Пример #1
0
function deobf($phpcode)
{
    $phpcode = formatPHP($phpcode);
    $phpcode = base64_decode(getTextInsideQuotes(getEvalCode($phpcode)));
    @($phpcode = gzinflate(base64_decode(str_rot13(getTextInsideQuotes(end(explode(':', $phpcode)))))));
    while (strlen(strstr($phpcode, '@eval($')) > 0) {
        $phpcode = gzinflate(base64_decode(str_rot13(getTextInsideQuotes(getEvalCode($phpcode)))));
    }
    return substr($phpcode, 2);
}
function deobf($phpcode)
{
    $obfPHP = $phpcode;
    $phpcode = base64_decode(getTextInsideQuotes(getEvalCode($phpcode)));
    $hexvalues = getHexValues($phpcode);
    $pointer1 = hexdec(getHexValues($obfPHP)[0]);
    $pointer2 = hexdec($hexvalues[0]);
    $pointer3 = hexdec($hexvalues[1]);
    $needles = getNeedles($phpcode);
    $needle = $needles[count($needles) - 2];
    $before_needle = end($needles);
    $phpcode = base64_decode(strtr(substr($obfPHP, $pointer2 + $pointer3, $pointer1), $needle, $before_needle));
    return "<?php {$phpcode} ?>";
}