6. PHP De-obfuscator
For http://fopo.com.ar
WHAT?
! Used on free online PHP source obfuscator.
! Impossible for naked eye to analyze the source.
! Variables, functions are scrambled.
! Uses base64 encoding, rot13 transformation etc. for
obfuscation.
9. WHY?
Why did we choose this task.
! No such de-obfuscators available.
! Useful, can be used to analyze the malicious code, bug fixing
etc.
! Felt quite achievable within 36 hours.
! And yes, for clearing CTFs like HackIM,ClubhackCTF etc.
J
10. HOW?
Our Approach
1st Day in Jail.
! Analyzed the obfuscated code.
! Manually decoded the code (echo instead of eval + Burp for
encoding/decoding + Find and Replace )
! Started coding to convert the code line by line.
11. HOW?
1st Day in Jail.
Hacking our health.
! 100 Push-Ups
! Several Sit-Ups, Duck-walk and many unknown exercises to
man.
12. HOW?
1st Day in Jail.
End of 1st Day.
Line by line conversion found not feasible.
14. HOW?
Our Approach
2nd Day in Jail.
! Started analyzing the obfuscated code.
! Found string patterns and the functions used to obfuscate.
! Found the pattern to decode in an eval function
gzinflate(base64_decode(str_rot13(“Obfuscated Code Goes
Here”)));
! Coding…
15. HOW?
Our Approach
2nd Day in Jail.
! Coding done, Testing done..
! Shown the code to Superintendent.
! And…….
16. OUT OF JAIL..! :D
! After hours of stress/lack of food, water/physical torture
(yes, it was torture J ) we managed to get out of Jail as the
first one to do so.
! Beeeeeeerrrrrrrr…..!! J
20. Future Development
! Support for different levels of obfuscation.
! Make the script command line.
! Optimization of existing code to decrease the time,
complexity, and make the algorithm more simple.
21. How JailBreak Benefited Us.
! Time management (poo,pee,eat everything in 15 minutes).
! Built muscles, Could go for Army Recruitment.
! Better understanding of code obfuscation techniques.