Yet Another PHP Obfuscator
 

Hi guys,

I've posted this to another couple of forums so please excuse me if you've read it before... I consider myself lucky for traveling in the same circles, I guess!


Just wanted to let everyone know that after hoarding some changes to another code base for some time, I've decided to release the code I use for obfuscating my PHP. I'm trying to get my code changes back in to the original branch, but the process has been rockier than I expected.

Anyway: a few things about this. Firstly, I prefer obfuscation to compilers and / or encrypters as obfuscated code does not rely on the host server having anything in particular installed. I basically don't need the hassle of trying to get my clients to ensure that certain extensions are installed...

So what makes this obfuscator different?
1) it uses the PHP tokenizer... it doesn't try and parse the code itself. A fair amount of other obfuscators try to parse the code themselves and do a terrible job of it. The hard work of understanding the code 'structure' is done already by the PHP engine... making it more reliable.

2) it obfuscates constants. I don't know of any other obfuscators that do this.

3) it has an include / exclude system: that way I can choose not to obfuscate certain functions, for example... perfect for when you want to use a CMS API or something similar, but still want to obfuscate *your* code. Plus, this list can contain wildcards.

4) it obfuscates step by step: it runs as a command line script and only obfuscates what you want. It does this step by step, keeping all previous steps so that you can verify that it worked (there's nothing worse than going from your code to fully obfuscated in one step... it's practically unveriable!).


So that's the major points, I think. As with all obfuscators, at the moment, anyway, things like variable variables, user function calls and register globals make it fail.

If you're interested, feel free to visit http://www.asistechnologies.com/hom...,fileinfo/id,6/ and download it. There's a bug tracker and so on there in case it's needed.

I've already started thinking about the next version: things like a web interface and the options to click a button to automatically exclude all Joomla functions, for example.

Thanks!

Can domain lock and expiry date be set in this?

Hi nick_mayhem:

No, it can't. Any system that does that for you requires a decoder installed on the server (different decoders for different systems).

This code requires no decoder as what is produced is normal, runnable PHP. At the same time, though, it also means that nothing can be wrapped around it (such as the license requirements that you are talking about).

If you want to use an obfuscator, while still using a licensing system, you would need to have that license code written in your PHP code (either by yourself or as an included library).

Humm....

I am using one right now that has domain lock and expiry and doesn't requires any other library or decoders to be installed.

Let me know if you want to see that one. Might help you out for future developments of yours. :D

Thanks.

Yep, for sure: would love to see it.

Even just a name is fine, thanks.

PM sent.

Thanks.