Skip to content
This repository has been archived by the owner on Feb 5, 2019. It is now read-only.
/ obfuscator Public archive

Obfuscate PHP source files with basic XOR encryption in userland code at runtime.

21 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

darsyn/obfuscator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
bin
bin
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
phpunit.xml.dist
phpunit.xml.dist
 
 

Repository files navigation

Darsyn Obfuscate

Obfuscate source code and decrypt it during run-time.

This is not designed to securely encrypt source code; merely obfuscate source code to ensure that any extraction of partial and/or full source code has been done with intent. This can then provide extra evidence in any legal dispute you have with said party.

This obfuscation method is a proof-of-concept and is not efficient performance-wise.

Setup

<?php declare(strict_types=1);

use Darsyn\Obfuscate\Obfuscate;

require_once __DIR__ . '/vendor/autoload.php';
// The call to the Obfuscator library must come *before* any files that are
// obfuscated are loaded by PHP (such as a call to a class which triggers the
// autoloader), therefore just after including the Autoloader is a good idea.
new Obfuscate([
    'excludePaths' => [
        // You *MUST* exclude the vendor directory from being checked for
        // obfuscated code.
        __DIR__ . '/vendor',
    ],
]);

// This file (the entry script) must not be obfuscated, in order to load
// Autoloaders and the Obfuscator library.
// Now continue your application logic as normal, any further files that are
// loaded will be checked if they are obfuscated and decrypted.

The Magic

The Obfuscator will intercept PHP files as they are loaded and transform (de-obfuscate) the source code before it is handed over to PHP's parsing engine.

Example

A PHP file on the filesystem will look like this:

<?php exit('Protected by Darsyn Obfuscator.'); ?>

aFcZG1BjeU4PAhFTEUEQAEM0AhViHgsdTAQyJ08HB1IBAxhFH15rZAFTEU9zCggFGhwcMDtVCwoPFyU2
BkEZDRJPAQQ3Bw0BTAYzJwpAIBoGH0wMAXwtABpUE08fCQYHSW8qCAkYUxJOIEUPElUCGzdPAxETARhM
ER0AFh0XEBwBH1ljCgAXABYcGEUGYh4qU09VUhMQQg8GB0VIIQYKB0kGHQAHARBFGWEQEQoaHE0JYUVZ
AEEVbgBJUwBOT1QAHwAVGwZOVEtUGwwQWEwXCRdEABxLVUMUEUYVHQlUSQYbFgYdDgsbCQkAIB8AFAdF
U3tkT1QAQQBTRUNVUkUATAcYUwQxAEkbVABTUVRSCAQNHhVUHEcEBw0KBl9bCxxUNQ8RExQVAEUGQEJL
Fh0bFw9LUgwAEDpKPRpOWgBHUwdBQVoHSABdRSc8ICBjPyoreT49IXAoIWE6ICYMZ0VBTlQAVE8ALkxY
f1JFTFldbxNp

But PHP's parsing engine will receive this:

<?php

namespace AppBundle\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\Controller;

class DefaultController extends Controller
{
    public function indexAction()
    {
        return $this->render(':default:index.html.twig', [
            'base_dir' => realpath($this->getParameter('kernel.root_dir') . '/..') . DIRECTORY_SEPARATOR,
        ]);
    }
}

To-do

  • Performance (the bytecode of de-obfuscated source code currently does not get cached in OpCache).
  • Completely disable userland cache so that de-obfuscated code isn't saved to the filesystem.
  • Allow disabling of original AOP source transformers.

About

Obfuscate PHP source files with basic XOR encryption in userland code at runtime.

Topics

php obfuscation obfuscate php-library streams obfuscator

Resources

Readme
Activity
Custom properties

Stars

21 stars

Watchers

6 watching

Forks

6 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages