?
Solved

PHP obfuscator

Posted on 2004-09-01
12
Medium Priority
?
1,131 Views
Last Modified: 2007-12-19
hello experts,

i am urgently in need of something to obfuscate my php-scripts. best would be a little application i can give a certain php-script, that generated a new file and puts it down.

i have tried POBS, but it did not fit my needs. first i need a webserver (sometimes uncomfortable). next problem - i did not divide php-scripting and html in older scripts. if i have to show something to the user, i have sections in my php-code where i use print "html html html".$aPhpVariable."and so on with html"; - POBS gets confused with it. also POBS cuts the backslash from \n in my print(s).

so next the features the obfuscator should have:
-take a file or a piece of code and produce a running piece of obfuscated code (unreadable for other programmers - that do not have weeks of time...;)
-free tool
-binary file for windows-pc (that would be most comfortably - in case of emergency also other - for example php running on webserver, online, ...)
(-perhaps as a gimmick producing optimized code)
(-if it is also able to obfuscate other languages too...;)

it would be great, if you could show me some tools achieving these aims.

thank you very much in advance
0
Comment
Question by:kolpdc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 11953734
I use Turck mmcache - turck-mmcache.sourceforge.net. It usually works in conjunction with a web server for acceleration purposes, but it also builds command line tools for separately producing bytecode compiled (effectively obfuscated) PHP. It also optimizes. And it's free. The main site doesn't host a binary, but you should be able to compile it, or possibly find a binary that someone else has compiled, though note that it gets very firmly attached to particular builds of PHP.

This kind of thing is very specific to PHP, so I doubt you'll find a product that supports more than one language.
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 11953859
I just noticed that it links to http://phpcoder.shadonet.com/ phpcoder is a web-based front-end to the mmcache encoder, and allows you to encode scripts remotely. What's more you can use turckloader, which will run encoded scripts without having to have a full install of mmcache. Encoded scripts are also compatible with other accelerators, such as Zend encoder.

I've had some trouble with mmcache under PHP 5.0.1, but it's been flawless on 4.3.8.

I think that pretty much covers all you asked for!
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11954260
kolpdc,

I followed your link here from the Networking TA. While I don't have an answer to your Question, it would probably be helpful to other Experts if you stated here what about Squinky's proposals fails to meet your requirements. Experts are, well, experts, not mindreaders. Unless you say something, anyone else coming here is not going to know why previous Comments are not what you're looking for. Heck, Squinky might even have the solution, if you'll say why the Comments so far are not what you need.
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 4

Author Comment

by:kolpdc
ID: 11961094
hello psicop, yes - no problem. i had to take a look for a little amount of sleep ;). i'll check this now.

squinky, i took a look for turck mmcache for php. generally that sounds great, but the page seems to tell me, that i'll have to install mmcache within the webserver. did i understand this right? mmcache compiles the code and stays itself somewhere in memory of the webserver to execute the code when required? a kind of accelerator? generally that would do the job better than hoped for, but i have one little problem: i'm dependent of my isp - so i do not have more access to the webserver then normal ftp. if i misunderstood the way of working of mmcache - please correct me.

so if i am only able to upload/download some files to the webserver, i think, i need a tool, that somehow crypts my php-code. it does not have to be compiled somehow so it is optimized/accelerated (would be nice side-effect;). my problem would be solved, if i could hand one of my php-scripts to a tool and receive a working php-script i am not able to reconstruct to an understandable code in reasonable time.

i thought of building a tool myself (strip comments, rename all functionnames, rename function-internal variables, rename global variables, strip linebreak, ...), but i do lack the time at the moment. if somewhen i should do it, i'll make it freeware ;).

could i give you a little more information about my requirements?
0
 
LVL 4

Author Comment

by:kolpdc
ID: 11961116
squinky, turck mmcache sounds great - but i am not able to modify the apache-server. so this won't work, i think.
0
 
LVL 6

Assisted Solution

by:merwetta1
merwetta1 earned 200 total points
ID: 11961246
Have you looked at Code Obfuscator?
http://www.hotscripts.com/Detailed/10841.html
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 11961567
OK, in that case you can only do fairly trivial obfuscation, like that link offers. One thing I'm not quite clear on is why you're particularly worried about protecting your source on your ISP's server. No other users should be able to access your source files (especially if they have similar privileges to you), and it will not be visible through normal web pages anyway, so where's the need for obfuscation?

Any decent PHP pretty-print routine will resurrect code obfuscated in this way without any great user ability, so any protection really is trivial.

If you're distributing PHP code commercially, requiring something like turckloader isn't unusual.

If you're really that concerned about it, perhaps you should change to a better ISP? There will be plenty that offer Zend or mmcache.
0
 
LVL 4

Author Comment

by:kolpdc
ID: 11961607
merwetta1, following your link i found an online-tool doing a real great job:

Richard Fairthorne's Code Obfuscator
http://richard.fairthorne.is-a-geek.com/utils_obfuscate.php?

it works with only cut and paste and produces a very compressed and WORKING code. great thing i could recommend. was it the tool you ment?
0
 
LVL 4

Author Comment

by:kolpdc
ID: 11961678
squinky, i built a big portalside providing free informations on anything around a touristic region with some friends several years ago. when it became to timeconsuming, i changed some parts of the page (like event-calendar, ...) to dynamic php-scripts to reduce time-consumption. unfortunately people change and have very good reasons to believe that one of the guys is using my scripts for his own (commercial) purposes. we both have access to the webspace...

have you had a look at the above link? if not, take a little (or big) piece of code, paste it, push the button and take a look at the result. works really great...
0
 
LVL 25

Accepted Solution

by:
Marcus Bointon earned 1800 total points
ID: 11961813
Hm, it doesn't really work very well. It doesn't actually do any code-level obfuscation at all. It just applies about 12 rounds of gzip and base64_encode to the script which took me all of 2 minutes to undo (since the approach it uses for obfuscation is nicely self-documenting!), and now I know what it's doing, I could write a scritp to undo all fiels that it had been applied to. The code it generates is also slightly invalid, and won't work with short tags turned off. The main effect of this script is to make it run slower and increase server load. I really wouldn't recommend it.

My suggestion to you if you're having trouble like that, is stop working with them, host your scripts somewhere that they don't have access to them - you could even put them on a different server and have it all still work. Or cut them off and don't allow them access to your web space. Get your ISP to make you a subdirectory that only you have access to. Any of these would be a far more effective and efficient solution.
0
 
LVL 4

Author Comment

by:kolpdc
ID: 11962318
yes, you're right. in betweentime i use separated webspaces where this special person does not have access to. so normally i'm in no need of obfuscation. but this old portal is still working and telling the guy that i do not trust him anymore (i have very good reasons) would result in very big arguments and a portal sold for 500 bucks that i would not like to sell for 10.000 (not at all!).

in case of the "zip"-tool, you're right. but in first instance it fits my needs. i do not think, that there are geniuses at the other end. if so, i will have to take a look for another tool. or finally i will write a tool myself, absolutely fitting my needs. if i would have time to spend (at all), i would do it... ;)

i thank you very much for your help. if you still have any other suggestions, please post'em so i can take a look at them.
i will split points on both of you. thanks a lot.
0
 
LVL 4

Author Comment

by:kolpdc
ID: 11972298
if someone of you likes to get 80 points extra go to http://www.experts-exchange.com/Security/Q_21115352.html and give me an answer so i can give you the points. else i'll get them refunded.
have fun.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question