This version of Obfuscation includes;PHP Code:
<?php
class Obfuscate
{
public $script;
private $funcvars;
private $stringfunc;
private $stringroll;
public function __construct ( $script )
{
$this->script = $script;
}
public function run ( )
{
$this->funcvars = array ( );
$this->stringroll = rand ( 1 , 255 );
$this->stringfunc = $this->generate_string_decryptor ( );
$this->script = $this->striptags ( );
$this->script = $this->obfuscate_variables ( );
$this->script = $this->obfuscate_functions ( );
$this->script = $this->obfuscate_strings ( );
$this->script = $this->generate_string_padding ( );
$this->script = $this->generate_function_padding ( );
$this->script .= $this->stringfunc[1];
$this->script = $this->format ( );
return $this->script;
}
private function striptags ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
if ( strpos ( $script , "<?php" ) > -1 )
{
$script = ltrim ( $script , '<?php' );
}
else if ( strpos ( $script , "<?" ) > -1 )
{
$script = ltrim ( $script , '<?' );
}
if ( strrpos ( $script , "?>" ) > -1 )
{
$script = rtrim ( $script , '?>' );
}
return $script;
}
private function format ( $script = null )
{
return '<?php eval(base64_decode("' . base64_encode ( ( $script == null ? $this->script : $script ) ) . '")); ?>';
}
private function obfuscate_variables ( $script = null , $hidden = null )
{
$script = ( $script == null ? $this->script : $script );
preg_match_all ( '/\$[?a-zA-Z_\x7f-\xff][?a-zA-Z0-9_\x7f-\xff]*/' , $script , $out );
if ( sizeOf ( $out ) > 0 )
{
$out[0] = array_unique ( $out[0] );
for ( $i = 0; $i < sizeOf ( $out[0] ); $i++ )
{
if ( $hidden == null || ! in_array ( $out[0][$i] , $hidden ) )
{
$script = str_replace ( $out[0][$i] , '$' . $this->generate_funcvar_name ( ) , $script );
}
}
}
return $script;
}
private function obfuscate_functions ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
preg_match_all ( '/(function\s*([?a-zA-Z_\x7f-\xff][?a-zA-Z0-9_\x7f-\xff]*)).*(\(.*\)).*\{(.*)\}/xs' , $script , $out );
if ( sizeOf ( $out ) > 0 )
{
$globals = null;
preg_match_all ( '/global\s*(.*);/' , $script , $outg );
if ( sizeOf ( $outg[1] ) == 1 )
{
$globals = array ( );
$rawglobals = explode ( ',' , $outg[1][0] );
for ( $i = 0; $i < sizeOf ( $rawglobals ); $i++ )
{
$globals[] = trim ( $rawglobals[$i] );
}
}
$script = str_replace ( $out[0][$i] , $this->obfuscate_variables ( $out[0][$i] , $globals ) , $script );
for ( $i = 0; $i < sizeOf ( $out[0] ); $i++ )
{
$script = str_replace ( $out[1][$i] , ( 'function ' . ( $FuncName = $this->generate_funcvar_name ( ) ) ) , $script );
preg_match_all ( '/(?!=function)(' . trim ( $out[2][$i] ) . ').*(\s*\(.*\)\s*)/x' , $script , $outt );
for ( $j = 0; $j < sizeOf ( $outt[0] ); $j++ )
{
$script = str_replace ( $outt[0][$j] , $FuncName . $outt[2][$j] , $script );
}
}
}
return $script;
}
private function obfuscate_strings ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
preg_match_all ( '/\"(.*)\"/' , $script , $outdq );
preg_match_all ( '/\'(.*)\'/' , $script , $outq );
if ( sizeOf ( $outdq ) > 0 )
{
$outdq[0] = array_unique ( $outdq[0] );
$outdq[1] = array_unique ( $outdq[1] );
for ( $i = 0; $i < sizeOf ( $outdq ); $i++ )
{
$script = str_replace ( $outdq[0][$i] , ( $this->stringfunc[0] . '("' . $this->string_encrypt ( $outdq[1][$i] ) . '")' ) , $script );
}
}
if ( sizeOf ( $outq ) > 0 )
{
$outq[0] = array_unique ( $outq[0] );
$outq[1] = array_unique ( $outq[1] );
for ( $i = 0; $i < sizeOf ( $outq ); $i++ )
{
$script = str_replace ( $outq[0][$i] , ( $this->stringfunc[0] . '("' . $this->string_encrypt ( $outq[1][$i] ) . '")' ) , $script );
}
}
return $script;
}
private function generate_funcvar_name ( )
{
while ( ! isset ( $funcvar ) || in_array ( $funcvar , $this->funcvars ) )
{
$funcvar = ( chr ( rand ( 99 , 122 ) ) . substr ( md5 ( rand ( 1 , 9999999 ) ) , 0 , rand ( 1 , 32 ) ) );
}
$this->funcvars[] = $funcvar;
return $funcvar;
}
private function generate_string_decryptor ( )
{
$Func = $this->obfuscate_variables ( 'function ' . ( $FuncName = $this->generate_funcvar_name ( ) ) . '($string){$result="";for($i=0;$i<=(strlen($string)-1);$i++){$result.=chr(ord($string[$i])-' . $this->stringroll . ');}return $result;}' );
return Array (
$FuncName ,
$Func ,
);
}
private function generate_string_padding ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
for ( $i = 0; $i < rand ( 0 , 50 ); $i++ )
{
if ( rand ( 0 , 1 ) )
{
$script .= '$' . $this->generate_funcvar_name ( ) . ' = ' .( $this->stringfunc[0] . '("' . $this->string_encrypt ( $this->generate_funcvar_name ( ) ) . '")' ) . ";\r\n";
}
}
return $script;
}
private function generate_function_padding ( $script = null )
{
$script = ( $script == null ? $this->script : $script );
for ( $i = 0; $i < rand ( 1 , 10 ); $i++ )
{
if ( rand ( 0 , 1 ) )
{
$script .= 'function ' . $this->generate_funcvar_name ( ) . " ( ) \r\n{\r\n" .( $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) . $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) ) . "}\r\n";
}
else
{
$script = 'function ' . $this->generate_funcvar_name ( ) . " ( ) \r\n{\r\n" .( $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) . $this->generate_string_padding ( "//" . $this->generate_funcvar_name ( ) ."\r\n" ) ) . "}\r\n" . $script;
}
}
return $script;
}
private function string_encrypt ( $string )
{
$result = "";
for ( $i = 0; $i < strlen ( $string ); $i++ )
{
$result .= chr ( ( ord ( $string[$i] ) + $this->stringroll ) );
}
return $result;
}
}
?>
- Easy-to-use OOP Class
- Variable Name Changing
- Function Name Changing
- Variable Padding
- Function Padding
- Full String Encryption
- PHP Auto Tag Stripping (Inputted script can have, or not have PHP tags [Including short-tags])
- Base64 Script Storage (Eval'd)
Problems Fixed?
- I altered all regex to fit PHP5 Standard.
- I fixed multiple regex patterns to properly capture and parse variables seperately for functions, unless globals are called.
- New encryption method helps prevent data from be accessible.
Example Usage;
PHP Code:
<?php
if ( isset ( $_POST['script'] ) )
{
$Obfuscate = new Obfuscate ( $_POST['script'] );
}
?>
Obfuscated:<br /><textarea rows="10" cols="100"><?php echo ( isset ( $_POST['script'] ) ? $Obfuscate->run ( ) : "" ); ?></textarea><br /><br />
<form method="post">
PHP:<br /><textarea name="script" rows="10" cols="100"></textarea><br />
<input type="submit" value="Obfuscate" />
</form>