Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/simon816/phpdeobfuscator

Advanced PHP deobfuscator
https://github.com/simon816/phpdeobfuscator

deobfuscator hacktoberfest php reverse-engineering

Last synced: about 1 month ago
JSON representation

Advanced PHP deobfuscator

Awesome Lists containing this project

README

        

# PHPDeobfuscator

## Overview

This deobfuscator attempts to reverse common obfuscation techniques applied to PHP source code.

It is implemented in PHP with the help of [PHP-Parser](https://github.com/nikic/PHP-Parser).

## Features

- Reduces all constant expressions e.g. `1 + 2` is replaced by `3`
- Safely run whitelisted PHP functions e.g. `base64_decode`
- Deobfuscate `eval` expressions
- Unwrap deeply nested obfuscation
- Filesystem virtualization
- Variable resolver (e.g. `$var1 = 10; $var2 = &$var1; $var2 = 20;` can determine `$var1` equals `20`)
- Rewrite control flow obfuscation

## Installation

PHP Deobfuscator uses [Composer](https://getcomposer.org/) to manage its dependencies. Make sure Composer is installed first.

Run `composer install` in the root of this project to fetch dependencies.

## Usage

### CLI

```
php index.php [-f filename] [-t] [-o]

required arguments:

-f The obfuscated PHP file

optional arguments:

-t Dump the output node tree for debugging
-o Output comments next to each expression with the original code
```

The deobfuscated output is printed to STDOUT.

### Web Server

`index.php` outputs a simple textarea to paste the PHP code into. Deobfuscated code is printed when the form is submitted

## Examples

#### Input
```php
', $str);
eval($payload . '');
?>
if ($doBadThing) {
evil_payload();
}
```

#### Output
```php
', \$str);\neval(\$payload . '');\n?>\nif (\$doBadThing) {\n evil_payload();\n}\n";
list(, , $payload) = array(0 => "\n\$f = fopen(__FILE__, 'r');\n\$str = fread(\$f, 200);\nlist(,, \$payload) = explode('", 1 => "', \$str);\neval(\$payload . '');\n", 2 => "\nif (\$doBadThing) {\n evil_payload();\n}\n");
eval /* PHPDeobfuscator eval output */ {
if ($doBadThing) {
evil_payload();
}
};
?>
if ($doBadThing) {
evil_payload();
}
```

#### Input
```php