Skip to content

Instantly share code, notes, and snippets.

@motebaya

motebaya/reg_vars.php

Created June 12, 2023 11:29
Show Gist options
  • Save motebaya/27ad27effafbfc899ed95d9f82d1a74d to your computer and use it in GitHub Desktop.
Save motebaya/27ad27effafbfc899ed95d9f82d1a74d to your computer and use it in GitHub Desktop.
Download ZIP
php script for replace func, class, and vars name to readable word
Raw
reg_vars.php
<?php
/*
replace all fuc, vars, and class name to readable word
credit: github.com/motebaya a.k.a mochino
Change: 2023-03-17 19:41:39.631431600 +0700
*/
include "../vendor/autoload.php";
use PhpParser\Node;
use PhpParser\ParserFactory;
use PhpParser\NodeVisitorAbstract;
use PhpParser\NodeTraverser;
function load_word()
{
if (file_exists('word.txt')) {
$words = array_unique(preg_split(
'/\r\n|\r|\n/',
file_get_contents(
"word.txt"
)
));
shuffle($words);
return $words;
} else {
die("file: word.txt nothing!");
}
}
function _rename($file)
{
// rename with token_get_all: arg1 file
$code = file_get_contents($file);
$tokens = token_get_all($code);
$globals = array('$GLOBALS', '$_SERVER', '$_GET', '$_POST', '$_FILES', '$_COOKIE', '$_SESSION', '$_REQUEST', '$_ENV', '$this', '__construct');
$replace = [];
foreach ($tokens as $key => $token) {
if (is_array($token)) {
switch ($token[0]) {
case T_VARIABLE:
$vars = $tokens[$key][1];
if (!in_array($vars, $replace)) {
if (!in_array($vars, $globals)) {
$replace[] = $vars;
} else {
$names = "\$this->" . $tokens[$key + 2][1];
if (!in_array($names, $replace)) {
$replace[] = $names;
}
}
}
break;
case T_FUNCTION:
$name = $tokens[$key + 2][1];
if (!in_array($name, $globals)) {
$replace[] = $name;
}
break;
case T_CLASS:
$string = $tokens[$key + 2][1];
if (!in_array($string, $replace)) {
$replace[] = $string;
}
break;
}
}
}
$i = 0;
$words = load_word();
foreach ($replace as $rep) {
$code = preg_replace('/' . str_replace('$', '', $rep) . '/i', $words[$i], $code);
$i++;
}
print $code;
}
// replace all func, class, and vars with readable word
function _rename_regex($file, $yakpro = false)
{
// search all with regex: arg1 file
$random_words = load_word();
$code = file_get_contents($file);
// get all function name with format, 'function funcname'
if (preg_match_all('/(?<=function\s)(.*?)(?=\()/i', $code, $func)) {
// print_r($func);
// die;
$i = 0;
$internal = get_defined_functions()['internal']; // store internal/builtin function e.g explode and other
// get all variable name with format, '$variable '
if (preg_match_all('/\$[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*/i', $code, $vars)) {
// get all class name with format, 'class classname'
if (preg_match_all('/(?<=class\s)\w+/i', $code, $class) || [null]) {
// merger all
foreach (array_merge($vars[0], $func[0], $class[0]) as $rep) {
if ($yakpro) {
// yakpro just have 5 length of var, func, and class name for reduce size obfuscation
if (strlen($rep) == 5 && !in_array($rep, $internal)) {
if (!in_array($rep, $class[0])) {
$code = preg_replace("/{$rep}\(/i", $random_words[$i] . "(", $code);
$i++;
} else {
$code = preg_replace("/{$rep}/i", $random_words[$i], $code);
$i++;
}
} else {
if (strlen($rep) == 6 && $rep[0] == '$') {
$code = preg_replace('/\\' . $rep . '/', "\$" . $random_words[$i], $code);
$i++;
}
}
} else {
// print $rep . "\n";
if (!in_array($rep, $class[0])) {
if ($rep[0] != '$') {
if (!in_array($rep, $internal)) {
$code = preg_replace("/{$rep}\(/i", $random_words[$i] . "(", $code);
$i++;
} else {
$code = preg_replace("/{$rep}/i", $random_words[$i], $code);
$i++;
}
} else {
$code = preg_replace('/\\' . $rep . '/', "\$" . $random_words[$i], $code);
$i++;
}
}
}
}
}
}
print $code;
} else {
die('nothing func detected!');
}
}
// replace all func and vars to readable word with phpparser
class get_replaced extends NodeVisitorAbstract
{
public $result;
public $internal;
public function __construct()
{
$this->result = [];
$this->internal = get_defined_functions()['internal'];
}
public function enterNode(Node $node)
{
// get all var, fun, method call with ast
if ($node instanceof PhpParser\Node\Expr\FuncCall || $node instanceof PhpParser\Node\Expr\MethodCall || $node instanceof PhpParser\Node\Stmt\Function_ || $node instanceof PhpParser\Node\Stmt\CLass_ || $node instanceof PhpParser\Node\Stmt\ClassMethod) {
$funcname = $node->name;
if (property_exists($funcname, 'toString')) {
$funcname = $funcname->toString();
}
if (!in_array($funcname, $this->internal)) {
$this->result[] = $funcname;
}
}
if ($node instanceof PhpParser\Node\Expr\Variable) {
$varnames = $node->name;
if (property_exists($varnames, 'name')) {
$varnames = (string)$varnames->name;
}
$this->result[] = $varnames;
}
}
}
if (count($argv) < 3) {
die("usage: rename <file> <mode>\ne.g: php rename.php file.php --token");
} else {
switch ($argv[2]) {
case '--with-token':
_rename($argv[1]);
break;
case '--with-ast':
$code = file_get_contents($argv[1]);
$mynode = new get_replaced;
$traverse = new NodeTraverser;
$traverse->addVisitor($mynode);
$traverse->traverse((new ParserFactory
)->create(ParserFactory::PREFER_PHP7)->parse($code));
$x = 0;
$words = load_word();
$replace = array_unique($mynode->result);
foreach ($replace as $rep) {
if ($rep != '__construct' && !in_array($rep, $mynode->internal)) {
$code = preg_replace('/' . $rep . '/i', $words[$x], $code);
$x++;
}
}
print $code;
break;
case '--with-regex':
_rename_regex($argv[1]);
break;
}
}
// print $code;
// _rename("tes_func.php");
// _rename_regex("deob_i.php");
// _rename("deob_i.php");
// _rename("tes_func.php");
@motebaya
Copy link
Author

get readable word: https://gist.github.com/motebaya/f0e99dd799e46a5bc2f405a44cc94df7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment