PHP code encryption method summary

Time:2021-4-8

How to protect your PHP code:

Code obfuscation + encryption

The actual encryption is not enough. The specific implementation idea is to encrypt the code Base64, then map the strings in Base64 (randomly generate dictionary confusion), and then perform Eval, which can be cracked and restored 100%

The representative code is as follows:

<?php
 Function randabc ($length =) {// returns a random string 
 $str = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 
 return str_shuffle($str); 
 } 
 $filename = ' index.php '; // file to encrypt 
 $T_ K1 = randabc(); // random key 1 
 $T_ K2 = randabc(); // random key 2 
 $vstr = file_get_contents($filename); 
 $v1 = base64_encode($vstr); 
 $c = strtr($v1, $T_ k1, $T_ K2); // replace the corresponding characters according to the key. 
 $c = $T_k1.$T_k2.$c; 
 $q1 = "O00O0O"; 
 $q2 = "O0O000"; 
 $q3 = "O0OO00"; 
 $q4 = "OO0O00"; 
 $q5 = "OO0000"; 
 $q6 = "O00OO0"; 
 $s = '$'.$q6.'=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$'.$q1.'=$'.$q6.'{3}.$'.$q6.'{6}.$'.$q6.'{33}.$'.$q6.'{30};$'.$q3.'=$'.$q6.'{33}.$'.$q6.'{10}.$'.$q6.'{24}.$'.$q6.'{10}.$'.$q6.'{24};$'.$q4.'=$'.$q3.'{0}.$'.$q6.'{18}.$'.$q6.'{3}.$'.$q3.'{0}.$'.$q3.'{1}.$'.$q6.'{24};$'.$q5.'=$'.$q6.'{7}.$'.$q6.'{13};$'.$q1.'.=$'.$q6.'{22}.$'.$q6.'{36}.$'.$q6.'{29}.$'.$q6.'{26}.$'.$q6.'{30}.$'.$q6.'{32}.$'.$q6.'{35}.$'.$q6.'{26}.$'.$q6.'{30};eval($'.$q1.'("'.base64_encode('$'.$q2.'="'.$c.'";eval(\'?>\'.$'.$q1.'($'.$q3.'($'.$q4.'($'.$q2.',$'.$q5.'*2),$'.$q4.'($'.$q2.',$'.$q5.',$'.$q5.'),$'.$q4.'($'.$q2.',0,$'.$q5.'))));').'"));'; 
 $s = '<?php '."\n".$s."\n".' ?>'; 
 //echo $s; 
 //Generate encrypted PHP file 
 $fpp1 = fopen('temp_'.$filename, 'w'); 
 Fwrite ($fpp1, $s) or die ('write file error '); 
 ?>

Confusing garbled characters

There are some things about code obfuscation variables that are similar to the principle of 1, but it is only a matter of time before the string is changed to characters between ASCII 127 and 255 that are not understood by human beings and the editor.

Issue opcode

Instead of distributing the code, the PHP code is precompiled and opcode is distributed. After php7, opcache is deeply integrated. After php7, this method can be used to protect the source code, but it will also be decompiled by opcode and cracked.

Obfuscation + encryption + writing PHP extension

Confusion + encryption + writing PHP extension, but as long as it is open source PHP extension will be cracked, unless you write encryption algorithm, encrypt the PHP code, and then you use c voice to write extension to close the source, others don’t know your encryption idea and cracking idea, so the possibility of being cracked is very small.

Swoole Compiler

The one swoole produced is to confuse the encrypted opcode with the generated opcode, and then this one is awesome. If you want to execute this one, it’s obvious that Zend engine is unlikely to recognize the encrypted opcode, so it actually needs to rewrite Zend, so the supporting Zend engine also needs to be replaced.

Content extension:

<?php
  Function randabc ($length =) {// returns a random string
  $str="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
  return str_shuffle($str);
 }
 $filepath='index.php';
 $path_parts= pathinfo($filepath);
 $filename=$path_parts["basename"];
 $T_ K1 = randabc(); // random key 1
 $T_ K2 = randabc(); // random key 2
 $vstr=file_ get_ Contents ($filename); // the file to be encrypted 
 $v1=base64_encode($vstr);
 $c=strtr($v1,$T_ k1,$T_ K2); // replace the corresponding characters according to the key.
 $c=$T_k1.$T_k2.$c;
 $q1="O00O0O";
 $q2="O0O000";
 $q3="O0OO00";
 $q4="OO0O00";
 $q5="OO0000";
 $q6="O00OO0";
 $s='$'.$q6.'=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$'.$q1.'=$'.$q6.'{3}.$'.$q6.'{6}.$'.$q6.'{33}.$'.$q6.'{30};$'.$q3.'=$'.$q6.'{33}.$'.$q6.'{10}.$'.$q6.'{24}.$'.$q6.'{10}.$'.$q6.'{24};$'.$q4.'=$'.$q3.'{0}.$'.$q6.'{18}.$'.$q6.'{3}.$'.$q3.'{0}.$'.$q3.'{1}.$'.$q6.'{24};$'.$q5.'=$'.$q6.'{7}.$'.$q6.'{13};$'.$q1.'.=$'.$q6.'{22}.$'.$q6.'{36}.$'.$q6.'{29}.$'.$q6.'{26}.$'.$q6.'{30}.$'.$q6.'{32}.$'.$q6.'{35}.$'.$q6.'{26}.$'.$q6.'{30};eval($'.$q1.'("'.base64_encode('$'.$q2.'="'.$c.'";eval(\'?>\'.$'.$q1.'($'.$q3.'($'.$q4.'($'.$q2.',$'.$q5.'*2),$'.$q4.'($'.$q2.',$'.$q5.',$'.$q5.'),$'.$q4.'($'.$q2.',0,$'.$q5.'))));').'"));';
 $s='<?
 '.$s.
'
 ?>';
 echo $s;
 //Generate encrypted PHP file
 !is_dir('create/') && mkdir('create/');
 $fpp1 = fopen('create/'.$filename,'w');
 Fwrite ($fpp1, $s) or die ('write file error ');
 Echo 'encrypted successfully! ';

So far, this article about the method of PHP code encryption is introduced here. For more information about several methods of PHP code encryption, please search previous articles of developer or continue to browse the following related articles. I hope you can support developer more in the future!

Recommended Today

Third party calls wechat payment interface

Step one: preparation 1. Wechat payment interface can only be called if the developer qualification has been authenticated on wechat open platform, so the first thing is to authenticate. It’s very simple, but wechat will charge 300 yuan for audit 2. Set payment directory Login wechat payment merchant platform( pay.weixin.qq . com) — > Product […]