Unobfuscate PHP Hack Code
Updated: March 23, 2010
In an attempt to avoid detection hackers sometimes obfuscate the PHP hack code that they insert into web pages. The web based service Base 64 Decoder can usually can unobfuscate eval(base64_decode code and the web based service eval gzinflate base64_decode PHP Decoder can usually can unobfuscate eval(gzinflate(base64_decode code to see what the actual code is. It is also fairly easy to unobfuscate the obfuscated code on your own web server. You do need to carefully follow the process, because if you do not fully neutralize the code could execute your computer. Depending on what the hack code does, this could be harmless or could cause your computer to get hacked. The code may have been obfuscated multiple times so you may have to repeat the process multiple times.
- Open a new text file in a text editor.
- Copy the PHP code into the file.
- Replace all instances of "eval" in the code with "print". This is the step necessary to neutralize the code, so make sure to do it carefully.
- Save the text file with a .php extension.
- Upload the file to a web server that can handle PHP files.
- Open the web page in a web browser, the unobfuscated code will be displayed.
