PHPDeobfuscator icon indicating copy to clipboard operation
PHPDeobfuscator copied to clipboard

Published 20 hours ago verified publisher icon simon816

Goto calls

Open vipeweb opened this issue 2 years ago • 8 comments

Hello, I saw that the tool is able to remove GOTO as per the examples in the readme

it happens but I was not successful in my attempt

Is it possible to find a cause? to remove goto calls

example: https://pastebin.com/NyVxZMC0

vipeweb avatar Dec 25 '22 20:12 vipeweb

update: I tried to run several tests but it seems ControlFlow doesn't know how to deal with Too much goto, or large scripts, maybe the cause?

still trying to find

vipeweb avatar Dec 28 '22 21:12 vipeweb

The deobfuscator can remove some gotos but there is room for improvement. I have been working on this but it's been challenging. I'll have a look at the sample you've sent and see how it could be improved.

simon816 avatar Dec 28 '22 21:12 simon816

Thank you, it's a beautiful job

I'm trying to help with the project but I still haven't had much success with the GOTO calls

the rest seems to work fine just the goto's that need to be improved

vipeweb avatar Jan 04 '23 17:01 vipeweb

Hello, any news about this?

i also have problem with these goto calls the deobfuscator can't handle

https://pastebin.com/BN3aUJAc

andebrito avatar Jan 06 '23 21:01 andebrito

No updates yet.

I started working on this but haven't got something fully working yet.

simon816 avatar Jan 07 '23 18:01 simon816

I found a php file on the Internet that decrypts goto encryption and tested it to prove that it works. It also uses PhP-Parser. Might it be useful for you?

It requires access to index.php on the web side.

https://pastebin.com/vq0hC7zt

Directory structure:

├─index.php
├─complete      //Decryption file output here
├─decodeFile    //Put the files you need to decrypt here
└─vendor

I use the sample (https://pastebin.com/BN3aUJAc) was tested It can be normal to restore. Hope it helps you.

L2ksy0d avatar Jan 12 '23 10:01 L2ksy0d

@L2ksy0d

Thank you, it seems much more efficient

some goto can't seem to be resolved

line 1418 goto label1097;

which brings me to the question, why would such an efficient script have this error? I'm looking for a reason to fix it, I'm open to suggestions

original: https://pastebin.com/6wenQHaL after decoded: https://pastebin.com/FHDpHyBj

vipeweb avatar Jan 16 '23 22:01 vipeweb

Hi! I made an interesting discovery only GOTO that are inside some foreach cannot be restored

example

success:

`$goto = true; if($goto) {

goto label59;

}`

unsuccessfully

` foreach ($a8bb73cba48fb7f6 as $e81220b4451f37c9) { if (!(!$e81220b4451f37c9['server_online'] && $e81220b4451f37c9['enabled'] && ($e81220b4451f37c9['status'] != 3) && ($e81220b4451f37c9['status'] != 5))) { goto label59; }

$f0a85bb7cb144853 = true;

}`

@simon816 @L2ksy0d have experience with php-parser have any idea what the problem is?

vipeweb avatar Jan 19 '23 02:01 vipeweb