ph-7 / obfuscator-class Goto Github PK

:man_technologist: Simple and effective Obfuscator PHP class (this is not a stupid base64 encoding script, but a real and effective obfuscation script)

Home Page: http://github.com/pH-7/Obfuscator-Class

License: MIT License

PHP 100.00%

obfuscator obfuscation php encryption hide-code obfuscate-code obfuscate php-encryption php-obfuscation php-obfuscator

obfuscator-class's Introduction

🔐 PHP Obfuscator

Simple, easy-to-use and effective Obfuscator PHP class.

Not just a stupid base64 encoding script, but a real and effective obfuscation script.

Ideal to obfuscate some critical pieces of your software such as licensing verification functions.

👓 Overview

If you want to keep your open source code private, but working on all Web hosting, this Obfuscator class is THE obfuscator you need!

Not easily readable by developers (unless they are ready to spend lot of time). It will definitely discourage them! 😃

📓 Usage

Take out `<php` before to obfuscate

First of all, please make sure to strip the PHP open/close tags <?php and ?>

If you specify code to be obfuscated with <?php, you will get a critical syntax error.

Example 1

<?php
require 'src/Obfuscator.php';

$sData = <<<'DATA'
    echo 'This is my PHP code, can be class class, interface, trait, etc. in PHP 5, 7, 7.2, 7.4 and higher.';
DATA;

$sObfusationData = new Obfuscator($sData, 'Class/Code NAME');
file_put_contents('my_obfuscated_data.php', '<?php ' . "\r\n" . $sObfusationData);

Run the my_obfuscated_data.php freshly created, and you will see:

This is my PHP code, can be class class, interface, trait, etc. in PHP 5, 7, 7.2, 7.4 and higher.

If you open the file, you will see that your code is totally hidden (obfuscated).

Example 2

<?php
require 'src/Obfuscator.php';

$sData = <<<'DATA'
    $hour = date('H');

    echo 'The hour (of the server) is ' . date('H:m');
    echo ', and will give the following message:<br><br>';

    if ($hour < 10) {
        echo 'Have a good morning!';
    } elseif ($hour < 20) {
        echo 'Have a good day!';
    } else {
        echo 'Have a good night! zZz z';
    }
DATA;

$sObfusationData = new Obfuscator($sData, 'Give a name to the piece of code you want to obfuscate');
file_put_contents('obfuscated_code.php', '<?php ' . "\r\n" . $sObfusationData);

Run obfuscated_code.php file and you will see something like below:

The hour (of the server) is 19, and will give the following message: Have a good day!

Example 3

<?php
require 'src/Obfuscator.php';

$filename = 'myphpfile'; // A PHP filename (without .php) that you want to obfuscate

$sData = file_get_contents($filename . '.php');
$sData = str_replace(array('<?php', '<?', '?>'), '', $sData); // We strip the open/close PHP tags
$sObfusationData = new Obfuscator($sData, 'Class/Code NAME');
file_put_contents($filename . '_obfuscated.php', '<?php ' . "\r\n" . $sObfusationData);

⚙ Requirement

PHP 5.3 or higher (works also with PHP 7.2, ..., 7.4, and beyond!)

📖 History

I began to create this obfuscation tool in early 2014 for my own needs, especially for pH7CMSPro that had a licensing file which was unlocking some premium features if a valid license key was purchased by a client. In summer 2016, the Pro version of pH7CMS was discontinued, and realize there was no reason to keep this project private and I wanted to share it with others (hoping it will help them and save their time!).

Feel free to add your improvements in it by forking the repo and creating a new PR. I will be pleased to review your contribution!

FYI, in 3 years' time, I never found my obfuscated code unobfuscated (and the software was downloaded by over 50,000 users). You can be quite confident then.

🤔 Who Am I?

I'm Pierre-Henry Soria, Software Developer, love learning new things every single day and also passionate about e-businesses and e-marketing.

📧 Wanna Contact Me?

You can email me at: pierrehenrysoria+github [[AT]] gmail [[D0T]] com 🤗

⚖️ License

Generously distributed under MIT License. See LICENSE.txt file for further information.

obfuscator-class's People

Contributors

Stargazers

Watchers

Forkers

jenalgit boing6000 vipanwebdeveloper zisungen halojoy hsqduron themehowdev bowodesign bitnotedpool practico-cegador thiagopollachini totorajo mrqaidi leonardohipolito kerker iftieaq harrystays ryanbekabe plenyun deoye micsoftvn sunbbon dgsa studiotecnicodesign livecore-interactive mailightkun thrbr84 josuamarcelc johnsonaugustine cmhello grim-reapper masarinetwork zaxebo1 ayoubmarouan codioplus esteban2006 gs-dbs depripramana oyjz rivman nxqbao spankders abolouri zjsxwc wtool fabyc therealelyayo 76428778fada eneteache jespanag semutjahat dileepindla jhonne musajiya alshoja jeethualex deepb1t bakrianto hansz84 elfanrodh yungkeatchan97 miguelvis joao-ledo-fonseca rajrockycute etutui package-of-laravel code-obfuscator anlnsai varik-kos dedimoe witawat dt4it im0hamed anzicloud pakcyberpyrates nickpapoutsis bahramzade xiobartreexs izqx tckssg thesyedkazmi easydowork jardelnz jmakinin zhangzc90 badvan jpmendezf maxfork 5l1v3r1 zeroisstart alexei007 leslin behnamhosseini dorstmedia cloverforks onasusweb vaimpierritik xiaohei1 memdufaizan ctrbts

obfuscator-class's Issues

DeObfuscator class

class DeObfuscator {

/** @var string */
private $sName;

/** @var string */
private $sData;

/** @var string */
private $sPreOutput;

/** @var string */
private $sOutput;

/**
 * @param string $sData Obfuscated code.
 * @param string $sName The name of the original code that was obfuscated.
 */
public function __construct($sData, $sName) {
    $this->sName = $sName;
    $this->sData = $sData;
    $this->decrypt();
}

public function getDecryptedCode() {
    return base64_decode(gzuncompress(base64_decode($this->sPreOutput)));
}

private function decrypt() {
    $this->sOutput = base64_decode(str_replace('[BREAK]', "\n", $this->sData));
    preg_match('/Loading\s(.+)/', $this->sOutput, $matches);
    $this->sName = isset($matches[1]) ? $matches[1] : '';

    preg_match('/base64_decode\((.+)\);/', $this->sOutput, $matches);
    $this->sPreOutput = isset($matches[1]) ? eval("return {$matches[1]};") : '';

    $this->sPreOutput = str_replace('$__', 'base64_decode', $this->sPreOutput);
    $this->sPreOutput = preg_replace('/\$(\w+)\s*=\s*\'(.+)\'\s*;\s*/', '\$$1=$2;', $this->sPreOutput);
}

}

Easy deobfuscation

In the resulting file, you need to find the encoded string (usually # 26).
Then decode it - gzuncompress(base64_decode("str")).
Next, find the encoded string again, and decode it using base64_decode.
Where is the efficiency here?

I can revert the code easily ;)

#Edit the obfuscate file:

Find the line: "$_();$_($_($_($))); $_____=$_();"
Delete all to end of file
Add some lines to see the original source code:
--------------------------------------
$source = base64_decode(gzuncompress(base64_decode($)));
$idx = strpos($source, "eval(\$__)");
$orgSource = substr($source, $idx + 24);
echo "<br/>ORIGIN SOURCE<br/><pre> $orgSource </pre> <br/>";
---------------------------------------

Please see the php code at my gist:
https://gist.github.com/tbvinh/d3a833321b4ba7e292253aa5a76ef52e

ERROR of "eval()'d code(1) : eval()'d" from PHP CLI with argv() and getopt()

Error Description:
An error was found when executing an obfuscated PHP script for CLI usage. Especially when using argv() and getopt() function.

Cause:
Function argv() and getopt() seem does not work well with the Obfuscator.

Error output:

Notice: Undefined variable: argv in C:\script.php(166) : eval()'d code(1) : eval()'d code on line 29

Notice: Trying to access array offset on value of type null in C:\script.php(166) : eval()'d code(1) : eval()'d code on line 29
``

not working in php 7.2

Hi,

thanks for your project.

in php 7.2 obfuscated code not working:

Function create_function() is deprecated

Thanks!

Using with PHP 7.1

I had used your class months back but was on PHP 5.6, all seemed to work fine. Really enjoyed how simple to use.

Trying today on PHP 7.1.10 and getting errors like:

PHP Parse error: syntax error, unexpected '<' end of file

runtime-created function(1): eval()'d code (148): runtime-created function(1): eval()'d code on line 1

Any ideas if this is related to PHP 7? The script I am encrypting is only a simple config file like:

<?php 
$about = "About Us";
$abouttxt = "Working for Kids Worldwide!";
$url = "http://example.com";
?>

Not using the <?php tags of course:)

Thank you!

Susan

Replace create_function() to anonymous function

create_function() is deprecated since PHP 7.2.
Obfuscator class currently uses create_function() here. It will have to be replaced by anonymous function + update the the unit tests.

Licenses in LICENSE.txt and composer.json do not match?

LICENSE.txt says Creative Commons and composer.json says GPL-3.0-or-later. Which is the correct one?

Update your code (Script Easyly to Deobfuscate)

I try to decode encoded file from ur script, and that fully deobfuscated

gzuncompress > get encoded base64 of real script > decode base64 > deobfuscated

Little more information, please

Sorry to bug you with questions but my thick old head is not grasping how to use the class.

I see the usage info but not sinking in.

Would it be too much to ask for real life example of how you obfuscate a PHP script?

Let's say I have the script below and wish to encode:

`<?php
$t = date("H");
echo "

The hour (of the server) is " . $t;
echo ", and will give the following message:

if ($t < "10") {
echo "Have a good morning!";
} elseif ($t < "20") {
echo "Have a good day!";
} else {
echo "Have a good night!";
}
?>`

Sure this is very simple and will most likely be embarrassed by not grasping it.

Thank you for your time,

Woody

How to obfuscate a complete folder?

Thank you for nice work, its working fine for me.

Can you please help me to understand, how I can covert big repo or folder once rather converting one file at a time?

Can i deobfuscate

If i Can i obfuscate/encrypt and delete the original(source) file, how can i deobfuscate/decrypt .

Can i deobfuscate/decrypt encrypted file?
How can i obfuscate/encrypt multiple files, i use your example 3 in https://github.com/pH-7/Obfuscator-Class

obfuscated code can be unobfuscated now

Thank you for this amazing project. I've been using this project for a while now, but recently i saw a friend of mine who is a Node.js coder unobfuscated this code very easily.. and bulied me for that haha.. but he didint tell me exactly how he did it..

virustotal detect file as virus

the script is very good and simple to use the problem is that virustotal detect that the obfuscated file as a virus Html.Win32.Script.504508

virustotal url

Issues with <?php tag already included in my original file

A limitation is that can not be <?php in the beginning of $sData.
Say I load a php file with file_get_contents() which have the php opening tag <?php.
Then it will be an error, if I run Obfuscator.

To cope with this I can do this workaround:

$sData = file_get_contents('my.php');
$sData = substr($Data, 5);

ConfigServer eXploit Scanner detected it as malicious

When i uploaded the obfuscated file to cpanel, their malware/antivirus scanner (ConfigServer eXploit Scanner) flagged the php file as malicious.

Preserving Public Class Members

How do we preserve the names of public class members?

Parse error problem & fix

Although the supplied examples worked fine, when I tried with my own code I got:
"Parse error: syntax error, unexpected '<', expecting end of file"
I contacted Pierre-Henry and he very kindly gave me the solution which is to omit the opening and closing "" tags around the code.

The function `create_function` has been DEPRECATED in PHP 8

Hi Pierre;

The Function create_function has been DEPRECATED in PHP8 and encoded programs will not run in a new server.
(PHP 4 >= 4.0.1, PHP 5, PHP 7)

Warning: This function has been DEPRECATED as of PHP 7.2.0, and REMOVED as of PHP 8.0.0. Relying on this function is highly discouraged. https://www.php.net/manual/en/function.create-function.php

$__________________ = 'Q1JFQXRlX2Z1bkNUaU9u';
$__________________ = $__($__________________);
// print $__________________."\n";
// $__________________ = "create_function";

Trace

[max@workstation Obfuscator-Class]$ php 2-input.php

CREAte_funCTiOn
PHP Fatal error:  Uncaught Error: Call to undefined function CREAte_funCTiOn() in /project/Obfuscator-Class/2-input.php:18
Stack trace:
#0 {main}
  thrown in /project/Obfuscator-Class/2-input.php on line 18

[max@workstation Obfuscator-Class]$ php 2-input.php

PHP Fatal error:  Uncaught Error: Call to undefined function create_function() in /project/Obfuscator-Class/2-input.php:21
Stack trace:
#0 {main}
  thrown in /project/Obfuscator-Class/2-input.php on line 21

What I find is obscured code want to use CREAte_funCTiOn function somethings is probably create_function. But this is not available in server.

$ php -v

PHP 8.0.5 (cli) (built: Apr 27 2021 18:07:13) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.5, Copyright (c) Zend Technologies

I'm not sure it's solved before or a trick and solution to solve this. Anyway I submit this since I see encoded programs cannot run anymore.

Best;

Warning: Undefined variable $XOR in index.php(23) : eval()'d code(1) : eval()'d code on line 35

When I'm trying to obfuscate my file, had a problem with variables u.u

this is the error:

Warning: Undefined variable $XOR in index.php(23) : eval()'d code(1) : eval()'d code on line 35

there is any way to scape variables?

Easy to decode

Add the following code in the last part of encrypted file.

$data = $______($__($_));
$re = '/\$___________=\'(.*)\'/m';

preg_match_all($re, $data , $m );

echo '<?php '.base64_decode($m[0][1]);

Problem while obfuscating code with global variables in class functions

Obfuscating a class with functions using global variables seems to be not recognize the globals.

Third call to function is with assigning: $page = '/some_dir/en/some_file.php'; (see file attached)

Output without obfuscation:
/mydata/phptest/sunlite-dist/templates/default.tmpl
/mydata/phptest/sunlite-dist/templates/de_default.tmpl
/mydata/phptest/sunlite-dist/templates/en_some_file.tmpl <==

Output of obfuscated file:
/mydata/phptest/sunlite-dist/templates/default.tmpl
/mydata/phptest/sunlite-dist/templates/de_default.tmpl
/mydata/phptest/sunlite-dist/templates/de_default.tmpl <==

Maybe, some constants like __DIR__ are also a problem, but in this example it works fine.

testclass.php.src.txt

Something is wrong - creeping up

I have tried the new version of code however I keep on getting following error statement from the output
if(!function_exists('__lambda')){function __lambda($sArgs,$sCode){return Something is wrong("return function($sArgs){{$sCode}};");}}

return return Something is wrong is causing issues. looking forward to your valuable guide.

on further look found the trivial mistake vs 2.0.1 branch download vs master download. master has something is wrong replaced with eval. good to go and hence closing the issue.

Decode Code Simple

Simple Decode :D

Step 1: https://i.imgur.com/owLjd32.png
Script Obfuscated

Step 2: https://i.imgur.com/Yjh8VKU.png
Copy the contents of the variable $_

Step 3: https://i.imgur.com/O1WIdjW.png
Use echo with gzuncompress and base64_decode as shown in the image

Step 4: https://i.imgur.com/uyzk0yx.png
See the result in your browser, as shown in the image.

Step 5: https://i.imgur.com/59L9xGa.png
Copy the contents of the variable which was shown in the image in "step 4" and use in echo with base_decode as shown in the image in "step 5"

Result: https://i.imgur.com/1wy7Zfn.png

A fix for the <?php thing

Unfortunately removing open and close tags will not work.
As you show in example.
I have tested on a script and it does not good.

I am using this fix in your Obfuscator class.

    public function __construct($sData, $sName)
    {
        $this->sName = $sName;
        $this->sData = $sData;
        if (substr($this->sData, 0, 5) == '<?php') {
            $this->sData = substr($this->sData, 5);
        }

Cannot redeclare __lambda()

Hi! I'm having an issue when two obfuscated files are included.

Cannot redeclare __lambda() (previously declared in "the other obfuscated file"....

In the previous version this is working fine!

Thak you!!!!!