| goldorak |
| Regular user |
 |
|
| Joined: Feb 07, 2013 |
| Posts: 10 |
|
|
|
 |
|
 |
|
| Code: | #!/usr/bin/php
<?php
fwrite(STDOUT, "
/**
* ----------------------------------------------------------------------------
* 'De-Obfuscator for http://fopo.com
* ----------------------------------------------------------------------------
");
if($argv[1]!=""){
$contents = file_get_contents($argv[1]);
$eval = explode('(',$contents);
$base64 = explode ('"',$eval[2]);
list($i,$wanted) = explode("eval",base64_decode($base64[1]));
list($ni,$wanted2) = explode("))))",$wanted);
list($nni,$obfuscated) = explode('"',$ni);
$decoded = "<?php ".gzinflate(base64_decode(str_rot13($obfuscated)));
$beautified = indent_proper($decoded);
$result = preg_split('/"/', $beautified);
foreach ($result as $r){
if(preg_match("/^\\\\/", $r, $matches)){
//TODO
$beautified = str_ireplace('"'.$r.'"','"'.stripcslashes($r).'"',$beautified);
$beautified = str_ireplace("'".$r."'","'".stripcslashes($r)."'",$beautified);
}
};
$out = write_to_file($beautified,$argv[2]);
$link = basename($out);
echo "File Wrote to ".$link."\n\n";
}else{
echo "\nPlease provide the input file name,RTFM Dude,RTFM.!\n\n";
}
exit(0);
/*Helper functions-Not many though*/
function indent_proper($text){
$v1= str_replace("}","\n}\n",str_replace("{","{\n",str_replace(";",";\n",$text)));
return str_replace("return","\n return",str_replace("<?php","\n<?php",$v1));
}
function write_to_file($string_data,$outname){
if($outname=="")
$outname = "decoded.php";
$fh = fopen($outname, 'w') or die("can't open file");
fwrite($fh, $string_data);
fclose($fh);
return $outname;
}
?> |
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 44
Members: 0
Total: 44
