[PHP] Obfuscation v2

PHP Code:

<?php class Obfuscate { public $script; private $funcvars; private $stringfunc; private $stringroll; public function __construct ( $script ) { $this->script = $script; } public function run ( ) { $this->funcvars = array ( ); $this->stringroll = rand ( 1 , 255 ); $this->stringfunc = $this->generate_string_decryptor ( ); $this->script = $this->striptags ( ); $this->script = $this->obfuscate_variables ( ); $this->script = $this->obfuscate_functions ( ); $this->script = $this->obfuscate_strings ( ); $this->script = $this->generate_string_padding ( ); $this->script = $this->generate_function_padding ( ); $this->script .= $this->stringfunc[1]; $this->script = $this->format ( ); return $this->script; } private function striptags ( $script = null ) { $script = ( $script == null ? $this->script : $script ); if ( strpos ( $script , "<?php" ) > -1 ) { $script = ltrim ( $script , '<?php' ); } else if ( strpos ( $script , "<?" ) > -1 ) { $script = ltrim ( $script , '<?' ); } if ( strrpos ( $script , "?>" ) > -1 ) { $script = rtrim ( $script , '?>' ); } return $script; } private function format ( $script = null ) { return '<?php eval(base64_decode("' . base64_encode ( ( $script == null ? $this->script : $script ) ) . '")); ?>'; } private function obfuscate_variables ( $script = null , $hidden = null ) { $script = ( $script == null ? $this->script : $script ); preg_match_all ( '/\$[?a-zA-Z_\x7f-\xff][?a-zA-Z0-9_\x7f-\xff]*/' , $script , $out ); if ( sizeOf ( $out ) > 0 ) { $out[0] = array_unique ( $out[0] ); for ( $i = 0; $i < sizeOf ( $out[0] ); $i++ ) { if ( $hidden == null || ! in_array ( $out[0][$i] , $hidden ) ) { $script = str_replace ( $out[0][$i] , '$' . $this->generate_funcvar_name ( ) , $script ); } } } return $script; } private function obfuscate_functions ( $script = null ) { $script = ( $script == null ? $this->script : $script ); preg_match_all ( '/(function\s*([?a-zA-Z_\x7f-\xff][?a-zA-Z0-9_\x7f-\xff]*)).*($.*$).*\{(.*)\}/xs' , $script , $out ); if ( sizeOf ( $out ) > 0 ) { $globals = null; preg_match_all ( '/global\s*(.*);/' , $script , $outg ); if ( sizeOf ( $outg[1] ) == 1 ) { $globals = array ( ); $rawglobals = explode ( ',' , $outg[1][0] ); for ( $i = 0; $i < sizeOf ( $rawglobals ); $i++ ) { $globals[] = trim ( $rawglobals[$i] ); } } $script = str_replace ( $out[0][$i] , $this->obfuscate_variables ( $out[0][$i] , $globals ) , $script ); for ( $i = 0; $i < sizeOf ( $out[0] ); $i++ ) { $script = str_replace ( $out[1][$i] , ( 'function ' . ( $FuncName = $this->generate_funcvar_name ( ) ) ) , $script ); preg_match_all ( '/(?!=function)(' . trim ( $out[2][$i] ) . ').*(\s*$.*$\s*)/x' , $script , $outt ); for ( $j = 0; $j < sizeOf ( $outt[0] ); $j++ ) { $script = str_replace ( $outt[0][$j] , $FuncName . $outt[2][$j] , $script ); } } } return $script; } private function obfuscate_strings ( $script = null ) { $script = ( $script == null ? $this->script : $script ); preg_match_all ( '/\"(.*)\"/' , $script , $outdq ); preg_match_all ( '/\'(.*)\'/' , $script , $outq ); if ( sizeOf ( $outdq ) > 0 ) { $outdq[0] = array_unique ( $outdq[0] ); $outdq[1] = array_unique ( $outdq[1] ); for ( $i = 0; $i < sizeOf ( $outdq ); $i++ ) { $script = str_replace ( $outdq[0][$i] , ( $this->stringfunc[0] . '("' . $this->string_encrypt ( $outdq[1][$i] ) . '")' ) , $script ); } } if ( sizeOf ( $outq ) > 0 ) { $outq[0] = array_unique ( $outq[0] ); $outq[1] = array_unique ( $outq[1] ); for ( $i = 0; $i < sizeOf ( $outq ); $i++ ) { $script = str_replace ( $outq[0][$i] , ( $this->stringfunc[0] . '("' . $this->string_encrypt ( $outq[1][$i] ) . '")' ) , $script ); } } return $script; } private function generate_funcvar_name ( ) { while ( ! isset ( $funcvar ) || in_array ( $funcvar , $this->funcvars ) ) { $funcvar = ( chr ( rand ( 99 , 122 ) ) . substr ( md5 ( rand ( 1 , 9999999 ) ) , 0 , rand ( 1 , 32 ) ) ); } $this->funcvars[] = $funcvar; return $funcvar; } private function generate_string_decryptor ( ) { $Func = $this->obfuscate_variables ( 'function ' . ( $FuncName = $this->generate_funcvar_name ( ) ) . '($string){$result="";for($i=0;$i<=(strlen($string)-1);$i++){$result.=chr(ord($string[$i])-' . $this->stringroll . ');}return $result;}' ); return Array ( $FuncName , $Func , ); } private function generate_string_padding ( $script = null ) { $script = ( $script == null ? $this->script : $script ); for ( $i = 0; $i < rand ( 0 , 50 ); $i++ ) { if ( rand ( 0 , 1 ) ) { $script .= '$' . $this->generate_funcvar_name ( ) . ' = ' .( $this->stringfunc[0] . '("' . $this->string_encrypt ( $this->generate_funcvar_name ( ) ) . '")' ) . ";\r\n"; } } return $script; } private function generate_function_padding ( $script = null ) { $script = ( $script == null ? $this->script : $script ); for ( $i = 0; $i < rand ( 1 , 10 ); $i++ ) { if ( rand ( 0 , 1 ) ) { $script .= 'function ' . $this->generate_funcvar_name ( ) . " ( ) \r\n{\r\n" .( $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) . $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) ) . "}\r\n"; } else { $script = 'function ' . $this->generate_funcvar_name ( ) . " ( ) \r\n{\r\n" .( $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) . $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) ) . "}\r\n" . $script; } } return $script; } private function string_encrypt ( $string ) { $result = ""; for ( $i = 0; $i < strlen ( $string ); $i++ ) { $result .= chr ( ( ord ( $string[$i] ) + $this->stringroll ) ); } return $result; } } ?>

This version of Obfuscation includes;

Easy-to-use OOP Class
Variable Name Changing
Function Name Changing
Variable Padding
Function Padding
Full String Encryption
PHP Auto Tag Stripping (Inputted script can have, or not have PHP tags [Including short-tags])
Base64 Script Storage (Eval'd)

Problems Fixed?

I altered all regex to fit PHP5 Standard.
I fixed multiple regex patterns to properly capture and parse variables seperately for functions, unless globals are called.
New encryption method helps prevent data from be accessible.

Example Usage;

PHP Code:

<?php if ( isset ( $_POST['script'] ) ) { $Obfuscate = new Obfuscate ( $_POST['script'] ); } ?> Obfuscated:<br /><textarea rows="10" cols="100"><?php echo ( isset ( $_POST['script'] ) ? $Obfuscate->run ( ) : "" ); ?></textarea><br /><br /> <form method="post"> PHP:<br /><textarea name="script" rows="10" cols="100"></textarea><br /> <input type="submit" value="Obfuscate" /> </form>

Wow, this is nice. Works quite well too!

Quote:

Originally Posted by Asydix

Wow, this is nice. Works quite well too!

Thank you, I have to say that by-far the hardest part of the entire script was localizing variables for functions (Meaning that functions can properly read globals etc.)

Your CodeDom release is what inspired me to make and release this, the next step is function splitting.

Turning;

function Test()
{
return "";
}

Into;
$85hj05j7 = 4tiu93n4();
function wq23i23r5()
{
return 437t5404();
}

function 437t5404()
{
return $85hj05j7;
}

function 4tiu93n4()
{
return "";
}

I have it about 1/8th of the way done. I want it to be really nice though.