/ Web Dev Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Deobfuscating PHP scripts with evalhook

DZone's Guide to

Deobfuscating PHP scripts with evalhook

by
·
Jul. 11, 11 · Web Dev Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Deploying code to production can be filled with uncertainty. Reduce the risks, and deploy earlier and more often. Download this free guide to learn more. Brought to you in partnership with Rollbar.

Just a quick note - Similar to my previous approach in JavaScript Stefan Esser from Month of PHP Security successfully tried to deobfuscate a PHP script today.

He developed a PHP extension called evalhook that, well, hooks into eval()calls in PHP, displays a code to be executed and asks for a confirmation to run it. That way all user space PHP obfuscators (usually called encoders) are pointless - so please don't use them to protect your script from being seen.

Funny thing is that Stefan took the same way as me to deobfuscate a code written in a dynamic language - just hook into eval() and you're done. It's THAT simple.

Go ahead and read more on decoding a user space PHP script.

Deploying code to production can be filled with uncertainty. Reduce the risks, and deploy earlier and more often. Download this free guide to learn more. Brought to you in partnership with Rollbar.

Like This Article? Read More From DZone

The Top 8 Things We Learned From the QA Team at America's Test Kitchen
AI Is Here — June Recap
Welcome to the Future of Hospitality, Powered by IoT

Free DZone Refcard

Node.js
DOWNLOAD
Topics:

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Web Dev Partner Resources

App-centric Monitoring Alternatives to New Relic
Prezi on Building an Incident Log to Resolve Issues Faster
DoorDash's Strategy for Monitoring Code from End to End
How Instacart Improves User Experiences and Reduces Mean-Time-to-Resolve (MTTR)
How Developers Close the User Experience Loop
Top 10 JavaScript Errors and How to Avoid Them

Web Dev Partner Resources

App-centric Monitoring Alternatives to New Relic
Prezi on Building an Incident Log to Resolve Issues Faster
DoorDash's Strategy for Monitoring Code from End to End
How Instacart Improves User Experiences and Reduces Mean-Time-to-Resolve (MTTR)

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone