Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    Mar 2006
    Posts
    51
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Question Protect PHP script

    Hi...
    I really need to protect my PHP script, until I found this sample. It can be runned perfectly. Exactly, how to protect the script like this method?

    Thank you so much..
    Attached Files Attached Files

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Not going to decrypt it, and unless they are using a specialized program on the server, that appears to be a standard urlencoded string. Try stripping the text out and using urldecode() on it to see if it turns back into readable text.

    [edit]
    On further inspection, it appears to be a base64 encoding. Considering as well that many of the variables are completely intact, I would assume that is an image code. You can't decode that unless you want the binary to read?
    See this line:
    $_D=strrev('edoced_46esab');
    Definitly base64_decode
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #3
    Regular Coder
    Join Date
    Sep 2006
    Location
    Colorado
    Posts
    132
    Thanks
    7
    Thanked 1 Time in 1 Post
    You can always tell base64 by there being an equal sign at the end.
    -bubbles

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Yep, I'm just too lazy to perform horizontal scroll
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #5
    New to the CF scene
    Join Date
    Mar 2007
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thats not pretty safe. I just wrote a function to decode this:

    PHP Code:
    <?php 

    $FileName 
    "checksums.md5"
    $ChecksumsFileHash "51e39719a3416421a362b317d6e0f5e4"
    $maxMD5Line 4096

    $statmsg['ok'] = "<strong>OK</strong>"
    $statmsg['fail'] = "<font color=\"red\"><strong>FAIL</strong></font>"
    $statmsg['no'] = "<font color=\"yellow\"><strong>Not our's</strong></font>"
    $statmsg['del'] = "<font color=\"#0000FF\"><strong>Deleted!</strong></font>"

    ?> 

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
    <html xmlns="http://www.w3.org/1999/xhtml"> 
    <head> 
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1251" /> 
    <title>DGT Release Checker</title> 
    <style type="text/css"> 
    body { 
    padding-top: 0; 
    padding-right: 0; 
    padding-left: 0; 
    padding-bottom: 0; 
    margin: 0; 
    color: #DDDDDD; 
    background-color: #000000; 
    font-family:Courier New, monospace; 

    table { 
    border: 1px dashed #FFFFFF; 

    td { 
    border-top: 1px dotted #DDDDDD; 
    font-size:16px; 



    h2 { 
        text-align: center; 
        font-weight: bold; 
        margin-bottom: 10px; 

    </style> 
    </head> 
    <body> 
    <h2>DGT Release Checker</h2> 
    <?php 
    if (!file_exists($FileName)) { 
        print (
    "<h2>Can not to open file $FileName<h2>"); 
        exit; 

    if (
    md5_file($FileName) != strtolower($ChecksumsFileHash)) { 
        print (
    "<h2>File $FileName corrupted<h2>"); 
        exit; 


    $handle fopen($FileName"r"); 
    while (!
    feof ($handle)) { 
        
    $line trim(fgets($handle$maxMD5Line)); 
        if (
    $line) { 
            if (
    strlen($line) > 34) { 
                
    $a explode('*'$line); 
                
    $hash strtolower(trim($a[0])); 
                
    $file trim($a[1]); 
                
    $Result[$file] = $hash
            } else { 
                return 
    false
            } 
        } 

    fclose($handle); 

    ?> 

    <table align="center"> 
      <tr> 
        <th scope="col">File</th> 
        <th scope="col">Check</th> 
      </tr> 
    <?php 

        
    function chkmd5($dir
        { 
            global 
    $Result$statmsg$FileName
            
    $output_md5 ""
            
    $files = array (); 
            
    $dh  opendir($dir); 
            while (
    false !== ($filename readdir($dh))) { $files[] = $filename; } 
            
    sort($files); 
            foreach(
    $files as $lol
            { 
                if ((
    $lol != ".") && ($lol != "..") && ($lol != $FileName) && ($lol != "validator.php")) 
                { 
                    
    $newpath $dir."/".$lol
                    if (!
    is_dir($newpath)) 
                    { 
                        
    $md5fn substr($newpath2); 
                        if (!empty(
    $Result[$md5fn])) 
                        { 
                            if((
    strtolower(md5_file($newpath)) == $Result[$md5fn])) 
                            { 
                                  
    $Result[$md5fn] = $statmsg['ok']; 
                            } 
                            else 
                            { 
                                
    $Result[$md5fn] = $statmsg['fail']; 
                            } 
                        } 
                        else 
                        { 
                            
    $Result[$md5fn] = $statmsg['no']; 
                        } 
                    } 
                    else 
                    { 
                        
    chkmd5($newpath); 
                    } 
                } 
            } 
        } 

    chkmd5("."); 
    ksort($Result); 

    foreach(
    $Result as $file => $status

        if ((
    $status != $statmsg['ok']) && ($status != $statmsg['no']) && ($status != $statmsg['fail'])) 
        { 
            
    $status $statmsg['del']; 
        } 
        echo <<<
    TABLE 
        
    <tr
            <
    td>$file&nbsp;</td
            <
    td align="center">&nbsp;$status</td
          </
    tr
    TABLE



        
    ?> 
    </table> 

    </body> 
    </html>

    better use zend encoder
    Last edited by fackelkind; 03-21-2007 at 10:14 PM.

  • #6
    New Coder
    Join Date
    Mar 2006
    Posts
    51
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Unhappy

    hi fackelkind and all, i am really sory for late reply.

    I'm writing a report for final task in my college. it's about php source code encryption. i want to try explain that encrypt php source code with base64 is not fully safe. if you don't mind, could you give me the function you have wrote to decrypt the protected file please? so I can make it proved.

    encrpytion using addition library module such as zend encoder, source guardian, etc is not so comfortable because we must install the file into php configuration first, and it's a problem because not all hosting provider have it.

    So I want to encrypt the source code by using function in PHP without install anything inside php configuration. Then i found CodeLock. Some say that it's very easy to crack.

    Is there any safer solution to encrypt php source code without adding file inside php configuration?

    thank you so much.

  • #7
    New to the CF scene
    Join Date
    Jan 2009
    Location
    Tropical North Queensland
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sorry for resurrecting an old thread... but I wrote something up about this years ago back in 2003. You can find it here at http://scriptlock.com. AFAIK, there is no way to do it in the way you suggested. The decryption stub needs to be run from inside PHP as a DLL as that is the only surefire way to protect the decryption scheme.

    For a PHP only solution, CodeLock v2.0 is a pretty good product. But it can be broken (eventually - if you try long/hard enough), but it'll at least serve to slow the casual code cracker down.

    Realistically, if someone is good enough to crack your encryption scheme, chances are they're egotistic enough to not bother with your (encrypted) solution, and just roll their own solution...

  • #8
    New to the CF scene
    Join Date
    Oct 2010
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Here there are good scripts, that can look and you will find: PROTECT PHP SOURCE CODE

  • #9
    New to the CF scene
    Join Date
    Nov 2010
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This is good for protecting PHP code. Give it a shot

    http://www.raizlabs.com/software/phpobfuscator/


  •  

    LinkBacks (?)


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •