Jump to content

Question time

canadabeeau

By canadabeeau
in PHP Coding Help

 Share

Recommended Posts

canadabeeau Regular Member

canadabeeau

Posted
Posted

I am building my own method of PHP obfuscating (or plan to), as I know what I want but cant find something to totally fit the requirements. Now my problem is I don't exactly know how PHP obfuscating works. Is it (basically) just encrypting all the code in md5 (as an example) and the server decrypts it?

Link to comment
Share on other sites
premiso Regular Member

premiso

Posted
Posted

Well for me, I have no clue what your ultimate goal is of obfuscating with PHP. Can you elaborate more on what you want to input and the output you expect out?

 

What are you trying to hash up with MD5 and send? And just a note MD5 is a hash method and not an encryption method. But yea. please elaborate on what you are trying to do with examples etc and I bet you will find the help more plentiful.

Link to comment
Share on other sites
canadabeeau Regular Member

canadabeeau

Posted
  • Author
Posted

I was using md5 as an example, as I said.

Anyway I have a PHP project I now want to obfuscate, now I want to build my own obfuscate method, I have figured out how I can get the files to obfuscate by passing them through a PHP script and downloading the file at the end (so I would upload index.php and the script would obfuscate it then give me a link to download index.php obfuscated) anyway that not the problem, how do you do the obfuscate part, is it a series of functions, that goes replace all instances of "if" with 525Z and maybe echo with 8955Y??? or does it do more like md5 hash and do the whole think letter by letter (kind of).

 

Second how do I make the server un-obfuscate so it will run on the server? Premiso if this is not clear enough let me know please

and I forgot before, thanks for all help in advance

Link to comment
Share on other sites
laffin Newbie

laffin

Posted
Posted

You are speaking of encryption. not obfusciation.

Obfusciated code is unreadable to human eyes, but still executable code.

encrypted code, isnt executable without a decrypter module

 

there are plenty of encryptors out there, Zend has one (Zend Guard).

and plenty of obfusciators, like this one see bottom for example of obfusciated code.

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

OPTIKALEFX I am obfuscating for people (webamsters) installing it, prevent them from modifying the code

 

Above poster was correct, I personally like Zend Guard myself. Obfuscating is pointless, any level can , granted easily be unobfuscated.

Link to comment
Share on other sites
canadabeeau Regular Member

canadabeeau

Posted
  • Author
Posted

Okay someone tell me what I am trying to build based on these conditions,

I want the code so a human (webmaster installing the program) cannot read the code or alter it in any way (because they cant read it)

Then I want to build my own opensource version so how would I go about making the server read the code? I know how I could obfuscate it (or encrypt) but how do I get the server to do the reverse?

Link to comment
Share on other sites
laffin Newbie

laffin

Posted
Posted

Without a binary encryptor/decryptor, its kinda pointless.

Binary as in php modules (.so or .dll) which are written in C/C++

Why is it pointless? well if your writing your encryptor in php, that means you have to have a decryptor for it, if its done in php, guess what? a quick rewrite and they got the code.

Obfusciating is ok, but its still executable, a good programmer, with a good set of tools, may not reproduce the code exactly. But they will get the code.

Best bet is to use those encryptors (Zend Gaurd), IonCube or whatever that your server can install (Zend Guard is popular, and many already have it installed).

 

Link to comment
Share on other sites
canadabeeau Regular Member

canadabeeau

Posted
  • Author
Posted

I want to write my own I just need to know how to rig the server to decrypt the code (I will not be encrypting it to binary instead a custom string shall do it) so how do I get the server to decrypt it.

 

For example the file is

<?php echo "Hello";?>

encrypted it is

<?php  echo "\110\145\x6c\x6c\x6f";?>

(as a very loose example)

 

How do I get the server to decrypt the code??

 

Any help would be greatly appreciated as always.....

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

What about something like this (http://www.devshed.com/c/a/PHP/PHP-Encryption-and-Decryption-Methods/) and use a different custom function other than 64 (so design my own and have it include from my server to their page. Would this work or can they easily hack it?

 

I really want to build this as you can probably tell,

 

Hmm.. 

eval(gzinflate(base64_decode('FZfHDoTYEUV/ZXYzIxbkJFseAU1qcg4bi9TknPl64z0SUK/
evef8859///NHcSTdX+VTD78u2Yq/0mQtCOy/
eZGNefHXn0L8kz5jKAueDcZhVNSnh9+OYd6flsK+PCKjqtEnIJoRtF3TO+
GH4UyCIED/st8VD9APjg8Nj+m1ysH0OIjnWTbNnIa+
P4Xyh7gC3XsCCgIOdqVtDlCOaQsau4uAKCI+
aEQxXEg96A4GpOsr85SHX9FcHSL6R+h57gJZzBE872FRE6v7vNdZpzaBU+
GYWOpCnDOMU5n16lgPBE3Qh5ejKZqYA7YSRf3y'))); ?>

 

var_dump(gzinflate(base64_decode('FZfHDoTYEUV/ZXYzIxbkJFseAU1qcg4bi9TknPl64z0SUK/
evef8859///NHcSTdX+VTD78u2Yq/0mQtCOy/
eZGNefHXn0L8kz5jKAueDcZhVNSnh9+OYd6flsK+PCKjqtEnIJoRtF3TO+
GH4UyCIED/st8VD9APjg8Nj+m1ysH0OIjnWTbNnIa+
P4Xyh7gC3XsCCgIOdqVtDlCOaQsau4uAKCI+
aEQxXEg96A4GpOsr85SHX9FcHSL6R+h57gJZzBE872FRE6v7vNdZpzaBU+
GYWOpCnDOMU5n16lgPBE3Qh5ejKZqYA7YSRf3y'))); ?>

 

See how easy it is to get the code from that 'encryption' ? Base64 part is even easier, That's one of the most simple examples you can come across, Any programmer will be able to defeat this.

 

You'll need to either buy an obfuscation program, such as SourceCop, or use an aformentioned solution such as Zend Guard.

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

I was thinking of using my own encryption string NOT base64, so could that work or still easily hackable.

I just want to say I do NOT want to buy a PHP encryptor, I want to build my own so that is why I need and want this advice on how I can build my own

 

What do you mean? If you build one you have to give them the code that will decrypt it, thus they will be able to know the original code. If you REALLY want to make something simple... Than you can look at a function such as:

function encrypt($string, $key) {
$result = '';
for($i=0; $i<strlen($string); $i++) {
	$char = substr($string, $i, 1);
	$keychar = substr($key, ($i % strlen($key))-1, 1);
	$char = chr(ord($char)+ord($keychar));
	$result.=$char;
}
return $result;
}
print_r(encrypt('<?php..zzzzzzzzzzz... ?>', 'mysite.com');

Then use that code to encrypt your document, and provide them with the 'decrypter':

function decrypt($string, $key) {
$result = '';
for($i=0; $i<strlen($string); $i++) {
	$char = substr($string, $i, 1);
	$keychar = substr($key, ($i % strlen($key))-1, 1);
	$char = chr(ord($char)-ord($keychar));
	$result.=$char;
}
return $result;
}

eval(decrypt('xxxxxxx(randomobfuscatedstringxxxxxxxxx', 'mysite.com')); //preobfuscated string

 

Just an example, but again, It's either a chance they'll get your code, or write your own module/Use free ZendGaurd.

Link to comment
Share on other sites
canadabeeau Regular Member

canadabeeau

Posted
  • Author
Posted

oni-kun I think you just gave me the wording I was looking for, I want to build my own PHP encrypt/decrypt module so basically they place a dll in their web root or something and then decrypt the code.

Basically I want to make my own Zend Guard (but with lost of customizing, I just need to get the base made which is what I am asking about)

Link to comment
Share on other sites
oni-kun Member

oni-kun

Posted
Posted

oni-kun I think you just gave me the wording I was looking for, I want to build my own PHP encrypt/decrypt module so basically they place a dll in their web root or something and then decrypt the code.

Basically I want to make my own Zend Guard (but with lost of customizing, I just need to get the base made which is what I am asking about)

 

Then this is out of scope for this forum, It's an Apache/C++ question. Learn how to compile Apache and a module, and code your own:

http://httpd.apache.org/docs/2.0/

Link to comment
Share on other sites
canadabeeau Regular Member

canadabeeau

Posted
  • Author
Posted

oni-kun the only problem being I some of my clients (through out sourced web hosting) may not have access to the Apache modules folder (am I able to somehow place the module outside the module folder of Apache), and would a person not be able to read the module file and be able then to decrypt the script? or not?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.