obfuscation

callumacrae

not alex mac
Community Support
Messages
5,257
Reaction score
97
Points
48
Whats the best way to obfuscate a PHP file?

~Callum
 

lemon-tree

x10 Minion
Community Support
Messages
1,420
Reaction score
46
Points
48
There is no simple way to do it without either using a convoluted calling method or by using a PHP compiler, however compiling generally needs full access to the server as the compiled PHP may either be an Apache mod file or a fully individual executable. Plus the compiled code will not be very distributable as it is built for a particular server OS etc. If there was any good way of doing it, you'd be seeing it in use by all the forum makers etc as they want to protect their code (Excluding the open source ones).
If you fancy a challenge, try compiling and installing HipHop (Used and built by FaceBook) and then use it to build your code. It will create a full individual server executable that can then be run through the command line much like Apache etc but is completely specified to match your codebase.
 
Last edited:

bhupendra2895

New Member
Messages
554
Reaction score
20
Points
0
It means that if some bug in apache causes php files to display their contents, then user will not be able to see anything?I didin't knew about this.This thing work in shared hosting or requires some server setup (VPS/Dedicated hosting).
 

callumacrae

not alex mac
Community Support
Messages
5,257
Reaction score
97
Points
48
I've been researching a bit, it looks like most of the ways are rubbish. For example:

Code:
$hash="\md\5h\as\h0";@eval("encrypted code");

I've seen quite a few do that, simple changing eval() to echo() will echo the PHP code; not very secure :(

I'll look into Zend Guard, but doesn't that require some software on the server?

~Callum
 

callumacrae

not alex mac
Community Support
Messages
5,257
Reaction score
97
Points
48
Oh also @bhupendra:

Obfuscation means that the code isn't editable or viewable. If you're selling code, the customer will not be able to edit the code, so if they need an edit they will come back to you.

Yes, it also stop bugs in Apache becoming massive security errors, too :)

~Callum
 

bdistler

Well-Known Member
Prime Account
Messages
3,534
Reaction score
196
Points
63
I've been researching a bit, it looks like most of the ways are rubbish. For example:

Code:
$hash="\md\5h\as\h0";@eval("encrypted code");
I've seen quite a few do that, simple changing eval() to echo() will echo the PHP code; not very secure :(

I'll look into Zend Guard, but doesn't that require some software on the server?

~Callum

"Zend Guard" == yes -- AND $$$
"PHP Obfuscator" == no -- NO $$$

Obfuscator will also help you when someone gets inside the server
and gets your code.
 

fretwizz

Member
Messages
106
Reaction score
3
Points
18
"Zend Guard" == yes -- AND $$$
"PHP Obfuscator" == no -- NO $$$

Obfuscator will also help you when someone gets inside the server
and gets your code.

How does it help once someone gets your code?
 

bdistler

Well-Known Member
Prime Account
Messages
3,534
Reaction score
196
Points
63
How does it help once someone gets your code?

If someone gets into you site via FTP they can get you script add a 'bug'
of some type to run a script and put both your script and theirs back on your site
- this is the "Big" thing

I had this on my site at 1and1.com hosting

If they can not edit you scrip (can not read it) they can not add the "Bug"

If they just take your scripts they can not read them to make a edit
so they can use them
 
Top