motebaya · September 2, 2022 12:55
diff --git a/dclean.php b/dclean.php
 <?php

 /// just for extract phar compiler
 function extractPhar($file){
 	(new Phar($file))->extractTo(__DIR__);
 }

 // check argc
 if (count($argv) < 2) {
 	die("usage: decode.php <file.php>");
 } else {
 	$filename = $argv[1];
 	goto start_decode;
 }

 // main decode
 start_decode:
 $code = file_get_contents($filename);

 // take and save unique class
 $class = explode("));class", $code);
 file_put_contents("rclass.php", "<?php\nclass" . $class[1]);
 $code = $class[0] . "));";

 // evals
 $evals = explode("eval(", $code, 4);
 include "rclass.php";

 // decode type gzinflate/gzip
 $init = "\$" . explode("\$", $evals[1])[1];
 eval($init);

 ob_start();
 eval("print(" . substr($evals[2], 0, -1) . ";");
 $func = ob_get_clean();

 eval(str_replace("return eval", "print", $func));

 $eve2 = explode("^eval(", $evals[3]);
 ob_start();
 eval("print(" . $eve2[0] . ";");
 $func2 = ob_get_clean();

 // loop get last func
 while (true) {
 	if ($index = strpos($func2, "eval(")) {
 		ob_start();
 		eval("print" . substr($func2, $index + 4));
 		$func2 = ob_get_clean();
 		if (strpos($func2, "goto")) {
 			break;
 		}
 	} else {
 		break;
 	}
 }

 eval(str_replace("__FILE__", "\"{$filename}\"", $func2));
 ob_start();
 eval("print(" . explode(")^\$", $eve2[1])[0] . ");");
 $func3 = ob_get_clean();

 ob_start();
 eval("print" . substr($func3, strpos($func3, "eval(") + 4));
 $last = ob_get_clean();

 // save last 
 ob_start();
 eval($last);
 $result = "<?php\n" . trim(ob_get_clean());
 print $result;
 file_put_contents("de_{$filename}", $result);
	<?php

	/// just for extract phar compiler
	function extractPhar($file){
	(new Phar($file))->extractTo(__DIR__);
	}

	// check argc
	if (count($argv) < 2) {
	die("usage: decode.php <file.php>");
	} else {
	$filename = $argv[1];
	goto start_decode;
	}

	// main decode
	start_decode:
	$code = file_get_contents($filename);

	// take and save unique class
	$class = explode("));class", $code);
	file_put_contents("rclass.php", "<?php\nclass" . $class[1]);
	$code = $class[0] . "));";

	// evals
	$evals = explode("eval(", $code, 4);
	include "rclass.php";

	// decode type gzinflate/gzip
	$init = "\$" . explode("\$", $evals[1])[1];
	eval($init);

	ob_start();
	eval("print(" . substr($evals[2], 0, -1) . ";");
	$func = ob_get_clean();

	eval(str_replace("return eval", "print", $func));

	$eve2 = explode("^eval(", $evals[3]);
	ob_start();
	eval("print(" . $eve2[0] . ";");
	$func2 = ob_get_clean();

	// loop get last func
	while (true) {
	if ($index = strpos($func2, "eval(")) {
	ob_start();
	eval("print" . substr($func2, $index + 4));
	$func2 = ob_get_clean();
	if (strpos($func2, "goto")) {
	break;
	}
	} else {
	break;
	}
	}

	eval(str_replace("__FILE__", "\"{$filename}\"", $func2));
	ob_start();
	eval("print(" . explode(")^\$", $eve2[1])[0] . ");");
	$func3 = ob_get_clean();

	ob_start();
	eval("print" . substr($func3, strpos($func3, "eval(") + 4));
	$last = ob_get_clean();

	// save last
	ob_start();
	eval($last);
	$result = "<?php\n" . trim(ob_get_clean());
	print $result;
	file_put_contents("de_{$filename}", $result);