i64/phpkilitDeobfuscator.py

## phpkilitDeobfuscator.py
'''
phpkilit.com deobfuscator
Date: 1535082393
'''


import binascii
import json
import zlib
import base64
import phply
import json
import sys
from phply.phplex import lexer
from phply.phpparse import make_parser
with_lineno = True

def top(a):
    if type(a[1]['expr']) == int:
        return a[1]['expr']
    last = []
    tup1 = a[1]['expr'][1]
    x = tup1
    count = 0
    while True:
        if type(x['left']) is not tuple:
            last.append(str(x['left']))
            for i in range(count, -1, -1):
                x = eval("tup1" + i*"['left'][1]")
                last.append(str(x['op']))
                last.append(str(x['right']))
                last.append(')')
            last = last[:-1]
            return eval(''.join(last))
        else:
            last.insert(0, '(')
            x = x['left'][1]
            count += 1


def fon(s, n, nb):
    nb = nb + nb
    n = int(n % int(len(nb)/2))
    s = list(s)

    for i in range(0, len(s)):
        if nb.find(s[i]) is not -1:
            s[i] = nb[int((nb.find(s[i]) + len(nb)/2) - n)]
    return ''.join(s)

def export(items, name):
    if items:
        for item in items:
            if hasattr(item, 'generic'):
                item = item.generic(with_lineno=with_lineno)
                if name == 0:
                    if item[0] == 'FunctionCall':
                        try:
                            if item[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node']:
                                return item
                        except:
                            try:
                                if item[1]['params'][1][1]['node'][1]['params'][1][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node']:
                                    return item
                            except:
                                pass
                else:
                    if item[0] == 'Assignment':
                        if item[1]['node'][1]['name'] == name:
                            return item


def fon2(obsf):
    return zlib.decompress(binascii.unhexlify(binascii.unhexlify(obsf)), -zlib.MAX_WBITS).decode("utf-8")


def getter(inp, name=0):
    parser = make_parser()
    jss = export(parser.parse(inp,
                              lexer=lexer,
                              tracking=with_lineno), name)
    return jss


def kill(obsf, deg, key, inp):
    deg = top(getter(inp, deg))
    return base64.b64decode((fon(zlib.decompress(base64.b64decode(binascii.unhexlify(obsf)), -zlib.MAX_WBITS).decode('utf-8'), deg, key))).decode("utf-8")


kod = open(sys.argv[1]).read()
a = getter(kod, 0)
key = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][2][1]['node']
deg = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node'][1]['name']
obsf = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1][
    'node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node']
kod = kill(obsf, deg, key, kod)[2:]
a = getter(kod, 0)
key = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][2][1]['node']
deg = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node'][1]['name']
obsf = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1][
    'node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node']
kod = kill(obsf, deg, key, kod)[2:]
a = getter(kod, name=0)
kod = fon2(a[1]['params'][1][1]['node'][1]['params'][1][1]['node'][1]['params'][0][1]['node']
           [1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node'])[2:]
a = getter(kod, name=0)
kod = fon2(a[1]['params'][1][1]['node'][1]['params'][1][1]['node'][1]['params'][0][1]['node']
           [1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node'])[2:]

print(kod)
	'''
	phpkilit.com deobfuscator
	Date: 1535082393
	'''


	import binascii
	import json
	import zlib
	import base64
	import phply
	import json
	import sys
	from phply.phplex import lexer
	from phply.phpparse import make_parser
	with_lineno = True

	def top(a):
	if type(a[1]['expr']) == int:
	return a[1]['expr']
	last = []
	tup1 = a[1]['expr'][1]
	x = tup1
	count = 0
	while True:
	if type(x['left']) is not tuple:
	last.append(str(x['left']))
	for i in range(count, -1, -1):
	x = eval("tup1" + i*"['left'][1]")
	last.append(str(x['op']))
	last.append(str(x['right']))
	last.append(')')
	last = last[:-1]
	return eval(''.join(last))
	else:
	last.insert(0, '(')
	x = x['left'][1]
	count += 1


	def fon(s, n, nb):
	nb = nb + nb
	n = int(n % int(len(nb)/2))
	s = list(s)

	for i in range(0, len(s)):
	if nb.find(s[i]) is not -1:
	s[i] = nb[int((nb.find(s[i]) + len(nb)/2) - n)]
	return ''.join(s)

	def export(items, name):
	if items:
	for item in items:
	if hasattr(item, 'generic'):
	item = item.generic(with_lineno=with_lineno)
	if name == 0:
	if item[0] == 'FunctionCall':
	try:
	if item[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node']:
	return item
	except:
	try:
	if item[1]['params'][1][1]['node'][1]['params'][1][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node']:
	return item
	except:
	pass
	else:
	if item[0] == 'Assignment':
	if item[1]['node'][1]['name'] == name:
	return item


	def fon2(obsf):
	return zlib.decompress(binascii.unhexlify(binascii.unhexlify(obsf)), -zlib.MAX_WBITS).decode("utf-8")


	def getter(inp, name=0):
	parser = make_parser()
	jss = export(parser.parse(inp,
	lexer=lexer,
	tracking=with_lineno), name)
	return jss


	def kill(obsf, deg, key, inp):
	deg = top(getter(inp, deg))
	return base64.b64decode((fon(zlib.decompress(base64.b64decode(binascii.unhexlify(obsf)), -zlib.MAX_WBITS).decode('utf-8'), deg, key))).decode("utf-8")


	kod = open(sys.argv[1]).read()
	a = getter(kod, 0)
	key = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][2][1]['node']
	deg = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node'][1]['name']
	obsf = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1][
	'node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node']
	kod = kill(obsf, deg, key, kod)[2:]
	a = getter(kod, 0)
	key = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][2][1]['node']
	deg = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node'][1]['name']
	obsf = a[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1][
	'node'][1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][0][1]['node']
	kod = kill(obsf, deg, key, kod)[2:]
	a = getter(kod, name=0)
	kod = fon2(a[1]['params'][1][1]['node'][1]['params'][1][1]['node'][1]['params'][0][1]['node']
	[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node'])[2:]
	a = getter(kod, name=0)
	kod = fon2(a[1]['params'][1][1]['node'][1]['params'][1][1]['node'][1]['params'][0][1]['node']
	[1]['params'][0][1]['node'][1]['params'][0][1]['node'][1]['params'][1][1]['node'])[2:]

	print(kod)