Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/simon816/phpdeobfuscator
Advanced PHP deobfuscator
https://github.com/simon816/phpdeobfuscator
deobfuscator hacktoberfest php reverse-engineering
Last synced: about 1 month ago
JSON representation
Advanced PHP deobfuscator
- Host: GitHub
- URL: https://github.com/simon816/phpdeobfuscator
- Owner: simon816
- License: mit
- Created: 2018-04-05T18:57:41.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2023-10-19T23:12:43.000Z (about 1 year ago)
- Last Synced: 2023-10-20T08:08:54.737Z (about 1 year ago)
- Topics: deobfuscator, hacktoberfest, php, reverse-engineering
- Language: PHP
- Homepage:
- Size: 72.3 KB
- Stars: 78
- Watchers: 6
- Forks: 36
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# PHPDeobfuscator
## Overview
This deobfuscator attempts to reverse common obfuscation techniques applied to PHP source code.
It is implemented in PHP with the help of [PHP-Parser](https://github.com/nikic/PHP-Parser).
## Features
- Reduces all constant expressions e.g. `1 + 2` is replaced by `3`
- Safely run whitelisted PHP functions e.g. `base64_decode`
- Deobfuscate `eval` expressions
- Unwrap deeply nested obfuscation
- Filesystem virtualization
- Variable resolver (e.g. `$var1 = 10; $var2 = &$var1; $var2 = 20;` can determine `$var1` equals `20`)
- Rewrite control flow obfuscation## Installation
PHP Deobfuscator uses [Composer](https://getcomposer.org/) to manage its dependencies. Make sure Composer is installed first.
Run `composer install` in the root of this project to fetch dependencies.
## Usage
### CLI
```
php index.php [-f filename] [-t] [-o]required arguments:
-f The obfuscated PHP file
optional arguments:
-t Dump the output node tree for debugging
-o Output comments next to each expression with the original code
```The deobfuscated output is printed to STDOUT.
### Web Server
`index.php` outputs a simple textarea to paste the PHP code into. Deobfuscated code is printed when the form is submitted
## Examples
#### Input
```php
', $str);
eval($payload . '');
?>
if ($doBadThing) {
evil_payload();
}
```#### Output
```php
', \$str);\neval(\$payload . '');\n?>\nif (\$doBadThing) {\n evil_payload();\n}\n";
list(, , $payload) = array(0 => "\n\$f = fopen(__FILE__, 'r');\n\$str = fread(\$f, 200);\nlist(,, \$payload) = explode('", 1 => "', \$str);\neval(\$payload . '');\n", 2 => "\nif (\$doBadThing) {\n evil_payload();\n}\n");
eval /* PHPDeobfuscator eval output */ {
if ($doBadThing) {
evil_payload();
}
};
?>
if ($doBadThing) {
evil_payload();
}
```#### Input
```php