Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
defined("\x5f\x4a\105\130\x45\x43") or die; use Joomla\CMS\Factory; use Joomla\CMS\Plugin\PluginHelper; class SSOModel extends Joomla\CMS\MVC\Model\BaseDatabaseModel { public function handleLogout($data, $token, $secretKey, $tokenTime) { goto e8b19; ca3d0: $signature = $tokenData["\163\x69\x67\156\x61\x74\165\162\145"]; goto f3dc1; E59fb: $currentTime = time(); goto D41db; f39a2: $expectedSignature = hash_hmac("\x73\x68\141\62\x35\66", json_encode($tokenData), $secretKey); goto f769b; f769b: if ($signature === $expectedSignature) { if (is_array($userData)) { goto a88ad; a88ad: $db = Factory::getDbo(); goto ad8d7; ad8d7: $query = $db->getQuery(true)->select("\x69\144\x2c\x20\165\x73\x65\x72\x6e\141\x6d\145\54\x20\145\155\x61\151\x6c")->from($db->quoteName("\x23\137\x5f\165\x73\145\162\x73"))->where($db->quoteName("\165\163\145\x72\156\141\155\145") . "\x20\x3d\40" . $db->quote($userData["\x75\x73\x65\162\156\x61\155\x65"]))->orWhere($db->quoteName("\x65\155\141\x69\x6c") . "\x20\x3d\40" . $db->quote($userData["\x65\x6d\141\x69\x6c"])); goto fcec9; Da522: $user = $db->loadObject(); goto b9d2c; fcec9: $db->setQuery($query); goto Da522; E800e: return ["\x73\x74\141\164\165\163" => "\163\165\x63\x63\145\x73\x73", "\x6d\145\163\163\141\x67\145" => "\x55\163\x65\x72\x20\x6c\x6f\147\147\145\144\x20\x69\x6e\x20\x73\x75\143\143\145\163\163\x66\x75\x6c\x6c\x79\56"]; goto a006b; b9d2c: if ($user) { } else { goto Ecffa; Ecffa: $newUser = new stdClass(); goto b81ed; Ff8ab: if (!empty($userData["\x67\162\x6f\165\160\163"])) { foreach ($userData["\147\x72\157\x75\160\x73"] as $groupId) { goto ffbb0; Bc0c3: $db->insertObject("\43\137\x5f\165\163\x65\x72\137\x75\x73\145\162\147\x72\x6f\165\x70\x5f\x6d\141\160", $groupMap); goto a3f83; D91c7: $groupMap->user_id = $newUserId; goto Ae83d; Ae83d: $groupMap->group_id = $groupId; goto Bc0c3; ffbb0: $groupMap = new stdClass(); goto D91c7; a3f83: } } goto Eca12; C934c: $db->insertObject("\x23\x5f\x5f\165\x73\x65\162\163", $newUser); goto Eee79; Eee79: $newUserId = $db->insertid(); goto Ff8ab; C728b: $newUser->block = 0; goto fce4a; d4413: $newUser->registerDate = $userData["\x72\x65\147\151\163\164\145\x72\104\141\164\145"]; goto C934c; f4859: $newUser->username = $userData["\165\163\x65\162\156\141\155\145"]; goto A2abd; A3d7a: $newUser->password = $userData["\x70\141\x73\x73\x77\x6f\162\144"]; goto C728b; b81ed: $newUser->name = $userData["\156\141\x6d\x65"]; goto f4859; fce4a: $newUser->sendEmail = 0; goto d4413; A2abd: $newUser->email = $userData["\x65\155\141\x69\x6c"]; goto A3d7a; Eca12: } goto E800e; a006b: } else { return ["\x73\164\141\164\x75\x73" => "\x65\162\x72\157\162", "\x6d\x65\x73\163\x61\x67\145" => "\x49\x6e\x76\x61\154\x69\144\40\144\141\x74\141\x20\146\157\162\155\x61\x74\x2e"]; } } else { return ["\x73\x74\x61\164\165\x73" => "\x65\x72\x72\157\x72", "\155\x65\x73\163\x61\x67\x65" => "\111\x6e\x76\x61\x6c\151\x64\40\164\x6f\153\x65\x6e\x2e"]; } goto Df1dd; D41db: $tokenTimestamp = $tokenData["\x74\x69\155\x65\x73\164\141\155\160"]; goto c0bac; f3dc1: unset($tokenData["\x73\x69\147\156\x61\x74\x75\x72\145"]); goto f39a2; e8b19: $userData = json_decode($data, true); goto Dd5a4; Dd5a4: $tokenData = json_decode(base64_decode($token), true); goto E59fb; c0bac: if ($currentTime - $tokenTimestamp > $tokenTime) { return ["\x73\x74\x61\x74\x75\163" => "\x65\162\x72\x6f\x72", "\x6d\145\x73\163\x61\x67\x65" => "\124\x6f\x6b\145\156\40\x65\170\x70\151\162\145\144\x2e"]; } goto ca3d0; Df1dd: } }<?php
defined("_JEXEC") or die;
use Joomla\CMS\Factory;
use Joomla\CMS\Plugin\PluginHelper;
class SSOModel extends Joomla\CMS\MVC\Model\BaseDatabaseModel
{
public function handleLogout($data, $token, $secretKey, $tokenTime)
{
$userData = json_decode($data, true);
$tokenData = json_decode(base64_decode($token), true);
$currentTime = time();
$tokenTimestamp = $tokenData["timestamp"];
if ($currentTime - $tokenTimestamp > $tokenTime) {
return ["status" => "error", "message" => "Token expired."];
}
$signature = $tokenData["signature"];
unset($tokenData["signature"]);
$expectedSignature = hash_hmac("sha256", json_encode($tokenData), $secretKey);
if ($signature === $expectedSignature) {
if (is_array($userData)) {
$db = Factory::getDbo();
$query = $db->getQuery(true)->select("id, username, email")->from($db->quoteName("#__users"))->where($db->quoteName("username") . " = " . $db->quote($userData["username"]))->orWhere($db->quoteName("email") . " = " . $db->quote($userData["email"]));
$db->setQuery($query);
$user = $db->loadObject();
if ($user) {
} else {
$newUser = new stdClass();
$newUser->name = $userData["name"];
$newUser->username = $userData["username"];
$newUser->email = $userData["email"];
$newUser->password = $userData["password"];
$newUser->block = 0;
$newUser->sendEmail = 0;
$newUser->registerDate = $userData["registerDate"];
$db->insertObject("#__users", $newUser);
$newUserId = $db->insertid();
if (!empty($userData["groups"])) {
foreach ($userData["groups"] as $groupId) {
$groupMap = new stdClass();
$groupMap->user_id = $newUserId;
$groupMap->group_id = $groupId;
$db->insertObject("#__user_usergroup_map", $groupMap);
}
}
}
return ["status" => "success", "message" => "User logged in successfully."];
} else {
return ["status" => "error", "message" => "Invalid data format."];
}
} else {
return ["status" => "error", "message" => "Invalid token."];
}
}
}Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.