motebaya/dclean.php

## dclean.php
<?php

/// just for extract phar compiler
function extractPhar($file){
	(new Phar($file))->extractTo(__DIR__);
}

// check argc
if (count($argv) < 2) {
	die("usage: decode.php <file.php>");
} else {
	$filename = $argv[1];
	goto start_decode;
}

// main decode
start_decode:
$code = file_get_contents($filename);

// take and save unique class
$class = explode("));class", $code);
file_put_contents("rclass.php", "<?php\nclass" . $class[1]);
$code = $class[0] . "));";

// evals
$evals = explode("eval(", $code, 4);
include "rclass.php";

// decode type gzinflate/gzip
$init = "\$" . explode("\$", $evals[1])[1];
eval($init);

ob_start();
eval("print(" . substr($evals[2], 0, -1) . ";");
$func = ob_get_clean();

eval(str_replace("return eval", "print", $func));

$eve2 = explode("^eval(", $evals[3]);
ob_start();
eval("print(" . $eve2[0] . ";");
$func2 = ob_get_clean();

// loop get last func
while (true) {
	if ($index = strpos($func2, "eval(")) {
		ob_start();
		eval("print" . substr($func2, $index + 4));
		$func2 = ob_get_clean();
		if (strpos($func2, "goto")) {
			break;
		}
	} else {
		break;
	}
}

eval(str_replace("__FILE__", "\"{$filename}\"", $func2));
ob_start();
eval("print(" . explode(")^\$", $eve2[1])[0] . ");");
$func3 = ob_get_clean();

ob_start();
eval("print" . substr($func3, strpos($func3, "eval(") + 4));
$last = ob_get_clean();

// save last
ob_start();
eval($last);
$result = "<?php\n" . trim(ob_get_clean());
print $result;
file_put_contents("de_{$filename}", $result);
	<?php

	/// just for extract phar compiler
	function extractPhar($file){
	(new Phar($file))->extractTo(__DIR__);
	}

	// check argc
	if (count($argv) < 2) {
	die("usage: decode.php <file.php>");
	} else {
	$filename = $argv[1];
	goto start_decode;
	}

	// main decode
	start_decode:
	$code = file_get_contents($filename);

	// take and save unique class
	$class = explode("));class", $code);
	file_put_contents("rclass.php", "<?php\nclass" . $class[1]);
	$code = $class[0] . "));";

	// evals
	$evals = explode("eval(", $code, 4);
	include "rclass.php";

	// decode type gzinflate/gzip
	$init = "\$" . explode("\$", $evals[1])[1];
	eval($init);

	ob_start();
	eval("print(" . substr($evals[2], 0, -1) . ";");
	$func = ob_get_clean();

	eval(str_replace("return eval", "print", $func));

	$eve2 = explode("^eval(", $evals[3]);
	ob_start();
	eval("print(" . $eve2[0] . ";");
	$func2 = ob_get_clean();

	// loop get last func
	while (true) {
	if ($index = strpos($func2, "eval(")) {
	ob_start();
	eval("print" . substr($func2, $index + 4));
	$func2 = ob_get_clean();
	if (strpos($func2, "goto")) {
	break;
	}
	} else {
	break;
	}
	}

	eval(str_replace("__FILE__", "\"{$filename}\"", $func2));
	ob_start();
	eval("print(" . explode(")^\$", $eve2[1])[0] . ");");
	$func3 = ob_get_clean();

	ob_start();
	eval("print" . substr($func3, strpos($func3, "eval(") + 4));
	$last = ob_get_clean();

	// save last
	ob_start();
	eval($last);
	$result = "<?php\n" . trim(ob_get_clean());
	print $result;
	file_put_contents("de_{$filename}", $result);