{"id":20082268,"url":"https://github.com/simon816/phpdeobfuscator","last_synced_at":"2025-05-06T00:31:47.768Z","repository":{"id":38903867,"uuid":"128251052","full_name":"simon816/PHPDeobfuscator","owner":"simon816","description":"Advanced PHP deobfuscator","archived":false,"fork":false,"pushed_at":"2023-10-19T23:12:43.000Z","size":74,"stargazers_count":112,"open_issues_count":7,"forks_count":43,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-04-09T06:25:16.771Z","etag":null,"topics":["deobfuscator","hacktoberfest","php","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simon816.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-05T18:57:41.000Z","updated_at":"2024-12-28T22:22:39.000Z","dependencies_parsed_at":"2024-11-13T21:00:33.725Z","dependency_job_id":null,"html_url":"https://github.com/simon816/PHPDeobfuscator","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simon816%2FPHPDeobfuscator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simon816%2FPHPDeobfuscator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simon816%2FPHPDeobfuscator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simon816%2FPHPDeobfuscator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simon816","download_url":"https://codeload.github.com/simon816/PHPDeobfuscator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252598422,"owners_count":21774255,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deobfuscator","hacktoberfest","php","reverse-engineering"],"created_at":"2024-11-13T15:42:36.283Z","updated_at":"2025-05-06T00:31:47.501Z","avatar_url":"https://github.com/simon816.png","language":"PHP","readme":"# PHPDeobfuscator\n\n## Overview\n\nThis deobfuscator attempts to reverse common obfuscation techniques applied to PHP source code.\n\nIt is implemented in PHP with the help of [PHP-Parser](https://github.com/nikic/PHP-Parser).\n\n## Features\n\n- Reduces all constant expressions e.g. `1 + 2` is replaced by `3`\n- Safely run whitelisted PHP functions e.g. `base64_decode`\n- Deobfuscate `eval` expressions\n- Unwrap deeply nested obfuscation\n- Filesystem virtualization\n- Variable resolver (e.g. `$var1 = 10; $var2 = \u0026$var1; $var2 = 20;` can determine `$var1` equals `20`)\n- Rewrite control flow obfuscation\n\n## Installation\n\nPHP Deobfuscator uses [Composer](https://getcomposer.org/) to manage its dependencies. Make sure Composer is installed first.\n\nRun `composer install` in the root of this project to fetch dependencies.\n\n## Usage\n\n### CLI\n\n```\nphp index.php [-f filename] [-t] [-o]\n\nrequired arguments:\n\n-f    The obfuscated PHP file\n\noptional arguments:\n\n-t    Dump the output node tree for debugging\n-o    Output comments next to each expression with the original code\n```\n\nThe deobfuscated output is printed to STDOUT.\n\n### Web Server\n\n`index.php` outputs a simple textarea to paste the PHP code into. Deobfuscated code is printed when the form is submitted\n\n## Examples\n\n#### Input\n```php\n\u003c?php\neval(base64_decode(\"ZWNobyAnSGVsbG8gV29ybGQnOwo=\"));\n```\n#### Output\n```php\n\u003c?php\n\neval /* PHPDeobfuscator eval output */ {\n    echo \"Hello World\";\n};\n```\n\n#### Input\n```php\n\u003c?\n$f = fopen(__FILE__, 'r');\n$str = fread($f, 200);\nlist(,, $payload) = explode('?\u003e', $str);\neval($payload . '');\n?\u003e\nif ($doBadThing) {\n    evil_payload();\n}\n```\n\n#### Output\n```php\n\u003c?php\n\n$f = fopen(\"/var/www/html/input.php\", 'r');\n$str = \"\u003c?\\n\\$f = fopen(__FILE__, 'r');\\n\\$str = fread(\\$f, 200);\\nlist(,, \\$payload) = explode('?\u003e', \\$str);\\neval(\\$payload . '');\\n?\u003e\\nif (\\$doBadThing) {\\n    evil_payload();\\n}\\n\";\nlist(, , $payload) = array(0 =\u003e \"\u003c?\\n\\$f = fopen(__FILE__, 'r');\\n\\$str = fread(\\$f, 200);\\nlist(,, \\$payload) = explode('\", 1 =\u003e \"', \\$str);\\neval(\\$payload . '');\\n\", 2 =\u003e \"\\nif (\\$doBadThing) {\\n    evil_payload();\\n}\\n\");\neval /* PHPDeobfuscator eval output */ {\n    if ($doBadThing) {\n        evil_payload();\n    }\n};\n?\u003e\nif ($doBadThing) {\n    evil_payload();\n}\n```\n\n#### Input\n```php\n\u003c?php\n$x = 'y';\n$$x = 10;\necho $y * 2;\n```\n\n#### Output\n```php\n\u003c?php\n\n$x = 'y';\n$y = 10;\necho 20;\n```\n\n#### Input\n```php\n\u003c?php\ngoto label4;\nlabel1:\nfunc4();\nexit;\nlabel2:\nfunc3();\ngoto label1;\nlabel3:\nfunc2();\ngoto label2;\nlabel4:\nfunc1();\ngoto label3;\n```\n\n#### Output\n```php\n\u003c?php\n\nfunc1();\nfunc2();\nfunc3();\nfunc4();\nexit;\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimon816%2Fphpdeobfuscator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimon816%2Fphpdeobfuscator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimon816%2Fphpdeobfuscator/lists"}