Anyone know a program to obfuscate (make unreadable) PHP scripts?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • rowan
    Too lazy to set a custom title
    • Mar 2002
    • 17393

    #1

    Anyone know a program to obfuscate (make unreadable) PHP scripts?

    Something that can turn this

    Code:
          $outurl = $tr_url["$this_tradeid"];
          update_nosend_cookie($this_tradeid);
    
          write_update("tr_out", $this_tradeid);
          $clicktype = "TRCLICK";
    into this

    Code:
    $IopQlZ=$tr_url["$UjhjAh"];IUjuWuiKJgdkJZ($UjhjAh);JKSHueoJhjkh("tr_out",$UjhjAh);$oiAhZZ="TRCLICK";
    I've just done a simple sed script to replace variable names, function names and also strip spaces, but it's pretty tedious to have to check for new elements and add them in manually.

    Anyone know of anything that can do this automatically?
  • =^..^=
    Confirmed User
    • Jan 2002
    • 6935

    #2
    hmm not sure if this works with php but i use it on my general html pages:

    http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

    just cut and paste - it spits out scrambled code
    #RememberYourRoots #AaronMForGFYHOF

    Comment

    • rowan
      Too lazy to set a custom title
      • Mar 2002
      • 17393

      #3
      Originally posted by =^..^=
      hmm not sure if this works with php but i use it on my general html pages:
      Nah, that won't work with server-side PHP, Javas<b></b>ript is client-side. Also, I need to obfuscate the code so that it's very difficult to read, otherwise it's fairly trivial to decode it and then they have the original source... this way it takes a LOT more work for them to figure out what the code does and they can NEVER get back the original source that's on my comp.

      Comment

      • savas
        Registered User
        • Aug 2002
        • 1045

        #4
        you can use this one, but it is not free!

        Comment

        • rowan
          Too lazy to set a custom title
          • Mar 2002
          • 17393

          #5
          Zend isn't an option since it requires a plugin on the server... obfuscation means that any bog standard PHP installation can execute it.

          Comment

          • JamesDotCom
            Registered User
            • Mar 2004
            • 35

            #6
            http://www.google.com/search?q=php+o...UTF-8&oe=UTF-8

            Comment

            • senseidru
              Confirmed User
              • Sep 2002
              • 1767

              #7
              I use ioncube, I think obfuscation is a waste of time, if you want to protect your code do it proper. With ioncube the server doesn't have to have the plugin, you can include a file with the php script which enables it to run without needing the plugin installed.

              Comment

              • rowan
                Too lazy to set a custom title
                • Mar 2002
                • 17393

                #8
                Originally posted by senseidru
                I use ioncube, I think obfuscation is a waste of time, if you want to protect your code do it proper. With ioncube the server doesn't have to have the plugin, you can include a file with the php script which enables it to run without needing the plugin installed.
                If the script decodes it then surely a hacker can?

                Found one interesting looking script so far:

                http://pobs.mywalhalla.net/

                Runs on-server. All of the other code obfuscating programs I've seen so far run on Windows.

                Comment

                • shogun3k
                  Confirmed User
                  • Mar 2004
                  • 480

                  #9
                  ermm,, you're php is hidden on the server anyway. Dont have to encode it.

                  Comment

                  • rowan
                    Too lazy to set a custom title
                    • Mar 2002
                    • 17393

                    #10
                    Originally posted by shogun3k
                    ermm,, you're php is hidden on the server anyway. Dont have to encode it.
                    It's for public distribution, and if it's a vhost then it's often not very 'hidden' Some PHP scripts require that you chmod them to world read access so there are no clashes with your uid and the web server's uid. Anyone who has access to that server can view your files.

                    Comment

                    • senseidru
                      Confirmed User
                      • Sep 2002
                      • 1767

                      #11
                      Originally posted by rowan


                      If the script decodes it then surely a hacker can?
                      No, it is not decrypted by a script. The file you include with the php files tells the server how to decrypt because you don't have the plugin. The code is decrypted server side, not sent to the user.

                      Comment

                      • rowan
                        Too lazy to set a custom title
                        • Mar 2002
                        • 17393

                        #12
                        Originally posted by senseidru


                        No, it is not decrypted by a script. The file you include with the php files tells the server how to decrypt because you don't have the plugin. The code is decrypted server side, not sent to the user.
                        Hmm... maybe we're thinking about different things. I want to obfuscate my code so I can distribute it, not because I am worried about others stealing it from my server.

                        If you distribute a script which is encoded and has the decoding routine as part of the script - then it can be decoded to the original source by a human... that was my point.

                        POBS was very easy to set up and so far it's looking great. There are some clear text words which have to be preserved for the script to work, but it's pretty difficult to work out what it's doing as a whole. This is the same code snippet from my first msg.

                        $V7b0b89d8=$Vd4605e3e["$V61837c69"];F27deaa51($V61837c69);F98416cc8("tr_out",$V61837c 69);$V024507c2="TRCLICK";

                        Comment

                        • Cyborg 2.0
                          Confirmed User
                          • Mar 2004
                          • 851

                          #13
                          just use zend encoder another php encoder
                          Need custom scripting?
                          Need mutli category tgp script with thumb previews?
                          Contact me 19671897

                          Comment

                          Working...