cvar1984/yapo

Yet another php obfuscator

Maintainers

Details

github.com/Cvar1984/yapo

Source

Issues

Fund package maintenance!
Cvar1984

Installs: 14

Dependents: 0

Suggesters: 0

Security: 0

Stars: 35

Watchers: 4

Forks: 8

Open Issues: 0

Type:application

v1.0.0 2023-12-26 10:56 UTC

Requires

Requires (Dev)

GPL-3.0-only e971cc94ade8161df0a0027467b7d88ff06185ea

  • Cvar1984 <Cvar1984.woop@pm.me>

This package is auto-updated.

Last update: 2025-07-04 13:48:26 UTC

README

CodeFactor

this tools able to (de)compress your php shellcode string and inject common file signature like jpeg to fuck webserver uploader or malware string scanner like what i made before. no need to install whole shit, just download the single phar executable file and fuck them all. you can download it from Here or here.

and also your shellcode won't works if the server disable fopen, fseek, fwrite, fclose, and include.

DISCLAIMER use eval to obfuscate is gay

command

yapo make <signature> <file>...

single compress

yapo make jpeg shell.php

multiple file compress without signature injection

yapo make whatever shell1.php shell2.php

multiple file compress using find

find ./myproject -type f -name \*.php -exec yapo make jpeg {} +\;

Demo

asciicast

signature

  • jpeg: FFD8FFE2
  • jpg: FFD8FFE2
  • mp4: 1A45DFA3
  • mpeg: 1A45DFA3
  • luac: 1B4C7561
  • lua: 1B4C7561
  • zip: 504B0304
  • pdf: %PDF-0-1
  • mp3: 494433
  • nes: 4E45531A
  • linux: #!/usr/bin/env php
  • shebang: #!/usr/bin/env php
  • random string: none

Full definition

Compression method

Contributing