PHP Classes

File: docs/README

Recommend this page to a friend!
  Classes of Warren Smith   The (sort of) PHP Compiler   docs/README   Download  
File: docs/README
Role: Documentation
Content type: text/plain
Description: README
Class: The (sort of) PHP Compiler
Obfuscate PHP code using filters and compression
Author: By
Last change:
Date: 16 years ago
Size: 14,048 bytes


Class file image Download
NAME: The (sort of) PHP Compiler v0.1 SYNOPSIS: include('Compiler.class.php'); $Compiler = new Compiler('uncompiled.php', 'compied.php'); DESCRIPTION: What is "The (sort of) PHP Compiler"? First let me cover what this is NOT. This is not a compiler in the sense that it will NOT make an executable application that can be executed on target systems independently of PHP. If you are looking for that of thing you need to look for the Roadsend PHP Compiler, one of the many PHP opcode caching applications or the bcompiler set of functions within PHP (get bcompiler from This is a compiler in the sense that it makes a compilation from multiple PHP files, after that it will obfuscate the source code. The main way of obfuscating the code is by compressing the code with gzip, this is used as the base obfuscation filter because it yields the functional side effect of making the source code smaller, where as you'll find almost any further obfuscation will probably make the source larger (which isn't always handy). After the base obfuscation has been completed, extra filters can be used, either your own filters in the form of your own function or method or a built in filter within the Compiler class. So "The (sort of) PHP Compiler" is not really a compiler? No. In reality this is an obfuscation tool. I know there is a standards junkie out- there who can't handle something like this being called a "compiler" but it does make a compilation of PHP files and last time I checked, computer scientists didn't invent the word compile, just deal with it. How can "The (sort of) PHP Compiler" be useful to me? Well I'm not promising anything, but the reason why I wrote this was because I wanted an easy way to play with different homemade obfuscation techniques, for copy protection at the PHP level. I came back to this script recently because I wanted to conceal the contents of a bash script written in PHP so it finally became of more use to me than just a "what if" experiment so maybe it will for you too. Look I wouldn't go try "compile" your entire CMS into a single compressed and obfuscated PHP file or anything, not only is this library not ready for that sort of responsibility but it would just add uneccesary overhead to both script execution and maintenence. However this *could* be useful if you have a single function within one of your CMS scripts that you want to hide or some classes or maybe a single script you want to obfuscate or compress. This is also useful if you want to explore your own obfuscation and copy protection methods, it will make your life a bit easier by handling all the crappy stuff for you so you can just get to the actual obfuscation bit of things. If you do make anything thats actually hard to "crack", let me know. Isn't obfuscation of PHP at the PHP level a waste of time? Kinda.. There are real PHP compilers out there (none that you would use on anything mission critical though) and compiling PHP into an exe might seem like the best solution but it would also mean the code wouldn't be portable and you would need to have different builds for different systems (win32 or linux, sparc or x86). There is the Bytecode Compiler project for PHP that, according to the PHP manual, plans to seek the feasability of making a PHP to C thingy. That would be cool and general Bytecode Compiling would definately be helpfull in PHP obfuscation and copy protection, but those functions are experimental and you probably won't find them enabled on that many production servers just yet and when you do I imagine it wouldn't be too hard to reverse. So the problem remains, how do you obfuscate something that needs to reversed at run time so that it is unviable to try "crack", its a cool problem because it's one of those areas where it pays to be a little eccentric in your thinking/ The real beauty of obfuscation of PHP at the PHP level (and indeed any other high level interpreted language) is that its a seemingly unsolvable problem because no matter what you do with the source, one constant remains, that at some point you will have to reverse the obfuscation to execute the code, there are some cool tricks you can do to fool the "cracker" but it will never be 100% solid and uncrackable (although to be honest the same can be said for lower level obfuscation and protection schemes). Obfuscation is an unsolved problem, so if you have the time and skill why don't you take this class and try solve it. Besides what better way to stick it to the man than invent your own leet obfuscation technique and release it into the public domain so developers don't have to go pay some company for a viable solution for obfuscation and/or copy protection. How does it work? The (sort of) PHP Compiler reads all the specified files and joins them together being carefull to get rid of things we don't need like comments and extra white spaces. The joined up source code is then compressed with gzip and base64 encoded so that we can store it in a normal ASCII file, this step is the obfuscation base. After the base obfuscation is done, control is passed to the filter functions if any are specified. A filter function can either be your own method or function within your own code, a function within a filter file (in which case you only specify the name of the file, minus the '.inc.php' bit, or a built in filter. If you play around with your own obfuscation/encryotion filters you can use the MakeCode method to build the formatted source code from the encrypted string. Your own filter functions should take the source fragment (the PHP code minus the opening and closing PHP tags ,<? and ?> by default) as thier only argument and return the final source segment after they have obfuscated the code. If your own filter needs to run some special code to reverse the obfuscation then you should use the $reverseCode parameter with the MakeCode() helper function. Once we have our final obfuscated source code we output the code to a file (if an output file was specified) and return the results. REQUIREMENTS: This class requires PHP with the zlib library both on the machine on which you compile the code and the target machine on which you intend the compiled code to run. CLASS METHODS: Compile($sourceFiles [, $outputFile, $filters]) ----------- Description: This will merge all the source file(s) into one and compress and obfuscate the results. You can specify your own custom filters to obfuscate the source code further as the default filter is easy to reverse (but a good basis on which to obscure the code more). Arguments: mixed $sourceFiles - This holds the name(s) of the file(s) you want to compile. This can be provided as a glob style string (/some/directory/*.php), a file name or a comma and/or space seperated string of file names and/or glob style strings. You may also supply the above strings in a one dimensional array if you are feeling extra cool and want to use files from multiple locations. The files are merged in the order they are supplied. string $outputFile - This is the optional output file, if this is set we will attempt to write the final code to this file. mixed $filters - These are extra filter callbacks you wish to run the obfuscated code through to obfuscate it further. You can supply filters as a function callback (by supplying a string with the function name), a method call back (by supplying the object that contains the method and method name in an array ie. array($Object, 'MethodName') or you can use the name of one of the built in filter methods within the Compiler class ie. if you want to use the LeetFilter() function you supply the string 'leet' as the filter. You can supply multiple filters if you wish by putting them into a one dimensional array. NOTE: See the FILTERS section in this README for a list of filters that are build into the Compiler class, also see the MakeCode() function if you want to make your own filters or modify existing ones. Returns: A string containing the obfuscated source code MakeCode($codeVar [, $reverseCode, $escapeWith]) ----------- Description: This is a function to be used in your own obfuscation filters to easily build code. You pass the code to be eval()'d as a string or array (of characters or whatever represents the characters). If the obfuscation needs to be reversed before the code can be run you can supply the $reverseCode argument that contains the code string that will reverse the obfuscation, the string should contain the tag specified in the Compilers $InsertCodeTag variable so that we know where to inject the obfuscated source so it can be reverse at runtime. The $escapeWith argument is a sub string that we will prepend to each character in the final code, this allows us to escape the characters for hex and octal style obfuscation or to seperate each characters data with a unique token that we can use the reverse the obfuscation at run time. Arguments: mixed $codeVar - This holds the code either as a single string or an array of characters. string $reverseCode - This is the code to reverse the obfuscation at run time, for instance if you base64 encode the source code to obfuscate it you would set this is 'base64_decode(__C0D3__)', __C0D3__ is the default tag so the compiler knows where it should insert the obfuscated code in the final source. string $escapeWith - This is the string that will be appended to each character of the obfuscated source, for instance if you get the hex values of each character in the source and want to use that as a form of obfuscation then you can supply '\\x' so that each hex element will have \x appended which will make sure when the source is parsed each hex element is converted back into its original byte value. Returns: A string containing the obfuscated source code CLASS VARIABLES: DESCRIPTION $SourceCode An array that holds the source code of the file(s) we want to compile $CompiledCode The compiled source code $VariableName The name of the variable that holds the compiled code in the final source $CharsPerLine The number of characters per line in the final code (not counting indent) $InsertCodeTag This is a unique tag so the compiler knows where to insert code in special PHP code strings (only useful if you make or modify obfuscation filters) $ShebangLine The shebang line (if any) to put at the top of the final code (eg. /usr/local/bin/php -q) $HeaderComment The comment block (if any) to put into the final code $OpenPHPTag This is the opening PHP tag in the final code $ClosePHPTag This is the closing PHP tag in the final code BUILT IN FILTERS: DESCRIPTION Leet This will hex encode the source code, it increases your code size by 4. The resulting code looks a bit like \xDE\xAD\xBE\xEF and it does not need anything special to reverse the obfuscation at run time. Octal This will turn the source code into an octal escaped string EXAMPLES: 1. Example of how to compile all PHP files in a directory called source and add a shebang line to it so it can be used as a bash script called omgwtf.php: <? // Include the Compiler class include_once('Compiler.class.php'); // Instantiate the Compiler object $Compiler = new Compiler; // Set the shebang ine $Compiler->ShebangLine = '#!/usr/local/bin/php -q'; // Compile all the PHP files in the source directory $Compiler->Compile('source/*.php', 'compiled.php'); ?> 2. Example of how to compile a single PHP file and obfuscate the results further with the 'Leet' Filter (build in): <? // Include the Compiler class include_once('Compiler.class.php'); // Compile the single.php file into output.php and obfuscate further with the leet filter $Compiler = new Compiler('single.php', 'output.php', 'leet'); ?> 3. How to compile multiple scripts from different locations into one script, add a custom header file (a block comment) and collect the resulting source in a variable: <? // Include the Compiler class include_once('Compiler.class.php'); // Instantiate the compiler object $Compiler = new Compiler; // These are all the places where our files are kept $Files = array('classes/*.class.php', 'include/something.php', 'test.php, index.php, admin.php', 'libs/ /some/path/to/somefile.php', 'more/php/*.php yet/more/php/files/*'); // This is the block comment we want to prepend the PHP code with $Compiler->HeaderComment = file_get_contents('header.file.php'); // We have everything we need, compile the scripts and grab the resulting source $FinalCode = $Compiler->Compile($Files); // ... We can do whatever with the source from here ?> 4. Example of how to change the variable name of the variable that holds the obfuscated code at the end of the obfuscation. <? // Include the Compiler class include_once(''); // Instantiate the Compiler object $Compiler = new Compiler; // Set the variable name to $OMGWTF $Compiler->VariableName = 'OMGWTF'; // Compile somefile.php to compiled.php $Compiler->('somefile.php', 'compiled.php'); ?> COPYRIGHT: Copyright (c) 2006 Warren Smith. All rights reserved. This software is released under the GNU General Public License. Please read the disclaimer at the top of the Compiler.class.php file. THANKS: Special Thanks to: That guy from Frasier.