I can revert the code easily ;)
tbvinh opened this issue ยท 8 comments
#Edit the obfuscate file:
- Find the line: "$_();$_($_($_($))); $_____=$_();"
- Delete all to end of file
- Add some lines to see the original source code:
--------------------------------------
$source = base64_decode(gzuncompress(base64_decode($ )));
$idx = strpos($source, "eval(\$__)");
$orgSource = substr($source, $idx + 24);
echo "<br/>ORIGIN SOURCE<br/><pre> $orgSource </pre> <br/>";
---------------------------------------
Please see the php code at my gist:
https://gist.github.com/tbvinh/d3a833321b4ba7e292253aa5a76ef52e
Yes, within 5 minutes I figure it out too .. its just a "stupid base64 encode script"
Thanks for your suggestions! I appreciate this. Would you like to add more level of complexity and obfuscation? I'm more than happy to review any of your PRs you want to add here ๐ฅณ
Try this one https://github.com/pk-fr/yakpro-po
its a really good one, it rename functions, classes, variable in to random characters it also add a lot of goto statement to make it even more hard to read.
@MasterB0t How is Yak better and harder to decode? I assume you can tell us the difference and how it is better.
@2braincells2go sure,
This software use base64_encode and gzcompress to encode the php code you can use base64_decode and gzuncompress and you will get the original code. Those function are not to encode source code or obfuscate it, made it hard to understand.
Yakpro in other hard transform code, it rename variables, functions, class name, method into random characters so if you have a function something like this
function login($username,$password) { }
it turn it into
function dd30d0uj09r03uru30r03ur($odj0303ui0d3ur,$fj03j0j30jf30) {}
but also use the the goto statement so the code is not in order from line 1 to bottom ... you can read more about goto here
@MasterB0t Thank you for explaining! Makes perfect sense now:)
@tbvinh it works, it is just base64 encoding, it doesn't ofuscate anything
