Skip to content

Instantly share code, notes, and snippets.

@ashevchuk
Last active March 8, 2019 17:30
Show Gist options
  • Save ashevchuk/d8edd788b121002eb4d83238ac57aac2 to your computer and use it in GitHub Desktop.
Save ashevchuk/d8edd788b121002eb4d83238ac57aac2 to your computer and use it in GitHub Desktop.
Stunnix Perl deobfuscator
#!/usr/bin/env perl
use B::Deparse;
open( my $fh, '<', $ARGV[0] ) or die $!;
my $input = join '', <$fh>;
close($fh);
while ( $input =~ m/undef\(.*?\)\;eval/isg ) {
$input =~ s/undef\((.*?)\)\;eval\;/$1/sg;
$input = eval "$input";
}
while ( $input =~ m/eval\spack/isg ) {
$input =~ s/eval\spack/pack/sg;
$input = eval "$input";
}
open( my $fh2, '>', $ARGV[0] . ".deo" ) or die $!;
print $fh2 $input;
close($fh2);
$input = qx($^X -MO=Deparse ./$ARGV[0].deo);
open( my $fh3, '>', $ARGV[0] . ".deo.pl" ) or die $!;
print $fh3 $input;
close($fh3);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment