1

I decode some of my ionCube encoded PHP pages but it contain code with obfuscated PHP function names:

Example :

_obfuscate_DRYWMSUQDzIXCSohIQMqCz0NJiIUBSIÿ("Location: error.php");

this is the code for header function.

header("Location: error.php");

can you anyone please explain me how to this deobfuscate this code ?

Improve this question
6
  • 1
    possible duplicate of Decode obfuscated PHP source code Commented Mar 31, 2015 at 9:20
  • Ask who ever obsficated it in the first place Commented Mar 31, 2015 at 9:29
  • seems like this one is different, cuz this has no '\' or numbers @d4v1d :/ Commented Mar 31, 2015 at 9:36
  • @Dagon : it'll be my first thing, if I know the person ... unfortunately it done by one of past employer here :/ Commented Mar 31, 2015 at 9:38
  • @SasithMaduranga - but you'll have backups and version control of the original source, right? :) Encoding is great for licensing code, and useful by organsations needing to ensure that live code isn't tinkered with by developers bypassing strict change control procedures, but if you only have protected sources then something sounds seriously wrong with your management and development practise. Commented Apr 18, 2015 at 10:26

1 Answer 1

Reset to default
-2

Obfuscation is designed to be irreversible - if there was a method to easily reverse the obfuscation then using obfuscation would be pointless. Think of it as hashing the function name -- although it may be possible to bruteforce the original names, you'll have to put some serious effort into it, including:

  • Find out which hashing algorithm is used
  • Get the used obfuscation key (which was specified during the encoding)
  • Bruteforce every single function name, starting from a() to my_function_name_that_does_something()

As indicated in the comments, your only realistic chance at retrieving the original source code is to contact the original developer. You wouldn't expect to gain the original source code from a binary file compiled from C code, would you?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

ugh. so how PHP Processor know which function is this obfuscation statement ?
@SasithMaduranga They don't - all functions inside the project are hashed to the same obfuscated name, they don't need to know the actual function name. This breaks things like variable variables ($$var) and eval(), but these things shouldn't be used any way in "good code". System functions should still be unobfuscated and readable however, as far as I'm aware.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.