De-Scrambler for obfuscated PHP code

Posted by: admin  :  Category: PHP, Programming, Scripting, Security

Thinking about security risks of obfuscated PHP code found in some freely available PHP scripts and WordPress themes, I wrote a quick’n’dirty De-Scrambler.

The De-Scrambler tries to reveal the source code behind obfuscated block like these:

<? eval(gzinflate(str_rot13(base64_decode(‘DZe3DsTWEV —-shortened—- Z9//g8=’)))); ?>

The De-Scrabmler works on obfuscated blocks containing eval()’ed code created through gz_deflate(), base64_encode() and str_rot13() functions.

It’s very simple to use even for non-pro’s. Just copy-paste the scrambled text block into the form and let the De-Scrambler do the rest.

Sample view of scrambled code in a WordPres Theme:

wp_theme_editor

Comments are closed.