search

pk-fr / yakpro-po

YAK Pro - Php Obfuscator
http://www.php-obfuscator.com
Other
1.3k stars 368 forks source link

Help to decode this code #119

Open xoceunder opened 9 months ago

xoceunder commented 9 months ago

Help to decode this code

goto b90ea5151ac67729b14c9b1822dc162a; D3aa631f1fe7217217f3893fc45c3f43: $b7eaa095f27405cf78a432ce6504dae0 = $_SERVER["\x52\x45\115\117\x54\105\137\x41\104\x44\122"]; goto Cf1a44bb5bdae788fe6a2b66373affd0; b90ea5151ac67729b14c9b1822dc162a: set_time_limit(0); goto b34071cd8224bd806c9a2e686173303b; B4d0c2c01a529bb6b69bed40e0845fd7: Ac1a81228acfbd324b64ee30148afd1f: goto Bfd6964984b7d4b31ae435f1dd3dbf71; c31605b4c573994382021ca01630adec: cd5f291f17fc89d840f4f69783ef81c8: goto B7454738eb37658b7db7dc14ed9b2c5c;

@pk-fr

KminekMatej commented 9 months ago

Thats impossible without knowing context. Context is generated during obfuscation process and located in output directory/context folder (set of serialized files)

gab12 commented 8 months ago

`<?php // Set unlimited execution time set_time_limit(0);

// Retrieve the value of the REMOTE_ADDR key from the $_SERVER array $remoteAddr = $_SERVER["REMOTE_ADDR"];

// Check if the IP address is set if (!empty($remoteAddr)) {

// ... (the rest of the code after the check)

}

// Continue with the rest of the code

// ...

`

sedimentation-fault commented 7 months ago

@gab12 I would say that this is pure hallucination on the part of the chatbot you used to produce this piece of onstensibly "unobfuscated" code. This is just some code that (maybe) bears some similarity in structure with the obfuscated one - but that's all. It's not the deobfuscated version of the code in question, because there are probably infinite many unobfuscated originals that could lead to that obfuscated example.

Don't take everything a chatbot throws to you as Pure Truth. A lot of times, it will just create an answer, that looks true - but is not.

xoceunder commented 4 months ago

@gab12 How can I make this reversible?

xoceunder commented 1 month ago

Could you help me achieve my goal since I have several files to decode? @gab12 @pk-fr

xoceunder commented 1 month ago

Could you help me if I'm doing well with being able to make Riversa have the obfuscated code?

function reverse_obfuscate($filename) // takes a file_path as input, returns the corresponding obfuscated code as a string { global $conf; global $parser,$traverser,$prettyPrinter; global $debug_mode;

$src_filename = $filename;
$tmp_filename = $first_line = '';
$t_source = file($filename);
if (substr($t_source[0],0,2)=='#!')
{
    $first_line = array_shift($t_source);
    $tmp_filename = tempnam(sys_get_temp_dir(), 'po-');
    file_put_contents($tmp_filename,implode(PHP_EOL,$t_source));
    $filename = $tmp_filename; // override
}

try
{
    $source = php_strip_whitespace($filename);
    fprintf(STDERR,"Obfuscating %s%s",$src_filename,PHP_EOL); 
    //var_dump( token_get_all($source));    exit;
    if ($source==='')
    {
        if ($conf->allow_and_overwrite_empty_files) return $source;
        throw new Exception("Error obfuscating [$src_filename]: php_strip_whitespace returned an empty string!");
    }
    try
    {
        $stmts  = $parser->parse($source);  // PHP-Parser returns the syntax tree 
    }
    catch (PhpParser\Error $e)                              // if an error occurs, then redo it without php_strip_whitespace, in order to display the right line number with error!
    {
        $source = file_get_contents($filename);
        $stmts  = $parser->parse($source);
    }
    if ($debug_mode===2)                                    //  == 2 is true when debug_mode is true!
    {
        $source = file_get_contents($filename);
        $stmts  = $parser->parse($source);
    }
    if ($debug_mode) var_dump($stmts);

    $stmts  = $traverser->traverse($stmts);                 //  Use PHP-Parser function to 

    $code   = trim($prettyPrinter->prettyPrintFile($stmts));            //  Use PHP-Parser function to output the obfuscated source, taking the modified obfuscated syntax tree as input

    if (isset($conf->strip_indentation) && $conf->strip_indentation)    // self-explanatory
    {
        $code = remove_whitespaces($code);
    }
    $endcode = substr($code,6);//?<?php

    $code  = '<?php'.PHP_EOL;
    $code .= $conf->get_comment();                                          // comment obfuscated source
    if (isset($conf->extract_comment_from_line) && isset($conf->extract_comment_to_line) )
    {
        $t_source = file($filename);
        for($i=$conf->extract_comment_from_line-1;$i<$conf->extract_comment_to_line;++$i) $code .= $t_source[$i];
    }
    if (isset($conf->user_comment))
    {
        $code .= '/*'.PHP_EOL.$conf->user_comment.PHP_EOL.'*/'.PHP_EOL;
    }
    $code .= $endcode;

    if (($tmp_filename!='') && ($first_line!=''))
    {
        $code = $first_line.$code;
        unlink($tmp_filename);
    }

    return trim($code);
}
catch (Exception $e)
{
    fprintf(STDERR,"Obfuscator Parse Error [%s]:%s\t%s%s", $filename,PHP_EOL, $e->getMessage(),PHP_EOL);
    return null;
}

}

@gab12 @pk-fr