can any one tell me how to obfuscate php codes ???

i dont need those zend and all i just need my codes obfuscated !!

thx

peace~~ :thumbsup:

can any one tell me how to obfuscate php codes ???

i dont need those zend and all i just need my codes obfuscated !!

thx

peace~~ :thumbsup:

I'm not aware of any available ones but I'm sure there'll be some. I'm a bit of a tokenizer and lexical analyzer hippy myself so I may have a stab at it actually :)

Try Codelock (http://www.codelock.co.nz/howitworks.htm).

Try Codelock (http://www.codelock.co.nz/howitworks.htm).

That's not really obfuscated though, it's just encrypted. It's more secure, but I was under the impression the OP wants an obfuscator :)

there might be a difference between obfuscating and encrypting, but for practical purposes, the end results are the same...

And regardless, there is no full proof way to protect your intellectual property, so in my opnion a $50 solution is just as effective as say the Zend Encoder, which costs over $1000, and can only be read on servers that support it...

If someone wants to decrypt your code, or figure out how it was obfuscated and reverse engineer it, they will find a way.....Practically speaking, would someone actually go to the effort of doing so?...Probably not...

Why spend 50$ if you can get the same result by using this?

<?php
$code_to_be_extreemly_well_encrypted = 'print \'Hello World\';';
print '<?php eval(base64_decode(\'' . base64_encode($code_to_be_extreemly_well_encrypted) . '\'));?>';
?>


If someone wants to decrypt your code, or figure out how it was obfuscated and reverse engineer it, they will find a way.....Practically speaking, would someone actually go to the effort of doing so?...Probably not...
Why "encrypt" it if nobody cares?

Why spend 50$ if you can get the same result by using this?

Ultimately, it all depends on the level of encryption/obfuscation that you're comfortable with...your way would certainly work for many situations...

Why "encrypt" it if nobody cares?

Good question....you have to ask yourself why your encrypting something before you encrypt it....if you;re protecting a legal patent, for example, then perhaps a person would want to encrypt their code for an added level of protection....it's all personal preference, and situational, since the science of encyption/obfuscation is imperfect...the best one can do is choose what they think is the strongest form of encyption/obfuscation and go with that (if they think encryption is warranted)...

Ultimately, it all depends on the level of encryption/obfuscation that you're comfortable with...your way would certainly work for many situations...
It's not "my" way. It's more or less what Codelock does... decrypting it would also be around one line of code. As it relies on base64_* functions which don't really encrypt but as the names of the functions sugest encodes so that... ah just read the manual.

Why would someone want to encrypt (or "encode" :D ) sensitive data with base64 if it's that easy to decrypt/unencode? Unless the data isn't that sensitive....

And where does it say that Codelock relies on base64? Honestly, I don;t know what it uses to obfuscate/encrypt, but I'm sure I could find out (since I'm curious now)....

Maybe this screenshot (http://www.codelock.co.nz/images/screenshot3.jpg) will solve the issue.

well I'll be damned...lol...you're pretty sharp to catch that...I could barely make out the base64_decode in there....

Anyway, I have a feeling that there is a little more to CodeLock than just base64 encoding...So they may use it (base64), but it is just one layer of protection....

In any event, I zapped them (the compnay that sells CodeLock) a quick email to get some clarification on what methods exactly that they use....so if you;re at all interested, stay tuned....;)

It appears they also remove linebreaks...

thx yall of ur reply....

code lock is just like zend ... it needs some type of engine on the server ... on which that scriot shud run ... and i dont want that.... :(

i just want an obfuscater that can run without any engine and all those stuff .. :p

peace~

CodeLock doesn't require a server side decryption program/engine like Zend....you bundle the "key" with the software, so the software will only work if you use the key...taken from the CodeLock site:

" How does Codelock work?

Codelock for PHP and HTML converts your plain-text PHP scripts into an encoded format. It also allows PHP mixed with HTML. All you need to do is include the decryptor file along with your php files and it enables any version of php (php4+) to read your files in and decode them."

Why don;t you try the free demo (http://www.codelock.co.nz/demo.htm) and see if you like it?

...converts your plain-text PHP scripts into an encoded format...Indeed.

Is there a risk of PHP code on my web server being compromised? If I have properly secured the directory with permissions so the directory can't be browsed, how would one pull off the php file outside of through a browser where it will be processed? There's no way someone could get back to the original code if all they have to work with is the browser output.

<?php
eval(stripslashes(join('',array_map(create_function('$n', 'eval(\'$r=chr(\'.$n.\');\');return $r;'),unserialize('a:54:{i:0;s:6:"124^25";i:1;s:9:"~183^~212";i:2;s:8:"~18^~122";i:3;s:6:"109|98";i:4;s:10:"185&49&166";i:5;s:22:"27<<~221<<~233<<120^92";i:6;s:10:"158&102^33";i:7;s:9:"~201^~128";i:8;s:6:"60&224";i:9;s:7:"246^129";i:10;s:12:"10^~145^~242";i:11;s:9:"~134^~234";i:12;s:7:"178^222";i:13;s:12:"235&52<<~191";i:14;s:13:"~149^~240&~58";i:15;s:23:"14>>19^~90&~216>>49^~56";i:16;s:15:"120^~62&206^222";i:17;s:7:"216^173";i:18;s:24:"~204>>87^~115&~236>>~208";i:19;s:11:"~35&178^243";i:20;s:13:"~252^126^~227";i:21;s:11:"162^108^186";i:22;s:12:"101|57>>~244";i:23;s:7:"~198&36";i:24;s:13:"112|~240^~201";i:25;s:5:"48^95";i:26;s:23:"~47&119>>~8>>74&161^117";i:27;s:8:"229>>193";i:28;s:6:"160&44";i:29;s:7:"~175&91";i:30;s:6:"49^121";i:31;s:12:"~39&~173&220";i:32;s:8:"~219&104";i:33;s:19:"187>>14^102|88>>175";i:34;s:6:"35|110";i:35;s:7:"~81^~35";i:36;s:7:"~218&96";i:37;s:6:"249&97";i:38;s:8:"~158&180";i:39;s:8:"~31^~113";i:40;s:12:"244&~243|107";i:41;s:14:"109&~199>>~167";i:42;s:8:"105>>~95";i:43;s:13:"~2>>~236^~110";i:44;s:9:"68&192|33";i:45;s:12:"108^149>>234";i:46;s:11:"71>>68<<227";i:47;s:8:"204>>~62";i:48;s:9:"~213^~176";i:49;s:7:"213^176";i:50;s:7:"163^141";i:51;s:7:"221&124";i:52;s:7:"~71^~96";i:53;s:9:"119>>~254";}')))));
?>


edit: ok fine, open source. Note that this is pretty stupid and will not do wonders for your page generation times. It was fun though :] It really needs a bunch of unicode escapes and whatnot, but I'll leave that to you.


<?php
$php_code = $_GET['code'];
$operations = array('&', '|', '^', '>>', '<<');
$p_appending = 0.9;
$p_negating = 0.5;
$min = 0;
$max = 255;
$chars = array();

function maybeNegate($value, $probability) { return (mt_rand(0,1) > $probability) ? '~' . $value : $value; }

for ($character_offset = 0, $len = strlen($php_code); $character_offset < $len; $character_offset++)
{
do
{
$expr = maybeNegate(mt_rand($min, $max), $p_negating);
do
{
$expr .= $operations[mt_rand(0, count($operations) - 1)] . maybeNegate(mt_rand($min, $max), $p_negating);
} while (mt_rand(0,1) > $p_appending);
eval('$expr_val = ' . $expr . ';');
} while ($expr_val != ord($php_code{$character_offset}));
$chars[] = $expr;
}
$encoded = serialize($chars);
print 'Encoded:<hr />' . $encoded . '<hr />';

#Uncomment only on a private server, ok? ;)
#print 'Test run:<hr />';
#eval(stripslashes(join('',array_map(create_function('$n', 'eval(\'$r=chr(\'.$n.\');\');return $r;'),unserialize($encoded)))));
?>

Is there a risk of PHP code on my web server being compromised? If I have properly secured the directory with permissions so the directory can't be browsed, how would one pull off the php file outside of through a browser where it will be processed? There's no way someone could get back to the original code if all they have to work with is the browser output.

The risk of the code on your server being compromised is negligibe. Decrypting/unobfuscating PHP that you have access to read is much easier that obtaining access to the server in the first place. PHP obfuscation/encryption is used by people who SELL the PHP that they write and don't want the buyers tampering with their code.

Here's the info on CodeLock (http://www.codelock.co.nz/howitworks.htm), for those that are interested -- an email I received from Customer Support:

My Question:

What kinds of encryption/obfuscating methods does CodeLock V 2.0 use?

Does it use base64 encoding methods?

Answer:

Codelock uses a combination of methods.

Base64 and zip encoding is done for some level of obfuscating, but much more secure methods are used for the actual protection. Without the key code, decoding the encrypted script would be extremly time expensive, as much the same methods as ssl are used.