Deobfuscating PHP scripts with evalhook
by
Join the DZone community and get the full member experience.
Join For FreeJust a quick note - Similar to my previous approach in JavaScript Stefan Esser from Month of PHP Security successfully tried to deobfuscate a PHP script today.
He developed a PHP extension called evalhook that, well, hooks into eval()calls in PHP, displays a code to be executed and asks for a confirmation to run it. That way all user space PHP obfuscators (usually called encoders) are pointless - so please don't use them to protect your script from being seen.
Funny thing is that Stefan took the same way as me to deobfuscate a code written in a dynamic language - just hook into eval() and you're done. It's THAT simple.
Go ahead and read more on decoding a user space PHP script.
He developed a PHP extension called evalhook that, well, hooks into eval()calls in PHP, displays a code to be executed and asks for a confirmation to run it. That way all user space PHP obfuscators (usually called encoders) are pointless - so please don't use them to protect your script from being seen.
Funny thing is that Stefan took the same way as me to deobfuscate a code written in a dynamic language - just hook into eval() and you're done. It's THAT simple.
Go ahead and read more on decoding a user space PHP script.
PHP
Published at DZone with permission of Krzysztof Kotowicz , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments