Anyone know a program to obfuscate (make unreadable) PHP scripts?
 

Something that can turn this

into this

I've just done a simple sed script to replace variable names, function names and also strip spaces, but it's pretty tedious to have to check for new elements and add them in manually.

Anyone know of anything that can do this automatically?

hmm not sure if this works with php but i use it on my general html pages:

http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

just cut and paste - it spits out scrambled code

Nah, that won't work with server-side PHP, Javas<b></b>ript is client-side. Also, I need to obfuscate the code so that it's very difficult to read, otherwise it's fairly trivial to decode it and then they have the original source... this way it takes a LOT more work for them to figure out what the code does and they can NEVER get back the original source that's on my comp. :)

you can use this one, but it is not free!

Zend isn't an option since it requires a plugin on the server... obfuscation means that any bog standard PHP installation can execute it. :)

http://www.google.com/search?q=php+o...UTF-8&oe=UTF-8

:winkwink:

I use ioncube, I think obfuscation is a waste of time, if you want to protect your code do it proper. With ioncube the server doesn't have to have the plugin, you can include a file with the php script which enables it to run without needing the plugin installed.

If the script decodes it then surely a hacker can?

Found one interesting looking script so far:

http://pobs.mywalhalla.net/

Runs on-server. All of the other code obfuscating programs I've seen so far run on Windows.

ermm,, you're php is hidden on the server anyway. Dont have to encode it.

It's for public distribution, and if it's a vhost then it's often not very 'hidden' :winkwink: Some PHP scripts require that you chmod them to world read access so there are no clashes with your uid and the web server's uid. Anyone who has access to that server can view your files.

No, it is not decrypted by a script. The file you include with the php files tells the server how to decrypt because you don't have the plugin. The code is decrypted server side, not sent to the user.

Hmm... maybe we're thinking about different things. I want to obfuscate my code so I can distribute it, not because I am worried about others stealing it from my server.

If you distribute a script which is encoded and has the decoding routine as part of the script - then it can be decoded to the original source by a human... that was my point. :)

POBS was very easy to set up and so far it's looking great. There are some clear text words which have to be preserved for the script to work, but it's pretty difficult to work out what it's doing as a whole. This is the same code snippet from my first msg.

$V7b0b89d8=$Vd4605e3e["$V61837c69"];F27deaa51($V61837c69);F98416cc8("tr_out",$V61837c 69);$V024507c2="TRCLICK";

just use zend encoder another php encoder