Skip to Main Content

Deobfuscate PHP Hack Code

Updated: June 10, 2013

In an attempt to avoid detection hackers sometimes obfuscate the PHP hack code that they insert into files. The tool below supports deobfuscating code that uses eval(base64_decode(, eval(gzinflate(base64_decode(, eval(gzuncompress(base64_decode(, eval(gzinflate(str_rot13(base64_decode(, eval(gzinflate(base64_decode(str_rot13( for obfuscation, Hex, and others. In the Obfuscated Data box input only the obfuscated data and not the surrounding functions, so if the full code was eval(base64_decode('ZXhhbXBsZQ=='); you would only input ZXhhbXBsZQ== into the Obfuscated Data box.

Add the ability to submit data to this tool from web browser's contextual menu with our extension for Firefox and Chrome.

Obfuscation Type:

Obfuscated Data:

It is also fairly easy to deobfuscate the obfuscated code on your own web server. You do need to carefully follow the process, because if you do not fully neutralize the code could execute your computer. Depending on what the hack code does, this could be harmless or could cause your computer to get hacked. The code may have been obfuscated multiple times so you may have to repeat the process multiple times.

  1. Open a new text file in a text editor.
  2. Copy the PHP code into the file.
  3. Replace all instances of "eval" in the code with "print" or "echo". This is the step necessary to neutralize the code, so make sure to do it carefully.
  4. Save the text file with a .php extension.
  5. Upload the file to a web server that can handle PHP files.
  6. Open the web page in a web browser, the deobfuscated code will be displayed.