This Python script decodes obfuscated PHP code that has been encoded using Base64, compressed with zlib, and had a character shift applied. It extracts and deciphers such encoded strings found within a given PHP file.
- Detects obfuscated PHP code containing Base64 encoded, zlib compressed, and character-shifted strings.
- Decodes and decompresses the extracted strings.
- Identifies PHP function names present in the file.
- Saves the decoded output to a text file.
- Python 3.x
Clone the repository and navigate to the project directory:
git clone https://github.com/0xWhoknows/php-obfuscation-decoder.git
cd php-obfuscation-decoderRun the script and provide the path to the PHP file when prompted:
python main.pyEnter the PHP file path: obfuscated.php
Found functions: ['decode_function']
Potential encoded strings found: [('decode_function', 'eJzT0yMAAGTvBe8=')]
Decoding from function: decode_function
Decoded Result:
<?php echo "Hello, World!"; ?>
Decoded result saved to decoded_output.txt
The decoded result will be saved in a file named decoded_output.txt.
This project is open-source and available under the MIT License.
Feel free to submit pull requests or report issues.
Use this tool responsibly. It is intended for ethical and educational purposes only.