Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
$DS = DIRECTORY_SEPARATOR; $curdir = dirname(__FILE__).$DS; $playdir = $curdir; $base0 = realpath($curdir."../../"); $base = $base0.$DS; $scrdir = $base."script/"; require_once($scrdir."rf_gateway.php"); require_once($scrdir."rf_gateway_def.php"); require_once($scrdir."rf_gateway_ext.php"); require_once($scrdir."rf_sub_win.php"); require_once($scrdir."rf_sub_lnx.php"); require_once($scrdir."rf_sub_osx.php"); require_once($scrdir."rf_job_lnx.php"); require_once($scrdir."rf_job_osx.php"); require_once($scrdir."rf_common.php"); require_once($scrdir."rf_common02.php"); require_once($scrdir."rf_common03.php"); require_once($scrdir."rf_common04.php"); require_once($scrdir."rf_common05.php"); require_once($scrdir."rf_common06.php"); require_once($scrdir."rf_common07.php"); require_once($scrdir."rf_echo.php"); require_once($scrdir."rf_premium.php"); require_once($scrdir."rf_clear.php"); require_once($scrdir."rf_keyword.php"); require_once($scrdir."rf_live.php"); require_once($scrdir."config_ini.php"); require_once($scrdir."config.php"); $config_ver = file_get_contents($scrdir."config.dat",false,null,0,2); require_once($scrdir."config_sys_$config_ver.php"); require_once($playdir."rfplay_config.php"); require_once($playdir."rfplay_menu.php"); require_once($scrdir."rf_menu_sub.php"); require_once($scrdir."rf_reserve.php"); require_once($scrdir."rf_radiko.php"); require_once($scrdir."rf_radiko2.php"); require_once($scrdir."rf_radiko3.php"); require_once($scrdir."rf_radiru.php"); require_once($scrdir."rf_ondemand.php"); $ver = "2022.02.17"; $radiko_today_disp_dur = 6 * 60 * 60; $radiru_today_disp_dur = 6 * 60 * 60; $auth_life_time = 300; $auth_life_time2 = 300; $auth_life_time3 = 300; $menu_xml= $playdir."rfplay_menu.xml"; $radiruareafile = $tmpdir."rfplay_radiruarea"; $premium = 0; $dmy = " "; date_default_timezone_set('Asia/Tokyo'); $log_errors_fn = "rfriends_log_errors.log"; ini_set("error_log", $logdir.$log_errors_fn); ini_set("display_errors", $rf_display_errors); ini_set("error_reporting", $rf_error_reporting); ini_set("log_errors", $rf_log_errors); rf_ext_set(); dir_init(0); copy_newkw(0); copy_newkwzip(0); rfgw_init_editor(); $ret = rf_wget_proxy(); $wget_opt_https_proxy = $ret[0]; $wget_opt_proxy_user = $ret[1]; $wget_opt_proxy_pass = $ret[2]; $keyword = get_all_keyword(); if ($radiko_auth_mode == 2 || $radiko_auth_mode == 3) { $premium = 0; } $fn = $tmpdir.$cleanlog_fn; $flg = check_cleanlog($fn); if ($flg == 1) { rf_batsh_rec($ex_clean, 0, 1, 1, ""); } if ($radiko_auth_mode == 3 && !file_exists($radiko_auth_mode3_dat)) { $ret = rfplay_radiko_area(); if ($ret === false) { echo_msg(2,"error set area"); fin_unlink($radiko_auth_mode3_dat); exit (1); } } $mn_mode = 0; $ui_mode = 0; if ($argc > 1) { $para = rf_para_check($argv[1]); $mn_mode = $para[0]; $ui_mode = $para[1]; if ($para[2] > 0) $scr_height = $para[2]; if ($para[3] > 0) $scr_width = $para[3]; } if (get_rfriends_exeos() != "LNX") { $ui_mode = 0; } if ($scr_height < 20) $scr_height = 20; if ($scr_height > 100) $scr_height = 100; if ($scr_width < 40) $scr_width = 40; if ($scr_width > 200) $scr_width = 200; $wt_ymax = $scr_height - 1; $wt_yadd = 7; $wt_xmax = $scr_width - 2; $wt_xadd = 4; $ip = gethostbyname($radiko_host); if ($ip == $playerurl) { $ui_mode = 0; echo_msg(2, ""); echo_msg(2, "$radiko_host"); echo_msg(2, "---- ネットワークに接続できません ---"); echo_msg(2, "---- 接続を確認してください ---"); echo_msg(2, ""); echo_msg(2, "rfriendsを終了します。"); echo_fin(1); exit(1); } else { } $ret = rf_net_init(); $rftitile = ""; $rfsubtitle = array(); $rfmenu = array(); $ttl_no = array(); $msg_level = 2; $radiru_main_station = rf_get_radiru_main_station(0); $radiru_area_1 = rf_get_radiru_main_station(1); $hname = $rfriends_name; $hname_esc = $rfriends_name_esc; if ($hname == '') { if (($hname = gethostname()) === false) { $hname = ''; } } if ($hname_esc != '') { $hname_esc = str_replace('\e',"\e",$hname_esc,$esccnt); if ($esccnt == 0) { $hname_esc = ''; } } if ($hname_esc == '') { $rfname = "[$hname] "; } else { $rfname = "[".$hname_esc.$hname."\e[0m"."] "; } $xml = file_get_contents($menu_xml); $obj = simplexml_load_string($xml); $json = json_encode($obj); $rf_define = json_decode($json,TRUE); $menudef = $rf_define['menu']; $menudefmax = count_73($menudef); $rpt = 1; while ($rpt == 1) { $ttl_no[0] = 1; $rf_stp = 0; $ans = rf_first_menu(); if ($ans == "") { break; } if ($ans == "x" || $ans == "X") { $rf_stp = 1; break; } if (rfmenu_check_range($ans,1,$menudefmax) === false) { break; } $ttl_no[0] = 1; $ttl_no[1] = $ans; $ttl_mes[1] = $menudef[$ans-1]['title']; $m = $menudef[$ans-1]['sub']['menu']; if (array_key_exists('title',$m)) { $menudef_s[0] = $m; } else { $menudef_s = $m; } $menudef_s_max = count_73($menudef_s); $ans2 = rf_second_menu($ans); if ($ans2 == "") { break; } if ($ans2 < 1 || $ans2 > $menudef_s_max) { break; } $ttl_no[0] = 2; $ttl_no[2] = $ans2; $ttl_mes[2] = $menudef_s[$ans2-1]['title']; $menudef_t = $menudef_s[$ans2 -1]; $ret = rf_third_menu($ans,$ans2); $rf_stp = $ret; break; } echo_fin($rf_stp); exit($rf_stp);<?php
$DS = DIRECTORY_SEPARATOR;
$curdir = "/var/www/htmlDIRECTORY_SEPARATOR";
$playdir = $curdir;
$base0 = realpath("/var/www/htmlDIRECTORY_SEPARATOR../../");
$base = $base0 . $DS;
$scrdir = $base . "script/";
require_once $scrdir . "rf_gateway.php";
require_once $scrdir . "rf_gateway_def.php";
require_once $scrdir . "rf_gateway_ext.php";
require_once $scrdir . "rf_sub_win.php";
require_once $scrdir . "rf_sub_lnx.php";
require_once $scrdir . "rf_sub_osx.php";
require_once $scrdir . "rf_job_lnx.php";
require_once $scrdir . "rf_job_osx.php";
require_once $scrdir . "rf_common.php";
require_once $scrdir . "rf_common02.php";
require_once $scrdir . "rf_common03.php";
require_once $scrdir . "rf_common04.php";
require_once $scrdir . "rf_common05.php";
require_once $scrdir . "rf_common06.php";
require_once $scrdir . "rf_common07.php";
require_once $scrdir . "rf_echo.php";
require_once $scrdir . "rf_premium.php";
require_once $scrdir . "rf_clear.php";
require_once $scrdir . "rf_keyword.php";
require_once $scrdir . "rf_live.php";
require_once $scrdir . "config_ini.php";
require_once $scrdir . "config.php";
$config_ver = file_get_contents($scrdir . "config.dat", false, null, 0, 2);
require_once $scrdir . "config_sys_{$config_ver}.php";
require_once "/var/www/htmlDIRECTORY_SEPARATORrfplay_config.php";
require_once "/var/www/htmlDIRECTORY_SEPARATORrfplay_menu.php";
require_once $scrdir . "rf_menu_sub.php";
require_once $scrdir . "rf_reserve.php";
require_once $scrdir . "rf_radiko.php";
require_once $scrdir . "rf_radiko2.php";
require_once $scrdir . "rf_radiko3.php";
require_once $scrdir . "rf_radiru.php";
require_once $scrdir . "rf_ondemand.php";
$ver = "2022.02.17";
$radiko_today_disp_dur = 21600;
$radiru_today_disp_dur = 21600;
$auth_life_time = 300;
$auth_life_time2 = 300;
$auth_life_time3 = 300;
$menu_xml = "/var/www/htmlDIRECTORY_SEPARATORrfplay_menu.xml";
$radiruareafile = $tmpdir . "rfplay_radiruarea";
$premium = 0;
$dmy = " ";
date_default_timezone_set('Asia/Tokyo');
$log_errors_fn = "rfriends_log_errors.log";
ini_set("error_log", $logdir . $log_errors_fn);
ini_set("display_errors", $rf_display_errors);
ini_set("error_reporting", $rf_error_reporting);
ini_set("log_errors", $rf_log_errors);
rf_ext_set();
dir_init(0);
copy_newkw(0);
copy_newkwzip(0);
rfgw_init_editor();
$ret = rf_wget_proxy();
$wget_opt_https_proxy = $ret[0];
$wget_opt_proxy_user = $ret[1];
$wget_opt_proxy_pass = $ret[2];
$keyword = get_all_keyword();
if ($radiko_auth_mode == 2 || $radiko_auth_mode == 3) {
$premium = 0;
}
$fn = $tmpdir . $cleanlog_fn;
$flg = check_cleanlog($fn);
if ($flg == 1) {
rf_batsh_rec($ex_clean, 0, 1, 1, "");
}
if ($radiko_auth_mode == 3 && !file_exists($radiko_auth_mode3_dat)) {
$ret = rfplay_radiko_area();
if ($ret === false) {
echo_msg(2, "error set area");
fin_unlink($radiko_auth_mode3_dat);
exit(1);
}
}
$mn_mode = 0;
$ui_mode = 0;
if ($argc > 1) {
$para = rf_para_check($argv[1]);
$mn_mode = $para[0];
$ui_mode = $para[1];
if ($para[2] > 0) {
$scr_height = $para[2];
}
if ($para[3] > 0) {
$scr_width = $para[3];
}
}
if (get_rfriends_exeos() != "LNX") {
$ui_mode = 0;
}
if ($scr_height < 20) {
$scr_height = 20;
}
if ($scr_height > 100) {
$scr_height = 100;
}
if ($scr_width < 40) {
$scr_width = 40;
}
if ($scr_width > 200) {
$scr_width = 200;
}
$wt_ymax = $scr_height - 1;
$wt_yadd = 7;
$wt_xmax = $scr_width - 2;
$wt_xadd = 4;
$ip = gethostbyname($radiko_host);
if ($ip == $playerurl) {
$ui_mode = 0;
echo_msg(2, "");
echo_msg(2, "{$radiko_host}");
echo_msg(2, "---- ネットワークに接続できません ---");
echo_msg(2, "---- 接続を確認してください ---");
echo_msg(2, "");
echo_msg(2, "rfriendsを終了します。");
echo_fin(1);
exit(1);
} else {
}
$ret = rf_net_init();
$rftitile = "";
$rfsubtitle = array();
$rfmenu = array();
$ttl_no = array();
$msg_level = 2;
$radiru_main_station = rf_get_radiru_main_station(0);
$radiru_area_1 = rf_get_radiru_main_station(1);
$hname = $rfriends_name;
$hname_esc = $rfriends_name_esc;
if ($hname == '') {
if (($hname = gethostname()) === false) {
$hname = '';
}
}
if ($hname_esc != '') {
$hname_esc = str_replace('\\e', "\33", $hname_esc, $esccnt);
if ($esccnt == 0) {
$hname_esc = '';
}
}
if ($hname_esc == '') {
$rfname = "[{$hname}] ";
} else {
$rfname = "[" . $hname_esc . $hname . "\33[0m" . "] ";
}
$xml = file_get_contents($menu_xml);
$obj = simplexml_load_string($xml);
$json = json_encode($obj);
$rf_define = json_decode($json, TRUE);
$menudef = $rf_define['menu'];
$menudefmax = count_73($menudef);
$rpt = 1;
while ($rpt == 1) {
$ttl_no[0] = 1;
$rf_stp = 0;
$ans = rf_first_menu();
if ($ans == "") {
break;
}
if ($ans == "x" || $ans == "X") {
$rf_stp = 1;
break;
}
if (rfmenu_check_range($ans, 1, $menudefmax) === false) {
break;
}
$ttl_no[0] = 1;
$ttl_no[1] = $ans;
$ttl_mes[1] = $menudef[$ans - 1]['title'];
$m = $menudef[$ans - 1]['sub']['menu'];
if (array_key_exists('title', $m)) {
$menudef_s[0] = $m;
} else {
$menudef_s = $m;
}
$menudef_s_max = count_73($menudef_s);
$ans2 = rf_second_menu($ans);
if ($ans2 == "") {
break;
}
if ($ans2 < 1 || $ans2 > $menudef_s_max) {
break;
}
$ttl_no[0] = 2;
$ttl_no[2] = $ans2;
$ttl_mes[2] = $menudef_s[$ans2 - 1]['title'];
$menudef_t = $menudef_s[$ans2 - 1];
$ret = rf_third_menu($ans, $ans2);
$rf_stp = $ret;
break;
}
echo_fin($rf_stp);
exit($rf_stp);Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.