A common problem with Interpreted Languages (eg. PHP, Javascript, Java, Python) is that its really hard to protect the source code. Today, I will talk about PHP Obfuscators and Encoders.
Two types of protection can be found for PHP, first type which is the easiest, Obfuscation. Making the code not human readable. An example of such product is ZenCrypt (I wrote a semi-review about it last year). However, a good developer or a reverse engineer can go about that, and alter the code to change its behavior, like bypass the license verification.
The second type is encoding, the encoder encodes the PHP script to some encrypted text (I don’t want to go into details here, but that’s the general idea). Those encoded scripts requires a loader, this loader decodes the script and runs it via the PHP Interpreter. Those loaders are simply PHP extensions. Example of those are ZendGuard and IonCube.
It is not hard to write a PHP extension, but it wont be adapted easily with most online hosts. Maybe Enterprise! But again, maintaining cross platforms is not an easy task.
Since IonCube and ZendGuard are widely supported with most hosts some came up with the idea of creating a hybrid obfuscator. The idea is to encrypt the code and have a php script to decrypt. But the decrypting script is encoded using ZendGuard or Ioncube. An example of such is phpCipher.
Last year in my post I wrote that I will be writing an encoder, I have been very busy since then. But last week I had the chance to start writing my encoder. I have most of the logic done. Once I am done writing my loader script, I will start writing the desktop app to encode the scripts. I am planing to release it on Mac App Store and online on my website for a small amount of money.
On a side note, I may offer my source for sale.
Tags: Ali, Ali Almahdi, ali almahdi blog, ali almahdi twitter, ali blog, Almahdi, almahdi twitter, ioncube, kohana kohanaphp php codeigniter template-parser, php, PHP Encoder, php obfuscator, php source code, phpcipher, protect source code, ZenCrypt, zend optimizer, zendguard
Programming | Ali | 
October 25, 2011 9:46 pm | 
Comments (3)
Last night, I was searching the internet for PHP Encoders, I always knew that ZendGuard and IONCUBE are the best. However, I thought of giving others a chance. While searching I came across ZenCrypt. One of the good things about it that it doesn’t need a loader on the server-side. Thus, the scripts are self-decodable. But this makes it easy to decrypt. On thier website, they have two scripts. One is the source, and the other is the encoded script.
My Attempt to understand its way of encoding to see if it worth the USD45.
Source PHP Code:
<?php
/* -------------------------------------------------
www.ZenCrypt.com
ZenCrypt simple demo
User Manual: http://www.zencrypt.com/INFO/ZenCrypt_PHP_Encoder.pdf
------------------------------------------------- */
//{{{PHP_INSERT_a1}}}
// Encoded chunk of code will be inserted here by ZenCrypt
// Encoded version - test_encoded.php was generated by running ZenCrypt with this command:
// php -f zencrypt.php infile=test_plain.php outfile=test_encoded.php enccycles=10 stripcomments=yes
//{{{/PHP_INSERT_a1}}}
// This code client will see
$encrypted_number = 52728;
$resulted_number = ZEN_encrypt ($encrypted_number);
echo "\nEncrypted number=$resulted_number";
$resulted_number = ZEN_decrypt ($resulted_number);
echo "\nDecrypted number=$resulted_number";
//{{{PHP_ENCODE_a1}}}
// This part will be encoded and moved above (in between PHP_INSERT tags).
// We do not want to expose these "super secret" encryption functions to the clients.
function ZEN_encrypt ($input)
{
return ($input+5432);
}
function ZEN_decrypt ($input)
{
return ($input-5432);
}
//{{{/PHP_ENCODE_a1}}}
?>
Encoded Code:
<?php
/* -------------------------------------------------
www.ZenCrypt.com
ZenCrypt simple demo
User Manual: http://www.zencrypt.com/INFO/ZenCrypt_PHP_Encoder.pdf
------------------------------------------------- */
$juTSvfNAGsrLGell='=ch/5z/T/fd3E73dPj+i+/rRNYcW/rz/sr6zjSNreaXN+nf/W876jLfWtd9fYXR5F3mtYCRhWNW7dOXGPsM19c920z3acnzSfxYMLFxg/Lz0nIz1FfpnLVdf/xksrTZqs55rpk///93fz27zHki6/oWYz1+9boz693v+vwQE52qDxffRSPNxjIf7xOfHb07GgxXHS/CawCIAXw9xuOY/EVs2KuqrxeJFCMTjEENA0ny6gTRUnndy30KTE/uyY77Pa0TWPVyHmqmYQ98Vf+dgq80ne2FgRkZzz1I103xrDgFjbVdXrcq4coJhOlJwGfXOMVavufyVOwpoIna3qQ5ldM+cVFUwoIHxuEbp3t6HEKKHnhi8rDY6aBfCxM9HkjSCeDP5gWj8GO2zaLsMsrsmLaLw605dRJDxFQZcyTe/X5RDaN9pJ0JTlyEzs0b6ds4cIeRg0uf7/INtfOgFECfah6aJz5Z8WbW5XorpGJZQAk/0H4sxB6GZiXZT44QtxETrhcqSgW5rtxHBxfDN6o8R8m7tbItO7uy3VBIRCi7f1Z+g6qkDoFRh3oiPBehlfbWHOCxdljFFxBjWwZhwOG/tAPA/EtX8LOkw3h04N+Ju7F25yDu6L7itrTU2jJ4dhqbPfBXzXg73fIzmZCyYxdmischnH+1voRzSntcnhxhyLfEriTCyEOhlOlzadH8WzfTUst9O3HBBP0U2JxDBRaLNQUeZjSpFWaDrQGUz3zWFYzBrYHUEtIjENWe0YsQpaFChodc7xDgaegxTTZNNb/il0sihsr6TdlVaq6HCfBywAK92VzCMeIJ7/7TfVgUvBr/zeaZJxuB1JTzT5n5KL1Kn04GldNUuQ+Zfyu3tcSd4UZDmMCFO2G9JmLQP6lurmNLUrcNO1dTalveKGhbqjZBOKro9Yi4MSS05BPcE+uBGP+wmqsaFP/CCMQvKopFeye2W282Dhwvnt743mYkfm0f1zeyox6ftiQ0KU3X3MjQgtkHG97Ob1iS/VZ+NZRf+c7GCztrRNKRZnElL2tA5GZMIfDXn5kUzCElSANn82mCOe+QXjpImZLFxb+Uh1X0jjsOyBTiZZbNJcFuebnG92TO+p/q1FXf9F9p7CQL32aBFxrtQG1hn6jlq3CjazvZ2k7i3wWbWnMSkyWfKOZtJcFLMvAEH+RPFEnaezjbZpUHR+4a7nYoCD9TUVkmukb7U0xti00EBIIxSVNyZrku/xnuuDAln/k/0IL/JaVQpof19rFjY4yHedvkhCiES1bOWeTO4LhhTJuJMmigCUWH4hobXlpr4cwvUnvNpFJrHJmGTYnCL/Sm+RMd0urBbOcuPDdS1M4whnim/+oEPx9VU4PbEmFy2YscLp8Zeczp8JT7mXnKF5VXK0glSAemv8vlmr/rcc/g34sXfPTqjYhZsc4K2ZuXbbYsWUUc9lJTfc2pSJyJaXcwxnezRpTVzwxkIbE2gr6RFBhmBLD2VNCQlx9Mlq3ib1v0czH2DbK7uqQ8mBEmXFmextYLxOKlUyKi561bLibKNCtMwAu/CJqA7gH9ImS/MP1LCZ6Iq8sYvu6nZvOgpXj5SiTGjZvaj2H0uDkx0E653Ngfd2RPIidVbrIPo/bDjFH5JNbWGTZiwCpi3LZAZ2Jh7CQyiL6qCKyJRMU2mC1KapSxqxZzoZ1IDI5j+ZjJzdyb/N82DRWQ5TKP9GYWLiB6m9Jmku3I31DNv0Wfs0uVuqXFU3kNM3ejaeXtT2ZolhmEhuiYS6fpTXEmym65ITt646EAEfnnSTDy9Ybt7L5xukkRuaHG3DKRJm/I48XOQkubAcY3ZuRHKIl8OcQeyd2jIY06sMvd5Ud8wiqvTtxHuyJV+S9cTmo2NsL/LZV/c19kmOMpKd0N1d62IdjeeufMxGxM42QFe+NS+rZeD5jY9KOe6c4adcJMToZDt7F8mEN4isP9okCSxpN1Wvr8cpj+Rwn6xFslssE60hp54EwDmogCfgu1xz9dLGUCP4hk8BQAEPxCJ3+8KALk/4ry59SEHgAsPZW3QeuBJ1xQWsQQHnvphTU/hFcFApGOYgiqw+P2bHPAtahgbhG4g5twGhSmwIIAggBccUccjnrn9Z2wn+ZbQAB1eN9CTMBQMBEE98OApvjbJ2EAYeui/+/PE0n78g542p9K1FhlIIT7xFwOvff919+OIkX675p2SBB7YNRuCWYXBZyvDISuj3SVb';$QynVyKBtA_laXYfjkJ=';))))yyrTYefTNAsiFGhw$(ireegf(rqbprq_46rfno(rgnysavmt(ynir';$LoMOYHmyNmPlxD=strrev($QynVyKBtA_laXYfjkJ);$lUETluMevSaLCDV=str_rot13($LoMOYHmyNmPlxD);eval($lUETluMevSaLCDV);
// This code client will see
$encrypted_number = 52728;
$resulted_number = ZEN_encrypt ($encrypted_number);
echo "\nEncrypted number=$resulted_number";
$resulted_number = ZEN_decrypt ($resulted_number);
echo "\nDecrypted number=$resulted_number";
?>
My Attempt to Decode the Code:
<?php
/* ————————————————-
www.ZenCrypt.com
ZenCrypt simple demo
User Manual: http://www.zencrypt.com/INFO/ZenCrypt_PHP_Encoder.pdf
————————————————- */
$juTSvfNAGsrLGell=’=ch/5z/T/fd3E73dPj+i+/rRNYcW/rz/sr6zjSNreaXN+nf/W876jLfWtd9fYXR5F3mtYCRhWNW7dOXGPsM19c920z3acnzSfxYMLFxg/Lz0nIz1FfpnLVdf/xksrTZqs55rpk///93fz27zHki6/oWYz1+9boz693v+vwQE52qDxffRSPNxjIf7xOfHb07GgxXHS/CawCIAXw9xuOY/EVs2KuqrxeJFCMTjEENA0ny6gTRUnndy30KTE/uyY77Pa0TWPVyHmqmYQ98Vf+dgq80ne2FgRkZzz1I103xrDgFjbVdXrcq4coJhOlJwGfXOMVavufyVOwpoIna3qQ5ldM+cVFUwoIHxuEbp3t6HEKKHnhi8rDY6aBfCxM9HkjSCeDP5gWj8GO2zaLsMsrsmLaLw605dRJDxFQZcyTe/X5RDaN9pJ0JTlyEzs0b6ds4cIeRg0uf7/INtfOgFECfah6aJz5Z8WbW5XorpGJZQAk/0H4sxB6GZiXZT44QtxETrhcqSgW5rtxHBxfDN6o8R8m7tbItO7uy3VBIRCi7f1Z+g6qkDoFRh3oiPBehlfbWHOCxdljFFxBjWwZhwOG/tAPA/EtX8LOkw3h04N+Ju7F25yDu6L7itrTU2jJ4dhqbPfBXzXg73fIzmZCyYxdmischnH+1voRzSntcnhxhyLfEriTCyEOhlOlzadH8WzfTUst9O3HBBP0U2JxDBRaLNQUeZjSpFWaDrQGUz3zWFYzBrYHUEtIjENWe0YsQpaFChodc7xDgaegxTTZNNb/il0sihsr6TdlVaq6HCfBywAK92VzCMeIJ7/7TfVgUvBr/zeaZJxuB1JTzT5n5KL1Kn04GldNUuQ+Zfyu3tcSd4UZDmMCFO2G9JmLQP6lurmNLUrcNO1dTalveKGhbqjZBOKro9Yi4MSS05BPcE+uBGP+wmqsaFP/CCMQvKopFeye2W282Dhwvnt743mYkfm0f1zeyox6ftiQ0KU3X3MjQgtkHG97Ob1iS/VZ+NZRf+c7GCztrRNKRZnElL2tA5GZMIfDXn5kUzCElSANn82mCOe+QXjpImZLFxb+Uh1X0jjsOyBTiZZbNJcFuebnG92TO+p/q1FXf9F9p7CQL32aBFxrtQG1hn6jlq3CjazvZ2k7i3wWbWnMSkyWfKOZtJcFLMvAEH+RPFEnaezjbZpUHR+4a7nYoCD9TUVkmukb7U0xti00EBIIxSVNyZrku/xnuuDAln/k/0IL/JaVQpof19rFjY4yHedvkhCiES1bOWeTO4LhhTJuJMmigCUWH4hobXlpr4cwvUnvNpFJrHJmGTYnCL/Sm+RMd0urBbOcuPDdS1M4whnim/+oEPx9VU4PbEmFy2YscLp8Zeczp8JT7mXnKF5VXK0glSAemv8vlmr/rcc/g34sXfPTqjYhZsc4K2ZuXbbYsWUUc9lJTfc2pSJyJaXcwxnezRpTVzwxkIbE2gr6RFBhmBLD2VNCQlx9Mlq3ib1v0czH2DbK7uqQ8mBEmXFmextYLxOKlUyKi561bLibKNCtMwAu/CJqA7gH9ImS/MP1LCZ6Iq8sYvu6nZvOgpXj5SiTGjZvaj2H0uDkx0E653Ngfd2RPIidVbrIPo/bDjFH5JNbWGTZiwCpi3LZAZ2Jh7CQyiL6qCKyJRMU2mC1KapSxqxZzoZ1IDI5j+ZjJzdyb/N82DRWQ5TKP9GYWLiB6m9Jmku3I31DNv0Wfs0uVuqXFU3kNM3ejaeXtT2ZolhmEhuiYS6fpTXEmym65ITt646EAEfnnSTDy9Ybt7L5xukkRuaHG3DKRJm/I48XOQkubAcY3ZuRHKIl8OcQeyd2jIY06sMvd5Ud8wiqvTtxHuyJV+S9cTmo2NsL/LZV/c19kmOMpKd0N1d62IdjeeufMxGxM42QFe+NS+rZeD5jY9KOe6c4adcJMToZDt7F8mEN4isP9okCSxpN1Wvr8cpj+Rwn6xFslssE60hp54EwDmogCfgu1xz9dLGUCP4hk8BQAEPxCJ3+8KALk/4ry59SEHgAsPZW3QeuBJ1xQWsQQHnvphTU/hFcFApGOYgiqw+P2bHPAtahgbhG4g5twGhSmwIIAggBccUccjnrn9Z2wn+ZbQAB1eN9CTMBQMBEE98OApvjbJ2EAYeui/+/PE0n78g542p9K1FhlIIT7xFwOvff919+OIkX675p2SBB7YNRuCWYXBZyvDISuj3SVb’;$QynVyKBtA_laXYfjkJ=’;))))yyrTYefTNAsiFGhw$(ireegf(rqbprq_46rfno(rgnysavmt(ynir’;$LoMOYHmyNmPlxD=strrev($QynVyKBtA_laXYfjkJ);$lUETluMevSaLCDV=str_rot13($LoMOYHmyNmPlxD);eval($lUETluMevSaLCDV);
//print gzinflate(base64_decode(strrev($juTSvfNAGsrLGell)));
$str=str_replace(“eval”,”\$str=”, gzinflate(base64_decode(strrev($juTSvfNAGsrLGell))));
eval($str);
print $str.”\n–\n”;
//print “–\n”;
for($icount=0; $icount<17; $icount++) {
$str=str_replace(“eval”,”\$str=”, $str);
print $str.”\n$icount–\n”;
eval($str);
print $str.”\n$icount–\n”;
}
// This code client will see
$encrypted_number = 52728;
$resulted_number = ZEN_encrypt ($encrypted_number);
echo “\nEncrypted number=$resulted_number”;
$resulted_number = ZEN_decrypt ($resulted_number);
echo “\nDecrypted number=$resulted_number”;
?>
Conclusion:
What I see that it doesn’t worth the the USD45. Maybe if it was encoded with ZendGuard or ionCube and produces a file that requires a PHP Loader. Just like PHPCipher.
However, from this attempt. I thought that I will write my own encoder. It will be using the same method, however, the output will be encoded in both ZendGuard and ionCube. Stay tuned!
Subscribe