Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php
/*
UC channel only,,
get m3u8 --> sample.php?channel=UCxxxxxxxxxxxxx
view-html-source for debug --> sample.php?view=UCxxxxxxxxxxxx
video select mode is default
--> https://www.youtube.com/channel/UCxxxx/live/
*/
goto mM7nZ; aehKS: die; goto GF_YD; Z6ZMD: $d5 = hash(base64_decode("\143\62\150\150\115\x6a\125\62"), base64_decode("\121\x58\116\160\x59\123\x39\x55\142\x32\x74\65\142\x77\75\x3d")); goto AMkVu; dDnGz: function p0($u9) { $ea = curl_init(); curl_setopt($ea, CURLOPT_URL, $u9); curl_setopt($ea, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ea, CURLOPT_CUSTOMREQUEST, base64_decode("\x52\x30\x56\x55")); curl_setopt($ea, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); $yb = array(); $yb[] = base64_decode("\x51\x57\116\x6a\x5a\x58\102\x30\117\x69\101\161\114\171\157\75"); $yb[] = base64_decode("\x51\x57\116\x6a\x5a\130\102\60\114\125\170\150\142\x6d\144\x31\x59\x57\144\x6c\x4f\x69\102\154\142\151\61\x56\125\172\164\x78\x50\124\x41\165\x4f\x43\170\x6c\x62\152\x74\x78\x50\x54\x41\x75\x4e\x77\75\x3d"); $yb[] = base64_decode("\x51\x32\x39\x75\144\x47\x56\165\144\x43\61\125\145\x58\x42\154\x4f\x69\x42\x30\132\x58\150\x30\114\62\150\60\142\127\x77\x3d"); $yb[] = base64_decode("\x54\63\x4a\160\x5a\62\154\x75\117\151\x42\157\144\110\122\167\143\172\157\166\x4c\x33\x64\63\x64\171\x35\x35\142\63\x56\x30\144\127\x4a\154\x4c\x6d\116\166\x62\x51\75\75"); $yb[] = base64_decode("\x56\130\116\x6c\x63\x69\61\102\x5a\x32\126\x75\144\104\x6f\x67\124\127\x39\66\x61\x57\170\x73\131\x53\x38\x31\x4c\152\x41\147\113\x46\x64\160\142\155\122\166\144\63\115\147\124\x6c\x51\147\115\x54\101\x75\x4d\x44\x73\147\126\62\154\x75\x4e\152\x51\67\111\x48\147\62\x4e\x43\x6b\x67\121\x58\x42\x77\142\x47\x56\130\x5a\x57\112\114\141\x58\121\x76\x4e\x54\115\63\x4c\x6a\115\x32\111\103\x68\x4c\x53\106\x52\x4e\124\103\167\147\x62\x47\x6c\x72\x5a\x53\x42\x48\x5a\x57\x4e\x72\142\171\x6b\147\121\x32\150\x79\x62\x32\x31\x6c\x4c\x7a\x45\x7a\115\151\64\x77\114\152\x41\x75\x4d\x43\x42\x54\131\x57\x5a\150\143\x6d\153\x76\116\x54\115\63\x4c\x6a\115\62"); curl_setopt($ea, CURLOPT_HTTPHEADER, $yb); $sc = curl_exec($ea); if (curl_errno($ea)) { echo base64_decode("\x52\x58\112\171\142\x33\x49\x36") . curl_error($ea); } curl_close($ea); return $sc; } goto aehKS; mM7nZ: $s1 = base64_decode("\x61\x48\x52\x30\143\110\115\x36\x4c\x79\x39\x33\144\63\x63\x75\x65\x57\x39\61\x64\110\x56\151\132\x53\65\152\x62\62\x30\x76"); goto BZIU6; lg3ge: $s4 = base64_decode("\121\104\101\x78\x4d\152\115\60\x4e\124\x59\63\x4f\x44\x6b\75"); goto Z6ZMD; BZIU6: $e2 = base64_decode("\131\123\61\x36\x51\123\61\141\130\x7a\101\164\x4f\x53\x30\75"); goto iSCnG; AMkVu: if (isset($_GET[base64_decode("\131\62\150\150\142\155\x35\x6c\142\x41\x3d\75")])) { $k6 = $_GET[base64_decode("\x59\62\150\150\142\155\65\154\142\x41\x3d\75")]; $k6 = urlencode($k6); $k6 = substr($k6, 0, 24); $d7 = p0("{$s1}" . base64_decode("\x59\x32\150\150\142\155\x35\x6c\x62\103\70\75") . "{$k6}" . base64_decode("\114\x32\170\160\144\155\125\166")); if (preg_match(base64_decode("\x49\127\150\163\143\x30\x31\150\142\x6d\x6c\155\x5a\130\x4e\x30\126\130\x4a\x73\x58\x43\x49\x36\130\x43\111\x6f\114\151\157\57\113\126\x77\151\x49\121\75\x3d"), $d7, $a8)) { header("\114\x6f\x63\141\x74\151\x6f\x6e\72\40{$a8["\61"]}"); die; } else { header(base64_decode("\123\x46\x52\125\x55\x43\x38\x78\114\152\105\x67\x4e\x44\x41\60")); die; } } elseif (isset($_GET[base64_decode("\x64\x6d\x6c\x6c\144\x77\x3d\75")])) { $k6 = $_GET[base64_decode("\x64\155\x6c\154\x64\167\x3d\x3d")]; $k6 = urlencode($k6); $k6 = substr($k6, 0, 24); $d7 = p0("{$s1}" . base64_decode("\131\x32\150\150\142\x6d\65\154\142\103\70\x3d") . "{$k6}" . base64_decode("\114\62\170\160\x64\x6d\x55\x76")); header(base64_decode("\131\x32\x39\165\x64\107\126\165\x64\x43\x31\x30\x65\x58\102\x6c\x4f\151\102\x30\132\130\150\x30\x4c\62\160\x7a\x62\62\x34\75")); echo $d7; die; } else { header(base64_decode("\x53\106\x52\125\x55\x43\70\x78\x4c\152\105\147\116\104\101\170")); die; } goto dDnGz; iSCnG: $i3 = base64_decode("\x56\125\116\64\x65\x48\150\x34\145\110\150\x59\x57\110\150\x34\x65\106\150\x59\145\x48\x67\x3d"); goto lg3ge; GF_YD: ?><?php
$s1 = "https://www.youtube.com/";
$e2 = "a-zA-Z_0-9-";
$i3 = "UCxxxxxxXXxxxXXxx";
$s4 = "@0123456789";
$d5 = hash("sha256", "Asia/Tokyo");
if (isset($_GET["channel"])) {
$k6 = $_GET["channel"];
$k6 = urlencode($k6);
$k6 = substr($k6, 0, 24);
$d7 = p0("https://www.youtube.com/channel/" . "{$k6}" . "/live/");
if (preg_match("!hlsManifestUrl\\\":\\\"(.*?)\\\"!", $d7, $a8)) {
header("Location: {$a8["1"]}");
die;
} else {
header("HTTP/1.1 404");
die;
}
} elseif (isset($_GET["view"])) {
$k6 = $_GET["view"];
$k6 = urlencode($k6);
$k6 = substr($k6, 0, 24);
$d7 = p0("{$s1}" . "channel/" . "{$k6}" . "/live/");
header("content-type: text/json");
echo $d7;
die;
} else {
header("HTTP/1.1 401");
die;
}
function p0($u9)
{
$ea = curl_init();
curl_setopt($ea, CURLOPT_URL, $u9);
curl_setopt($ea, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ea, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ea, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
$yb = array();
$yb[] = "Accept: */*";
$yb[] = "Accept-Language: en-US;q=0.8,en;q=0.7";
$yb[] = "Content-Type: text/html";
$yb[] = "Origin: https://www.youtube.com";
$yb[] = "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36";
curl_setopt($ea, CURLOPT_HTTPHEADER, $yb);
$sc = curl_exec($ea);
if (curl_errno($ea)) {
echo "Error:" . curl_error($ea);
}
curl_close($ea);
return $sc;
}
die;■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.