How to encrypt php source code?

php is currently the most popular web programming language, bar none. However, since PHP is interpreted and executed, the source code is the program, and encryption is essential for commercialization (or some other purposes). This series will introduce and analyze some common/commonly used PHP encryption methods in China.

How to encrypt php source code?

How to encrypt php source code:

1. Encryption without any PHP extension

Representatives of this type of encryption include Weidun PHP encryption expert, PHP online encryption platform, PHP Aegis, etc.

This type of encryption uses the eval function as the core, supplemented by various string obfuscations and various tricks to achieve the purpose of encryption (more accurately, it should be regarded as confusion). The following takes a simple hello world as an example to illustrate the general process of this type of encryption.

<?php
  echo "hello world";

First, we turn this code into one executed through eval

<?php
  eval(&#39;echo "hello world";&#39;);

Then, we perform some conversions, such as base64 Encoding

<?php 
  eval(base64_decode(&#39;ZWNobyAiaGVsbG8gd29ybGQiOw==&#39;));

That’s it, our first encrypted php code is freshly baked. . .

The above example is very, very simple. Basically anyone with a little basic knowledge of PHP or other languages ​​can easily understand and decrypt it. Therefore, we need some way to make this encryption not at least look simple.

2. Use multiple encoding functions at the same time

In addition to the base64 just mentioned, PHP also has many built-in encoding functions, such as urlencode, gzcompress, etc. Mixing these functions can increase the complexity (not difficulty) of decryption. In addition, you can use strtr to formulate your own encoding rules. Use variables instead of function names. Use specific characters to name variables

The specific characters mentioned here are some very similar characters, such as I and 1, 0 and O. Imagine that the entire screen is filled with variables composed of O and 0, and the name of each one is more than 10 characters long. . . Determining whether the file itself has been modified

This function seems easy. Make a summary of the file and then compare it to know whether it has been modified. But how can we embed the summary in the file? I haven't found a perfect solution, but a workaround is easy enough. . .

<?php
$code = substr(file_get_contents(__FILE__), 0, -32);
$hash = substr(file_get_contents(__FILE__), -32);
if(md5($code) !== $hash) {
  exit(&#39;file edited&#39;);
}
ACBC41F727E00F85BEB3440D751BB4E3

Of course, you can put this verification string in another position to increase the difficulty of cracking. With this, others will have to work harder to crack your program. . .

Now that we know the principle, decryption is naturally very simple. Generally speaking, there are only three steps:

Replace eval with output, such as echo to restore the string according to the encoding rules if the file The decryption is not complete, continue from the first step

Of course, the actual decryption process is not that simple. For example, if gzcompress is used during encryption, the obtained data will contain some binary data, and When opened with a general text editor, these data will be displayed as garbled characters, and some data will be lost when saving. The solution is very simple and troublesome, that is, use binary (hexadecimal) mode to open, modify and save.

The above is the detailed content of How to encrypt php source code?. For more information, please follow other related articles on the PHP Chinese website!