Beberapa waktu lalu, saya menemukan script php yang diobfuscate beberapa kali. Berikut ini adalah cara men-deobfuscate script tersebut.

  • Langkah pertama adalah mengedit script tersebut pada bagian awal dan akhir sehingga formatnya seperti ini:
<?php
$_Y= ... echo(gzinflate(str_rot13(base64_decode($_Y))));?>
  • Lanjutkan dengan melakukan deobfuscate terhadap script tersebut dengan menjalankannya menggunakan php-cli:
% php -f NTqXJm8X > 0.php
  • Hasil dari perintah di atas akan disimpan pada file yang bernama 0.php. Buka file tersebut menggunakan teks editor, dan ubah bagian awalnya menjadi seperti ini:
?><? eval
  • Selanjutnya, kita akan menggunakan script berikut ini untuk men-deobfuscate berulang kali hingga menemukan script yang asli:
#!/usr/bin/bash

while $(grep -q 'eval' 0.php); do
    cat 0.php | sed 's/?><? eval/<?php echo/' | sed 's/?><?/?>/' > tmp.php
    php -f tmp.php > 0.php
    rm tmp.php
done

cat 0.php
  • Simpan script di atas dengan nama deobfu.sh, lalu jalankan seperti ini:
% ./deobfu.sh
  • Setelah berhasil men-deobfuscate, maka akan ditampilkan script yang asli serta disimpan pada file 0.php. Berikut ini adalah script asli setelah di-deobfuscate:
?>            <?php if($row5): ?>
            <div class="row5">
                <?php if($this->countModules('position-36')): ?>
                <div class="row5col1" <?php echo $row5colwidth; ?>>
                    <jdoc:include type="modules" name="position-36" style="xhtml"/>
                </div>
                <?php endif; ?>
                <?php if($this->countModules('position-37')): ?>
                    <?php if($row5sep1): ?>
                    <div class="sepleft_25"></div>
                    <?php endif; ?>
                <div class="row5col2" <?php echo $row5colwidth; ?>>
                    <jdoc:include type="modules" name="position-37" style="xhtml"/>
                </div>
                <?php endif; ?>
                <?php if($this->countModules('position-38')): ?>
                    <?php if($row5sep2): ?>
                    <div class="sepleft_25"></div>
                    <?php endif; ?>
                <div class="row5col3" <?php echo $row5colwidth; ?>>
                    <jdoc:include type="modules" name="position-38" style="xhtml"/>
                </div>
                <?php endif; ?>
                <?php if($this->countModules('position-39')): ?>
                    <?php if($row5sep3): ?>
                    <div class="sepleft_25"></div>
                    <?php endif; ?>
                <div class="row5col4" <?php echo $row5colwidth; ?>>
                    <jdoc:include type="modules" name="position-39" style="xhtml"/>
                </div>
                <?php endif; ?>
                <div class="clear"></div>
            </div>
            <?php endif; ?>
        </div>
        <!-- END OF COLUMN MAIN ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->


        <!-- COLUMN RIGHT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
        <?php if($showRightCol) : ?>
        <div id="colright">
            <?php if($this->countModules('position-0')): ?>
            <div id="search">
                <jdoc:include type="modules" name="position-0" />
            </div>
            <?php endif; ?>
            <?php if($this->countModules('position-45')): ?>
            <div class="row1">
                <jdoc:include type="modules" name="position-45" style="xhtml"/>
            </div>
            <?php endif; ?>
            <?php if($this->countModules('position-46')): ?>
            <div class="row2">
                <jdoc:include type="modules" name="position-46" style="xhtml"/>
            </div>
            <?php endif; ?>
            <?php if($this->countModules('position-7')): ?>
            <div id="colrightmenu">
                <jdoc:include type="modules" name="position-7" style="xhtml" />
            </div>
            <?php endif; ?>
            <?php if($this->countModules('whosonlineload')): ?>
            <div id="whosonline">
                <jdoc:include type="modules" name="whosonlineload" style="xhtml" />
            </div>
            <?php endif; ?>
            <?php if($this->countModules('position-47')): ?>
            <div class="row3">
                <jdoc:include type="modules" name="position-47" style="xhtml"/>
            </div>
            <?php endif; ?>
            <?php if($this->countModules('position-48')): ?>
            <div class="row4">
                <jdoc:include type="modules" name="position-48" style="xhtml"/>
            </div>
            <?php endif; ?>
            <?php if($this->countModules('position-49')): ?>
            <div class="row5">
                <jdoc:include type="modules" name="position-49" style="xhtml"/>
            </div>
            <?php endif; ?>
        </div>
        <?php endif; ?>
        <!-- END OF COLUMN RIGHT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
    </div>

    <div class="clear"></div>

    <!-- FOOTER ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
    <div id="footer">
        <?php if($footerRow1) : ?>
        <div class="row1">
            <?php if($this->countModules('position-50')): ?>
            <div class="row1col1" <?php echo $row1footerwidth; ?>>
                <jdoc:include type="modules" name="position-50" style="xhtml"/>
            </div>
            <?php endif; ?>
            <?php if($this->countModules('position-52')): ?>
                <?php if($frow1sep1): ?>
                <div class="sepleft_25"></div>
                <?php endif; ?>
            <div class="row1col2" <?php echo $row1footerwidth; ?>>
                <jdoc:include type="modules" name="position-52" style="xhtml"/>
            </div>
            <?php endif; ?>
            <?php if($this->countModules('position-53')): ?>
                <?php if($frow1sep2): ?>
                <div class="sepleft_25"></div>
                <?php endif; ?>
            <div class="row1col3" <?php echo $row1footerwidth; ?>>
                <jdoc:include type="modules" name="position-53" style="xhtml"/>
            </div>
            <?php endif; ?>
            <?php if($this->countModules('position-54')): ?>
                <?php if($frow1sep3): ?>
                <div class="sepleft_25"></div>
                <?php endif; ?>
            <div class="row1col4" <?php echo $row1footerwidth; ?>>
                <jdoc:include type="modules" name="position-54" style="xhtml"/>
            </div>
            <?php endif; ?>
            <div class="clear"></div>
        </div>
        <?php endif; ?>

        <div class="row2">
            <div id="footertrademark">
                <div id="trade">Copyright © <?php echo date('Y'); ?> <?php echo $app->getCfg('sitename'); ?></div>

                <!-- DO NOT REMOVE OR CHANGE THE CONTENT BELOW, THIS TEMPLATE MAY NOT WORK PROPERLY -->
                <!-- FOR MORE INFO SEE OUR COPYRIGHT NOTICE FOR FREE WEBSITE TEMPLATES: http://astemplates.com/terms.php -->

                <div id="ascopy">
                <a href="http://www.asdesigning.com/" target="_blank">
                    DESIGNED BY:  AS DESIGNING
                </a>
                </div>

                <!-- DO NOT REMOVE OR CHANGE THE CONTENT ABOVE, THIS TEMPLATE MAY NOT WORK PROPERLY -->
                <!-- FOR MORE INFO SEE OUR COPYRIGHT NOTICE FOR FREE WEBSITE TEMPLATES: http://astemplates.com/terms.php -->
            </div>
            <div id="footermenu">
                <jdoc:include type="modules" name="position-51" style="xhtml" />
            </div>
        </div>
    </div>
    <!-- END OF FOOTER ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->

</div>
</body><?

Sekian tutorial singkat ini, semoga bermanfaat. Terima kasih kepada Tuhan Yang Maha Esa, dan Anda yang telah membaca tutorial ini.

Tolong di bantu pecahkan om, Saya pecahkan kok jadinya error https://pastebin.com/raw/0Gq2SLKB

ini scriptnya:

<?php
date_default_timezone_set('Asia/Jakarta');
system("clear");

$t ="\n";
$r ="\t";

//warna
$br  = "\033[1;34m";
$tr  = "\033[1;36m";
$ijo = "\033[92m";
$pth = "\033[1;37m";
$pnk = "\033[1;35m";
$red = "\033[1;31m";
$kn  = "\033[1;33m";

$info = "antube";
#projek new

function defaul ($path,$post,$devid)
{
  $url  = "https://api.buzzbreak.news/$path";
  $h[]  = "voyager-api-key: p5DqGsYcOFucDadCvfWyjgrbk3Bs1RE1";
  $h[]  = "buzzbreak-api-key: p5DqGsYcOFucDadCvfWyjgrbk3Bs1RE1";
  $h[]  = "buzzbreak-client: android";
  $h[]  = "buzzbreak-device-id: $devid";
  $h[]  = "buzzbreak-locale: in_ID";
  $h[]  = "buzzbreak-app-version: 19";
  $h[]  = "content-type: application/json; charset=utf-8";
  $h[]  = "user-agent: okhttp/3.11.0";
  $curl = curl_init();
  curl_setopt_array($curl, array(
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_URL => $url,
      CURLOPT_TIMEOUT => 30,
      CURLOPT_POST => true,
      CURLOPT_POSTFIELDS => $post,
      CURLOPT_HTTPHEADER => $h,
      CURLOPT_PROXY => $proxy,
      CURLOPT_HEADER => true,
      CURLOPT_SSL_VERIFYPEER => true,
        ));
  $result = curl_exec($curl);
  curl_close($curl);
  return $result;
}

function post ($path,$post,$coki,$uid,$devid)
{
  $url  = "https://api.buzzbreak.news/$path";
  $h[]  = "Cookie: $coki";
  $h[]  = "voyager-api-key: p5DqGsYcOFucDadCvfWyjgrbk3Bs1RE1";
  $h[]  = "buzzbreak-api-key: p5DqGsYcOFucDadCvfWyjgrbk3Bs1RE1";
  $h[]  = "buzzbreak-client: android";
  $h[]  = "buzzbreak-device-id: $devid";
  $h[]  = "buzzbreak-account-id: $uid";
  $h[]  = "buzzbreak-locale: in_ID";
  $h[]  = "buzzbreak-app-version: 19";
  $h[]  = "content-type: application/json; charset=utf-8";
  $h[]  = "user-agent: okhttp/3.11.0";
  $curl = curl_init();
  curl_setopt_array($curl, array(
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_URL => $url,
      CURLOPT_TIMEOUT => 30,
      CURLOPT_POST => true,
      CURLOPT_POSTFIELDS => $post,
      CURLOPT_HTTPHEADER => $h,
      CURLOPT_PROXY => $proxy,
      CURLOPT_SSL_VERIFYPEER => true,
        ));
  $result = curl_exec($curl);
  curl_close($curl);
  return $result;
}

function gets ($path,$devid)
{
  $url  = "https://api.buzzbreak.news/$path";
  $h[]  = "voyager-api-key: p5DqGsYcOFucDadCvfWyjgrbk3Bs1RE1";
  $h[]  = "buzzbreak-api-key: p5DqGsYcOFucDadCvfWyjgrbk3Bs1RE1";
  $h[]  = "buzzbreak-client: android";
  $h[]  = "buzzbreak-device-id: $devid";
  $h[]  = "buzzbreak-locale: in_ID";
  $h[]  = "buzzbreak-app-version: 19";
  $h[]  = "content-type: application/json; charset=utf-8";
  $h[]  = "user-agent: okhttp/3.11.0";
  $curl = curl_init();
  curl_setopt_array($curl, array(
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_URL => $url,
      CURLOPT_TIMEOUT => 30,
      CURLOPT_HEADER => false,
      CURLOPT_HTTPHEADER => $h,
      CURLOPT_PROXY => $proxy,
      CURLOPT_PROXYUSERPWD => $proxyauth,
      CURLOPT_SSL_VERIFYPEER => true,
        ));
  $result = curl_exec($curl);
  curl_close($curl);
  return $result;
}

function clr($clr)
{
  @system("clear");
  echo $clr;
  sleep(3);
}

function cr()
{
  @system("rm -rf user");
}

@system("rm -rf user");
@system("git clone https://github.com/hidensystem/user");
@system('clear');

error_reporting(0);
require __DIR__ ."/user/setting.php";

$clr       = $buzz.$t.$ads.$warn.$t.$msg_buzz.$t;
$time_zone = "+01:00 +02:00 +03:00 +03:30 +04:00 +05:00 +05:30 +06:00 +07:00 +08:00 +09:00 +09:30 +10:00 +11:00 +12:00 -11:00 -10:00 -09:00 -08:00 -07:00 -06:00 -05:00 -04:00 -03:30 -03:00 -03:00 -01:00";
$host2     = "api-staging.partiko.io";
$file      = "/data/data/news.buzzbreak.android/shared_prefs/com.facebook.AccessTokenManager.SharedPreferences.xml";
$file2     = "/data/data/news.buzzbreak.android/shared_prefs/buzz_break.xml";

clr($clr);

//cek config
$cfg = "config.json";
if (file_exists($cfg)) {
  $config   = json_decode(file_get_contents($cfg),true);
  $devid    = $config["device_id"];
  $fb_token = $config["facebook_access_token"];
  $fb_id    = $config["facebook_user_id"];
} else {
  echo $pth."\t[ setting config ]".$t;
  echo $br."[1]=[ auto set".$red."[root]  ".$tr."[2]=[ manual ]".$t;
  $ops = readline($pth."[opsi[1/2]=] ");

  if ($ops == 1) {
    $auto_set = true;
  } elseif ($ops == 2) {
    $manual = true;
  } else {
    echo $kn."[error]=[ pilihan tidak ada ]".$t;
    cr();
    exit;
  }
}

if ($auto_set) {
  /* cek root user */
  if (posix_getuid() == 0) {
    echo $ijo."This is root #".$t;
  } else {
    echo $kn."This is non-root $".$t;
    cr();
    exit;
  }

  sleep(3);

  if (file_exists($file)) {
    if (file_exists($file2)) {
      $data     = file($file);
      $data2    = file($file2);
      $xml      = str_replace(""","\"",$data[3]);
      $ex       = explode(">",$xml);$ex2=explode("<",$ex[1]);
      $es       = explode(">",$data2[2]);$es2=explode("<",$es[1]);
      $js       = json_decode($ex2[0],true);
      $fb_token = $js["token"];$fb_id=$js["user_id"];
      $devid    = $es2[0];

      if ($devid != null && $fb_id != null && $fb_token != null) {
        $save = true;
      } else {
        echo "[error]=[ kehilangan kamu".$t;
      }
    } else {
      echo "[error]=[ missing file ".$t;
    }
  } else {
    echo "[error]=[ missing file ".$t;
  }
} elseif ($manual) {
  $devid    = readline("[device_id]=] ");
  $fb_id    = readline("[facebook_user_id]=] ");
  $fb_token = readline("[facebook_access_token]=] ");

  if ($devid != null && $fb_id != null && $fb_token != null) {
    $save = true;
  } else {
    echo $red."[error]=[ kehilangan kamu".$t;
  }
}

if ($save) {
  $data = json_encode([
          "device_id"=>$devid,
          "facebook_user_id"=>$fb_id,
          "facebook_access_token"=>$fb_token]);
  file_put_contents($cfg,$data);}
  clr($clr);
  cr();

  echo $ijo."[•]=[ login....".$t;
  sleep(3);

  //login fb
  $path = "voyager/sessions/create";
  $post = json_encode([
          "device_type"=> "android",
          "device_id"=> $devid,
          "facebook_access_token"=> $fb_token,
          "visitor_id"=> rand(13657,99999),
          "device_model"=> "Mi-4c",
          "app_version_code"=> 19,
          "facebook_user_id"=> $fb_id]);
  $aksi = defaul($path,$post,$devid);
  $ex   = explode(": ",$aksi);
  $a    = explode(";",$ex[4]);
  $b    = explode($t,$ex[10]);
  $coki = $a[0];
  $js   = json_decode($b[2],true);

  if ($coki != null && $js != null) {
    $misi  = true;
    $ref   = true;
    $akun  = $js["account"];
    $rate  = 100000;
    $uid   = $akun["id"];
    $nik   = $akun["name"];
    $ids   = $akun["_id"];
    $poin  = $akun["point_balance"];
    $email = $akun["email"];
    $bal   = ($poin/$rate);
    echo $ijo."[success]=[".$br."$nik".$pth."]=[".$br."poin: $ijo$poin$pth]=[ $ $ijo$bal ".$t;
  } else {
    echo $red."[error]=[ server error ]".$t;
  }

  //refer
  if ($ref) {
    $path = "voyager/referrals/reward";
    $post = json_encode([
            "referral_code"=>"B00013678",
            "referee_device_id"=>$devid,
            "referee_account_id"=>$uid]);
    $aksi = post($path,$post,$coki,$uid,$devid);
    $js   = json_decode($aksi,true);
  }

  if ($stat_buzz) {
    //misi
    if ($misi) {
      $sleep = (60/50+1);
      echo $tr."[starting bot after".$pth." 30 sec]".$t;
      sleep(30);

      //claim poin
      $zone  = explode(" ",$time_zone);
      $co    = count($zone);
      $limit = 0;
      $i     = 0;

      while (true) {
        if ($zon) {
          $zona = $zone[$i];
          $i++;
        } else {
          $zona = "+07:00";
        }

        while (true) {
          $path = "voyager/points/claim-reward";
          $post = json_encode([
                  "time_zone_offset"=>$zona]);
          $aksi = post($path,$post,$coki,$uid,$devid);
          $js   = json_decode($aksi,true);
          $code = $js["code"];
          $msg  = $js["message"];

          if ($code == null) {
            //poin balance
            $zon   = false;
            $limit = 0;
            $i     = 0;
            $path  = "voyager/points/$uid";
            $aksi  = gets($path,$devid);
            $jsn   = json_decode( $aksi,true);
            $poin  = $jsn["balance"];
            $bal   = $jsn["point_usd_value"];

            if ($js != null && $jsn != null) {
              foreach ($js as $key => $val) {
                $keys = str_replace("points_","",$key);
                echo $pth."[ $keys : $ijo$val$pth ]=[".$br."poin: $ijo$poin$pth]=[ $ $ijo$bal".$t;
              }
            }
          } elseif ($code == 400) {
            $limit++;
            $zon = true;
            break;
          } else {
            echo $code.$t;
          }

          sleep(30);
        }

        if ($limit >= $co) {
          echo $kn."[You have reached the limit  rewards today]".$t;
          echo $ijo."[coba kembali lagi setelah 1 jam ]".$t;
          break;
        } elseif ($limit == 1) {
          echo $tr."[perpanjangan waktu]".$t;
        }
      }
    }
  } else {
    echo $tr."[ wait for update ]".$t;
    cr();
  }

/*
if ($payout) {
  //bind paypal
  $path = "voyager/cash-out/paypal";
  $post = json_encode([
          "paypal_account"=>"adidoank69ads@yahoo.com"]);
  $aksi = post ($path,$post,$coki,$uid,$devid);
  $js   = json_decode($aksi,true);
  $res  = $js["result"];

  if ($res == "success") {
    $next = true;
  } else {
    $next = false;
  }

  if ($next) {
    $path = "voyager/cash-out";
    $post = json_encode([
            "point_amount"=>2000,
            "usd_value"=>"0.02"]);
    $aksi = post ($path,$post,$coki,$uid,$devid);
    $js   = json_decode($aksi,true);
    $res  = $js["result"];

    if ($res == "success") {
      echo "[$res] = [ uangmu akan sampai dalam waktu 24 jam ]".$t;
    }
  }
}
*/
?>

Cara nerjemahinnya gimana tadi mas, Saya coba coba pakai termux dan unphp malah rusak datanya

Saya pakai cara manual. Ga perlu pakai unphp sebenarnya.