krakjoe
Jun 3rd 2008, 8:19 am
Can u tell me, what's the point in this application ??
The only thing I can see it achieving is making it hard to track errors, it doesn't actually protect anything .....
Original Code ...
<?php
error_reporting( 0 );
include("include/winbinder.php");
if( !defined( 'IDC_EXEC' ) ) define( 'IDC_EXEC', 1000 );
if( !defined( 'IDC_CODE' ) ) define( 'IDC_CODE', 1001 );
if( !defined( 'IDC_HELP' ) ) define( 'IDC_HELP', 1002 );
if( !defined( 'IDC_SAVE' ) ) define( 'IDC_SAVE', 1003 );
if( !defined( 'IDC_RESET' ) ) define( 'IDC_RESET', 1004 );
if( !defined( 'IDC_OUTPUT' ) ) define( 'IDC_OUTPUT', 1005 );
if( !defined( 'APPNAME' ) ) define( 'APPNAME', "QuickPHP" );
function process_main( $window, $id )
{
switch( $id )
{
case IDC_EXEC: if( ( $getBoxValue = wb_get_text( wb_get_control( $window, IDC_CODE ) ) ) )
{
if( ( $getCodeValue = preg_replace
(
array( '~^<\?(php?)~s', '~\?>$~s' ),
array( '', '' ),
trim( $getBoxValue )
) ) )
{
wb_set_enabled( $window, false );
if( ob_start( ) )
{
eval( $getCodeValue ); # Fatal errors will cause crashes, nothing you can do ...
if( ( $getCodeResult = ob_get_contents( ) ) )
{
wb_set_text( wb_get_control( $window, IDC_OUTPUT ), $getCodeResult );
}
else wb_message_box( $window, "No textual result returned from code", APPNAME );
ob_end_clean( );
}
else wb_message_box( $window, "Failed to start output buffers to catch result", APPNAME );
wb_set_enabled( $window, true );
}
else wb_message_box( $window, "No code entered into text box", APPNAME );
}
else wb_message_box( $window, "No code entered into text box", APPNAME );
break;
case IDC_HELP:
// do some help ...
break;
case IDC_SAVE:
// save the contents of output box ...
break;
case IDC_RESET:
wb_set_text( wb_get_control( $window, IDC_OUTPUT ), "" );
break;
case IDCLOSE: if( wb_message_box( $window, "Would you like to exit ?", "Confirm", WBC_YESNO) )
{
wb_destroy_window( $window );
}
break;
}
}
if( ( $mainwin = wb_create_window(NULL, AppWindow, APPNAME, 600, 600 ) ) )
{
wb_create_control($mainwin, EditBox, "", 10, 10, 570, 350, IDC_CODE, WBC_MULTILINE );
wb_create_control($mainwin, EditBox, "", 10, 395, 570, 160, IDC_OUTPUT, WBC_MULTILINE );
wb_create_control($mainwin, PushButton, "Execute", 10, 365, 80, 22, IDC_EXEC );
wb_create_control($mainwin, PushButton, "Reset", 100, 365, 80, 22, IDC_RESET );
wb_create_control($mainwin, PushButton, "Save", 190, 365, 80, 22, IDC_SAVE );
wb_create_control($mainwin, PushButton, "Help", 280, 365, 80, 22, IDC_HELP );
wb_set_handler($mainwin, "process_main");
wb_main_loop();
}
?>
"Protected Code"
<?php
error_reporting( 0 );
include("include/winbinder.php");
if( !defined( 'IDC_EXEC' ) ) define( 'IDC_EXEC', 1000 );
if( !defined( 'IDC_CODE' ) ) define( 'IDC_CODE', 1001 );
if( !defined( 'IDC_HELP' ) ) define( 'IDC_HELP', 1002 );
if( !defined( 'IDC_SAVE' ) ) define( 'IDC_SAVE', 1003 );
if( !defined( 'IDC_RESET' ) ) define( 'IDC_RESET', 1004 );
if( !defined( 'IDC_OUTPUT' ) ) define( 'IDC_OUTPUT', 1005 );
if( !defined( 'APPNAME' ) ) define( 'APPNAME', "QuickPHP" );
function EUAOhcyKjUCHzOzVCKEcBOEODKzMqNBcCUsMjKFfDNpOhTBKzejcsRqbFaCMhHAN( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, $qbCMBTFbBbDNFNxHATqOqMDMEfrdxaBUFfEOjTEUhMqRATjGhNsKxaBVrThcCMsf )
{
switch( $qbCMBTFbBbDNFNxHATqOqMDMEfrdxaBUFfEOjTEUhMqRATjGhNsKxaBVrThcCMsf )
{
case IDC_EXEC: if( ( $pHscqOCMpNydCNyclGrHDfFbBexTFaqOFOsRDMrUFUlfsdBGzNrGDRzMyKxKEKxV = hdjelKEaxVAfzOlGzfjezfDcDOrfyezUDeDRAVATxGBRhVDRhOjVFfDGhHleAOya( wb_get_control( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, IDC_CODE ) ) ) )
{
if( ( $AGFNpVjVFVpMAOyVBRyGBKFcyMAelOjcAGCcFGsaAUrUxVBMBMjRBRyVAHDRhGrc = preg_replace
(
array( '~^<\?(php?)~s', '~\?>$~s' ),
array( '', '' ),
trim( $pHscqOCMpNydCNyclGrHDfFbBexTFaqOFOsRDMrUFUlfsdBGzNrGDRzMyKxKEKxV )
) ) )
{
wb_set_enabled( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, false );
if( ob_start( ) )
{
eval( $AGFNpVjVFVpMAOyVBRyGBKFcyMAelOjcAGCcFGsaAUrUxVBMBMjRBRyVAHDRhGrc ); # Fatal errors will cause crashes, nothing you can do ...
if( ( $CGjGrVDNzNxcETpMyGFUqdzUzKhHxayepasHzRDdETzcBTrHsUxHBNqThHsasHBG = ob_get_contents( ) ) )
{
qardAbFKxVAKsVqNhfsajNpTqKzNFNFfzfsVjbrVjRsKpfhGpcFOlGFbFKqUBNxf( wb_get_control( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, IDC_OUTPUT ), $CGjGrVDNzNxcETpMyGFUqdzUzKhHxayepasHzRDdETzcBTrHsUxHBNqThHsasHBG );
}
else wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "No textual result returned from code", APPNAME );
ob_end_clean( );
}
else wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "Failed to start output buffers to catch result", APPNAME );
wb_set_enabled( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, true );
}
else wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "No code entered into text box", APPNAME );
}
else wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "No code entered into text box", APPNAME );
break;
case IDC_HELP:
// do some help ...
break;
case IDC_SAVE:
// save the contents of output box ...
break;
case IDC_RESET:
qardAbFKxVAKsVqNhfsajNpTqKzNFNFfzfsVjbrVjRsKpfhGpcFOlGFbFKqUBNxf( wb_get_control( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, IDC_OUTPUT ), "" );
break;
case IDCLOSE: if( wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "Would you like to exit ?", "Confirm", WBC_YESNO) )
{
wb_destroy_window( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH );
}
break;
}
}
if( ( $DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT = wb_create_window(NULL, AppWindow, APPNAME, 600, 600 ) ) )
{
xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, EditBox, "", 10, 10, 570, 350, IDC_CODE, WBC_MULTILINE );
xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, EditBox, "", 10, 395, 570, 160, IDC_OUTPUT, WBC_MULTILINE );
xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, PushButton, "Execute", 10, 365, 80, 22, IDC_EXEC );
xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, PushButton, "Reset", 100, 365, 80, 22, IDC_RESET );
xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, PushButton, "Save", 190, 365, 80, 22, IDC_SAVE );
xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, PushButton, "Help", 280, 365, 80, 22, IDC_HELP );
wb_set_handler($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, "process_main");
wb_main_loop();
}
?>
krakjoe
Jun 3rd 2008, 8:33 am
The PHP YAKUZA obfuscator application encodes and obfuscates PHP code to make the output difficult to reverse engineer.
That's just not true ... You're not encoding anything that matters, nor is anything protected in any way, I can still read, edit, and manipulate the code it generates and so it achieves nothing ...
Lastly, Indivisuals is not a word ...
krakjoe
Jun 3rd 2008, 9:13 am
That's exactly my point what purpose does this tool serve ...
<?php
/**
* Create a random string that conforms to a pattern
*
* @param string $name
* @param pcre $pattern
* @return string
*/
function makename( $name, $pattern )
{
do
{
$name = md5( trim( $name ) );
}
while( !preg_match( $pattern, $name ) );
return $name ;
}
function silly( $input )
{
$search = array( );
$replace = array( );
if( ( $code = file_get_contents( $input ) ) )
{
/**
* Replace variable declarations and referenced with nonsense ...
*/
if( preg_match_all( '~\$([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)~', $code, $tvariables ) )
{
foreach( $tvariables[1] as $id => $name )
{
$search[ ] = sprintf( "\$%s", $name ) ;
$replace[ ] = sprintf( "\$%s", makename( $name, '~^([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)$~' ) );
}
}
/**
* Replace function declarations and referenced with nonsense ...
*/
if( preg_match_all( '~function\s+?([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)~', $code, $tfunctions ) )
{
foreach( $tfunctions[1] as $id => $name )
{
$code = preg_replace
(
sprintf( '~%s\(~s', $name ),
sprintf( '%s(', makename( $name, '~^([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)$~' ) ),
$code
);
}
}
echo str_replace( $search, $replace, $code );
}
}
silly( 'silly.php' );
?>
krakjoe
Jun 3rd 2008, 11:06 am
That's ridiculous, and its not actually how the world works: If I hire a builder to build me a bomb proof shelter, he doesn't have to use my ideas concerning how to make it bomb proof, if he did and I was bombed and killed, he would be liable. He should use his own knowledge of bomb proof shelters to carry out the task to protect both of our interests.
In exactly the same way, if a client asks me to do something that makes no sense, or has no purpose or is clearly wrong then I tell them they are wrong and explain why, and how to go about it properly.
The majority of my clients sell the software I write, or market it as a service, but I wouldn't give them advice or tell them how to market their software, because that's not my area of expertise. If however, they ask me to carry out a useless operation or do something in a particular way that will either hinder current or future development in any way, I won't do it, because that's my job and my area of expertise.
It's important to find an even balance between doing your job properly and giving the client what they want, if you use the sort of software we are debating over, and that clients code is hacked or nulled ( and it will be ), then ultimately that is your fault, meaning you haven't done your job properly, and everyones time and money has been totally wasted ...
vBulletin® v3.8.4, Copyright ©2000-2009, Jelsoft Enterprises Ltd.