LinkBack URL
About LinkBacksThis version of Obfuscation includes;PHP Code:<?php
class Obfuscate
{
public $script;
private $funcvars;
private $stringfunc;
private $stringroll;
public function __construct ( $script )
{
$this->script = $script;
}
public function run ( )
{
$this->funcvars = array ( );
$this->stringroll = rand ( 1 , 255 );
$this->stringfunc = $this->generate_string_decryptor ( );
$this->script = $this->striptags ( );
$this->script = $this->obfuscate_variables ( );
$this->script = $this->obfuscate_functions ( );
$this->script = $this->obfuscate_strings ( );
$this->script = $this->generate_string_padding ( );
$this->script = $this->generate_function_padding ( );
$this->script .= $this->stringfunc[1];
$this->script = $this->format ( );
return $this->script;
}
private function striptags ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
if ( strpos ( $script , "<?php" ) > -1 )
{
$script = ltrim ( $script , '<?php' );
}
else if ( strpos ( $script , "<?" ) > -1 )
{
$script = ltrim ( $script , '<?' );
}
if ( strrpos ( $script , "?>" ) > -1 )
{
$script = rtrim ( $script , '?>' );
}
return $script;
}
private function format ( $script = null )
{
return '<?php eval(base64_decode("' . base64_encode ( ( $script == null ? $this->script : $script ) ) . '")); ?>';
}
private function obfuscate_variables ( $script = null , $hidden = null )
{
$script = ( $script == null ? $this->script : $script );
preg_match_all ( '/\$[?a-zA-Z_\x7f-\xff][?a-zA-Z0-9_\x7f-\xff]*/' , $script , $out );
if ( sizeOf ( $out ) > 0 )
{
$out[0] = array_unique ( $out[0] );
for ( $i = 0; $i < sizeOf ( $out[0] ); $i++ )
{
if ( $hidden == null || ! in_array ( $out[0][$i] , $hidden ) )
{
$script = str_replace ( $out[0][$i] , '$' . $this->generate_funcvar_name ( ) , $script );
}
}
}
return $script;
}
private function obfuscate_functions ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
preg_match_all ( '/(function\s*([?a-zA-Z_\x7f-\xff][?a-zA-Z0-9_\x7f-\xff]*)).*(\(.*\)).*\{(.*)\}/xs' , $script , $out );
if ( sizeOf ( $out ) > 0 )
{
$globals = null;
preg_match_all ( '/global\s*(.*);/' , $script , $outg );
if ( sizeOf ( $outg[1] ) == 1 )
{
$globals = array ( );
$rawglobals = explode ( ',' , $outg[1][0] );
for ( $i = 0; $i < sizeOf ( $rawglobals ); $i++ )
{
$globals[] = trim ( $rawglobals[$i] );
}
}
$script = str_replace ( $out[0][$i] , $this->obfuscate_variables ( $out[0][$i] , $globals ) , $script );
for ( $i = 0; $i < sizeOf ( $out[0] ); $i++ )
{
$script = str_replace ( $out[1][$i] , ( 'function ' . ( $FuncName = $this->generate_funcvar_name ( ) ) ) , $script );
preg_match_all ( '/(?!=function)(' . trim ( $out[2][$i] ) . ').*(\s*\(.*\)\s*)/x' , $script , $outt );
for ( $j = 0; $j < sizeOf ( $outt[0] ); $j++ )
{
$script = str_replace ( $outt[0][$j] , $FuncName . $outt[2][$j] , $script );
}
}
}
return $script;
}
private function obfuscate_strings ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
preg_match_all ( '/\"(.*)\"/' , $script , $outdq );
preg_match_all ( '/\'(.*)\'/' , $script , $outq );
if ( sizeOf ( $outdq ) > 0 )
{
$outdq[0] = array_unique ( $outdq[0] );
$outdq[1] = array_unique ( $outdq[1] );
for ( $i = 0; $i < sizeOf ( $outdq ); $i++ )
{
$script = str_replace ( $outdq[0][$i] , ( $this->stringfunc[0] . '("' . $this->string_encrypt ( $outdq[1][$i] ) . '")' ) , $script );
}
}
if ( sizeOf ( $outq ) > 0 )
{
$outq[0] = array_unique ( $outq[0] );
$outq[1] = array_unique ( $outq[1] );
for ( $i = 0; $i < sizeOf ( $outq ); $i++ )
{
$script = str_replace ( $outq[0][$i] , ( $this->stringfunc[0] . '("' . $this->string_encrypt ( $outq[1][$i] ) . '")' ) , $script );
}
}
return $script;
}
private function generate_funcvar_name ( )
{
while ( ! isset ( $funcvar ) || in_array ( $funcvar , $this->funcvars ) )
{
$funcvar = ( chr ( rand ( 99 , 122 ) ) . substr ( md5 ( rand ( 1 , 9999999 ) ) , 0 , rand ( 1 , 32 ) ) );
}
$this->funcvars[] = $funcvar;
return $funcvar;
}
private function generate_string_decryptor ( )
{
$Func = $this->obfuscate_variables ( 'function ' . ( $FuncName = $this->generate_funcvar_name ( ) ) . '($string){$result="";for($i=0;$i<=(strlen($string)-1);$i++){$result.=chr(ord($string[$i])-' . $this->stringroll . ');}return $result;}' );
return Array (
$FuncName ,
$Func ,
);
}
private function generate_string_padding ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
for ( $i = 0; $i < rand ( 0 , 50 ); $i++ )
{
if ( rand ( 0 , 1 ) )
{
$script .= '$' . $this->generate_funcvar_name ( ) . ' = ' .( $this->stringfunc[0] . '("' . $this->string_encrypt ( $this->generate_funcvar_name ( ) ) . '")' ) . ";\r\n";
}
}
return $script;
}
private function generate_function_padding ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
for ( $i = 0; $i < rand ( 1 , 10 ); $i++ )
{
if ( rand ( 0 , 1 ) )
{
$script .= 'function ' . $this->generate_funcvar_name ( ) . " ( ) \r\n{\r\n" .( $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) . $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) ) . "}\r\n";
}
else
{
$script = 'function ' . $this->generate_funcvar_name ( ) . " ( ) \r\n{\r\n" .( $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) . $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) ) . "}\r\n" . $script;
}
}
return $script;
}
private function string_encrypt ( $string )
{
$result = "";
for ( $i = 0; $i < strlen ( $string ); $i++ )
{
$result .= chr ( ( ord ( $string[$i] ) + $this->stringroll ) );
}
return $result;
}
}
?>
- Easy-to-use OOP Class
- Variable Name Changing
- Function Name Changing
- Variable Padding
- Function Padding
- Full String Encryption
- PHP Auto Tag Stripping (Inputted script can have, or not have PHP tags [Including short-tags])
- Base64 Script Storage (Eval'd)
Problems Fixed?
- I altered all regex to fit PHP5 Standard.
- I fixed multiple regex patterns to properly capture and parse variables seperately for functions, unless globals are called.
- New encryption method helps prevent data from be accessible.
Example Usage;
PHP Code:<?php
if ( isset ( $_POST['script'] ) )
{
$Obfuscate = new Obfuscate ( $_POST['script'] );
}
?>
Obfuscated:<br /><textarea rows="10" cols="100"><?php echo ( isset ( $_POST['script'] ) ? $Obfuscate->run ( ) : "" ); ?></textarea><br /><br />
<form method="post">
PHP:<br /><textarea name="script" rows="10" cols="100"></textarea><br />
<input type="submit" value="Obfuscate" />
</form>
Results 1 to 3 of 3
Thread: [PHP] Obfuscation v2
- 11 Jan. 2011 09:39am #1Mr. Aids
- Age
- 30
- Join Date
- Nov. 2009
- Location
- Anaheim, California
- Posts
- 1,065
- Reputation
- 99
- LCash
- 10.00
[PHP] Obfuscation v2 Last edited by Chris; 11 Jan. 2011 at 09:41am.
Originally Posted by La Vie Cruelle 
- 11 Jan. 2011 11:06am #2
Wow, this is nice. Works quite well too!
- 11 Jan. 2011 09:07pm #3Mr. Aids
- Age
- 30
- Join Date
- Nov. 2009
- Location
- Anaheim, California
- Posts
- 1,065
- Reputation
- 99
- LCash
- 10.00
Thank you, I have to say that by-far the hardest part of the entire script was localizing variables for functions (Meaning that functions can properly read globals etc.) Originally Posted by Asydix
Your CodeDom release is what inspired me to make and release this, the next step is function splitting.
Turning;
function Test()
{
return "";
}
Into;
$85hj05j7 = 4tiu93n4();
function wq23i23r5()
{
return 437t5404();
}
function 437t5404()
{
return $85hj05j7;
}
function 4tiu93n4()
{
return "";
}
I have it about 1/8th of the way done. I want it to be really nice though.Last edited by Chris; 11 Jan. 2011 at 09:09pm.
Originally Posted by La Vie Cruelle
Reply With Quote
