Thursday, February 2, 2023
HomeWordPress DevelopmentDeobfuscate a sourcecop protected wp plugin

Deobfuscate a sourcecop protected wp plugin


I got here up with a single (linux) terminal command to cope with this. Logic is to only change eval( code_to_eval ) in obfuscated php information to file_put_contents( __FILE__, code_to_eval ). A minimum of that labored for me (my problematic plugin was “Wishlist 1Click Registration” by “HappyPlugins”). Here is the command:

grep -irl --include *.php "eval(.*);" . | xargs -i sh -c "echo {}; sed -i 's/eval((.*));/file_put_contents(__FILE__,1);/g' {}" | xargs -i sh -c "echo {}; php {} > /dev/null || true; sed -i '1s/^?>//g' {}"

What the command does:

  • will get all .php information in present listing (must cd to plugin root listing) that include eval() in them,
  • replaces all eval( code ) with file_put_contents( __FILE__, code ),
  • executes these information with php (must have php out there from command line) – this runs all file_put_contents() statements and replaces all present obfuscated code in .php file with no matter was handed to eval().
  • removes ?> from starting of every of these information afterwards – it was used for eval code to work for some cause, however now it could simply echo “?>” to browser, which we do not want.

Afterwards, you may as well in all probability delete the “scopbin” folder in plugin’s root – it incorporates one, now unused, .php file.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments