PHP Encryption

dprevite

I've been looking for an encoder that doesn't require anything on the server side to run the code, but I haven't been able to find anything. Is there a PHP encoder that anyone reccomends?

portaloo

what is it you are trying to "encode"?

are you trying to encrypt a string, array, blob?

md5 perhaps?

bit more of an explanation please

dprevite

Oh, sorry. I forget lil details like that. 🙂 I want to obfuscate and encrypt the actual PHP script so that clients can't modify or re-distribute it.

portaloo

sorry dude can't help you with that one

i did find these links which may help though:

http://www.jimworld.com/tools/php-encrypt/

http://cleverscripts.com/index.php?a=cleversource
don't know if this one does php it dows do html

i did find some solutions on the web with a quick search but you have to pay for them couldn't find any freebies though

Weedpacket

There are some links given in this forum's FAQ that might help. Google might also turn something up if you try it.

vincenz

Have a look at: www.codelock.co.nz

silent

Codelock just does this (which I had thought of and used a couple of times before)

It takes the code, strips off the php tags, and does a base64_encode(gzip_deflate(whatever)) on it.

In the script, you just have

<?php
@eval(gzinflate(base64_decode('Ak3#ofkPMC||==fE etc...')));
?>

Anyone familiar with PHP or programming can decode the program in a minute.

Just a thought.

vincenz

Codelock does more than that. If you want to truly test how good it is, have a look at the demo file on their site and see if you can hack into it... http://www.codelock.co.nz/demo.htm - Codelock is very easy to underestimate... If you get into the code, post the hidden message on this forum!

silent

Hehe... I'm working on it.
It seems that it just base64 and gzdeflates it many times
This does make it a pain in the ass, but I am doing it by hand right now...

I will post it up here when I'm done

silent

[edit]
CodeLock code removed

silent

[edit]
Removed the code -- sorry bout that.
I wasn't paying attention to the width.

vincenz

Yes, and...??? wheres the source code of the test.php file?
Thats what I mean by assumption... You just decrypted part 1 of the decryptor file. There is more to it than that, but more to the point, where is the source code of the original file???

You see, you underestimated codelock and assumed you knew how it works... but you have not got to the source code of a simple 1 line PHP file... (test.php)

🙂

vincenz

NOTE:

It is against Codelock's EULA policy to reverse engineer, debug or decode the files, so you should remove the posting showing codelocks code. If you do get to the source code of the test.php file just let us know if you manage to do it or not!

laserlight

It has the same weaknesses as a number of javascript obfuscation method - it is humanly and computationally feasible to solve it.

The only advantage is that if the obfuscated code is trivial, then there is no incentive to do so, unless undoing the obfuscation is also trivial.

drawmack

WOULD SOMEONE PLEASE EDIT THE PREVIOUS POSTS SO THIS ISN'T FOUR PAGES WIDE????

Anyway the best means I have found of obfuscating interpreted code is this, and you can write a php program to do this pretty easily:

Pass 1: Crawl through a directory structure starting at a root directory and catalog all of the files ending with the specified extensions (.php,.ph3,etc)

Pass 2: Catalog all of the function names, class names & variable names. Be sure you maintain heirarchy while doing this. So if you have three functions named get_id that are in different classes you know which get id belongs to which class.

Intermediate step: take the md5 of every function, class and variable name.

Pass 3: Remove all white space, line returns & comments from the specified files.

Pass 4: (the only hard part) replace all variable names, function names, class names, function calls & class instantiations with thei md5 string instead of their original name.

This will make the code unreadable and since md5 is a one way hash it will not be easy to reverse engineer.

Sure someone can still copy and past your code verbatim but they will have a hell of a time attempting to modify it in any way.