Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PHP deobfuscator
08-06-2015, 07:30 AM (This post was last modified: 07-25-2016 08:49 AM by object0.)
Post: #1
PHP deobfuscator
Hi everyone.
A couple years ago I was very passionate about PHP/JS decoding and reverse engineering in general. I made more than 40 (private) decoders in 2012 just for academic purposes (I love challenges, you know). After becoming a father for first time I left the scene.

My current job is related to web development, security audit, malware analysis, etc. I realize that digging into obfuscated PHP code is PITA that's why I made my own PHP deobfuscator, see screenshot.

obfuscated:
PHP Code:
<?php        

$fff 
"flock";        
if (
$fff($aaaLOCK_EX)) {
    
$fff($aaaLOCK_UN);
}

function 
aaa() {
    
$fff2 "fget";        
    if (
$fff2($aaaLOCK_EX)) {
        
$fff2($aaaLOCK_UN);
    }


deobfuscated:
PHP Code:
<?php

if (flock($aaaLOCK_EX)) {
    
flock($aaaLOCK_UN);
}
function 
aaa()
{
    if (
fget($aaaLOCK_EX)) {
        
fget($aaaLOCK_UN);
    }


   

update:
   

Does anyone already have success with similar tools?

Security Audit, Web Development, PHP & JavaScript Decoding & Deobfuscation, Debugging, Bug Fixing, Reverse Engineering
Find all posts by this user
Quote this message in a reply
08-09-2015, 07:31 PM
Post: #2
RE: PHP deobfuscator
Hello Smile
Find all posts by this user
Quote this message in a reply
08-10-2015, 06:56 PM
Post: #3
RE: PHP deobfuscator
Yeah I 2nd that Tongue
Deobfuscating just take time. A bit of a pity there is no simple way to do it like ionCube or SourceGuardian :/
Find all posts by this user
Quote this message in a reply
02-29-2016, 03:04 PM
Post: #4
RE: PHP deobfuscator
Tankou My Firend
Find all posts by this user
Quote this message in a reply
06-28-2016, 01:59 PM
Post: #5
RE: PHP deobfuscator
(08-06-2015 07:30 AM)object0 Wrote:  Hi everyone.
A couple years ago I was very passionate about PHP/JS decoding and reverse engineering in general. I made more than 40 (private) decoders in 2012 just for academic purposes (I love challenges, you know). After becoming a father for the first time I left the scene.

My current job is related to web development, security audit / pentesting, malware analysis, etc. I realize that digging into obfuscated PHP code is PITA that's why I made my own PHP deobfuscator, see screenshot.

obfuscated:
PHP Code:
<?php        

$fff 
"flock";        
if (
$fff($aaaLOCK_EX)) {
    
$fff($aaaLOCK_UN);
}

function 
aaa() {
    
$fff2 "fget";        
    if (
$fff2($aaaLOCK_EX)) {
        
$fff2($aaaLOCK_UN);
    }


deobfuscated:
PHP Code:
<?php

if (flock($aaaLOCK_EX)) {
    
flock($aaaLOCK_UN);
}
function 
aaa()
{
    if (
fget($aaaLOCK_EX)) {
        
fget($aaaLOCK_UN);
    }



Does anyone already have success with similar tools?

Security Audit, Web Development, PHP & JavaScript Decoding & Deobfuscation, Debugging, Bug Fixing, Reverse Engineering
Find all posts by this user
Quote this message in a reply
07-09-2016, 04:01 PM
Post: #6
RE: PHP deobfuscator
You bumping? Tongue

I like what you've done there, although I'm assuming it's not a generic deobfuscator i.e. you've programmed the tool to recognise certain patterns and based on that it will deobfuscate using the relevant function, if that makes sense?
Find all posts by this user
Quote this message in a reply
07-25-2016, 08:22 AM (This post was last modified: 07-25-2016 08:39 AM by object0.)
Post: #7
RE: PHP deobfuscator
Cyko my deobfuscator uses AST (abstract syntax tree), modifies it and compiles back to PHP source, does it make sense now? ))
In fact it does what it should and it makes sense to me...

P.S. Updated my post.

Security Audit, Web Development, PHP & JavaScript Decoding & Deobfuscation, Debugging, Bug Fixing, Reverse Engineering
Find all posts by this user
Quote this message in a reply
09-04-2016, 03:40 PM
Post: #8
RE: PHP deobfuscator
(07-25-2016 08:22 AM)object0 Wrote:  Cyko my deobfuscator uses AST (abstract syntax tree), modifies it and compiles back to PHP source, does it make sense now? ))
In fact it does what it should and it makes sense to me...

P.S. Updated my post.

Fair enough! Thanks for the clarity. Big Grin
Find all posts by this user
Quote this message in a reply
02-28-2017, 05:12 PM
Post: #9
RE: PHP deobfuscator
Hi there,

How mature is your decompiler and would it be possible to try it out? Smile
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | Homepage | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication