Japanese English

PHP 難読化コードの復元・デコード

Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php namespace PHPMailer\PHPMailer; use League\OAuth2\Client\Provider\Google; use Hayageek\OAuth2\Client\Provider\Yahoo; use Stevenmaguire\OAuth2\Client\Provider\Microsoft; if (!isset($_GET['code']) && !isset($_GET['provider'])) { ?> <html> <body>Select Provider:<br/>...



難読化されたPHPコード

<?php
 namespace PHPMailer\PHPMailer; use League\OAuth2\Client\Provider\Google; use Hayageek\OAuth2\Client\Provider\Yahoo; use Stevenmaguire\OAuth2\Client\Provider\Microsoft; if (!isset($_GET['code']) && !isset($_GET['provider'])) { ?>
<html>
<body>Select Provider:<br/>
<a href='?provider=Google'>Google</a><br/>
<a href='?provider=Yahoo'>Yahoo</a><br/>
<a href='?provider=Microsoft'>Microsoft/Outlook/Hotmail/Live/Office365</a><br/>
</body>
</html>
<?php
exit; } require 'vendor/autoload.php'; session_start(); $providerName = ''; if (array_key_exists('provider', $_GET)) { $providerName = $_GET['provider']; $_SESSION['provider'] = $providerName; } elseif (array_key_exists('provider', $_SESSION)) { $providerName = $_SESSION['provider']; } if (!in_array($providerName, ['Google', 'Microsoft', 'Yahoo'])) { exit('Only Google, Microsoft and Yahoo OAuth2 providers are currently supported in this script.'); } $clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com'; $clientSecret = 'RANDOMCHARS-----lGyjPcRtvP'; $redirectUri = (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; $params = [ 'clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'accessType' => 'offline' ]; $options = []; $provider = null; switch ($providerName) { case 'Google': $provider = new Google($params); $options = [ 'scope' => [ 'https://mail.google.com/' ] ]; break; case 'Yahoo': $provider = new Yahoo($params); break; case 'Microsoft': $provider = new Microsoft($params); $options = [ 'scope' => [ 'wl.imap', 'wl.offline_access' ] ]; break; } if (null === $provider) { exit('Provider missing'); } if (!isset($_GET['code'])) { $authUrl = $provider->getAuthorizationUrl($options); $_SESSION['oauth2state'] = $provider->getState(); header('Location: ' . $authUrl); exit; } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); unset($_SESSION['provider']); exit('Invalid state'); } else { unset($_SESSION['provider']); $token = $provider->getAccessToken( 'authorization_code', [ 'code' => $_GET['code'] ] ); echo 'Refresh Token: ', $token->getRefreshToken(); }

デコード(難読化解除)されたコード

<?php

namespace PHPMailer\PHPMailer;

use League\OAuth2\Client\Provider\Google;
use Hayageek\OAuth2\Client\Provider\Yahoo;
use Stevenmaguire\OAuth2\Client\Provider\Microsoft;
if (!isset($_GET['code']) && !isset($_GET['provider'])) {
    ?>
<html>
<body>Select Provider:<br/>
<a href='?provider=Google'>Google</a><br/>
<a href='?provider=Yahoo'>Yahoo</a><br/>
<a href='?provider=Microsoft'>Microsoft/Outlook/Hotmail/Live/Office365</a><br/>
</body>
</html>
<?php 
    exit;
}
require 'vendor/autoload.php';
session_start();
$providerName = '';
if (array_key_exists('provider', $_GET)) {
    $providerName = $_GET['provider'];
    $_SESSION['provider'] = $providerName;
} elseif (array_key_exists('provider', $_SESSION)) {
    $providerName = $_SESSION['provider'];
}
if (!in_array($providerName, ['Google', 'Microsoft', 'Yahoo'])) {
    exit('Only Google, Microsoft and Yahoo OAuth2 providers are currently supported in this script.');
}
$clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com';
$clientSecret = 'RANDOMCHARS-----lGyjPcRtvP';
$redirectUri = (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$params = ['clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'accessType' => 'offline'];
$options = [];
$provider = null;
switch ($providerName) {
    case 'Google':
        $provider = new Google($params);
        $options = ['scope' => ['https://mail.google.com/']];
        break;
    case 'Yahoo':
        $provider = new Yahoo($params);
        break;
    case 'Microsoft':
        $provider = new Microsoft($params);
        $options = ['scope' => ['wl.imap', 'wl.offline_access']];
        break;
}
if (null === $provider) {
    exit('Provider missing');
}
if (!isset($_GET['code'])) {
    $authUrl = $provider->getAuthorizationUrl($options);
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: ' . $authUrl);
    exit;
} elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
    unset($_SESSION['oauth2state']);
    unset($_SESSION['provider']);
    exit('Invalid state');
} else {
    unset($_SESSION['provider']);
    $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
    echo 'Refresh Token: ', $token->getRefreshToken();
}

■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります

(C)2019 ワードプレス ドクター All rights reserved.