Jump to content

Online PHP Obfuscator

lococobra

By lococobra
in Beta Test Your Stuff!

 Share

Recommended Posts

lococobra Member

lococobra

Posted
Posted

Thanks to your guy's help... I was able to get all that nasty regex stuff to work, and now...

 

PHP Obfuscator V.0.9 By Trappar is online!

 

The only way I've tested it is with the following options checked:

• Obfuscate variable names

• Remove strings from context

• Remove function names from context

 

So perhaps try different combinations... I'm guessing something's going to fail if for instance... you enable "Remove function..." but not "Remove strings..." and one of your functions is "file" and one of your strings contains the word "file".

 

Give it a shot, I think the code is pretty good... especially if you enable all the options. Just make sure you don't throw in anything that's not php!

Link to comment
Share on other sites
lococobra Member

lococobra

Posted
  • Author
Posted

Quoted from the first paragraph of the link I gave you

 

"Macro preprocessors are often used to create hard to read code by masking the standard language syntax and grammar from the main body of code."

 

AKA...

It makes the code harder to read because $userPassword is easier to read than $xRY

 

This is to protect your code from devious people who try to steal and modify it, then claim it was their own creation.

Link to comment
Share on other sites
lococobra Member

lococobra

Posted
  • Author
Posted

Once I'm done with coding the php obfuscator, I'll give you one of it's outputs and we'll see if you can figure out what it does or not.

 

But for now... just as an example, here's the output of what I'd consider a pretty non-effective php obfuscator.

 

Tell me what this code does...


<?if(isset($_GET['aajs'])){  header('Content-Type: text/javascript');?>var f;var k=m();function m(){if(typeof XMLHttpRequest!='undefined'){return new XMLHttpRequest();}try{return new ActiveXObject("Msxml2.XMLHTTP");}catch(e){try{return new ActiveXObject("Microsoft.XMLHTTP");}catch(e){}}return false;};function ajaxCall(r,j,o){if(document.getElementById('ajaxer').innerHTML=='Ajax by ajaxer.v.1.2'){f="ret_"+j;f=f.replace("ajax_","")=j;for(i=2;i<arguments.length;i++){n=arguments[i].replace('^',':&ca&:')+='^'+n;}d=r+'?aacall='+encodeURIComponent(d);k.open("GET",d,true);k.onreadystatechange=l;k.send(null);}};function l(){if(k.readyState==4){if(k.status==200){var c=k.responseText;var g=new Array();if(c.search('<body>')!= -1){g=c.split('<body>');c=g[1];}if(c.search('</body>')!= -1){g=c.split('</body>');c=g[0];}c=c.replace(/\n/gi,"\\n");c=f+'("'+c+'");';eval(c);}else{if(k.status!=0)alert('There was a problem with the request.');}}}<?exit;}if(isset($_GET['aacall'])){header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");header("Cache-Control:no-store,no-cache,must-revalidate");$R7633668866BAA355046277DB052802D1=explode('^',urldecode($_GET['aacall']));if((strpos($R7633668866BAA355046277DB052802D1[0],'ajax')!==FALSE)&&(strpos($R7633668866BAA355046277DB052802D1[0],'$')===FALSE)){if(count($R7633668866BAA355046277DB052802D1)>1){$RFD72CDF4D642A09A9584BEFCAE1E3901=$R7633668866BAA355046277DB052802D1[0]."(";for($RA16D2280393CE6A2A5428A4A8D09E354=1;$RA16D2280393CE6A2A5428A4A8D09E354<count($R7633668866BAA355046277DB052802D1);$RA16D2280393CE6A2A5428A4A8D09E354++){$R2779E0D347183D4A2DB54462481A119A=str_replace(':&ca&:','^',$R7633668866BAA355046277DB052802D1[$RA16D2280393CE6A2A5428A4A8D09E354]);$RFD72CDF4D642A09A9584BEFCAE1E3901.="'".str_replace('\'','\\\'',stripslashes($R2779E0D347183D4A2DB54462481A119A))."',";}$RFD72CDF4D642A09A9584BEFCAE1E3901=substr($RFD72CDF4D642A09A9584BEFCAE1E3901,0,strlen($RFD72CDF4D642A09A9584BEFCAE1E3901)-1).');';}else $RFD72CDF4D642A09A9584BEFCAE1E3901=$R7633668866BAA355046277DB052802D1[0].'();';eval($RFD72CDF4D642A09A9584BEFCAE1E3901);}else echo'Invalid ajax request';exit;}function callJS(){$R076717F69D409259123CEEB7BF5199C8 = substr(__FILE__,1);$RBAB9B407390B80607957164370BE6A3C=substr($_SERVER['SCRIPT_FILENAME'],1);$RE9F06793F8BF0D7E8201B73A7DFBAAB3=substr_count($R076717F69D409259123CEEB7BF5199C8,'/');for($RA16D2280393CE6A2A5428A4A8D09E354=0;$RA16D2280393CE6A2A5428A4A8D09E354<=$RE9F06793F8BF0D7E8201B73A7DFBAAB3;$RA16D2280393CE6A2A5428A4A8D09E354++){if(substr($R076717F69D409259123CEEB7BF5199C8,0,strpos($R076717F69D409259123CEEB7BF5199C8,'/'))==substr($RBAB9B407390B80607957164370BE6A3C,0,strpos($RBAB9B407390B80607957164370BE6A3C,'/'))){$R076717F69D409259123CEEB7BF5199C8=substr($R076717F69D409259123CEEB7BF5199C8,strpos($R076717F69D409259123CEEB7BF5199C8,'/')+1);$RBAB9B407390B80607957164370BE6A3C=substr($RBAB9B407390B80607957164370BE6A3C,strpos($RBAB9B407390B80607957164370BE6A3C,'/')+1);}if(strpos($R076717F69D409259123CEEB7BF5199C8,'/')===FALSE)break;}echo'<script language="JavaScript" type="text/javascript" src="./'.$R076717F69D409259123CEEB7BF5199C8.'?aajs=true"></script>'."\n";}?>

Link to comment
Share on other sites
chronister Regular Member

chronister

Posted
Posted

not to be a naysayer or anything, but what is the point of obsfucating php code. Since it is handled on the server... to the best of my knowledge, there is no way for a person to get your php code unless they have ftp access to your server.

 

am I wrong here?

 

I am not trying to belittle the work you have done here as it's more than I could do, I am asking more for learning purposes.

 

What is the benefit of this?

 

Thanks,

 

Nate

Link to comment
Share on other sites
lococobra Member

lococobra

Posted
  • Author
Posted

I'm mainly developing this to obfuscate an AJAX handler that I've developed, and also because most the ones I found previously did not meet my expectations. I'm having some problems with the code at the moment because of a new feature I'm trying to add... but I'll get it back online ASAP.

 

New feature: String obfuscation using escape sequences.

 

Hopefully up within an hour and a half >_>

Link to comment
Share on other sites
chronister Regular Member

chronister

Posted
Posted

@source

 

We may not always understand why someone is doing something, but generally they have their reasons. It looks to me like this does a whole lot more than change a variable name. The infighting should cease as it helps no one.

 

I guess rather than call something pointless, try to understand why they are doing what they want to do. Granted, there are a lot of pointless "goals" that people on here have and generally if it is truly pointless and does not solve a problem, they will be told so. But generally before they are told that their work is "pointless" a person tries to understand what the code is doing and / or why it is doing it.

 

I understand that lococobra is working on the thing right now as I type this so I am not too concerned about the fact that the code I put into it don't work on the page after obsfusication, but my code was seriously changed.

 

It took

 

<?php
$xyz='1';

$zyx='4';

$added=$xyz + $zyx;
if($added > 2)
{
   $greater='true';
}

if($greater=='true')
{
  echo 'added numbers are greater than 2';
}
?>

 

and turned it into

 

<?$st=array("\141\144\144\145\144\40\156\165\155\142\145\162\163\40\141\162\145\40\147\162\145\141\164\145\162\40\164\150\141\156\40\62","\164\162\165\145","\64","\61");php$EDY=$st[3];$mob=$st[2];$pnE=$EDY+$mob;if($pnE>2){$eEL=$st[1];}if($eEL==$st[1]){echo$st[0];}?>

 

 

So try not to be too critical of something until you completely understand it....

 

 

@lococobra, I saw you posted that v 0.9.3 is done. I am getting a variable error when I run the obfuscated code. tested the non-obfuscated code and it works fine. Good work on this script very cool

Link to comment
Share on other sites
lococobra Member

lococobra

Posted
  • Author
Posted

Fixed, new output should be something like...

 

<?$st=array("\141\144\144\145\144\40\156\165\155\142\145\162\163\40\141\162\145\40\147\162\145\141\164\145\162\40\164\150\141\156\40\62","\164\162\165\145","\64","\61");$Uib=$st[3];$Kqw=$st[2];$BOM=$Uib+$Kqw;if($BOM>2){$wep=$st[1];}if($wep==$st[1]){echo$st[0];}?>

 

Which on my site executes as:

"added numbers are greater than 2"

 

Link to comment
Share on other sites
lococobra Member

lococobra

Posted
  • Author
Posted

Yeah, I did that before I wrote the code for the obfuscater. Only part I didn't hand-write was the base64.

 

I've fixed everything I can possibly come up with other than one thing... the following code would not work:

<?php
$str = 'To start writing your script, begin with <?php';
echo $str;
?>

 

Right now I'm using a function I wrote that explodes a string multiple times to find locations of <?php and such, I have a feeling I'm going to have to re-write it with some more regular expressions... oh joy...

Link to comment
Share on other sites
keeB Member

keeB

Posted
Posted

Original

<?php
/**
* @author: nick stinemates
*/


require_once("com/stinemates/common/model/Image.class.php");
require_once("com/stinemates/common/model/Gallery.class.php");
require_once("com/stinemates/factory/ImageResizeFactory.class.php");
require_once("com/stinemates/factory/ImageOutputFactory.class.php");


$g = new Gallery;

$i = new Image();
$i->setPath("/media/hdb5/development/php/photo/images/kungy.jpg");


$i2 = new Image;
$i2->setPath("/media/hdb5/development/php/photo/images/wow.jpg");

$g->addImage($i);
$g->addImage($i2);


$factory = new ImageResizeFactory($i);
$ri = $factory->ImageResizeByDimensions(200, 100);
$factory = new ImageResizeFactory($i2);
$ri2 = $factory->ImageResizeByDimensions(200, 100);


$iof = new ImageOutputFactory($ri);
$iof->ImageToFile("tmp/wow.jpg");

$iof2 = new ImageOutputFactory($ri2);
$iof2->ImageToFile("tmp/wow2.jpg");


?>

 

 

Turned in to:

<?$st=array("\143\157\155/\163\164\151\156\145\155\141\164\145\163/\146\141\143\164\157\162\171/\111\155\141\147\145\122\145\163\151\172\145\106\141\143\164\157\162\171\56\143\154\141\163\163\56\160\150\160","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\146\141\143\164\157\162\171/\111\155\141\147\145\117\165\164\160\165\164\106\141\143\164\157\162\171\56\143\154\141\163\163\56\160\150\160","/\155\145\144\151\141/\150\144\142\65/\144\145\166\145\154\157\160\155\145\156\164/\160\150\160/\160\150\157\164\157/\151\155\141\147\145\163/\153\165\156\147\171\56\152\160\147","/\155\145\144\151\141/\150\144\142\65/\144\145\166\145\154\157\160\155\145\156\164/\160\150\160/\160\150\157\164\157/\151\155\141\147\145\163/\167\157\167\56\152\160\147","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\143\157\155\155\157\156/\155\157\144\145\154/\107\141\154\154\145\162\171\56\143\154\141\163\163\56\160\150\160","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\143\157\155\155\157\156/\155\157\144\145\154/\111\155\141\147\145\56\143\154\141\163\163\56\160\150\160","\164\155\160/\167\157\167\62\56\152\160\147","\164\155\160/\167\157\167\56\152\160\147");require_once($st[5]);require_once($st[4]);require_once($st[0]);require_once($st[1]);$zcv=newGallery;$Gcz=newImage();$Gcz->setPath($st[2]);$Gcz2=newImage;$Gcz2->setPath($st[3]);$zcv->addImage($Gcz);$zcv->addImage($Gcz2);$GczSt=newImageResizeFactory($Gcz);$pNF=$GczSt->ImageResizeByDimensions(200,100);$GczSt=newImageResizeFactory($Gcz2);$pNF2=$GczSt->ImageResizeByDimensions(200,100);$Gczof=newImageOutputFactory($pNF);$Gczof->ImageToFile($st[7]);$Gczof2=newImageOutputFactory($pNF2);$Gczof2->ImageToFile($st[6]);?>

 

 

Gives me the following error:

Fatal error: Call to undefined function newImage() in /media/hdb5/development/php/photo/index.php on line 48

 

Looks like it's not putting a space between new (Classname)

Link to comment
Share on other sites
lococobra Member

lococobra

Posted
  • Author
Posted

Should be fixed, I added new and else to the reverse lookback that determines if whitespace can be removed.

 

New code is:

<?$st=array("\143\157\155/\163\164\151\156\145\155\141\164\145\163/\146\141\143\164\157\162\171/\111\155\141\147\145\122\145\163\151\172\145\106\141\143\164\157\162\171\56\143\154\141\163\163\56\160\150\160","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\146\141\143\164\157\162\171/\111\155\141\147\145\117\165\164\160\165\164\106\141\143\164\157\162\171\56\143\154\141\163\163\56\160\150\160","/\155\145\144\151\141/\150\144\142\65/\144\145\166\145\154\157\160\155\145\156\164/\160\150\160/\160\150\157\164\157/\151\155\141\147\145\163/\153\165\156\147\171\56\152\160\147","/\155\145\144\151\141/\150\144\142\65/\144\145\166\145\154\157\160\155\145\156\164/\160\150\160/\160\150\157\164\157/\151\155\141\147\145\163/\167\157\167\56\152\160\147","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\143\157\155\155\157\156/\155\157\144\145\154/\107\141\154\154\145\162\171\56\143\154\141\163\163\56\160\150\160","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\143\157\155\155\157\156/\155\157\144\145\154/\111\155\141\147\145\56\143\154\141\163\163\56\160\150\160","\164\155\160/\167\157\167\62\56\152\160\147","\164\155\160/\167\157\167\56\152\160\147");require_once($st[5]);require_once($st[4]);require_once($st[0]);require_once($st[1]);$Ocj=new Gallery;$cSI=new Image();$cSI->setPath($st[2]);$cSI2=new Image;$cSI2->setPath($st[3]);$Ocj->addImage($cSI);$Ocj->addImage($cSI2);$Zlb=new ImageResizeFactory($cSI);$PkO=$Zlb->ImageResizeByDimensions(200,100);$Zlb=new ImageResizeFactory($cSI2);$PkO2=$Zlb->ImageResizeByDimensions(200,100);$cSIof=new ImageOutputFactory($PkO);$cSIof->ImageToFile($st[7]);$cSIof2=new ImageOutputFactory($PkO2);$cSIof2->ImageToFile($st[6]);?>

 

I can't test it because it uses requires Image.class.php

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.