{"id":21027611,"url":"https://github.com/caledoniaproject/php-decoder","last_synced_at":"2025-07-14T18:33:22.378Z","repository":{"id":146441825,"uuid":"113762682","full_name":"CaledoniaProject/php-decoder","owner":"CaledoniaProject","description":"基于 zend_compile_string 的 PHP 加密代码解密工具","archived":false,"fork":false,"pushed_at":"2017-12-14T06:28:51.000Z","size":5,"stargazers_count":28,"open_issues_count":0,"forks_count":17,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-01-20T14:48:54.531Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CaledoniaProject.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-10T15:50:33.000Z","updated_at":"2024-11-04T02:24:15.000Z","dependencies_parsed_at":"2023-04-29T17:19:23.271Z","dependency_job_id":null,"html_url":"https://github.com/CaledoniaProject/php-decoder","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaledoniaProject%2Fphp-decoder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaledoniaProject%2Fphp-decoder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaledoniaProject%2Fphp-decoder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaledoniaProject%2Fphp-decoder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CaledoniaProject","download_url":"https://codeload.github.com/CaledoniaProject/php-decoder/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243467025,"owners_count":20295306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-19T11:51:51.924Z","updated_at":"2025-03-13T19:12:45.331Z","avatar_url":"https://github.com/CaledoniaProject.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"## php-decoder\n\n基于 `zend_compile_string` 解密非扩展加密的PHP文件\n\n### 编译\n\n下载 `php-5.5.38` 源代码，打上补丁。开启需要的扩展，编译即可\n\n```\n./configure --prefix=/tmp/php-decoder --disable-cgi --disable-fpm --with-zlib -q \u0026\u0026 make -j8\n```\n\n### 解密代码\n\n这个程序会把所有动态 `eval/assert/create_function/...` 执行的内容直接保存在文件里\n\n在命令行里，\n\n```\n./sapi/cli/php xxx.php\n```\n\n会在当前目录下依次生成 `compile.X.txt`，顺序递增，即这个程序每次编译的PHP代码内容，其中某一个就是解密的PHP代码\n\n### 注意事项\n\n最好在虚拟机里执行，或者配置下 `php.ini`，禁用所有敏感函数。由于我们无法知道这个脚本具体做了哪些事情，在开发机上执行，可能会带来意想不到的问题\n\n## 写在最后\n\n如果你在服务器上发现了这样的加密后门，你可以考虑安装基于RASP技术的服务器保护组件，比如 [OpenRASP](https://github.com/baidu/openrasp)\n\n基于RASP技术可以很好的对抗WebShell，因为RASP不关心这个WebShell如何编写，如何加密和混淆，它只关心这个后门在做什么事情，并根据行为拦截攻击\n\n我们会在今年年底推出PHP Beta版本，敬请期待\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaledoniaproject%2Fphp-decoder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaledoniaproject%2Fphp-decoder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaledoniaproject%2Fphp-decoder/lists"}