Advanced PHP deobfuscation tool specifically designed for Bitrix and other obfuscated PHP code. BiDe automatically detects, analyzes, and deobfuscates malicious code while preserving legitimate functionality.
- Automated Detection: Scans for common obfuscation patterns
- Smart Learning: Learns new obfuscation patterns from your codebase
- Custom Mappings: User-defined variable and function name mappings
- Safe Processing: Automatic backups and size limits
- Code Formatting: Clean, readable output with proper indentation
- Pattern Recognition: Discovers common coding patterns for better deobfuscation
- PHP 8.3 or higher
- Command-line access (CLI)
- Read/write permissions for target files
- Clone the repository:
git clone https://github.com/SirAndrewGotham/BiDe.git
cd BiDe- Ensure all PHP files are in your working directory:
- BiDe.php
- deobfuscation_map.php
- custom_mappings.php
- Run the deobfuscator:
php BiDe.phpphp BiDe.php
The tool will guide you through:
- Processing Mode Selection: Scan for new files or use existing target list
- File Discovery: Automatically detects obfuscated files
- Deobfuscation: Processes files with configurable options
- Output: Creates
[filename]_deobfuscated.phpfiles
Edit custom_mappings.php to add your own variable mappings:
return [
'mappings' => [
'_malicious_var' => '$clean_name',
'____obfuscated' => 'important_function',
// ... your custom mappings
]
];
Modify the DeobfuscationConfig in BiDe.php for:
auto_confirm: Skip confirmation promptsenable_backup: Create backup filesmax_file_size_mb: Set file size limitslearn_new_variables: Enable pattern learningremove_obfuscated_blocks: Clean up obfuscated code
BiDe/
├── BiDe.php # Main deobfuscator script
├── deobfuscation_map.php # Automated mappings (generated)
├── custom_mappings.php # User-defined mappings
├── deobfuscation_targets.txt # Target file list (generated)
├── README.md # This file
├── LICENSE # MIT License
└── .gitignore # Git ignore rules
- Pattern Detection: Uses multiple regex patterns to identify obfuscated code
- Variable Extraction: Extracts and analyzes global arrays and functions
- Code Execution: Safely executes obfuscated functions to reveal original code
- Replacement: Replaces obfuscated names with clean, readable ones
- Cleanup: Removes unnecessary obfuscation blocks
- Formatting: Applies proper code formatting and indentation
- PHP 8.3 Required: This tool uses modern PHP features requiring version 8.3 or higher
- Backup Your Files: The tool can modify your source files. Use backups!
- Test Thoroughly: Always test deobfuscated files in a safe environment
- Size Limits: Large files (>10MB) are skipped by default for safety
- Custom Mappings: Some obfuscation may require manual mapping additions
-
PHP Version Error
# Check your PHP version php --version # Upgrade PHP if needed (Ubuntu/Debian example) sudo apt update && sudo apt install php8.3
-
"File not found" errors
- Check file permissions
- Verify file paths in
deobfuscation_targets.txt
-
Memory exhaustion
- Reduce
max_file_size_mbin configuration - Process smaller files first
- Reduce
-
Incomplete deobfuscation
- Add custom mappings for unrecognized patterns
- Enable pattern learning for better detection
- Check the generated
deobfuscation_targets.txtfor processing logs - Review the console output for specific error messages
- Examine backup files if original code was modified unexpectedly
Contributions are welcome! Please feel free to submit pull requests or open issues for:
- New obfuscation pattern detection
- Performance improvements
- Additional features
- Bug fixes
This project is licensed under the MIT License - see the LICENSE file for details.
- Built for the PHP security community
- Special thanks to contributors and testers
- Inspired by the need for better deobfuscation tools
Disclaimer: Use this tool responsibly and only on code you have permission to modify. Always test deobfuscated files thoroughly before deployment.