Obfuscation is one of the most reliable ways to protect scripts from being studied and modified today.
Obfuscation (from Latin obfuscare, "shade, dim") - entanglement of the program code, that is, bringing the source text to a form that preserves the functionality of the program, but complicates the analysis, understanding of the algorithms of work and modification.
The first stage of de-obfuscation is the formatting of the script text, hyphenation, alignment of the code with an easy-to-read “ladder”. For this, I use two tools. WaterProof Software has developed a small (less than 100 kilobyte) free program for formatting php code code phpCodeBeautifier . To download it from ofsayt free registration is required, so here for the convenience of a direct link to download. The program is a console, command line parameters can be found in the instructions from the archive. For window lovers, there is a GUI version, although the older one is, but it is quite possible to attach a console file from the latest version to it.
When formatting large-volume scripts, the browser may display a message that the script is frozen, and will offer to stop its execution. You do not need to do this, it just takes more time to process.
If the variable names were not replaced during obfuscation, then after formatting the code, deobfuscation can be considered complete. In any case, the script becomes much more readable and understandable.
If the names of variables and functions are corrupted, then proceed to the second part of deobfuscation. Unfortunately, there are no ready-made tools here, or at least I have not met them. If someone wants to donate to write such a tool, I can provide a detailed technical task. While it is necessary to be limited to theoretical calculations.
This article describes only the general principles of deobfuscation, for each case it is necessary to think over and apply an individual approach. But usually, to perform a hack or parse algorithm of a separate function, full deobfuscation is not required.