Jump to content

PHP encoding


Recommended Posts

I'm trying to make a simple PHP encoder.

Here's what I got so far:

EDIT: See below

It doesn't really do much, just uses base64 and gzdeflate to 'encode' chunks of code.

I'm wondering, what else could I do to improve the encoding process? I've seen some other encoders (http://www.rightscripts.com/phpencode/index.php), and they seem to generate some extra code to confuse you.

I'm also thinking of using tokens to possibly obfuscate some code, and optimize it at the same time. I don't have much experience using tokens, maybe somebody could give me some tips/warnings?


Updated code:

$compressed = stripslashes($_POST['code']);

$newline   = array("\r\n", "\n", "\r");
$replace = ' ';

$compressed = str_replace($newline, $replace, $compressed);

$code = token_get_all($compressed);
$new_code = "";

foreach($code as $token)
if ($token == ";")
	$new_code .= $token;
	$name = token_name(intval($token[0]));
	if ($name != "T_COMMENT" &&
	$name != "T_ML_COMMENT" &&
	$name != "T_OPEN_TAG" &&
	$name != "T_CLOSE_TAG")
		$new_code .= $token[1];
		//echo $name . " thrown away.

for ($i = 1; $i <= 10; $i++) {
$compressed = gzdeflate($new_code, 9);
$compressed = chunk_split(base64_encode($compressed));
$compressed = "eval(gzinflate(base64_decode('" . $compressed . "')));";

<form method="post" action="encode.php">
<textarea style="width: 900px; height: 600px;" name="code"><?=$compressed?></textarea>

<input type="submit" value="Encode!" />


I added some code to remove comments, php open/close tags (since they don't belong in an eval expression) and new lines.

Link to comment
Share on other sites

Guest Anonymous

Re: PHP encoding

Encoding is generally considered a rather poor mechanism for protection, as any half decent programmer will quickly understand the decoding process, however it can prevent casual access to scripts.

Ideally, using PHP extensions (.so, or .dll) such as the zend encoder is far superior, however there are known problems here as well. For instance, certain zend encoder techniques have been known to fail on certain snippets of source. Plus you have the complexity of ensuring the target servers have all the correct extension(s).

Obfuscation, whilst I detest, is functional, (I once lost the original and vowed never to obfuscate my code again). However again, any half decent programmer can reverse engineer a fair bit if not all the original source with a bit of time.

Not sure of a good solution here Zeggy, personally I have extended both MySQL and PHP with hand written C functions meaning that my scripts require the extensions running on my boxes to run, but it is really up to you as to what level of protection you require.

Link to comment
Share on other sites

Re: PHP encoding

Yes, there are of course much better solutions.

To be honest, this isn't a product I am creating, or even a free service. It's more of a programming exercise. :) Personally, I don't have any use for this, but it's interesting for me. Plus I'll learn something new!

Link to comment
Share on other sites

  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...