PHP deobfuscation, decryption, reconstruction tool

De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.

*Please note that not all obfuscation codes can be decoded.

Decoded the code below.

<?php defined("\x42\x41\x53\x45\120\x41\x54\110") or die("\x4e\x6f\40\x64\x69\x72\x65\x63\164\x20\x73\143\x72\x69\x70\x74\x20\141\x63\x63\145\163\163\x20\x61\154\154\x6f\x77\145\x64"); class Update extends CI_Controller { public function index() { $position = $_POST["\x70\157\x73\x69\x74\151\x6f\...

Obfuscated php code

<?php
 defined("\x42\x41\x53\x45\120\x41\x54\110") or die("\x4e\x6f\40\x64\x69\x72\x65\x63\164\x20\x73\143\x72\x69\x70\x74\x20\141\x63\x63\145\163\163\x20\x61\154\154\x6f\x77\145\x64"); class Update extends CI_Controller { public function index() { $position = $_POST["\x70\157\x73\x69\x74\151\x6f\x6e"]; $i = 1; foreach ($position as $k => $v) { $sql = "\125\x70\x64\141\164\145\x20\x6d\157\x64\137\155\x65\x6e\x75\137\x77\145\142\166\151\x65\x77\40\x53\x45\124\40\165\162\165\164\75" . $i . "\x20\127\x48\105\x52\105\40\151\144\x3d" . $v; $this->db->query($sql); $i++; } } }

Decoded(de-Obfuscated) php code

<?php

defined("BASEPATH") or die("No direct script access allowed");
class Update extends CI_Controller
{
    public function index()
    {
        $position = $_POST["position"];
        $i = 1;
        foreach ($position as $k => $v) {
            $sql = "Update mod_menu_webview SET urut=" . $i . " WHERE id=" . $v;
            $this->db->query($sql);
            $i++;
        }
    }
}

Malware detection & removal plugin for WordPress