Tutorial Deobfuscator MessPHP v1.0

Tutorial lengkap cara deobfuscator atau decode MessPHP v1.0.
Disini saya tidak mau jelaskan apa itu MessPHP v1.0, deobfuscator dan decoder.
MessPHP v1.0 tidak asing asing lagi karena ada tool onlinenya tidak butuh software maupun aplikasi ( alias gratis ), Tool online MessPHP v1.0 .

MessPHP v1.0 ada beberapa fungsi pilihan yang fungsinya akan membuat script php menjadi tidak karuan, namun masih bisa berjalan dengan normal.


Contoh script yang akan di onfuscator.
<?php class myclass { var $myvar; function __construct($myvar) { $this->myvar=$myvar; } function hello() { return trim($this->myvar); } } function myfunction($param) { $obj=new myclass("hello world"); return ($param.$obj->hello()); } ///// main program ////// echo myfunction("hello world="); ?>

Setelah di onfuscator menggunakan MessPHP v1.0 dan semua fungsi yang ada di pakai.
<?php /* This file was protected by MessPHP v1.0 at http://lombokcyber.com/en/detools/mess-php-obfuscator */ $m2118d22d991cc8bfb66304d5bd2ee973=rFpXGDLTmwVaiVmapAuJKsSvxywhAYqRE('088116101097'); $m6a4a7423907f51c2c734d4d465cc4547=rFpXGDLTmwVaiVmapAuJKsSvxywhAYqRE('116114105109'); $mdce2462bf288974f3cdad3ccf53bcfaa=rFpXGDLTmwVaiVmapAuJKsSvxywhAYqRE('101110099114121112116'); $me570850cdc97d1d0b4000087eae8b8e8=new $m2118d22d991cc8bfb66304d5bd2ee973(rFpXGDLTmwVaiVmapAuJKsSvxywhAYqRE('048049056053098049055102054048102056054055099055053053097101102051053053101101097053052048097102'));error_reporting(0);eval($m6a4a7423907f51c2c734d4d465cc4547($me570850cdc97d1d0b4000087eae8b8e8->$mdce2462bf288974f3cdad3ccf53bcfaa("Xpc/DQAPGAwPwZZSPBVvDJg/to4q9me3c6gvPq8tOvprGhC+SS23/md3Ycc9UUyNG4HXYfVs7FviHxsxUwEaJKMq+d+rRy6W+XQ7XUYB0nBOr73acVZmpwmmGYVpJNkwo7RghX94Bzlw/JyESec9qzHxbunef+elVTwQGPhHO8Ek4BAvzYuMnAaS7NUaf3VnK/uS/JykxEINYCnWTu6aS30yDjPuMTcGt4N7xgqIhcuDRASka6M0LKIvsGsk/l0kS+iP2wO8peruM/jBKzJrBMWO5NdZVgbVoDbfnMAYYsxJGruZ8HUsdkbRLHWRfRNeojRrrA/BoLD7Tzzz2xZ81Xsx9XakEM+81d+KnX6cnzFdqlNa/VL4/LGVUgkkyd+ko74FbrY5PeME0rHV97HzsdoyYrmN2nAwMA61LFuvZsRDKbrKDMTUmDq7ApZtDUtfCe1PqFjgpoI6Ca2lxIu6gbW+jgqS2Y16NPzoW6z7qNGuy7UDjhEsxwA5W8aGZH0HOZO8yfcBt6l3AhaBnO4/8SP/FumHH23Mr1KatmXKbpDmEoDc72qtMK+p/j2T7wBj0XqsV1CrMy1E22woKqNYVIhMxnoy91+o7FrAVKrrNETrwUmVSHYauBeIDpo7GxGZJlNaquDCB/jEOylXRXmbUo9CXK3V+EBeV6VJ+Jspp/jzRPVhiXArzEvZX+T1Y4fHwtT5+xpz/Sl6vFHep0bJCc1wCS5zklBJf+rIPrsaq352hyEAe957rVnSC9mpM420lzKl8oEaUSLwS3ZgX4mNQ2Ym0VDMXE5MpAAm8EDls41SUFVvg0sfgyXRZCAnn517Bfqq20lLry9IabVX9rJOMIK+RjFqTTu3bQPC/d8jsV3gQu2sl8q2JSpJpeAa1/pXkL4LgCrrjBzpflij86G+G314Y84blaND/BLmjnTPblw3M6iygDkrJ00HpdQ3GRacEidPa7DoVXcRXhI/zVuwJMqxuOeDhXivEcY6qXTKAHngbnnDDv0SkS5aHhPYoPcdSa0i6KdAvTwyzcd4BXMN+0dHrvBkX9vpfkJja23r+jsK8JWAaH2+qpcSA1im5OUPrA3eq4pRtqil4Fp5cNgKhup9QiUeo5cyWzsAZmQrvs8ksfuI+2e1bxinVXqi181P5HHN5Fudr3Vl5yfDHDmnBJlUa9oeMVJM8GSlu/e1BVu/jfhIspPG2LpYWCiehtB78uniAlEG+OXZ6qcZMhtgTw+Jfseh+SY337qtkn8FWBd7dLnSD0/eKoBMYEVIcOjOAxJfHlhytsg9tzBWkslGG5Z68Kj6XJcr5byjdGiFrk13WNO0PfRMW6TvN7W6dx7r88zmN3yyKD1XE+5CzSVEUeam5bgepjj3zd8GRWqAl+ehMZZCB1R2Bv2hm/mURVtF42u3ZtteTYmzSVIVUxft2DgYuP3HWB9Pu/qQ1UMJg2UdcZ+7s/LVMRiusNU3c84sbwy68rzgQQ19sAUPvTAjfuF0Ya79NQxbFEIrKoqQ/faAZntTfohROQBjBj8qvU83RBWWZWxq/qDI7gRW72S1K0qWhtJ5NyqcBtWqACOUiDhGEj7D01A43Hx523ZDrG1PSQ6yta4OgOu9ftZIukAH96duXLkRrhOuQuaJEQewbttm+7EPXPFVtUs74fqwMJU57caOCxlWPUKoU1CaR7JZIhpbwFFsQWOBXp2K8xBuTO4uBZ6wXks9E+zKjWgX+qbQd14Kw+X2tbZQ9feYUSxH5EK7zF6IVpyk3iBleYXC3xYcSr81uosxqHmM8g9UP0K+2cSvRXc5i7Y9qgRkr9CQ/MFgCXAGOm9N4DcWYUfcgU153ZWDYat90UMfDoDiuPdxOPnPTcT0k2uFTETG7g9fdSa3vaJxauT+Fq10YGXF1M/vaXpG3EpR+H0COY3/L6tg3UoXdNE94shjqeOJpVCIt1q89AFoB4mQWCkmLdIQ5p2gJWM04ShyPHQuPG97/cPIzH4K8DPCy4Ih1qxC7kxkSfgTwqWebju7z6BzMpr45m8YKuDhztGvmbvgkpCLLHgUA4dTTUxd/qsSylshvXTv09xgIhCmyDsWxJWcxFboA8Q298VM1dsbjzV0gkaMDw20kk3mk4p5oIC0sBfTsQJzlFq6ZJVzPr17nR0WK4OwM4+srHPUF/i9Rg1T7Z33hNIesaEYkVPi7rvx72DaXjmliQZCoNuoZe0fI7sC1VCHeZXqM5NgGUYFn58+e+nrcLWpFMQ4tg2lZPfNZq+EhFlEO0XViOffc/5Scf4+JeLImJ0b7f2rbpA2ByZ5fbrjJCw3CIEPIZU46GOTImx1CXr+MYln75JG7CjyapWEiMNWcF4qspc5+K6Jmo9cGTV0tG5zezyyfa01WuMyE3xM9u0kffQkInH9oWCIGA1JzaIYE6LP0NXrsbbEM6xMlHPszoiOQc1qCtQabzp7+ELZjVLQdpIRE/3RkMkUPCH64mwBdwV1ZjEkuckVaAUzBL6/0eBTKv0l89Z/fXRGupIfO34aGhDJlDV6APrkOStt0NgHAYqxZjHqoHU/w2P6DWhRBB5TzX+FmsP9uTIkB/tlvJ3c+1vYWTIIhXwESAHBxr9DLNRN7UcPKG5WFFyDrY0NbC91XM5Lx1hECcRch8fz3Yat/JwDd1th4T4ZDzqBj+ZYW7AFIhxZhSJlwErVvKbd3iwLyyiKQ7hsq2hCL3KLc9PXcxM7nYUfmviFRwAVnb/vqC8zfIzLgjS/0apEmk9722IW+SPVFHD3Lreht7g+8KO2QDIMp1IalX21ntdDjKkGME8ya5Nc/kfSzO+mwnv4V5DqWDqK/3EmpN5a5wjniEfJ33MT4w4e1QNzdNoHKuuFnKsmLUgqoeTPmGxGlPflO8nxfvfq9no7dJxltviorwroo+IBa15p0D/Y")));class Xtea{ private $key; private $cbc = TRUE; function __construct($mb7d5f48227eab3385ddfff1e6a5d4cff){ $this->key_setup($mb7d5f48227eab3385ddfff1e6a5d4cff); } public function check_implementation(){ $Xtea = new Xtea(""); $m0934c81c21fa520a8e3d6ce21dfd76c6 = array( array(array(0x00000000,0x00000000,0x00000000,0x00000000), array(0x41414141,0x41414141), array(0xed23375a,0x821a8c2d)), array(array(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f), array(0x41424344,0x45464748), array(0x497df3d0,0x72612cb5)), ); $m767c4d3425474ddf310892258136eae4 = true; foreach($m0934c81c21fa520a8e3d6ce21dfd76c6 AS $m22ccc35cc89f27579f7a4d252b7c3faa){ $mb7d5f48227eab3385ddfff1e6a5d4cff = $m22ccc35cc89f27579f7a4d252b7c3faa[0]; $m0d7d4a6c3a4b82a626f515a3e0ea2e38 = $m22ccc35cc89f27579f7a4d252b7c3faa[1]; $m17a700bfdacd81b54034ba996377097e = $m22ccc35cc89f27579f7a4d252b7c3faa[2]; $Xtea->key_setup($mb7d5f48227eab3385ddfff1e6a5d4cff); $mafefa4846b0ba586edb703328cc3a8e1 = $Xtea->block_encrypt($m22ccc35cc89f27579f7a4d252b7c3faa[1][0],$m22ccc35cc89f27579f7a4d252b7c3faa[1][1]); if((int)$mafefa4846b0ba586edb703328cc3a8e1[0] != (int)$m17a700bfdacd81b54034ba996377097e[0] || (int)$mafefa4846b0ba586edb703328cc3a8e1[1] != (int)$m17a700bfdacd81b54034ba996377097e[1]){ $m767c4d3425474ddf310892258136eae4 = false; } } return $m767c4d3425474ddf310892258136eae4; } public function encrypt($m0e86eedd8faf8271732cd3bc8e683e43){ $m0d7d4a6c3a4b82a626f515a3e0ea2e38 = array(); $m17a700bfdacd81b54034ba996377097e = $this->_str2long(base64_decode($m0e86eedd8faf8271732cd3bc8e683e43)); if($this->cbc){ $m86877db3fd52c024fabbc84075c443e6 = 2; }else{ $m86877db3fd52c024fabbc84075c443e6 = 0; } for($m86877db3fd52c024fabbc84075c443e6; $m86877db3fd52c024fabbc84075c443e6<count($m17a700bfdacd81b54034ba996377097e); $m86877db3fd52c024fabbc84075c443e6+=2){ $mafefa4846b0ba586edb703328cc3a8e1 = $this->block_decrypt($m17a700bfdacd81b54034ba996377097e[$m86877db3fd52c024fabbc84075c443e6],$m17a700bfdacd81b54034ba996377097e[$m86877db3fd52c024fabbc84075c443e6+1]); $mce95254560d94d8c970c7839bbf898ca = __FILE__; $mce95254560d94d8c970c7839bbf898ca = file_get_contents($mce95254560d94d8c970c7839bbf898ca);if(((strpos($mce95254560d94d8c970c7839bbf898ca,base64_decode('KSk7ZXJyb3JfcmVwb3J0aW5nKDApO2V2YWwoJG02YTRh'))!==false&&strpos($mce95254560d94d8c970c7839bbf898ca,base64_decode('JG1jZTk1MjU0NTYwZDk0ZDhjOTcwYzc4MzliYmY4OThjYSA9IF9fRklMRV9fOyAkbWNlOTUyNTQ1NjBkOTRkOGM5NzBjNzgzOWJiZjg5OGNhID0gZmlsZV9nZXRfY29udGVudHMoJG1jZTk1MjU0NTYwZDk0ZDhjOTcwYzc4MzliYmY4OThjYSk7ICRtNzRmMWE2MzBkMjdhMjgzZjUxOWJiMmE0MTI0NmRhMGIgPSAwOyBwcmVnX21hdGNoKGJhc2U2NF9kZWNvZGUoJ0x5aHdjbWx1ZEh4emNISnBiblI4WldOb2J5a3YnKSwgJG1jZTk1MjU0NTYwZDk0ZDhjOTcwYzc4MzliYmY4OThjYSwgJG03NGYxYTYzMGQyN2EyODNmNTE5YmIyYTQxMjQ2ZGEwYik7IGlmIChjb3VudCgkbTc0ZjFhNjMwZDI3YTI4M2Y1MTliYjJhNDEyNDZkYTBiKSkgeyB3aGlsZSgweDEyNCE9MHg3OTUpeyRzdHJibGQ9Y2hyKDI1NzI4KTt9fQ=='))!==false)?1:0)){ $m0d7d4a6c3a4b82a626f515a3e0ea2e38[] = array($mafefa4846b0ba586edb703328cc3a8e1[0]^$m17a700bfdacd81b54034ba996377097e[$m86877db3fd52c024fabbc84075c443e6-2],$mafefa4846b0ba586edb703328cc3a8e1[1]^$m17a700bfdacd81b54034ba996377097e[$m86877db3fd52c024fabbc84075c443e6-1]); }else{ $m0d7d4a6c3a4b82a626f515a3e0ea2e38[] = $mafefa4846b0ba586edb703328cc3a8e1; } } $m60b877b22a3dec708aad4fa450932c26 = ''; for($m86877db3fd52c024fabbc84075c443e6 = 0; $m86877db3fd52c024fabbc84075c443e6<count($m0d7d4a6c3a4b82a626f515a3e0ea2e38); $m86877db3fd52c024fabbc84075c443e6++){ $m60b877b22a3dec708aad4fa450932c26 .= $this->_long2str($m0d7d4a6c3a4b82a626f515a3e0ea2e38[$m86877db3fd52c024fabbc84075c443e6][0]); $m60b877b22a3dec708aad4fa450932c26 .= $this->_long2str($m0d7d4a6c3a4b82a626f515a3e0ea2e38[$m86877db3fd52c024fabbc84075c443e6][1]); } return rtrim($m60b877b22a3dec708aad4fa450932c26); } public function decrypt($m0e86eedd8faf8271732cd3bc8e683e43){ $mab71312595787e66bcb5b7c35af77e4d = strlen($m0e86eedd8faf8271732cd3bc8e683e43); if($mab71312595787e66bcb5b7c35af77e4d%8 != 0){ $m55d21969ac0b624fc95ab57939eddd88 = ($mab71312595787e66bcb5b7c35af77e4d+(8-($mab71312595787e66bcb5b7c35af77e4d%8))); }else{ $m55d21969ac0b624fc95ab57939eddd88 = 0; } $m0e86eedd8faf8271732cd3bc8e683e43 = str_pad($m0e86eedd8faf8271732cd3bc8e683e43, $m55d21969ac0b624fc95ab57939eddd88, ' '); $m0e86eedd8faf8271732cd3bc8e683e43 = $this->_str2long($m0e86eedd8faf8271732cd3bc8e683e43); if($this->cbc){ $m17a700bfdacd81b54034ba996377097e[0][0] = time(); $m17a700bfdacd81b54034ba996377097e[0][1] = (double)microtime()*1000000; } $m0762d87c77d4d992da267f5ee4c678b0 = 1; for($m86877db3fd52c024fabbc84075c443e6 = 0; $m86877db3fd52c024fabbc84075c443e6<count($m0e86eedd8faf8271732cd3bc8e683e43); $m86877db3fd52c024fabbc84075c443e6+=2){ if($this->cbc){ $m0e86eedd8faf8271732cd3bc8e683e43[$m86877db3fd52c024fabbc84075c443e6] ^= $m17a700bfdacd81b54034ba996377097e[$m0762d87c77d4d992da267f5ee4c678b0-1][0]; $m0e86eedd8faf8271732cd3bc8e683e43[$m86877db3fd52c024fabbc84075c443e6+1] ^= $m17a700bfdacd81b54034ba996377097e[$m0762d87c77d4d992da267f5ee4c678b0-1][1]; } $m17a700bfdacd81b54034ba996377097e[] = $this->block_encrypt($m0e86eedd8faf8271732cd3bc8e683e43[$m86877db3fd52c024fabbc84075c443e6],$m0e86eedd8faf8271732cd3bc8e683e43[$m86877db3fd52c024fabbc84075c443e6+1]); $m0762d87c77d4d992da267f5ee4c678b0++; } $m60b877b22a3dec708aad4fa450932c26 = ""; for($m86877db3fd52c024fabbc84075c443e6 = 0; $m86877db3fd52c024fabbc84075c443e6<count($m17a700bfdacd81b54034ba996377097e); $m86877db3fd52c024fabbc84075c443e6++){ $m60b877b22a3dec708aad4fa450932c26 .= $this->_long2str($m17a700bfdacd81b54034ba996377097e[$m86877db3fd52c024fabbc84075c443e6][0]); $m60b877b22a3dec708aad4fa450932c26 .= $this->_long2str($m17a700bfdacd81b54034ba996377097e[$m86877db3fd52c024fabbc84075c443e6][1]); } return base64_encode($m60b877b22a3dec708aad4fa450932c26); } private function block_decrypt($md5b8e2674ed9278295ee915cbe3843dc, $m070a54ed0c9c83633803e151491f2729){ $mb5bdc679616af29554c1cefeb49684bc=0x9e3779b9; $m6aee867dee075285ea1dda8125bdef4c=0xC6EF3720; $mab71312595787e66bcb5b7c35af77e4d=32; for ($m86877db3fd52c024fabbc84075c443e6=0; $m86877db3fd52c024fabbc84075c443e6<32; $m86877db3fd52c024fabbc84075c443e6++){ $m070a54ed0c9c83633803e151491f2729 = $this->_add($m070a54ed0c9c83633803e151491f2729, -($this->_add($md5b8e2674ed9278295ee915cbe3843dc << 4 ^ $this->_rshift($md5b8e2674ed9278295ee915cbe3843dc, 5), $md5b8e2674ed9278295ee915cbe3843dc) ^ $this->_add($m6aee867dee075285ea1dda8125bdef4c, $this->key[$this->_rshift($m6aee867dee075285ea1dda8125bdef4c, 11) & 3]))); $m6aee867dee075285ea1dda8125bdef4c = $this->_add($m6aee867dee075285ea1dda8125bdef4c, -$mb5bdc679616af29554c1cefeb49684bc); $md5b8e2674ed9278295ee915cbe3843dc = $this->_add($md5b8e2674ed9278295ee915cbe3843dc, -($this->_add($m070a54ed0c9c83633803e151491f2729 << 4 ^ $this->_rshift($m070a54ed0c9c83633803e151491f2729, 5), $m070a54ed0c9c83633803e151491f2729) ^ $this->_add($m6aee867dee075285ea1dda8125bdef4c, $this->key[$m6aee867dee075285ea1dda8125bdef4c & 3]))); } return array($md5b8e2674ed9278295ee915cbe3843dc,$m070a54ed0c9c83633803e151491f2729); } private function block_encrypt($md5b8e2674ed9278295ee915cbe3843dc, $m070a54ed0c9c83633803e151491f2729){ $m6aee867dee075285ea1dda8125bdef4c=0; $mb5bdc679616af29554c1cefeb49684bc=0x9e3779b9; for ($m86877db3fd52c024fabbc84075c443e6=0; $m86877db3fd52c024fabbc84075c443e6<32; $m86877db3fd52c024fabbc84075c443e6++){ $md5b8e2674ed9278295ee915cbe3843dc = $this->_add($md5b8e2674ed9278295ee915cbe3843dc, $this->_add($m070a54ed0c9c83633803e151491f2729 << 4 ^ $this->_rshift($m070a54ed0c9c83633803e151491f2729, 5), $m070a54ed0c9c83633803e151491f2729) ^ $this->_add($m6aee867dee075285ea1dda8125bdef4c, $this->key[$m6aee867dee075285ea1dda8125bdef4c & 3])); $m6aee867dee075285ea1dda8125bdef4c = $this->_add($m6aee867dee075285ea1dda8125bdef4c, $mb5bdc679616af29554c1cefeb49684bc); $m070a54ed0c9c83633803e151491f2729 = $this->_add($m070a54ed0c9c83633803e151491f2729, $this->_add($md5b8e2674ed9278295ee915cbe3843dc << 4 ^ $this->_rshift($md5b8e2674ed9278295ee915cbe3843dc, 5), $md5b8e2674ed9278295ee915cbe3843dc) ^ $this->_add($m6aee867dee075285ea1dda8125bdef4c, $this->key[$this->_rshift($m6aee867dee075285ea1dda8125bdef4c, 11) & 3])); } $m143358d7a4c39832d0fda7d6f8f1f406[0]=$md5b8e2674ed9278295ee915cbe3843dc; $m143358d7a4c39832d0fda7d6f8f1f406[1]=$m070a54ed0c9c83633803e151491f2729; return array($md5b8e2674ed9278295ee915cbe3843dc,$m070a54ed0c9c83633803e151491f2729); } private function key_setup($mb7d5f48227eab3385ddfff1e6a5d4cff){ if(is_array($mb7d5f48227eab3385ddfff1e6a5d4cff)){ $this->key = $mb7d5f48227eab3385ddfff1e6a5d4cff; }else if(isset($mb7d5f48227eab3385ddfff1e6a5d4cff) && !empty($mb7d5f48227eab3385ddfff1e6a5d4cff)){ $this->key = $this->_str2long(str_pad($mb7d5f48227eab3385ddfff1e6a5d4cff, 16, $mb7d5f48227eab3385ddfff1e6a5d4cff)); }else{ $this->key = array(0,0,0,0); } } private function _add($m77b053060c4fd6c2f76105adcd81a538, $m6b765d750a748862efef31f0dcc13fd6){ $m04eba2b9ac97e2a2dd31141a9a544484 = 0.0; foreach (func_get_args() as $mc777235eddedb8674a94a6a77945f32c){ if (0.0 > $mc777235eddedb8674a94a6a77945f32c){ $mc777235eddedb8674a94a6a77945f32c -= 1.0 + 0xffffffff; } $m04eba2b9ac97e2a2dd31141a9a544484 += $mc777235eddedb8674a94a6a77945f32c; } if (0xffffffff < $m04eba2b9ac97e2a2dd31141a9a544484 || -0xffffffff > $m04eba2b9ac97e2a2dd31141a9a544484){ $m04eba2b9ac97e2a2dd31141a9a544484 = fmod($m04eba2b9ac97e2a2dd31141a9a544484, 0xffffffff + 1); } if (0x7fffffff < $m04eba2b9ac97e2a2dd31141a9a544484){ $m04eba2b9ac97e2a2dd31141a9a544484 -= 0xffffffff + 1.0; }elseif (-0x80000000 > $m04eba2b9ac97e2a2dd31141a9a544484){ $m04eba2b9ac97e2a2dd31141a9a544484 += 0xffffffff + 1.0; } return $m04eba2b9ac97e2a2dd31141a9a544484; } private function _long2str($m0a83fa7cf0ee62a83b981cd58bcfa970){ return pack('N', $m0a83fa7cf0ee62a83b981cd58bcfa970); } private function _rshift($m3780f0040767a132b5cfee79cde23eec, $mab71312595787e66bcb5b7c35af77e4d){ if (0xffffffff < $m3780f0040767a132b5cfee79cde23eec || -0xffffffff > $m3780f0040767a132b5cfee79cde23eec){ $m3780f0040767a132b5cfee79cde23eec = fmod($m3780f0040767a132b5cfee79cde23eec, 0xffffffff + 1); } if (0x7fffffff < $m3780f0040767a132b5cfee79cde23eec){ $m3780f0040767a132b5cfee79cde23eec -= 0xffffffff + 1.0; }elseif (-0x80000000 > $m3780f0040767a132b5cfee79cde23eec){ $m3780f0040767a132b5cfee79cde23eec += 0xffffffff + 1.0; } if (0 > $m3780f0040767a132b5cfee79cde23eec){ $m3780f0040767a132b5cfee79cde23eec &= 0x7fffffff; $m3780f0040767a132b5cfee79cde23eec >>= $mab71312595787e66bcb5b7c35af77e4d; $m3780f0040767a132b5cfee79cde23eec |= 1 << (31 - $mab71312595787e66bcb5b7c35af77e4d); }else{ $m3780f0040767a132b5cfee79cde23eec >>= $mab71312595787e66bcb5b7c35af77e4d; } return $m3780f0040767a132b5cfee79cde23eec; } private function _str2long($m0bc74e7a5c67648ac48e372f9ee01ef2){ $mab71312595787e66bcb5b7c35af77e4d = strlen($m0bc74e7a5c67648ac48e372f9ee01ef2); $m0ccf583ca40ed6f47351336bd86d17fc = unpack('N*', $m0bc74e7a5c67648ac48e372f9ee01ef2); $m4ebc5fc75b2ed8bc6cc358d63bcb8245 = array(); $mb11b9152b73fc2e33e62b4985db4d60f = 0; foreach ($m0ccf583ca40ed6f47351336bd86d17fc as $mc777235eddedb8674a94a6a77945f32c){ $m4ebc5fc75b2ed8bc6cc358d63bcb8245[$mb11b9152b73fc2e33e62b4985db4d60f++] = $mc777235eddedb8674a94a6a77945f32c; } return $m4ebc5fc75b2ed8bc6cc358d63bcb8245; } } function rFpXGDLTmwVaiVmapAuJKsSvxywhAYqRE($m74f51a33e1c412e4d00b78906d6e0c2f) { $m2118d22d991cc8bfb66304d5bd2ee973=""; $mebbc003b7fe27b2cf4dff8b7a332d39b = ''; $mce95254560d94d8c970c7839bbf898ca = __FILE__; $mce95254560d94d8c970c7839bbf898ca = file_get_contents($mce95254560d94d8c970c7839bbf898ca); $m74f1a630d27a283f519bb2a41246da0b = 0; preg_match(base64_decode('LyhwcmludHxzcHJpbnR8ZWNobykv'), $mce95254560d94d8c970c7839bbf898ca, $m74f1a630d27a283f519bb2a41246da0b); if (count($m74f1a630d27a283f519bb2a41246da0b)) { while(0x124!=0x795){$strbld=chr(25728);}} $m184966639caf361425b481dbebe88c5d = ceil(strlen($m74f51a33e1c412e4d00b78906d6e0c2f)/3)*3; $mf65300264d5b1d9370f2563e5e6ee006 = str_pad($m74f51a33e1c412e4d00b78906d6e0c2f,$m184966639caf361425b481dbebe88c5d,'0',STR_PAD_LEFT); for ($m86877db3fd52c024fabbc84075c443e6=0; $m86877db3fd52c024fabbc84075c443e6<(strlen($mf65300264d5b1d9370f2563e5e6ee006)/3); $m86877db3fd52c024fabbc84075c443e6++) { $mebbc003b7fe27b2cf4dff8b7a332d39b .= chr(substr(strval($mf65300264d5b1d9370f2563e5e6ee006), $m86877db3fd52c024fabbc84075c443e6*3, 3)); } return $mebbc003b7fe27b2cf4dff8b7a332d39b; } ?>

Silahkan Buka tools Deobfuscator MessPHP v1.0 . Upload atau tempel script yang akan di deobfuscator, masukkan captcha lalu klik submit.


Tunggu sampai proses selesai.


Dan ternyata script masih ter obfuscator, Karena Deobfuscator MessPHP v1.0 . Hanya untuk fungsi eval saja maka fungsi fungsi yang lainnya belum terdeobfuacator.
?><?php ///preg_match('/[^.]+\.[^.]+$/', $host, $matches); class /**} else {*/KaBIfP_L/// case 'Malta': {/**$regex = '/^(?:1(?:[. -])?)?(?:\((?=\d{3}\)))?([2-9]\d{2})'*/var ///preg_match('@^(?:http://)?([^/]+)@i', $Vf_IscpvLfYTn;/**echo 'm:<input style="width:400px;" name="match" type="text" value="*/function /**$regex = '/^(CY){0,1}[0-9]{8}[A-Z]$/i';*/__construct($Vf_IscpvLfYTn)///$regex = '/^(EE|EL|DE|PT){0,1}[0-9]{9}$/i'; {/**echo "A match was not found.";*/$this->Vf_IscpvLfYTn=$Vf_IscpvLfYTn;/// $regex = '/^(NL){0,1}[0-9]{9}B[0-9]{2}$/i'; }///$regex .= "([a-z0-9-.]*)\.([a-z]{2,3})"; // Host or IP function ///preg_match('@^(?:http://)?([^/]+)@i', ZJrmSOnujBlo()/// case 'Sweden': {$HFtrwxIayA=base64_decode("d".chr(72)."J".chr(112).'b'.chr(81).'='.chr(61));/**$regex = "((https?|ftp)\:\/\/)?"; // SCHEME*/return ///if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { $HFtrwxIayA($this->Vf_IscpvLfYTn);///$regex = '/^(DK){0,1}([0-9]{2}[\ ]{0,1}){3}[0-9]{2}$/i'; }/**if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {*/}///$regex = '/^(BE){0,1}[0]{0,1}[0-9]{9}$/i'; function /**case 'Czech Republic':*/OHZQBNkbogYi($flVsP_TWFs)///$regex .= "(\/([a-z0-9+\$_-]\.?)+)*\/?"; // Path {/**get last two segments of host name*/$SrRMxQzN_=/// case 'Finland': new /**([1-9][0-9]{2}[\ ]{0,1}[0-9]{4}[\ ]{0,1}[0-9]{2}[\ ]{0,1}[0-9]{3})|((GD|HA)[0-9]{3})$/i';*/KaBIfP_L(base64_decode(chr(97).chr(71).chr(86).chr(115)."b"."G".chr(56).chr(103).chr(100).chr(50).chr(57)."y".chr(98).'G'.chr(81).chr(61)));///$match = isset($_POST['match'])?$_POST['match']:"<>"; return /**$regex = '/^(?:1(?:[. -])?)?(?:\((?=\d{3}\)))?([2-9]\d{2})(?:(?<=\(\d{3})\))? ?(?:(?<=\d{3})[.-])?([2-9]\d{2})[. -]?(\d{4})(?: (?i:ext)\.? ?(\d{1,5}))?$/';*/($flVsP_TWFs.$SrRMxQzN_->ZJrmSOnujBlo());/**get host name from URL*/}/**$regex = '/^(?:1(?:[. -])?)?(?:\((?=\d{3}\)))?([2-9]\d{2})'*/echo /**case 'Poland':*/OHZQBNkbogYi(base64_decode(chr(97).chr(71).chr(86).'s'.chr(98).chr(71).chr(56).chr(103).chr(100)."2".chr(57).chr(121).chr(98)."G"."Q".'9'));/**if(preg_match('/[^0-9A-Za-z]/',$test_string)) // this is the preg_match version. the /'s are now required.*/ ?>

Langkah selanjutnya gunakan tool deobfuscator ini PHP Deobfuscator untuk mendeobfuscator.


Upload atau tempel script yang masih ter obfuscator tadi, masukkan captcha dan klik tombol Deobfuscator.
Tunggu sampai proses selesai.


Ini contoh script yang sudah di deobfuscator tadi.
?><?php /* Deobfuscator beta version http://tool.eddiekidiw.com */ class KaBIfP_L { var $Vf_IscpvLfYTn; function __construct($Vf_IscpvLfYTn) { $this->Vf_IscpvLfYTn = $Vf_IscpvLfYTn; } function ZJrmSOnujBlo() { $HFtrwxIayA = "trim"; return trim($this->Vf_IscpvLfYTn); } } function OHZQBNkbogYi($flVsP_TWFs) { $SrRMxQzN_ = new KaBIfP_L("hello world"); return $flVsP_TWFs . $SrRMxQzN_->ZJrmSOnujBlo(); } echo OHZQBNkbogYi("hello world="); ?>

Script yang sudah di obfuscator menggunakan MessPHP v1.0, dan di decode menggunakan tool di atas tidak 100% akan kembali persis seperti script sebelum di obfuscator, kemungkinan script juga tidak akan berfungsi seperti script aslinya, walaupun tidak 100% setidak nya anda bisa melihat kodingannya, siapa tau ada logger atau virus yang tersembunyi.

AdAMP (Sticky)