Deobfuscating Multicraft’s WHMCS Module

Our good friends over at XHost.ch felt the need to obfuscate the source code for their WHMCS module. Properly-done obfuscation can make reverse engineering nontrivial (thought certainly not impossible); deobfuscating source code when the obfuscating function is provided is trivial. This obfuscation uses two parts- renaming functions and variables to nonsense characters, and encoding strings. Below is a snippet of the original encoded source:

Continue reading

WordPress Trivia, Part 1

I say ‘Part 1’ with no intention to write Parts 2, 3… n.

A quick Google search for ‘how many lines of code in WordPress’ came up with squat. I came up with over 350,000:

Granted, that includes the readme and license, but given the size of this codebase, there has to be some cruft, right? While I was absentmindedly perusing wp-includes/functions.php the other day I stumbled across this gem:

Continue reading