|
|
 Melanie Wehowski - 2015-04-23 22:14:56 Generally:
- obfuscation of php source does not make sense
- obfuscation is no encryption
- the key/password may be useless in some cases if stored together within the subject and if it is a symetric key
- base64_decode is good for normalization and serialization, yes
- maybe I am wrong, it looks like you convert strings to base64 and then back to hexadecimal, why?
- _generateKey from hash('SHA256', md5(uniqid())) hashing hashes does not make a lot of sence in most cases
- to obfuscate filenames by just prefixing them(?) may be handled by another problems component?
- using eval is ok! But if I am not wrong you are using eval(eval(... ?
- the same with base64_encode(base64_encode(... ?
Don't get me wrong, programmers may want to
- license the app/source
- protect the distributing of the source
- password protect anything
- strip whitespaces and comments (!)
- sign software
I think this is ok, I am not a such an exploiter.
But everybody should know now "obfuscating" and "self-decryption" is not a proper way in most cases, or even wasted time.
Alternative, there is:
- hybrid encryption
- two factor authorization
- using web services
However no matters, although I am using source encryption (for instance for file transfers) and some antipatterns too in my early own projects (rarely), I am still learning, too.
regards,
Till
 Rafael Espinosa - 2015-04-24 12:38:35 - In reply to message 1 from Melanie WehowskiYou are right my friend. That class was designed for a license checking.
Right now I'm using HHVM or Phalanger if I need protect proprietary source code.
Whatever, if you encrypt the source code with 3 levels at least, try to decrypt it manually. A hard task, nothing more. Even you could reverse binary/bytecode files with proper tools.
In my personal opinion eval = evil.
The concurrent calls to base64 functions are because the pack() and input vector data ($iv) are binaries and PHP stream handle this kind of data as strings producing errors.
The class works... and that is enough for me.
 behnamy - 2015-08-26 15:24:03 - In reply to message 2 from Rafael EspinosaHi Rafael Espinosa, what do you mean encoding using HHVM? hhvm does has a PHP encrypter in it?
__________________
I used your package today and this error happens sometimes:
Parse error: in C:\xampp\index.php(2) : eval()'d code on line 1
And if I encode it again, then it's ok. It seems that some characters is not allowed in random password of mcrypt you used, so if the randomly created password contains those characters it breaks and the above error occurs.
And also there is another strange problem that I faced in just some of my script's php files that nothing shows in browser after encryption!! the php file was mixed with html and js, and I encoded the php parts of the file one by one and replace them with non-encoded php codes parts, but nothing shows in browser! except one part of my html codes, Can you guess what's wrong with your encryptor's codes or even my codes that this problem happens?
behnamy - 2015-08-26 18:52:18 - In reply to message 3 from behnamyI think I found where is the problem! why do you replace ' in below method?
public function preProcessString($str)
{
$str = str_replace("<?php", "", $str);
$str = str_replace("<?", "", $str);
$str = str_replace("?>", "", $str);
$str = str_replace("'", "\x22", $str);
$str = trim($str);
return $str;
}
|
