Tag: deobfuscate

  • odMbo files

    odMbo files

    !odMbo! files are php templates files that have been encrypted with ioncube. These files use a unique number (which is stored in encoded ic .php files) for decrypting the source code of the template file. If there is no way to get an ic .php protected file from the same script, then we use brute…

  • Decode perl files

    Decode perl files

    Some perl scripts use perl extensions to protect the code. If you need to check the code, you have to reverse the encoded files. After reverse analysis, you see that you have only to replce any “int 3” into “nop” and catch the output of the decoding procedure. The hard part of this job is…

  • Decrypt “goto” PHP files

    Decrypt “goto” PHP files

    This is the best protection for PHP files and it is open¬† source as the PHP is too! Variables and functions names are replaced with random values. So, there is no way to recover the original values. The code’s flow control is a mess! The code still remains fast as the added opcodes are just…

  • Deobfuscate javascript files

    Deobfuscate javascript files

    There are several ways to protect the javascript (js) files. A lot of free and paid services. The basic idea is to add trash code and rename the variables/functions names. There is no way to recover the original names of the variables/functions but this is not a problem for a good js developer. Decrypting is…

  • Decompile sourceguardian PHP files

    Decompile sourceguardian PHP files

    This tool is very similar to ioncube tool. It uses the same protection method (converting source code into bytecode and protecting it with obfuscation).¬† Decoding procedures are similar to ioncube tool. Both protections, sourceguardian (sg) and ioncube (ic), compile the source code for different PHP versions. sg saves all compiled versions inside the unique obfuscated…

  • Decompile ioncube PHP files

    Decompile ioncube PHP files

    This tool uses the technique of compiling to bytecode prior to encoding so that source code is eliminated, and runtime overheads are reduced. There are two ways to recover the source. 1. Reversing the whole tool. The safest and hardest way to get the opcodes of the file. First remove the custom base64 encoding (image1)…