With PHP YAKUZA you can obfuscate and protect your php source codes. This tool is free ware and full functional (but not full feartured). use it and obfuscate your project with a few clicks. Have fun
Can u tell me, what's the point in this application ?? The only thing I can see it achieving is making it hard to track errors, it doesn't actually protect anything ..... Original Code ... <?php error_reporting( 0 ); include("include/winbinder.php"); if( !defined( 'IDC_EXEC' ) ) define( 'IDC_EXEC', 1000 ); if( !defined( 'IDC_CODE' ) ) define( 'IDC_CODE', 1001 ); if( !defined( 'IDC_HELP' ) ) define( 'IDC_HELP', 1002 ); if( !defined( 'IDC_SAVE' ) ) define( 'IDC_SAVE', 1003 ); if( !defined( 'IDC_RESET' ) ) define( 'IDC_RESET', 1004 ); if( !defined( 'IDC_OUTPUT' ) ) define( 'IDC_OUTPUT', 1005 ); if( !defined( 'APPNAME' ) ) define( 'APPNAME', "QuickPHP" ); function process_main( $window, $id ) { switch( $id ) { case IDC_EXEC: if( ( $getBoxValue = wb_get_text( wb_get_control( $window, IDC_CODE ) ) ) ) { if( ( $getCodeValue = preg_replace ( array( '~^<\?(php?)~s', '~\?>$~s' ), array( '', '' ), trim( $getBoxValue ) ) ) ) { wb_set_enabled( $window, false ); if( ob_start( ) ) { eval( $getCodeValue ); # Fatal errors will cause crashes, nothing you can do ... if( ( $getCodeResult = ob_get_contents( ) ) ) { wb_set_text( wb_get_control( $window, IDC_OUTPUT ), $getCodeResult ); } else wb_message_box( $window, "No textual result returned from code", APPNAME ); ob_end_clean( ); } else wb_message_box( $window, "Failed to start output buffers to catch result", APPNAME ); wb_set_enabled( $window, true ); } else wb_message_box( $window, "No code entered into text box", APPNAME ); } else wb_message_box( $window, "No code entered into text box", APPNAME ); break; case IDC_HELP: // do some help ... break; case IDC_SAVE: // save the contents of output box ... break; case IDC_RESET: wb_set_text( wb_get_control( $window, IDC_OUTPUT ), "" ); break; case IDCLOSE: if( wb_message_box( $window, "Would you like to exit ?", "Confirm", WBC_YESNO) ) { wb_destroy_window( $window ); } break; } } if( ( $mainwin = wb_create_window(NULL, AppWindow, APPNAME, 600, 600 ) ) ) { wb_create_control($mainwin, EditBox, "", 10, 10, 570, 350, IDC_CODE, WBC_MULTILINE ); wb_create_control($mainwin, EditBox, "", 10, 395, 570, 160, IDC_OUTPUT, WBC_MULTILINE ); wb_create_control($mainwin, PushButton, "Execute", 10, 365, 80, 22, IDC_EXEC ); wb_create_control($mainwin, PushButton, "Reset", 100, 365, 80, 22, IDC_RESET ); wb_create_control($mainwin, PushButton, "Save", 190, 365, 80, 22, IDC_SAVE ); wb_create_control($mainwin, PushButton, "Help", 280, 365, 80, 22, IDC_HELP ); wb_set_handler($mainwin, "process_main"); wb_main_loop(); } ?> PHP: "Protected Code" <?php error_reporting( 0 ); include("include/winbinder.php"); if( !defined( 'IDC_EXEC' ) ) define( 'IDC_EXEC', 1000 ); if( !defined( 'IDC_CODE' ) ) define( 'IDC_CODE', 1001 ); if( !defined( 'IDC_HELP' ) ) define( 'IDC_HELP', 1002 ); if( !defined( 'IDC_SAVE' ) ) define( 'IDC_SAVE', 1003 ); if( !defined( 'IDC_RESET' ) ) define( 'IDC_RESET', 1004 ); if( !defined( 'IDC_OUTPUT' ) ) define( 'IDC_OUTPUT', 1005 ); if( !defined( 'APPNAME' ) ) define( 'APPNAME', "QuickPHP" ); function EUAOhcyKjUCHzOzVCKEcBOEODKzMqNBcCUsMjKFfDNpOhTBKzejcsRqbFaCMhHAN( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, $qbCMBTFbBbDNFNxHATqOqMDMEfrdxaBUFfEOjTEUhMqRATjGhNsKxaBVrThcCMsf ) { switch( $qbCMBTFbBbDNFNxHATqOqMDMEfrdxaBUFfEOjTEUhMqRATjGhNsKxaBVrThcCMsf ) { case IDC_EXEC: if( ( $pHscqOCMpNydCNyclGrHDfFbBexTFaqOFOsRDMrUFUlfsdBGzNrGDRzMyKxKEKxV = hdjelKEaxVAfzOlGzfjezfDcDOrfyezUDeDRAVATxGBRhVDRhOjVFfDGhHleAOya( wb_get_control( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, IDC_CODE ) ) ) ) { if( ( $AGFNpVjVFVpMAOyVBRyGBKFcyMAelOjcAGCcFGsaAUrUxVBMBMjRBRyVAHDRhGrc = preg_replace ( array( '~^<\?(php?)~s', '~\?>$~s' ), array( '', '' ), trim( $pHscqOCMpNydCNyclGrHDfFbBexTFaqOFOsRDMrUFUlfsdBGzNrGDRzMyKxKEKxV ) ) ) ) { wb_set_enabled( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, false ); if( ob_start( ) ) { eval( $AGFNpVjVFVpMAOyVBRyGBKFcyMAelOjcAGCcFGsaAUrUxVBMBMjRBRyVAHDRhGrc ); # Fatal errors will cause crashes, nothing you can do ... if( ( $CGjGrVDNzNxcETpMyGFUqdzUzKhHxayepasHzRDdETzcBTrHsUxHBNqThHsasHBG = ob_get_contents( ) ) ) { qardAbFKxVAKsVqNhfsajNpTqKzNFNFfzfsVjbrVjRsKpfhGpcFOlGFbFKqUBNxf( wb_get_control( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, IDC_OUTPUT ), $CGjGrVDNzNxcETpMyGFUqdzUzKhHxayepasHzRDdETzcBTrHsUxHBNqThHsasHBG ); } else wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "No textual result returned from code", APPNAME ); ob_end_clean( ); } else wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "Failed to start output buffers to catch result", APPNAME ); wb_set_enabled( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, true ); } else wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "No code entered into text box", APPNAME ); } else wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "No code entered into text box", APPNAME ); break; case IDC_HELP: // do some help ... break; case IDC_SAVE: // save the contents of output box ... break; case IDC_RESET: qardAbFKxVAKsVqNhfsajNpTqKzNFNFfzfsVjbrVjRsKpfhGpcFOlGFbFKqUBNxf( wb_get_control( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, IDC_OUTPUT ), "" ); break; case IDCLOSE: if( wb_message_box( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH, "Would you like to exit ?", "Confirm", WBC_YESNO) ) { wb_destroy_window( $rTCKhbrMrchNDHFcxbhdrRsVzfCbqfCOqdrehHxcqUjaBGhKhOlNyTBOEfhblfDH ); } break; } } if( ( $DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT = wb_create_window(NULL, AppWindow, APPNAME, 600, 600 ) ) ) { xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, EditBox, "", 10, 10, 570, 350, IDC_CODE, WBC_MULTILINE ); xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, EditBox, "", 10, 395, 570, 160, IDC_OUTPUT, WBC_MULTILINE ); xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, PushButton, "Execute", 10, 365, 80, 22, IDC_EXEC ); xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, PushButton, "Reset", 100, 365, 80, 22, IDC_RESET ); xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, PushButton, "Save", 190, 365, 80, 22, IDC_SAVE ); xOyaxfFNqOlMAUEUsGrMhOsdFODHENjVhKCdBfjbyMlOjHEfxelcsKpHyHhGBNhO($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, PushButton, "Help", 280, 365, 80, 22, IDC_HELP ); wb_set_handler($DKrKFGzesRzKlcpejUlHyUzdyGFHFbzfzGFbDTzVEbpTlcCeFHqdrUrVDTpUDOsT, "process_main"); wb_main_loop(); } ?> PHP:
Well This tool is free ware and is not full featured ; First step for protecting is obfuscating the codes. when you obfuscate whole of a project with this tool it will be more difficult for nulling or changing your property. and let PHP YAKUZA obfuscate classes and functions and vars all . and thax for your comment.
That's just not true ... You're not encoding anything that matters, nor is anything protected in any way, I can still read, edit, and manipulate the code it generates and so it achieves nothing ... Lastly, Indivisuals is not a word ...
yes, you are right. But I don't think renaming vars and others is so easy. it take not alot but some time . In next version we used our PHP YAKUZA Ext (dll,so) files moreover obfuscating the script will be encrypted and it is near to your mean . Let us go step by step.
From what i can see, it does the job well. How useful obfuscation is in general - that's another thing
That's exactly my point what purpose does this tool serve ... <?php /** * Create a random string that conforms to a pattern * * @param string $name * @param pcre $pattern * @return string */ function makename( $name, $pattern ) { do { $name = md5( trim( $name ) ); } while( !preg_match( $pattern, $name ) ); return $name ; } function silly( $input ) { $search = array( ); $replace = array( ); if( ( $code = file_get_contents( $input ) ) ) { /** * Replace variable declarations and referenced with nonsense ... */ if( preg_match_all( '~\$([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)~', $code, $tvariables ) ) { foreach( $tvariables[1] as $id => $name ) { $search[ ] = sprintf( "\$%s", $name ) ; $replace[ ] = sprintf( "\$%s", makename( $name, '~^([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)$~' ) ); } } /** * Replace function declarations and referenced with nonsense ... */ if( preg_match_all( '~function\s+?([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)~', $code, $tfunctions ) ) { foreach( $tfunctions[1] as $id => $name ) { $code = preg_replace ( sprintf( '~%s\(~s', $name ), sprintf( '%s(', makename( $name, '~^([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)$~' ) ), $code ); } } echo str_replace( $search, $replace, $code ); } } silly( 'silly.php' ); ?> PHP:
Making it harder for the bad guys to understand your code If the 'bad guys' want, they will understand it anyway, this just slows them a bit. Pretty much useless in my opinion, but some clients i've worked with heard that obfuscation was cool and unbreakable and insisted on using it...
Well then you should correct your clients, if you're hired by someone is because you're the expert and they don't have the knowledge you have. While most of the time the customer is always right, when they are wrong you should tell them ... When you consider that "the bad guys" are programmers themselves, it becomes an even more useless idea, it's not like total newbs attempt to hack or nullify code ...
You got my idea Bad thing about clients is that they pay the money.. you have to make some compromises every now and then, cause they are just too stubborn sometimes.
That's ridiculous, and its not actually how the world works: If I hire a builder to build me a bomb proof shelter, he doesn't have to use my ideas concerning how to make it bomb proof, if he did and I was bombed and killed, he would be liable. He should use his own knowledge of bomb proof shelters to carry out the task to protect both of our interests. In exactly the same way, if a client asks me to do something that makes no sense, or has no purpose or is clearly wrong then I tell them they are wrong and explain why, and how to go about it properly. The majority of my clients sell the software I write, or market it as a service, but I wouldn't give them advice or tell them how to market their software, because that's not my area of expertise. If however, they ask me to carry out a useless operation or do something in a particular way that will either hinder current or future development in any way, I won't do it, because that's my job and my area of expertise. It's important to find an even balance between doing your job properly and giving the client what they want, if you use the sort of software we are debating over, and that clients code is hacked or nulled ( and it will be ), then ultimately that is your fault, meaning you haven't done your job properly, and everyones time and money has been totally wasted ...
krakjoe, i totally udnerstand you. pleasuring the clients in every way and doing stuff the way they want them was not my idea. when i wrote this i ment that sometimes is easier for me to do what the client wants even if i don't see the point of doing it. That doesn't stop me from charging the client for the extra effort, nor it makes my work harder. I ment that sometimes it's easier or better to just do what the clients want and not trying to convince them they are wrong... I deffinatelly don't bother making their every weird wish come true