How to protect core php code

Protecting PHP means protecting intellectual property rights, including some important interfaces and so on.

Currently commonly used solutions:

For the protection of dynamic languages ​​​​such as PHP, I feel that it is the same as summarized before js protection is almost the same, nothing more than: (recommended learning: PHP programming from entry to proficiency)

encryption;(the weakest strength, no way, this kind of dynamic The characteristics of the interpreted language lead to) dynamic debugging or hooking to solve it, of course it can also be done by staring.

Obfuscation; (that is, some local obfuscation, including modifications to variables and strings in the code, stronger ones will perform logical obfuscation); anti-obfuscation through the open source php ast deal with.

Virtual machine protection, a common question, as for the enhancement of the virtual machine, it depends on how well it is combined with the local layer, and how the Handler can be better designed; such as the Rubik's Cube, reverse engineering, 52 There is a big guy Ganlv who has done a thorough research, you can go and read it;

There is also the introduction of compilation, which is compiled into a bytecode file for interpretation and execution. There is a gap between the bytecode and the interpretation. With a corresponding relationship, you can modify the mapping rules at this time; for example, Zend Guard

is currently the strongest Swoole Compiler, and at the same time the performance impact is not significant. I am very curious and interested in this extended encryption. , of course I can’t analyze it. Firstly, I don’t have samples, and secondly, I don’t have time.

We know that dynamic languages ​​like PHP must run on an interpreter.

Zend bytecode interpreter, what may be done here is to convert Zend bytecode to LLVM ir, and then optimize it with the help of many good optimization passes in llvm, and it can also be obfuscated.

Swoole Compiler compiles PHP into bytecode or lower-level files, and then provides customers with an extension tool for interpretation; for Swoole Compiler, it may be a magical modification of the interpretation part in the Zend virtual machine More, plus some other security measures, the effect may be more powerful. It is estimated that many existing cracking routines will be invalid. At the same time, Swoole itself is the legendary Node.js in PHP, and it must be better in performance. A lot of optimization has been done, so it makes up for the performance loss in virtualization protection

The above is the detailed content of How to protect core php code. For more information, please follow other related articles on the PHP Chinese website!