\ObjectManager::getInstance(); return $objectManager; } }

Decoded(de-Obfuscated) php code

<?php

namespace Mgt\Varnish\Model;

class License
{
    const MODULE_NAME = "Mgt_Varnish";
    protected $dirReader;
    protected $domains = array();
    public function __construct()
    {
        $objectManager = $this->getObjectManager();
        $this->dirReader = $objectManager->get("\\Magento\\Framework\\Module\\Dir\\Reader");
    }
    public function hasLicense($currentHost)
    {
        $hasLicense = false;
        $licenseFile = $this->dirReader->getModuleDir('', self::MODULE_NAME) . "/license.mgt";
        if (!(true === file_exists($licenseFile))) {
            goto E9d99;
        }
        eval(gzinflate(base64_decode(file_get_contents($licenseFile))));
        $currentHost = str_replace("www.", '', $currentHost);
        $today = new \DateTime();
        if (!(isset($license["expireDate"]) && $license["expireDate"])) {
            goto Ca531;
        }
        $expireDate = new \Zend_Date();
        $expireDate->setTimestamp($license["expireDate"]);
        Ca531:
        $isHostValid = $this->_isHostValid($currentHost, $license["domains"]);
        if (!(is_array($license) && $license["module"] == self::MODULE_NAME && $isHostValid && (!$license["expireDate"] || $license["expireDate"] && $expireDate->isLater(Zend_Date::now())))) {
            goto f766f;
        }
        $hasLicense = true;
        f766f:
        E9d99:
        return $hasLicense;
    }
    protected function _isHostValid($currentHost, array $domains)
    {
        $isHostValid = false;
        foreach ($domains as $domain) {
            if (!strstr($currentHost, $domain)) {
            }
            $isHostValid = true;
            goto A2f48;
        }
        A2f48:
        return $isHostValid;
    }
    public function getDomains()
    {
        $domains = [];
        $licenseFile = $this->dirReader->getModuleDir('', self::MODULE_NAME) . "/license.mgt";
        if (!(true === file_exists($licenseFile))) {
            goto fc4c2;
        }
        eval(gzinflate(base64_decode(file_get_contents($licenseFile))));
        if (!(isset($license["domains"]) && $license["domains"])) {
            goto A4d8b;
        }
        $domains = $license["domains"];
        A4d8b:
        fc4c2:
        return $domains;
    }
    protected function getObjectManager()
    {
        $objectManager = \Magento\Framework\App\ObjectManager::getInstance();
        return $objectManager;
    }
}

Malware detection & removal plugin for WordPress

（C）2020 Wordpress Doctor All rights reserved.