Jump to content

PHP Encoding

canadabeeau

By canadabeeau
in Applications

 Share

Recommended Posts

canadabeeau Regular Member

canadabeeau

Posted
Posted

I am looking at building my own PHP encoding program becuase so far I can not find one well suited to my needs. But I have no idea where to start, so if anyone can help me in telling how PHP encoding might/does work and how I can get atarted as well if there is any open-souce PHP code that may be able top me get started.

Many thanks in advance.

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

This is called obfuscation,

 

Well obfuscation isn't encoding, but it a type of "protection", aka "security by obscurity" which isn't really security!

 

Their are many routes you can take but it depends on the final goal!

 

Zend Guard is use encoding so without obfuscation (however obfuscation is also an option), basically it encode your code, and then zend optimizer decodes it at runtime,

 

Obfuscation makes it harder to read, ie

<?php
//this is some example code
$string = "hello world";
echo $string;
?>

 

Now if you change the variable names and convert the strings to hex and dec and remove the comments and white space your end up with this

<?php $x0b = "\x68e\x6c\x6co\040\167\157\162\x6c\x64";echo $x0b;?>

 

Now both do the exact same thing but the obfuscated version would be much harder to update, but with time anyone could reverse it back,

ie

<?php $string = "\x68e\x6c\x6co\040\167\157\162\x6c\x64";echo $string;?>

then decode from hex and decimal back to ASCII,

\x68e\x6c\x6co\040\167\157\162\x6c\x64

(or just echo it)

 

Now to make it truly secure, [REMOVED: sorry my idea is not for your sale :P] so its a choice is really between security and portability.

Link to comment
Share on other sites
canadabeeau Regular Member

canadabeeau

Posted
  • Author
Posted

I eel I should clarify after reading 'MadTechie''s post correctly, I currently have a PHP based appication I wish to protect, it is the application I will sell and not how to encode or decode, so there will never be two products, just the application/s I wish to protect. Hope this clarifies the situation I am in.

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

I eel I should clarify after reading 'MadTechie''s post correctly, I currently have a PHP based appication I wish to protect, it is the application I will sell and not how to encode or decode, so there will never be two products, just the application/s I wish to protect. Hope this clarifies the situation I am in.

 

You have to understand. ZEND encoder is a a C program that is 60MBs. It's impossible to create one yourself. Your only choice is to BUY an encoder software for your script, or obfuscate, which isn't 100% secure.

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted
It's impossible to create one yourself. Your only choice is to BUY an encoder software for your script, or obfuscate, which isn't 100% secure.

 

Its not impossible, or there wouldn't be Zend encoder.

 

It can't be done in php however or it will always be very easily undone.

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

Well, it needs to be written in C, and it would need to be either built into the php interpretor or written as an extension.

 

This basically means that anyone purchasing your php software would also need to have the ability to install php extensions. Seriously, if you want to go down this path Zend Encoder is likely your best option. That way there are already servers around that would support your encryption.

 

IMO, even people with no intention of looking at your source code would be turned off by all the hassle of getting it to execute.

 

This really isn't the way to protect your code.

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

You have to understand. ZEND encoder is a a C program that is 60MBs. It's impossible to create one yourself. Your only choice is to BUY an encoder software for your script, or obfuscate, which isn't 100% secure.

as thorpe covered this I'll just add my 2cents,

1. not impossible.

2. nothings 100% secure. not even zend encoder.

 

As suggested the best protection methods are written outside PHP, ie an extension, however this makes makes it less flexible

for example an extension would mean the clients need to have higher access rights, and I have to agree with thorpe this will turn off most people, Zend has been added to most shared servers that makes it a more attractive option,

the biggest problem is trying to make one solution fit all,

 

before you start you need to set the requirements

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.