obfuscation

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by callumacrae, Oct 16, 2010.

  1. callumacrae

    callumacrae not alex mac Community Support

    Messages:
    5,257
    Likes Received:
    97
    Trophy Points:
    48
    Whats the best way to obfuscate a PHP file?

    ~Callum
     
  2. lemon-tree

    lemon-tree x10 Minion Community Support

    Messages:
    1,420
    Likes Received:
    46
    Trophy Points:
    48
    There is no simple way to do it without either using a convoluted calling method or by using a PHP compiler, however compiling generally needs full access to the server as the compiled PHP may either be an Apache mod file or a fully individual executable. Plus the compiled code will not be very distributable as it is built for a particular server OS etc. If there was any good way of doing it, you'd be seeing it in use by all the forum makers etc as they want to protect their code (Excluding the open source ones).
    If you fancy a challenge, try compiling and installing HipHop (Used and built by FaceBook) and then use it to build your code. It will create a full individual server executable that can then be run through the command line much like Apache etc but is completely specified to match your codebase.
     
    Last edited: Oct 16, 2010
  3. bdistler

    bdistler Well-Known Member Prime Account

    Messages:
    3,534
    Likes Received:
    196
    Trophy Points:
    63
  4. bhupendra2895

    bhupendra2895 New Member

    Messages:
    554
    Likes Received:
    20
    Trophy Points:
    0
    It means that if some bug in apache causes php files to display their contents, then user will not be able to see anything?I didin't knew about this.This thing work in shared hosting or requires some server setup (VPS/Dedicated hosting).
     
  5. callumacrae

    callumacrae not alex mac Community Support

    Messages:
    5,257
    Likes Received:
    97
    Trophy Points:
    48
    I've been researching a bit, it looks like most of the ways are rubbish. For example:

    Code:
    $hash="\md\5h\as\h0";@eval("encrypted code");
    I've seen quite a few do that, simple changing eval() to echo() will echo the PHP code; not very secure :(

    I'll look into Zend Guard, but doesn't that require some software on the server?

    ~Callum
     
  6. callumacrae

    callumacrae not alex mac Community Support

    Messages:
    5,257
    Likes Received:
    97
    Trophy Points:
    48
    Oh also @bhupendra:

    Obfuscation means that the code isn't editable or viewable. If you're selling code, the customer will not be able to edit the code, so if they need an edit they will come back to you.

    Yes, it also stop bugs in Apache becoming massive security errors, too :)

    ~Callum
     
  7. bdistler

    bdistler Well-Known Member Prime Account

    Messages:
    3,534
    Likes Received:
    196
    Trophy Points:
    63
    "Zend Guard" == yes -- AND $$$
    "PHP Obfuscator" == no -- NO $$$

    Obfuscator will also help you when someone gets inside the server
    and gets your code.
     
  8. fretwizz

    fretwizz Member

    Messages:
    106
    Likes Received:
    3
    Trophy Points:
    18
    How does it help once someone gets your code?
     
  9. bdistler

    bdistler Well-Known Member Prime Account

    Messages:
    3,534
    Likes Received:
    196
    Trophy Points:
    63
    If someone gets into you site via FTP they can get you script add a 'bug'
    of some type to run a script and put both your script and theirs back on your site
    - this is the "Big" thing

    I had this on my site at 1and1.com hosting

    If they can not edit you scrip (can not read it) they can not add the "Bug"

    If they just take your scripts they can not read them to make a edit
    so they can use them
     
  10. callumacrae

    callumacrae not alex mac Community Support

    Messages:
    5,257
    Likes Received:
    97
    Trophy Points:
    48
    I thought Zend Guard was free? :/

    ~Callum
     
  11. bdistler

    bdistler Well-Known Member Prime Account

    Messages:
    3,534
    Likes Received:
    196
    Trophy Points:
    63
  12. callumacrae

    callumacrae not alex mac Community Support

    Messages:
    5,257
    Likes Received:
    97
    Trophy Points:
    48
  13. lil2eam41

    lil2eam41 New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0

Share This Page