Occasionally people send me PHP scripts to help them analyze it. Most of the time, it’s simply unescaping the script and finding the right variable to echo. I got two tricky ones within the past couple of months and finally got around to writing a program to quickly deobfuscate them. These scripts represent obfuscation methods that make it difficult to read them but they don’t employ character rotation, XOR, base64, etc.
more here.........http://www.kahusecurity.com/2014/deobfuscating-php-scripts/
more here.........http://www.kahusecurity.com/2014/deobfuscating-php-scripts/