PHP obfuscator

I use Turck mmcache - turck-mmcache.sourceforge.net. It usually works in conjunction with a web server for acceleration purposes, but it also builds command line tools for separately producing bytecode compiled (effectively obfuscated) PHP. It also optimizes. And it's free. The main site doesn't host a binary, but you should be able to compile it, or possibly find a binary that someone else has compiled, though note that it gets very firmly attached to particular builds of PHP.

This kind of thing is very specific to PHP, so I doubt you'll find a product that supports more than one language.

I just noticed that it links to http://phpcoder.shadonet.com/ phpcoder is a web-based front-end to the mmcache encoder, and allows you to encode scripts remotely. What's more you can use turckloader, which will run encoded scripts without having to have a full install of mmcache. Encoded scripts are also compatible with other accelerators, such as Zend encoder.

I've had some trouble with mmcache under PHP 5.0.1, but it's been flawless on 4.3.8.

I think that pretty much covers all you asked for!

kolpdc,

I followed your link here from the Networking TA. While I don't have an answer to your Question, it would probably be helpful to other Experts if you stated here what about Squinky's proposals fails to meet your requirements. Experts are, well, experts, not mindreaders. Unless you say something, anyone else coming here is not going to know why previous Comments are not what you're looking for. Heck, Squinky might even have the solution, if you'll say why the Comments so far are not what you need.

hello psicop, yes - no problem. i had to take a look for a little amount of sleep ;). i'll check this now.

squinky, i took a look for turck mmcache for php. generally that sounds great, but the page seems to tell me, that i'll have to install mmcache within the webserver. did i understand this right? mmcache compiles the code and stays itself somewhere in memory of the webserver to execute the code when required? a kind of accelerator? generally that would do the job better than hoped for, but i have one little problem: i'm dependent of my isp - so i do not have more access to the webserver then normal ftp. if i misunderstood the way of working of mmcache - please correct me.

so if i am only able to upload/download some files to the webserver, i think, i need a tool, that somehow crypts my php-code. it does not have to be compiled somehow so it is optimized/accelerated (would be nice side-effect;). my problem would be solved, if i could hand one of my php-scripts to a tool and receive a working php-script i am not able to reconstruct to an understandable code in reasonable time.

i thought of building a tool myself (strip comments, rename all functionnames, rename function-internal variables, rename global variables, strip linebreak, ...), but i do lack the time at the moment. if somewhen i should do it, i'll make it freeware ;).

could i give you a little more information about my requirements?

squinky, turck mmcache sounds great - but i am not able to modify the apache-server. so this won't work, i think.

OK, in that case you can only do fairly trivial obfuscation, like that link offers. One thing I'm not quite clear on is why you're particularly worried about protecting your source on your ISP's server. No other users should be able to access your source files (especially if they have similar privileges to you), and it will not be visible through normal web pages anyway, so where's the need for obfuscation?

Any decent PHP pretty-print routine will resurrect code obfuscated in this way without any great user ability, so any protection really is trivial.

If you're distributing PHP code commercially, requiring something like turckloader isn't unusual.

If you're really that concerned about it, perhaps you should change to a better ISP? There will be plenty that offer Zend or mmcache.

merwetta1, following your link i found an online-tool doing a real great job:

Richard Fairthorne's Code Obfuscator
http://richard.fairthorne.is-a-geek.com/utils_obfuscate.php?

it works with only cut and paste and produces a very compressed and WORKING code. great thing i could recommend. was it the tool you ment?

squinky, i built a big portalside providing free informations on anything around a touristic region with some friends several years ago. when it became to timeconsuming, i changed some parts of the page (like event-calendar, ...) to dynamic php-scripts to reduce time-consumption. unfortunately people change and have very good reasons to believe that one of the guys is using my scripts for his own (commercial) purposes. we both have access to the webspace...

have you had a look at the above link? if not, take a little (or big) piece of code, paste it, push the button and take a look at the result. works really great...

yes, you're right. in betweentime i use separated webspaces where this special person does not have access to. so normally i'm in no need of obfuscation. but this old portal is still working and telling the guy that i do not trust him anymore (i have very good reasons) would result in very big arguments and a portal sold for 500 bucks that i would not like to sell for 10.000 (not at all!).

in case of the "zip"-tool, you're right. but in first instance it fits my needs. i do not think, that there are geniuses at the other end. if so, i will have to take a look for another tool. or finally i will write a tool myself, absolutely fitting my needs. if i would have time to spend (at all), i would do it... ;)

i thank you very much for your help. if you still have any other suggestions, please post'em so i can take a look at them.
i will split points on both of you. thanks a lot.

if someone of you likes to get 80 points extra go to http://www.experts-exchange.com/Security/Q_21115352.html and give me an answer so i can give you the points. else i'll get them refunded.
have fun.