I’ve found a good obfuscation/encoder tool to hide the source code of PHP files from shell written by Prakhar Prasad.
This is a very useful tool if you want to prevent others from viewing and editing your PHP code.
There are changes to his version to allow the replacing of the original file with the encoded version, keeping the permissions the same and the ability to handle a directory of PHP files.
<?php
/***********************************************\
* *
* REMOTE SERVER CLIENT BLOCK CHECK PAGE *
* *
* Coded by: Prakhar Prasad *
* Carbylamine PHP Encoder - v0.1.1 Nightly *
* Adapted by: Noah Hearle, Design Extreme *
* *
* Modified: 2015/02/28 *
* *
* Post your comments at: *
* https://blog.nahoo.co.uk/php-obfuscator/ *
* *
\***********************************************/
function rstr() // Random String Function
{
$len = rand(3, 6);
$chr = '';
for ($i = 1; $i <= $len; $i++)
{
$chr .= rand(0, 1) ? chr(rand(65, 90)) : chr(rand(97, 122));
}
return $chr;
}
function enjumble($data) // Custom Encoding + Base64 + gzinflate()
{
for ($i = 0; $i < strlen($data); $i++)
{
$data[$i] = chr(ord($data[$i]) + 1);
}
return base64_encode(gzdeflate($data, 9));
}
function striptag($in) // Remove '<?php' from initial code
{
$pos = strpos($in, '<?php'); //to do: add support for short_tags
if (is_numeric($pos))
{
for ($i = $pos; $i <= $pos + 4 && strlen($in) >= 5; $i++)
{
$in[$i] = ' ';
}
return $in;
}
else
{
return $in;
}
}
function makeoutfile($source)
{
$funcname = rstr();
$varname = '$'.rstr();
$string = enjumble($source);
$php = '<'.'?php function '.$funcname.'('.$varname.') { ';
$php .= $varname.' = gzinflate(base64_decode('.$varname.')); ';
$php .= 'for($i=0;$i<strlen('.$varname.');$i++) { ';
$php .= $varname.'[$i] = chr(ord('.$varname.'[$i])-1); ';
$php .= '} return '.$varname.'; ';
$php .= '} eval('.$funcname.'(\''.$string.'\')); ';
$php .= '?'.'>';
return $php;
}
function get_user_group($file) // Returns the user/group owership of a file
{
$stat = stat($file);
if (!$stat)
{
return FALSE;
}
$group = posix_getgrgid($stat[5]);
$user = posix_getpwuid($stat[4]);
return array($user['name'], $group['name']);
}
function set_user_group($file, $user, $group)
{
if ($file == NULL || $user == NULL || $group == NULL)
{
return FALSE;
}
chown($file, $user);
chgrp($file, $group);
return TRUE;
}
function main($argc, $argv)
{
$files = array();
$replace = FALSE;
$banner = '------------------------------------------------------------------
Carbylamine PHP Encoder - v0.1.1 Nightly - Coded by Prakhar Prasad
Adapted by Noah Hearle, Design Extreme on 2015/02/28
------------------------------------------------------------------
';
if ($argc == 1)
{
echo $banner.'Syntax: '.$_SERVER['PHP_SELF'].' <file(s) to encode> [<output file>]';
die();
}
if ($argc > 1)
{
$source_filename = $file = $argv[1];
}
if ($argc > 2)
{
$outfile = $argv[2];
}
if ($file == NULL)
{
echo 'Input filename not entered';
}
if (preg_match('/^.+\.(php|inc)$/', $file))
{
if ($outfile == NULL && $file != NULL)
{
$outfile = preg_replace('/^(.*)(\.[a-z]+)/i','$1-'.md5(time().$file).'$2',$file);
$replace = TRUE;
}
$files[] = array($file, $outfile, $replace);
}
else
{
$file_list = scandir($file);
foreach ($file_list as $file)
{
if (!preg_match('/^.+\.(php|inc)$/',$file))
{
continue;
}
$outfile = preg_replace('/^(.*)(\.[a-z]+)/i','$1-'.md5(time().$file).'$2',$file);
$files[] = array($file, $outfile, TRUE);
}
}
if (empty($files))
{
echo 'No files found at '.$source_filename;
die();
}
echo $banner;
foreach ($files as $f)
{
list($file, $outfile, $replace) = $f;
$source_filename = $file;
$output_filename = $outfile;
if ($file == NULL || $outfile == NULL)
{
echo 'Input/Output filename not entered!';
die();
}
if (!file_exists($source_filename))
{
echo 'Error: Input file doesn\'t exist
';
continue;
}
list($user, $group) = get_user_group($source_filename);
$orginal_size = round(filesize($source_filename) / 1024, 2);
echo 'Encoding: '.$source_filename.' ('.$orginal_size.' KB)
';
$outfile = fopen($outfile, 'w+');
$file = fread(fopen($file, 'r'), filesize($file));
$outdata = makeoutfile(striptag($file));
$new_size = round(strlen($outdata) / 1024, 2);
if (!fwrite($outfile, $outdata))
{
echo 'Unable to write to '.$output_filename.'
';
continue;
}
echo 'Successfully Encoded: '.(($replace) ? $source_filename : $output_filename).' with compression: '.(@round(100 - (($new_size * 100) / ($orginal_size != 0 ? $orginal_size : 1)), 2)).'%
';
if (!$replace)
{
set_user_group($output_filename, $user, $group);
continue;
}
if (!rename($output_filename, $source_filename))
{
echo 'Unable to rename '.$output_filename.' to '.$source_filename.'
';
continue;
}
set_user_group($source_filename, $user, $group);
}
}
main($argc, $argv);
?>To run this in shell, just use:
php ./obfuscator.php <source_directory>
You can replace the source directory with a file and add an optional destination file as a second argument.
Don’t forget to back up the files and always keep the source files safe.
Last updated on