Detailed explanation of PHP source code encryption method

Although PHP is the best language in the world, there are also some security issues arising from weakly typed languages. There have been some security issues in the history of WordPress caused by flaws in PHP itself. For example, the cookie forgery in CVE-2014-0166 took advantage of the flaw in PHP Hash comparison.

The following is an introduction to a source code encryption technology:

Encryption software(php_screw)

Download address: http://sourceforge.net/projects/php-screw/

Description: PHP files are usually stored in text format on the server side. It is easy for others to read the source code. In order to verify the source code To protect the code, you can use the method of encrypting the source code. To realize this function, you need two parts

One is: encryption program to realize the encryption of PHP files

The other is: The encrypted PHP file is parsed to obtain the running results. The implementation of the former is relatively simple, it is just a program. The implementation of the latter is mostly implemented in the form of php module.

php_screw (Screw) can achieve the above functions. The latest version is 1.5, which can be downloaded from sourceforge.

php_screw is a Japanese PHP encryption program developed, but can only run under LINUX

Installation

Description: The purpose of installation is actually to generate two files, one is to use For screw encrypting PHP files, the other

is the parsing module php_screw.so loaded by php

Installation environment

System: centos 5.3

Software: Apache 2.2.9

PHP 5.2.10

All the above environments are downloaded, configured and installed by yourself. For specific Apache php mysql installation method, please search online.

Installation steps

1. Decompress with tar tar -zxvf php_screw-1.5.tar.gz

2. Enter the php_screw-1.5 directory to start Installation

cd php_screw-1.5
phpize

Regarding phpize, it only needs to install the php5-dev module in the php5-dev extension module.

./confiugre

3.Set the password you use for encryption

Copy the code as follows:

vi my_screw.h
 -- Please change the encryption SEED key (pm9screw_mycryptkey) into the
    values according to what you like.
    The encryption will be harder to break, if you add more values to the
    encryption SEED array. However, the size of the SEED is unrelated to
    the time of the decrypt processing.
 *  If you can read and understand the source code, to modify an original
        encryption logic will be possible. But in general, this should not
        be necessary.
   OPTIONAL: Encrypted scripts get a stamp added to the beginning of the
        file. If you like, you may change this stamp defined by
        PM9SCREW and PM9SCREW_LEN in php_screw.h. PM9SCREW_LEN must
        be less than or equal to the size of PM9SCREW.

4.Compile

make

5. Copy the php_screw.so file in the modules directory to the /usr/lib/php5/extension directory

cp modules/php_screw.so /usr/lib/php5/extension/

6. Edit the php.ini file

in the php.ini file , add the following statement

extension=php_screw.so

7. Restart Apache

/srv/apache/bin/apachectl restart

8. Compile the encryption tool

cd tools
make

9. Copy the encryption tool screw in the tools directory to the appropriate directory

cp screw /usr/bin/

After the above 10 steps, php_screw-1.5 has been completely installed. And now PHP also supports interpretation of encrypted PHP files

Use

1. Now write a PHP file to be encrypted.

I wrote the following test.php file to test the speed of php

Copy the code as follows:

<?
$a=0;
$t=time();
for($i=0;$i<5000000;$i++)
  {$a=$a*$i;}
$t1=time();
echo "<p>";
echo "It used:";
echo $t1-$t;
echo "seconds";
?>

Place the above test.php file in / var/www/ directory. Accessing through the browser will show the speed of PHP in large-scale calculations (rough estimate)

2. Encrypt the PHP file we wrote

cd /var/www/
screw test.php

After we encrypt it, the test in the current directory The .php file is what we have encrypted. The source file was renamed test.php.screw and stored.

Let’s test test.php now to see if it can be used normally? How is the speed?

I compared it and found that the speed before and after encryption is about the same, and there is basically not much loss.

3. Batch encrypted files

After testing on debian, apache2, php5 to encrypt the .html file, it can be parsed correctly;

How does php_screw encrypt the file in the current directory? , perform overall encryption on the files contained in the directory and the files in the containing directory

find ./ -name "*.php"－print|xargs -n1 screw //加密所有的.php文件
find ./ -name "*.screw" -print/xargs -n1 rm //删除所有的.php源文件的备份文件

In this way, all .php files in the current directory are encrypted.

For more related questions, please visit the php Chinese website: PHP video tutorial

The above is the detailed content of Detailed explanation of PHP source code encryption method. For more information, please follow other related articles on the PHP Chinese website!