PHP encode/obfuscate

[shivam0101]

This question i have posted in http://stackoverflow.com/questions/14594235/encoding-php-file i am looking for some more help from your site

 

I am looking for free php encoder/obfuscator. Looked at http://adromil.myxednotes.com/ the output is nice, but it uses a script file pencode.php how hard to decode this page, it uses,

eval()

gzinflate()

str_rot13()

base64_decode()

If i encode a file with this script, How much difficult to decode the same provided that the pencode.php will be distributed along with the php files.

Can someone show how to reverse engineer using the same functions mentioned above,

content of pencode.php,

<?php $f='zUZ6YtowEP5cJP7DqU8imTJ1dkparZDWApvYCu1FSXbapsgkF2/NJJHtsIZ2/30XJ6GwvnX7tigE32Zqz50fn7svmo37F96oeblxMofiGbuDMVwngnjuMwEDam9PAke+5KnmVgw36HSS6xww9nJeb24W+8XCBK9DqgIsnsPOROfAoCEXCNWTRXcSYCeNReNwmY4STPrGgicKXEdWJn1HwOIABonKhHOxnzswjv0OS5HW6Xa3y4vgl7IO7vjJ0jaMfhJ45njD+Gd5twrLR9VXlZvmki8iWmjrSO/gsPdKrTnAhACTpICKoVxu0KmodBFKQ3OD0YPMQyISFuofWaIDTBygBOQ6oj/6wLvrWEv1QGMfcIVAMrGC6uJzCFfnxERsqPCKZMHmBDF9TcQAYCZLVN/pLSsNwsKqf2KJMEBamQpFgYxXVQyL2snpM8p6QtB/+2mbjXOjHlqgE/YCNCN4tdQtExl21kU0zhL1B8x2Y342G3txcTIGqSVfTXHvLVrKJrWA9iYD9/P1zGbH76fD89Gl13to4oDxeRFJyJw0PTku8nbk68pp5ayIJkrDkTcaXDgGrCoSDdPo8UhMs4YXqAnzFF9w5Wu0nV1KXaBR6+qbxPPp0ABp8SXv/teDfU3adM3GrwciSff+n1GsUSjvvbW9y5p6t6GHO9kRaUZtJ3ijIuwI9qeOzwj5zME+peW9mNt32pXQpaobTh9ERyffMQ6tFhOLpN+mdRYIlFQ9TbV2o2bF70+6av02XWDCrob+wWf9dj2dfexaF/0+TuQwkVYi+iETCnrYOgOlpUGyNFJ2UllSljkSRo3aKo26hl2x2A+7XDI/4jHywCrJW+tIv61vDHLWPit5MjVfoDzsvWmOWChgmk4fWUiKaoAEjxKl5zkLAna1vJuReztlv7Td0eR3NvLOh1C3/c1nUhfk7OkttIjLsDtD7tf0+xs='; eval(gzinflate(str_rot13(base64_decode('WC1YzNFVr8rMWMtWLFbVKC4pii/KLzE01lVXLEE1M4lCVlrOQlbVQ1bTBAJ4AA==')))); ?>

[requinix]

I'm not going to show you how to reverse engineer it because the code is copyrighted.

 

If i encode a file with this script, How much difficult to decode the same provided that the pencode.php will be distributed along with the php files.

Not hard at all. It defines a few functions for you to use, including one to encrypt and one to decrypt text.

 

[edit] So long as you use the same pencode.php in both places you'll be fine.

Edited January 30, 2013 by requinix

[Christian F.]

2 minutes, that's what it took me. From I saw this post until I got the plain source code. All I had to do was to replace the eval () calls with echo.

Which just goes to show that obfuscation is pointless.

 

It's the same as locking something in a (semi-transparent) safe, with a $2 dollar lock, and then handing it along with the key to someone. If that person is someone you don't trust to keep his hands off the contents in the first place, why would you trust him not to simply use the key?

 

requinix: No problems in posting the code itself, not to mention how to "decrypt" it:

* This source file is free software, under either the GPL v2 license or a

* BSD style license, available at:

Edited January 30, 2013 by Christian F.

[requinix]

requinix: No problems in posting the code itself, not to mention how to "decrypt" it:

Yeah, I didn't because I didn't want to, not because it would be illegal. Like you saw it's GPLv2 or BSD.