Zeggy Posted April 20, 2008 Share Posted April 20, 2008 I'm trying to make a simple PHP encoder. Here's what I got so far: EDIT: See below It doesn't really do much, just uses base64 and gzdeflate to 'encode' chunks of code. I'm wondering, what else could I do to improve the encoding process? I've seen some other encoders (http://www.rightscripts.com/phpencode/index.php), and they seem to generate some extra code to confuse you. I'm also thinking of using tokens to possibly obfuscate some code, and optimize it at the same time. I don't have much experience using tokens, maybe somebody could give me some tips/warnings? Updated code: <?php $compressed = stripslashes($_POST['code']); $newline = array("\r\n", "\n", "\r"); $replace = ' '; $compressed = str_replace($newline, $replace, $compressed); $code = token_get_all($compressed); $new_code = ""; foreach($code as $token) { if ($token == ";") { $new_code .= $token; } else { $name = token_name(intval($token[0])); if ($name != "T_COMMENT" && $name != "T_ML_COMMENT" && $name != "T_OPEN_TAG" && $name != "T_CLOSE_TAG") { $new_code .= $token[1]; } else { //echo $name . " thrown away. "; } } } for ($i = 1; $i <= 10; $i++) { $compressed = gzdeflate($new_code, 9); $compressed = chunk_split(base64_encode($compressed)); $compressed = "eval(gzinflate(base64_decode('" . $compressed . "')));"; } ?> <form method="post" action="encode.php"> <textarea style="width: 900px; height: 600px;" name="code"><?=$compressed?></textarea> <input type="submit" value="Encode!" /> </form> I added some code to remove comments, php open/close tags (since they don't belong in an eval expression) and new lines. Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted April 20, 2008 Share Posted April 20, 2008 Re: PHP encoding Encoding is generally considered a rather poor mechanism for protection, as any half decent programmer will quickly understand the decoding process, however it can prevent casual access to scripts. Ideally, using PHP extensions (.so, or .dll) such as the zend encoder is far superior, however there are known problems here as well. For instance, certain zend encoder techniques have been known to fail on certain snippets of source. Plus you have the complexity of ensuring the target servers have all the correct extension(s). Obfuscation, whilst I detest, is functional, (I once lost the original and vowed never to obfuscate my code again). However again, any half decent programmer can reverse engineer a fair bit if not all the original source with a bit of time. Not sure of a good solution here Zeggy, personally I have extended both MySQL and PHP with hand written C functions meaning that my scripts require the extensions running on my boxes to run, but it is really up to you as to what level of protection you require. Quote Link to comment Share on other sites More sharing options...
Zeggy Posted April 20, 2008 Author Share Posted April 20, 2008 Re: PHP encoding Yes, there are of course much better solutions. To be honest, this isn't a product I am creating, or even a free service. It's more of a programming exercise. :) Personally, I don't have any use for this, but it's interesting for me. Plus I'll learn something new! Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted September 4, 2008 Share Posted September 4, 2008 Re: PHP encoding I made also a PHP obfuscator in PHP some time ago: http://membres.lycos.fr/robotcode/obfuscate.php sources: http://players.nowhere-else.org/garg/obfuscate.php.txt To get an explanation of how it works: http://membres.lycos.fr/robotcode/obfus ... p?HELP=YES Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.