Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

How to Encrypt and Hide PHP Source Code

Tags: code info hide

INTRODUCTION
NOT A SECRETIVE LANGUAGE

Welcome to a guide on how to encrypt and Hide PHP source Code. Need to hide your source code from a competitor, or not willing to fully give it away to a non-paying customer? Long story short – PHP is an interpreted language, and hiding the source code is not going to be straightforward.

You might end up wasting a lot of time and money on trying to encrypt PHP code, so it is not recommended… But if you really want to do it, this guide will walk you through a few possible options. Read on to find out!

Related Articles

CONFESSION
AN HONEST DISCLOSURE

Quick, hide your wallets! I am an affiliate partner of Google, eBay, Adobe, Bluehost, Clickbank, and more. There are affiliate links and advertisements throughout this website. Whenever you buy things from the evil links that I recommend, I will make a commission. Nah. These are just things to keep the blog going, and allows me to give more good stuff to you guys - for free. So thank you if you decide to pick up my recommendations!


 

NAVIGATION
TABLE OF CONTENTS

Option 1
Free Obfuscator

Option 2
Paid Encoders

Option 3
Compiler

Extra
Useful Bits

Closing
What’s Next?

OPTION 1
FREE PHP OBFUSCATORS

The first option that we have involves the usage of free PHP obfuscators. Just what is an obfuscator? It simply turns your original code into a mess of encoded script that cannot be easily read by humans.

ONLINE OBFUSCATOR

Do a search online for “free PHP obfuscator”, and you will get a number of different services to choose from. One of them is Mobile Fish, which we can copy-and-paste our PHP code in. For example, when we input the following script:

That will give us a very surprising:

Yep, don’t think that is human-readable anymore.

OFFLINE OBFUSCATOR

Most online obfuscators have limitations on the number of characters, so if you have massive scripts, it is better to download and use an offline obfuscator instead. There are a couple of good ones out there, and one that I will recommend is YAK Pro. You can either download it straight from Github or clone it directly – It does require the PHP-Parser library as well.

git clone https://github.com/pk-fr/yakpro-po.git
git clone https://github.com/nikic/PHP-Parser.git

Once you have downloaded both libraries, you can run YAK Pro in the command line to encode your scripts:

D:\http\yakpro-po-master>php yakpro-po.php test.php
Info:   Using [D:\http\yakpro-po-master\yakpro-po.cnf] Config File...
Info:   yakpro-po version = 2.0.3
Info:   Process Mode            = file
Info:   source_file             = [D:\http\yakpro-po-master\test.php]
Info:   target_file             = [stdout]
Obfuscating D:\http\yakpro-po-master\test.php

P.S. I have set Yak Pro to directly output the code in the command line here. But it does accept quite a lot of configuration parameters, and you can specify where to save the obfuscated code to. Please do check out their official webpage for more documentation.

LIMITATIONS

  • Please do take note that obfuscators work on the basis of hashing the original script. 
  • It is still possible to reverse engineer and get back the original script.
  • Obfuscated scripts are not good performance wise – It has to decode the hashed string first, then run eval.
  • The level of protection and performance depends on how the encoding-decoding algorithm work.

OPTION 2
PAID PHP ENCODERS

Don’t trust the free PHP obfuscators? Or need something more professional? Then there are a few paid PHP encoders available… Be warned though, they can cost quite a lot.

THE PAID ENCODERS

  • Zend Guard
  • ionCube
  • Source Guardian
  • PHP Shield

THE BEST ENCODER?

Personally, I have not gone deep into the paid options – They are expensive! But Zend Guard looks good, and even comes with a licensing system… Not a sponsored post, but check out their quick start tutorial if you are interested:

OPTION 3
PHP COMPILER

As for this final option, we will compile the PHP code into an executable file… Some of you code ninjas might cringe at the idea, but we shall still walk through this as a possible option.

INTERPRETER VS COMPILER

For you beginners who do not know the difference between interpreters and compilers:

  • Interpreted languages: The interpreter must be installed to run the script. In this case, PHP must be installed on a machine in order to run PHP files.
  • Compiled languages: Creates a self-contained file that can be run by itself. For example, we can create executable files with C++ – These executable files can run on machines that do not have C++ installed.

LIMITATIONS

PHP is an interpreted language and there is no official way for us to compile PHP scripts. Some of the “PHP compilers” available out there work by converting PHP to another language (such as Java), then compiling it.

In this case, the compiled scripts will officially turn into a standalone executable – No longer readable by PHP nor web servers as you might intend. So please do take extra note on this aspect, “compiled PHP” scripts are mostly meant for self-contained command line applications only.

THE PHP COMPILERS

There are plenty of “PHP compilers”, and you can check these out:

  • Phalanger
  • RapidEXE
  • Bambalam
  • Roadsend

As a little bit of an honorable mention, you can check out the Hip-Hop Virtual Machine (HHVM) if you want – This is an open source PHP virtual machine that drives Facebook.

EXTRA
USEFUL BITS

That’s all for the options, and here is a small section on some extras that may be useful to you.

WHICH IS THE BEST?

It depends on the situation and what you want.

  • Free obfuscators don’t perform that well, but they protect the code well enough and cost nothing.
  • Paid encoders don’t perform that well either, but they do offer a certain level of protection.
  • Compilers are not 100% compatible, does not produce website-friendly scripts, but they perform very well… and trying to reverse engineer a compiled script is virtually impossible.

TO ENCODE OR NOT TO ENCODE

It all boils down to your original intention. If you have a million dollar system, and security is a concern – Then yes, spending some time and money to protect your intellectual property is well worth all the effort.

But if you are facing a problem with non-paying customers, it may still be a good idea to free obfuscate some of the main library files – Don’t waste too much time, money, and let the non-paying customer suffer the performance loss. Keep the full source code and improved performance as a bargaining chip – Just move on with your the next project and customer.

CLOSING
WHAT’S NEXT?

Thank you for reading, and we have come to the end of this guide. I hope that it has helped you in your project, and if you want to share anything with this guide, please feel free to comment below. Good luck and happy coding!

The post How to Encrypt and Hide PHP Source Code appeared first on Code Boxx.



This post first appeared on Xxxxxxxxx, please read the originial post: here

Share the post

How to Encrypt and Hide PHP Source Code

×

Subscribe to Xxxxxxxxx

Get updates delivered right to your inbox!

Thank you for your subscription

×