Author Topic: Online PHP Obfuscator (Read 4562 times)

lococobra · « **on:** July 13, 2007, 03:01:52 PM »

Thanks to your guy's help... I was able to get all that nasty regex stuff to work, and now...

PHP Obfuscator V.0.9 By Trappar is online!

The only way I've tested it is with the following options checked:
• Obfuscate variable names
• Remove strings from context
• Remove function names from context

So perhaps try different combinations... I'm guessing something's going to fail if for instance... you enable "Remove function..." but not "Remove strings..." and one of your functions is "file" and one of your strings contains the word "file".

Give it a shot, I think the code is pretty good... especially if you enable all the options. Just make sure you don't throw in anything that's not php!

lococobra · « **Reply #1 on:** July 13, 2007, 05:57:28 PM »

Up to version 0.9.2
Fixed problems:
• Accidental removal of whitespace in strings
• Accidental removal of whitespace around logical operators/special words: as|and|or|xor

lococobra · « **Reply #2 on:** July 14, 2007, 03:11:18 PM »

*Bump* Someone mind testing this?

source · « **Reply #3 on:** July 14, 2007, 04:15:36 PM »

I dont understand.. how would this be useful?

If you're changing a variable name thats... pointless?

lococobra · « **Reply #4 on:** July 14, 2007, 09:05:13 PM »

Try doing some research next time before making an ass out of yourself.

http://en.wikipedia.org/wiki/Obfuscated_code

source · « **Reply #5 on:** July 14, 2007, 10:18:31 PM »

again: whats the point of this, instead of linking me to wikipedia which means NOTHING. because it still doesn't answer my question.

WHAT IS THE POINT OF THIS: CHANGING A VARIABLE NAME?

lococobra · « **Reply #6 on:** July 14, 2007, 10:41:40 PM »

Quoted from the first paragraph of the link I gave you

"Macro preprocessors are often used to create hard to read code by masking the standard language syntax and grammar from the main body of code."

AKA...
It makes the code harder to read because $userPassword is easier to read than $xRY

This is to protect your code from devious people who try to steal and modify it, then claim it was their own creation.

source · « **Reply #7 on:** July 14, 2007, 10:52:54 PM »

anyone with any programming skill will be able to figure out what the variable is for.

lococobra · « **Reply #8 on:** July 14, 2007, 11:09:54 PM »

Once I'm done with coding the php obfuscator, I'll give you one of it's outputs and we'll see if you can figure out what it does or not.

But for now... just as an example, here's the output of what I'd consider a pretty non-effective php obfuscator.

Tell me what this code does...

Code: [Select]


<?if(isset($_GET['aajs'])){  header('Content-Type: text/javascript');?>var f;var k=m();function m(){if(typeof XMLHttpRequest!='undefined'){return new XMLHttpRequest();}try{return new ActiveXObject("Msxml2.XMLHTTP");}catch(e){try{return new ActiveXObject("Microsoft.XMLHTTP");}catch(e){}}return false;};function ajaxCall(r,j,o){if(document.getElementById('ajaxer').innerHTML=='Ajax by ajaxer.v.1.2'){f="ret_"+j;f=f.replace("ajax_","");d=j;for(i=2;i<arguments.length;i++){n=arguments[i].replace('^',':&ca&:');d+='^'+n;}d=r+'?aacall='+encodeURIComponent(d);k.open("GET",d,true);k.onreadystatechange=l;k.send(null);}};function l(){if(k.readyState==4){if(k.status==200){var c=k.responseText;var g=new Array();if(c.search('<body>')!= -1){g=c.split('<body>');c=g[1];}if(c.search('</body>')!= -1){g=c.split('</body>');c=g[0];}c=c.replace(/\n/gi,"\\n");c=f+'("'+c+'");';eval(c);}else{if(k.status!=0)alert('There was a problem with the request.');}}}<?exit;}if(isset($_GET['aacall'])){header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");header("Cache-Control:no-store,no-cache,must-revalidate");$R7633668866BAA355046277DB052802D1=explode('^',urldecode($_GET['aacall']));if((strpos($R7633668866BAA355046277DB052802D1[0],'ajax')!==FALSE)&&(strpos($R7633668866BAA355046277DB052802D1[0],'$')===FALSE)){if(count($R7633668866BAA355046277DB052802D1)>1){$RFD72CDF4D642A09A9584BEFCAE1E3901=$R7633668866BAA355046277DB052802D1[0]."(";for($RA16D2280393CE6A2A5428A4A8D09E354=1;$RA16D2280393CE6A2A5428A4A8D09E354<count($R7633668866BAA355046277DB052802D1);$RA16D2280393CE6A2A5428A4A8D09E354++){$R2779E0D347183D4A2DB54462481A119A=str_replace(':&ca&:','^',$R7633668866BAA355046277DB052802D1[$RA16D2280393CE6A2A5428A4A8D09E354]);$RFD72CDF4D642A09A9584BEFCAE1E3901.="'".str_replace('\'','\\\'',stripslashes($R2779E0D347183D4A2DB54462481A119A))."',";}$RFD72CDF4D642A09A9584BEFCAE1E3901=substr($RFD72CDF4D642A09A9584BEFCAE1E3901,0,strlen($RFD72CDF4D642A09A9584BEFCAE1E3901)-1).');';}else $RFD72CDF4D642A09A9584BEFCAE1E3901=$R7633668866BAA355046277DB052802D1[0].'();';eval($RFD72CDF4D642A09A9584BEFCAE1E3901);}else echo'Invalid ajax request';exit;}function callJS(){$R076717F69D409259123CEEB7BF5199C8 = substr(__FILE__,1);$RBAB9B407390B80607957164370BE6A3C=substr($_SERVER['SCRIPT_FILENAME'],1);$RE9F06793F8BF0D7E8201B73A7DFBAAB3=substr_count($R076717F69D409259123CEEB7BF5199C8,'/');for($RA16D2280393CE6A2A5428A4A8D09E354=0;$RA16D2280393CE6A2A5428A4A8D09E354<=$RE9F06793F8BF0D7E8201B73A7DFBAAB3;$RA16D2280393CE6A2A5428A4A8D09E354++){if(substr($R076717F69D409259123CEEB7BF5199C8,0,strpos($R076717F69D409259123CEEB7BF5199C8,'/'))==substr($RBAB9B407390B80607957164370BE6A3C,0,strpos($RBAB9B407390B80607957164370BE6A3C,'/'))){$R076717F69D409259123CEEB7BF5199C8=substr($R076717F69D409259123CEEB7BF5199C8,strpos($R076717F69D409259123CEEB7BF5199C8,'/')+1);$RBAB9B407390B80607957164370BE6A3C=substr($RBAB9B407390B80607957164370BE6A3C,strpos($RBAB9B407390B80607957164370BE6A3C,'/')+1);}if(strpos($R076717F69D409259123CEEB7BF5199C8,'/')===FALSE)break;}echo'<script language="JavaScript" type="text/javascript" src="./'.$R076717F69D409259123CEEB7BF5199C8.'?aajs=true"></script>'."\n";}?>

keeB · « **Reply #9 on:** July 15, 2007, 12:21:56 AM »

locobra, don't let source get to you, he's obviously misinformed

I'm very interested in testing this out for you, but the onfuscator is OFFLINE!

chronister · « **Reply #10 on:** July 15, 2007, 12:38:37 AM »

not to be a naysayer or anything, but what is the point of obsfucating php code. Since it is handled on the server... to the best of my knowledge, there is no way for a person to get your php code unless they have ftp access to your server.

am I wrong here?

I am not trying to belittle the work you have done here as it's more than I could do, I am asking more for learning purposes.

What is the benefit of this?

Thanks,

Nate

keeB · « **Reply #11 on:** July 15, 2007, 12:58:26 AM »

chronister -- what if you develop on a common framework and sell it to companies with a support contract...

many more ideas come to mind..

chronister · « **Reply #12 on:** July 15, 2007, 01:02:54 AM »

ok... I can see that...

Never thought of it like that

thanks

lococobra · « **Reply #13 on:** July 15, 2007, 01:13:31 AM »

I'm mainly developing this to obfuscate an AJAX handler that I've developed, and also because most the ones I found previously did not meet my expectations. I'm having some problems with the code at the moment because of a new feature I'm trying to add... but I'll get it back online ASAP.

New feature: String obfuscation using escape sequences.

Hopefully up within an hour and a half >_>

source · « **Reply #14 on:** July 15, 2007, 01:31:15 AM »

I was not trying bash your work you attacked me first by calling me an "ass"...

asking a question and getting called an ass and attacked shows something about you.

lococobra · « **Reply #15 on:** July 15, 2007, 02:10:38 AM »

You told me that my work was pointless, I think just about anyone would take that as a personal attack.

Anyways, it's back online and ready to be tested.

PHP Obfuscater V.0.9.3 By Trappar

source · « **Reply #16 on:** July 15, 2007, 02:12:17 AM »

wrong.

"If you're changing a variable name thats... pointless?"

lococobra · « **Reply #17 on:** July 15, 2007, 03:50:37 AM »

New version:

PHP Obfuscater V.0.9.3 By Trappar

Now it should accept full pages including html.

chronister · « **Reply #18 on:** July 15, 2007, 03:58:57 AM »

@source

We may not always understand why someone is doing something, but generally they have their reasons. It looks to me like this does a whole lot more than change a variable name. The infighting should cease as it helps no one.

I guess rather than call something pointless, try to understand why they are doing what they want to do. Granted, there are a lot of pointless "goals" that people on here have and generally if it is truly pointless and does not solve a problem, they will be told so. But generally before they are told that their work is "pointless" a person tries to understand what the code is doing and / or why it is doing it.

I understand that lococobra is working on the thing right now as I type this so I am not too concerned about the fact that the code I put into it don't work on the page after obsfusication, but my code was seriously changed.

It took

Code: [Select]

<?php
$xyz='1';

$zyx='4';

$added=$xyz + $zyx;
if($added > 2)
{
   $greater='true';
}

if($greater=='true')
{
  echo 'added numbers are greater than 2';
}
?>

and turned it into

Code: [Select]

<?$st=array("\141\144\144\145\144\40\156\165\155\142\145\162\163\40\141\162\145\40\147\162\145\141\164\145\162\40\164\150\141\156\40\62","\164\162\165\145","\64","\61");php$EDY=$st[3];$mob=$st[2];$pnE=$EDY+$mob;if($pnE>2){$eEL=$st[1];}if($eEL==$st[1]){echo$st[0];}?>

So try not to be too critical of something until you completely understand it....

@lococobra, I saw you posted that v 0.9.3 is done. I am getting a variable error when I run the obfuscated code. tested the non-obfuscated code and it works fine. Good work on this script very cool

lococobra · « **Reply #19 on:** July 15, 2007, 04:08:50 AM »

Fixed, new output should be something like...

Code: [Select]

<?$st=array("\141\144\144\145\144\40\156\165\155\142\145\162\163\40\141\162\145\40\147\162\145\141\164\145\162\40\164\150\141\156\40\62","\164\162\165\145","\64","\61");$Uib=$st[3];$Kqw=$st[2];$BOM=$Uib+$Kqw;if($BOM>2){$wep=$st[1];}if($wep==$st[1]){echo$st[0];}?>

Which on my site executes as:
"added numbers are greater than 2"

chronister · « **Reply #20 on:** July 15, 2007, 04:13:08 AM »

very nice

Also I dig your sig..... pretty freakin clever if I do say so myself. Did you really handcode that???

lococobra · « **Reply #21 on:** July 15, 2007, 04:49:13 AM »

Yeah, I did that before I wrote the code for the obfuscater. Only part I didn't hand-write was the base64.

I've fixed everything I can possibly come up with other than one thing... the following code would not work:

Code: [Select]

<?php
$str = 'To start writing your script, begin with <?php';
echo $str;
?>

Right now I'm using a function I wrote that explodes a string multiple times to find locations of <?php and such, I have a feeling I'm going to have to re-write it with some more regular expressions... oh joy...

LiamProductions · « **Reply #22 on:** July 15, 2007, 06:11:09 AM »

I don't know what it is suppose to do but this what happened when i put:

Code: [Select]

<?php

echo "hello";

?>

It changed it to...

Code: [Select]

<?$st=array("hello");echo =$st[0];?>

It turned it to an array lol

keeB · « **Reply #23 on:** July 15, 2007, 10:42:06 AM »

Original

Code: [Select]

<?php
/**
 * @author: nick stinemates
 */
 
 
require_once("com/stinemates/common/model/Image.class.php");
require_once("com/stinemates/common/model/Gallery.class.php");
require_once("com/stinemates/factory/ImageResizeFactory.class.php");
require_once("com/stinemates/factory/ImageOutputFactory.class.php");


$g = new Gallery;

$i = new Image();
$i->setPath("/media/hdb5/development/php/photo/images/kungy.jpg");


$i2 = new Image;
$i2->setPath("/media/hdb5/development/php/photo/images/wow.jpg");

$g->addImage($i);
$g->addImage($i2);


$factory = new ImageResizeFactory($i);
$ri = $factory->ImageResizeByDimensions(200, 100);
$factory = new ImageResizeFactory($i2);
$ri2 = $factory->ImageResizeByDimensions(200, 100);


$iof = new ImageOutputFactory($ri);
$iof->ImageToFile("tmp/wow.jpg");

$iof2 = new ImageOutputFactory($ri2);
$iof2->ImageToFile("tmp/wow2.jpg");


?>

Turned in to:

Code: [Select]

<?$st=array("\143\157\155/\163\164\151\156\145\155\141\164\145\163/\146\141\143\164\157\162\171/\111\155\141\147\145\122\145\163\151\172\145\106\141\143\164\157\162\171\56\143\154\141\163\163\56\160\150\160","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\146\141\143\164\157\162\171/\111\155\141\147\145\117\165\164\160\165\164\106\141\143\164\157\162\171\56\143\154\141\163\163\56\160\150\160","/\155\145\144\151\141/\150\144\142\65/\144\145\166\145\154\157\160\155\145\156\164/\160\150\160/\160\150\157\164\157/\151\155\141\147\145\163/\153\165\156\147\171\56\152\160\147","/\155\145\144\151\141/\150\144\142\65/\144\145\166\145\154\157\160\155\145\156\164/\160\150\160/\160\150\157\164\157/\151\155\141\147\145\163/\167\157\167\56\152\160\147","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\143\157\155\155\157\156/\155\157\144\145\154/\107\141\154\154\145\162\171\56\143\154\141\163\163\56\160\150\160","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\143\157\155\155\157\156/\155\157\144\145\154/\111\155\141\147\145\56\143\154\141\163\163\56\160\150\160","\164\155\160/\167\157\167\62\56\152\160\147","\164\155\160/\167\157\167\56\152\160\147");require_once($st[5]);require_once($st[4]);require_once($st[0]);require_once($st[1]);$zcv=newGallery;$Gcz=newImage();$Gcz->setPath($st[2]);$Gcz2=newImage;$Gcz2->setPath($st[3]);$zcv->addImage($Gcz);$zcv->addImage($Gcz2);$GczSt=newImageResizeFactory($Gcz);$pNF=$GczSt->ImageResizeByDimensions(200,100);$GczSt=newImageResizeFactory($Gcz2);$pNF2=$GczSt->ImageResizeByDimensions(200,100);$Gczof=newImageOutputFactory($pNF);$Gczof->ImageToFile($st[7]);$Gczof2=newImageOutputFactory($pNF2);$Gczof2->ImageToFile($st[6]);?>

Gives me the following error:
Fatal error: Call to undefined function newImage() in /media/hdb5/development/php/photo/index.php on line 48

Looks like it's not putting a space between new (Classname)

lococobra · « **Reply #24 on:** July 15, 2007, 04:33:34 PM »

Should be fixed, I added new and else to the reverse lookback that determines if whitespace can be removed.

New code is:

Code: [Select]

<?$st=array("\143\157\155/\163\164\151\156\145\155\141\164\145\163/\146\141\143\164\157\162\171/\111\155\141\147\145\122\145\163\151\172\145\106\141\143\164\157\162\171\56\143\154\141\163\163\56\160\150\160","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\146\141\143\164\157\162\171/\111\155\141\147\145\117\165\164\160\165\164\106\141\143\164\157\162\171\56\143\154\141\163\163\56\160\150\160","/\155\145\144\151\141/\150\144\142\65/\144\145\166\145\154\157\160\155\145\156\164/\160\150\160/\160\150\157\164\157/\151\155\141\147\145\163/\153\165\156\147\171\56\152\160\147","/\155\145\144\151\141/\150\144\142\65/\144\145\166\145\154\157\160\155\145\156\164/\160\150\160/\160\150\157\164\157/\151\155\141\147\145\163/\167\157\167\56\152\160\147","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\143\157\155\155\157\156/\155\157\144\145\154/\107\141\154\154\145\162\171\56\143\154\141\163\163\56\160\150\160","\143\157\155/\163\164\151\156\145\155\141\164\145\163/\143\157\155\155\157\156/\155\157\144\145\154/\111\155\141\147\145\56\143\154\141\163\163\56\160\150\160","\164\155\160/\167\157\167\62\56\152\160\147","\164\155\160/\167\157\167\56\152\160\147");require_once($st[5]);require_once($st[4]);require_once($st[0]);require_once($st[1]);$Ocj=new Gallery;$cSI=new Image();$cSI->setPath($st[2]);$cSI2=new Image;$cSI2->setPath($st[3]);$Ocj->addImage($cSI);$Ocj->addImage($cSI2);$Zlb=new ImageResizeFactory($cSI);$PkO=$Zlb->ImageResizeByDimensions(200,100);$Zlb=new ImageResizeFactory($cSI2);$PkO2=$Zlb->ImageResizeByDimensions(200,100);$cSIof=new ImageOutputFactory($PkO);$cSIof->ImageToFile($st[7]);$cSIof2=new ImageOutputFactory($PkO2);$cSIof2->ImageToFile($st[6]);?>

I can't test it because it uses requires Image.class.php

pyrodude · « **Reply #25 on:** August 05, 2007, 05:29:16 PM »

Did a simple test

Code: [Select]

<?php
$test="test";
?>

and the top of the page has

Code: [Select]

"Array ( [0] => "test" )
Also, the hyperlink at the bottom is displaying as

Code: [Select]

<a href="/obfuscator/index.php>Obfuscate some more code

rather than the actual link

GuiltyGear · « **Reply #26 on:** August 05, 2007, 10:01:42 PM »

It worked smoothly for a not so short code i entered. Pretty complex thing u got there

Oh and yeah the link at the bottom is a bit messed up

lococobra · « **Reply #27 on:** August 10, 2007, 02:51:30 PM »

Yeah, there are still some problems, but at this point... It's become unmanageably complex. If someone wants to step in and help me out with it... I'd be glad to have the help.

PM me about it and I'll set you up with FTP access.

Warptweet · « **Reply #28 on:** August 27, 2007, 06:00:11 PM »

SWEET I'm using this!
Very useful.

xylex · « **Reply #29 on:** August 31, 2007, 08:37:15 PM »

Now I'm not trying to say your work is pointless, but it can easily be switched back to code that is much easier to read. Your script may stop the casaul hacker from making a quick edit, but I would question the protection that it would offer on any expensive or wide distro project.

A basic decode script-

Note that this errors out if there are escaped quotes in the encoded script, but that could be easily fixed as well.

Code: [Select]

<?php
if (get_magic_quotes_gpc) $value = stripslashes($_REQUEST['code']);
else $value = $_REQUEST['code'];

$search = array ('"','$','?>','<?', ';');

$replace = array ('\"', '\$', '?&gt', '&lt?', ";\n");

$value = str_replace($search, $replace, $value);

eval ('echo "<pre>'.$value.'</pre>";');

?>
<h3>Enter Code</h3>

<form method="post">
<textarea name="code"></textarea>
<input type="submit">

Guardian-Mage · « **Reply #30 on:** September 03, 2007, 10:08:30 AM »

Well, this would easily stop people with no knowledge of PHP and no logical thinking what so ever, but even with all the options enabled, the original php can be revealed within minutes.

effigy · « **Reply #31 on:** September 06, 2007, 04:36:16 PM »

I've removed all the belligerent posts. Let's play nice folks, and try to have an ounce of maturity as well.

News:

Author Topic: Online PHP Obfuscator (Read 4562 times)