How to decode the obfuscated PHP code

How to decode the obfuscated PHP code

If for some reason you have to troubleshoot the fiile or plugin with obfuscated code like this one
wp_register_script("\155\x6f\x76\x75\x6d", po_URL . "\x69\156\x63\154\x75\x64\145\163\57\152\x73\57\x75\x6d\162\x65\x67\x2e\x6d\x69\x6e\56\152\163", array("\x6a\161\165\x65\x72\x79"));
wp_localize_script("\155\x6f\166\x75\155", "\155\x6f\x75\x6d\166\141\162", array("\163\151\x74\x65\x55\x52\x4c" => site_url(), "\x6f\x74\160\124\x79\160\145" => this->_otpType, "\x6e\157\156\x63\145" => wp_create_nonce(this->_nonce), "\x62\x75\x74\164\x6f\156\164\145\x78\164" => mo_(this->_buttonText), "\x66\x69\x65\154\x64" =>this->_otpType === this->_typePhoneTag ?this->_phoneKey : "\165\x73\x65\x72\x5f\145\155\141\x69\154", "\x69\155\147\125\122\114" => po_LOADER_URL));
wp_enqueue_script("\155\157\x76\165\x6d");

You can user service like this https://malwaredecoder.com/ to un-obfuscate the code.

As a result you will get this:

wp_register_script("po", po_URL . "includes/js/fake.min.js", array("jquery"));
wp_localize_script("po", "po", array("siteURL" => site_url(), "otpType" => this->_otpType, "nonce" => wp_create_nonce(this->_nonce), "buttontext" => mo_(this->_buttonText), "field" =>this->_otpType === this->_typePhoneTag ?this->_phoneKey : "user_email", "imgURL" => MOV_LOADER_URL));
wp_enqueue_script("movum");


Leave a Reply

Your email address will not be published.