Oh, sorry. I forget lil details like that. 🙂 I want to obfuscate and encrypt the actual PHP script so that clients can't modify or re-distribute it.

    There are some links given in this forum's FAQ that might help. Google might also turn something up if you try it.

      7 months later

      Codelock just does this (which I had thought of and used a couple of times before)

      It takes the code, strips off the php tags, and does a base64_encode(gzip_deflate(whatever)) on it.

      In the script, you just have

      <?php
@eval(gzinflate(base64_decode('Ak3#ofkPMC||==fE etc...')));
?>

      Anyone familiar with PHP or programming can decode the program in a minute.

      Just a thought.

        Codelock does more than that. If you want to truly test how good it is, have a look at the demo file on their site and see if you can hack into it... http://www.codelock.co.nz/demo.htm - Codelock is very easy to underestimate... If you get into the code, post the hidden message on this forum!

          Hehe... I'm working on it.
          It seems that it just base64 and gzdeflates it many times
          This does make it a pain in the ass, but I am doing it by hand right now...

          I will post it up here when I'm done

            [edit]
            Removed the code -- sorry bout that.
            I wasn't paying attention to the width.

              Yes, and...??? wheres the source code of the test.php file?
              Thats what I mean by assumption... You just decrypted part 1 of the decryptor file. There is more to it than that, but more to the point, where is the source code of the original file???

              You see, you underestimated codelock and assumed you knew how it works... but you have not got to the source code of a simple 1 line PHP file... (test.php)

              🙂

                NOTE:

                It is against Codelock's EULA policy to reverse engineer, debug or decode the files, so you should remove the posting showing codelocks code. If you do get to the source code of the test.php file just let us know if you manage to do it or not!

                  It has the same weaknesses as a number of javascript obfuscation method - it is humanly and computationally feasible to solve it.

                  The only advantage is that if the obfuscated code is trivial, then there is no incentive to do so, unless undoing the obfuscation is also trivial.

                    WOULD SOMEONE PLEASE EDIT THE PREVIOUS POSTS SO THIS ISN'T FOUR PAGES WIDE????

                    Anyway the best means I have found of obfuscating interpreted code is this, and you can write a php program to do this pretty easily:

                    Pass 1: Crawl through a directory structure starting at a root directory and catalog all of the files ending with the specified extensions (.php,.ph3,etc)

                    Pass 2: Catalog all of the function names, class names & variable names. Be sure you maintain heirarchy while doing this. So if you have three functions named get_id that are in different classes you know which get id belongs to which class.

                    Intermediate step: take the md5 of every function, class and variable name.

                    Pass 3: Remove all white space, line returns & comments from the specified files.

                    Pass 4: (the only hard part) replace all variable names, function names, class names, function calls & class instantiations with thei md5 string instead of their original name.

                    This will make the code unreadable and since md5 is a one way hash it will not be easy to reverse engineer.

                    Sure someone can still copy and past your code verbatim but they will have a hell of a time attempting to modify it in any way.

                      Write a Reply...