PHP Classes

Well Darn

Recommend this page to a friend!

      PHP Ghost Crypt  >  All threads  >  Well Darn  >  (Un) Subscribe thread alerts  
Subject:Well Darn
Summary:another scratch
Messages:9
Author:Dave Smith
Date:2015-11-08 18:33:17
 

  1. Well Darn   Reply   Report abuse  
Picture of Dave Smith Dave Smith - 2015-11-08 18:33:17
Looks like I can scratch general script obfuscation off my list of possible innovative packages :)

Have you done any bench-marking against non obfuscated code?

Dave

  2. Re: Well Darn   Reply   Report abuse  
Picture of Dave Smith Dave Smith - 2015-11-08 18:55:35 - In reply to message 1 from Dave Smith
Maybe I spoke too soon...

What good does it do if the encryption key is present in the encrypted file? Or am I missing something here?

Dave

  3. Re: Well Darn   Reply   Report abuse  
Picture of Nick Daniels Nick Daniels - 2015-11-08 20:24:31 - In reply to message 2 from Dave Smith
Hello Dave,

I do understand your point you're saying, tho I don't see how it'd work without including a decryption key within said file.

Please do suggest ideas, if you feel you have any that would suffice over this. As I can't think of anything other than the way it's been done currently.

Other than that, do you have any good points towards this?

Also this could be done in a manner, where there's a central script to decrypt a file not run directly, tho I'm not sure how more different it'd be. But these are still self-decrypting files that can be run directly either way.

  4. Re: Well Darn   Reply   Report abuse  
Picture of Dave Smith Dave Smith - 2015-11-08 20:26:35 - In reply to message 2 from Dave Smith
Ran some tests...

On line 37 in the class you are removing the last line. I expect you did this for a closing php tag, however without a closing php tag you are removing the echo statement. You should just remove this line.

You don't support nested php tags, you can accomplish this by removing the string replacement functions on lines 24 and 25 of the class and push a closing php tag onto the eval, like this...

eval( "?>".implode("\n", $return) );


Including obfuscated files in an obfuscated file causes problems. I noticed 2 behaviors. First, with newlines added to the variable the script goes into an indefinite loop. Second, the script fails with an error, I suspect due to nested evals. Unfortunately I don't have a quick fix for this last one. I may get time to look into a bit more a little later.

Dave

  5. Re: Well Darn   Reply   Report abuse  
Picture of Nick Daniels Nick Daniels - 2015-11-08 20:46:36 - In reply to message 4 from Dave Smith
I've corrected those problems now, I'll take a look and see what you mean about the including obfuscated files, within other obfuscated files.

Cheers.

  6. Re: Well Darn   Reply   Report abuse  
Picture of Dave Smith Dave Smith - 2015-11-08 20:58:25 - In reply to message 3 from Nick Daniels
I was thinking the key should be stored outside of the web accessible folders. It could be something as simple as a file which can be read into a variable.

This would allow the scripts to run on the proper server and die if they are moved somewhere else, by someone else who doesn't know the proper key. This way the code is protected and can only be used on an authorized system.

Granted, it is a little harder for the end user to set up, but why even obfuscate if it can be easily decrypted.

Dave

  7. Re: Well Darn   Reply   Report abuse  
Picture of Nick Daniels Nick Daniels - 2015-11-08 21:03:57 - In reply to message 6 from Dave Smith
There are still some uses, for example, systems which scan files for certain functions, i.e. free hosting that don't really wana allow certain functions, that have something to scan through detect and either delete or suspend your account.

But that's about all I can think of atm. lol.

  8. Re: Well Darn   Reply   Report abuse  
Picture of Dave Smith Dave Smith - 2015-11-08 21:13:25 - In reply to message 7 from Nick Daniels
Well, you also wanted some good points and I have only pointed out the problems, so...

It is nice to see some actual encryption instead of just relying of base64 :)

Dave

  9. Re: Well Darn   Reply   Report abuse  
Picture of Nick Daniels Nick Daniels - 2015-11-08 21:30:06 - In reply to message 8 from Dave Smith
It is nice to see encryption always. Especially when people mainly use base64, etc. and such.

Also about the problem with the nested eval or such, I'm not sure what to actually do with that, Kinda puzzled, I've searched about and see not much at all to do with it.

If you do have an idea how I could sort that out, after the updates now, please do let me know. When you've had the time.

Again cheers, pointing out the problems isn't that bad, it's only to improve such. :)

Cheers.