- Impact
- 9
Hi guys,
I've posted this to another couple of forums so please excuse me if you've read it before... I consider myself lucky for traveling in the same circles, I guess!
Just wanted to let everyone know that after hoarding some changes to another code base for some time, I've decided to release the code I use for obfuscating my PHP. I'm trying to get my code changes back in to the original branch, but the process has been rockier than I expected.
Anyway: a few things about this. Firstly, I prefer obfuscation to compilers and / or encrypters as obfuscated code does not rely on the host server having anything in particular installed. I basically don't need the hassle of trying to get my clients to ensure that certain extensions are installed...
So what makes this obfuscator different?
1) it uses the PHP tokenizer... it doesn't try and parse the code itself. A fair amount of other obfuscators try to parse the code themselves and do a terrible job of it. The hard work of understanding the code 'structure' is done already by the PHP engine... making it more reliable.
2) it obfuscates constants. I don't know of any other obfuscators that do this.
3) it has an include / exclude system: that way I can choose not to obfuscate certain functions, for example... perfect for when you want to use a CMS API or something similar, but still want to obfuscate *your* code. Plus, this list can contain wildcards.
4) it obfuscates step by step: it runs as a command line script and only obfuscates what you want. It does this step by step, keeping all previous steps so that you can verify that it worked (there's nothing worse than going from your code to fully obfuscated in one step... it's practically unveriable!).
So that's the major points, I think. As with all obfuscators, at the moment, anyway, things like variable variables, user function calls and register globals make it fail.
If you're interested, feel free to visit http://www.asistechnologies.com/home/component/option,com_remository/Itemid,38/func,fileinfo/id,6/ and download it. There's a bug tracker and so on there in case it's needed.
I've already started thinking about the next version: things like a web interface and the options to click a button to automatically exclude all Joomla functions, for example.
Thanks!
I've posted this to another couple of forums so please excuse me if you've read it before... I consider myself lucky for traveling in the same circles, I guess!
Just wanted to let everyone know that after hoarding some changes to another code base for some time, I've decided to release the code I use for obfuscating my PHP. I'm trying to get my code changes back in to the original branch, but the process has been rockier than I expected.
Anyway: a few things about this. Firstly, I prefer obfuscation to compilers and / or encrypters as obfuscated code does not rely on the host server having anything in particular installed. I basically don't need the hassle of trying to get my clients to ensure that certain extensions are installed...
So what makes this obfuscator different?
1) it uses the PHP tokenizer... it doesn't try and parse the code itself. A fair amount of other obfuscators try to parse the code themselves and do a terrible job of it. The hard work of understanding the code 'structure' is done already by the PHP engine... making it more reliable.
2) it obfuscates constants. I don't know of any other obfuscators that do this.
3) it has an include / exclude system: that way I can choose not to obfuscate certain functions, for example... perfect for when you want to use a CMS API or something similar, but still want to obfuscate *your* code. Plus, this list can contain wildcards.
4) it obfuscates step by step: it runs as a command line script and only obfuscates what you want. It does this step by step, keeping all previous steps so that you can verify that it worked (there's nothing worse than going from your code to fully obfuscated in one step... it's practically unveriable!).
So that's the major points, I think. As with all obfuscators, at the moment, anyway, things like variable variables, user function calls and register globals make it fail.
If you're interested, feel free to visit http://www.asistechnologies.com/home/component/option,com_remository/Itemid,38/func,fileinfo/id,6/ and download it. There's a bug tracker and so on there in case it's needed.
I've already started thinking about the next version: things like a web interface and the options to click a button to automatically exclude all Joomla functions, for example.
Thanks!
