FOPO PHP Deobfuscator ver. 0.1

Run Settings
Language Version
Run Command
<?php /* FOPO PHP Deobfuscator script Description: Deobfuscator script for FOPO PHP obfuscated files Author: Antelox Version: 0.1 Date: 04/28/2016 Coded by Antelox Twitter: @Antelox UIC R.E. Academy - Copyright (C) 2016 - MIT License *PHP script version* Online version: This code works fine for the last version of FOPO PHP Obfuscator. Since no version number is present on the FOPO Homepage, I cannot report it here. Test date: 04/28/2016 For older versions you can take a look here: - (v 1.0 from which I got the idea) - (v. 1.2) If it doesn't work in the future, please send me an email at anteloxrce(at)gmail(dot)com and I'll will try to update the script quickly. Otherwise, fork it and make appropriate changes. =) */ $contents = file_get_contents($argv[1]); if (preg_match('/Obfuscation provided by FOPO - Free Online PHP Obfuscator:/',$contents) === 0) { echo "*ERROR: Provided a PHP script not obfuscated with FOPO PHP Obfuscator!"; exit; } $eval = explode('(',$contents); //$base64 = base64 encoded block inside obfuscated PHP script $base64 = explode('"',$eval[3]); $i1 = explode("eval",base64_decode($base64[1])); //there is a ternary operator at this point "?:" -> (condition) ? (expr for TRUE) : (expr 4 FALSE) //the right data block to be decoded is the second one, that is the data block relative to ":" (FALSE) $i2 = explode(":",$i1[1]); $i3 = explode("\"",$i2[1]); #$i3[1] = data block passed to decoding chain: gzinflate(base64_decode(str_rot13($i3[1]))) //Here final steps with n recursive encoded layers: gzinflate(base64_decode(str_rot13(datablock))) //First layer here $encodedlayer = gzinflate(base64_decode(str_rot13($i3[1]))); //n-1 remaining layers inside while loop below while (!preg_match('/\/\/\$[a-z0-9]{8}\=\"/',$encodedlayer)) { $dl = explode("(\"",$encodedlayer); $nextlayer = gzinflate(base64_decode(str_rot13($dl[1]))); $encodedlayer = $nextlayer; } //here $final[1] variable contains deobfuscated PHP code :D $final = explode("?>",$encodedlayer); echo $final[1]; ?>
//Paste FOPO PHP Obfuscated file content here, then press "Run"
Editor Settings
Key bindings
Full width