Is there a code obfuscator for PHP

Question

Has anybody used a good obfuscator for PHP  I ve tried some but they don t work for very big projects  They can t handle variables that are included in one file and used in another  for instance   Or do you have any other tricks for stopping the spread of your code

User · Answer

Using SourceGuardian is good as it comes with a cool and easy to use GUI.

But be aware:

Pay attention to its -rather funny- licensing terms.

You are only allowed to run 1 per machine -so far this is acceptable
If you want to run the command line interface on another machine, say your web server, YOU WILL NEED ANOTHER LICENSE (Yes, it's funny and I can hear you laughing too).

User · Answer

Thicket    Obfuscator for PHP     The PHP Obfuscator tool scrambles PHP source code to make it very difficult to understand or reverse-engineer  example   This provides significant protection for source code intellectual property that must be hosted on a website or shipped to a customer  It is a member of SD s family of Source Code Obfuscators

User · Answer

People will offer you obfuscators  but no amount of obfuscation can prevent someone from getting at your code   None   If your computer can run it  or in the case of movies and music if it can play it  the user can get at it   Even compiling it to machine code just makes the job a little more difficult   If you use an obfuscator  you are just fooling yourself   Worse  you re also disallowing your users from fixing bugs or making modifications   Music and movie companies haven t quite come to terms with this yet  they still spend millions on DRM   In interpreted languages like PHP and Perl it s trivial   Perl used to have lots of code obfuscators  then we realized you can trivially decompile them   perl -MO Deparse some program   PHP has things like DeZender and Show My Code   My advice   Write a license and get a lawyer   The only other option is to not give out the code and instead run a hosted service   See also the perlfaq entry on the subject

User · Answer

See our SD Thicket PHP Obfuscator for an obfuscator that works just fine with arbitrarily large sets of pages   It operates primarily by scrambling identifier names   With modest to large applications  this can make the code extremely difficult to understand  which is the entire purpose   It doesn t waste any energy on  eval decode encodedprogramcode    schemes  which a lot of PHP  obfuscators  do  these are  encoder s  not  obfuscator s   because any clod can find that call and execute the eval-decode himself and get the decoded code   It uses a language-precise parser to process the PHP  it will tell you if your program is syntactically invalid   More importantly  it knows the whole language precisely  it won t get lost or confused  and it won t break your code  other that what happens if you obfuscate  incorrectly   e g   fail to identify the public API of the code correctly     Yes  it obfuscates identifiers identically across pages  if it didn t do that  the result wouldn t work

User · Answer

I m not sure you can label obfuscation of an interpreted language as pointless  I m unable to add a comment to Schwern s post  so here goes a new entry    I think it s a little shortsighted to assume you know all the possible scenarios where someone would like to obfuscate code  and you assume that anyone will actually be willing to go to whatever necessary lengths to view that code once obfuscated  Consider my current scenario   I work for a consulting company that is developing a large and fairly sophisticated PHP-based site  The project will be hosted on a client s server that is hosting other sites developed by other consultancies  Technically any code we write is owned by the client  so we can t license it  However  any other consultancy  competitor  with access to the server can copy our code without getting permission from the client first  We therefore have a genuine reason for obfuscation - to make the effort required for a competitor to understand our code more than the effort of creating a copy of our work from scratch

User · Answer

I m not sure you can label obfuscation of an interpreted language as pointless  I m unable to add a comment to Schwern s post  so here goes a new entry    I think it s a little shortsighted to assume you know all the possible scenarios where someone would like to obfuscate code  and you assume that anyone will actually be willing to go to whatever necessary lengths to view that code once obfuscated  Consider my current scenario   I work for a consulting company that is developing a large and fairly sophisticated PHP-based site  The project will be hosted on a client s server that is hosting other sites developed by other consultancies  Technically any code we write is owned by the client  so we can t license it  However  any other consultancy  competitor  with access to the server can copy our code without getting permission from the client first  We therefore have a genuine reason for obfuscation - to make the effort required for a competitor to understand our code more than the effort of creating a copy of our work from scratch

User · Answer

You can try PHP protect which is a free PHP obfuscator to obfuscate your PHP code  It is very nice  easy to use and also free  EDIT  This service is not live anymore   As for what others have written here about not using obfuscation because it can be broken etc  I have only one thing to answer them - don t lock your house door because anyone can pick your lock  This is exactly the case  obfuscation is not meant to prevent 100  code theft  It only needs to make it a time-consuming task so it will be cheaper to pay the original coder  Hope this helps

User · Answer

The best I ve seen is Zend Guard

User · Answer

Thicket    Obfuscator for PHP     The PHP Obfuscator tool scrambles PHP source code to make it very difficult to understand or reverse-engineer  example   This provides significant protection for source code intellectual property that must be hosted on a website or shipped to a customer  It is a member of SD s family of Source Code Obfuscators

User · Answer

Nothing will be perfect  If you just want something to stop non-programmers then here s a little script I wrote you can use    lt  php  infile   SERVER  argv   1    outfile   SERVER  argv   2   if    infile      outfile        die  Usage  php    SERVER  argv   0    lt input file gt   lt output file gt  n      echo  Processing  infile to  outfile n    data  ob end clean     gt     data  php strip whitespace  infile      compress data  data gzcompress  data 9      encode in base64  data base64 encode  data      generate output text  out   lt  ob start    a      data     eval gzuncompress base64 decode  a     v ob get contents   ob end clean     gt       write output text file put contents  outfile  out

User · Answer

The best I ve seen is Zend Guard

User · Answer

You can try PHP protect which is a free PHP obfuscator to obfuscate your PHP code  It is very nice  easy to use and also free  EDIT  This service is not live anymore   As for what others have written here about not using obfuscation because it can be broken etc  I have only one thing to answer them - don t lock your house door because anyone can pick your lock  This is exactly the case  obfuscation is not meant to prevent 100  code theft  It only needs to make it a time-consuming task so it will be cheaper to pay the original coder  Hope this helps

User · Answer

People will offer you obfuscators  but no amount of obfuscation can prevent someone from getting at your code   None   If your computer can run it  or in the case of movies and music if it can play it  the user can get at it   Even compiling it to machine code just makes the job a little more difficult   If you use an obfuscator  you are just fooling yourself   Worse  you re also disallowing your users from fixing bugs or making modifications   Music and movie companies haven t quite come to terms with this yet  they still spend millions on DRM   In interpreted languages like PHP and Perl it s trivial   Perl used to have lots of code obfuscators  then we realized you can trivially decompile them   perl -MO Deparse some program   PHP has things like DeZender and Show My Code   My advice   Write a license and get a lawyer   The only other option is to not give out the code and instead run a hosted service   See also the perlfaq entry on the subject

User · Answer

Try this one  http   www pipsomania com best php obfuscator do  Recently I wrote it in Java to obfuscate my PHP projects  because I didnt find any good and compatible ready written on the net  I decided to put it online as saas  so everyone use it free  It does not change variable names between different scripts for maximum compatibility  but is obfuscating them very good  with random logic  every instruction too  Strings    everything  I believe its much better then this buggy codeeclipse  that is by the way written in PHP and very slow

User · Answer

Try this one  http   www pipsomania com best php obfuscator do  Recently I wrote it in Java to obfuscate my PHP projects  because I didnt find any good and compatible ready written on the net  I decided to put it online as saas  so everyone use it free  It does not change variable names between different scripts for maximum compatibility  but is obfuscating them very good  with random logic  every instruction too  Strings    everything  I believe its much better then this buggy codeeclipse  that is by the way written in PHP and very slow

User · Answer

Obfuscation is only adding another layer of potential bugs and security vulnerabilities to your program  Please don t do it   The kind of people who write obfuscation software usually seem very sketchy and non-skilled anyway   If your code is  great   crackers will go through great lengths to spread it  regardless of whether or not it is obfuscated  If nobody knows cares about your code  they probably won t  either

User · Answer

See our SD Thicket PHP Obfuscator for an obfuscator that works just fine with arbitrarily large sets of pages   It operates primarily by scrambling identifier names   With modest to large applications  this can make the code extremely difficult to understand  which is the entire purpose   It doesn t waste any energy on  eval decode encodedprogramcode    schemes  which a lot of PHP  obfuscators  do  these are  encoder s  not  obfuscator s   because any clod can find that call and execute the eval-decode himself and get the decoded code   It uses a language-precise parser to process the PHP  it will tell you if your program is syntactically invalid   More importantly  it knows the whole language precisely  it won t get lost or confused  and it won t break your code  other that what happens if you obfuscate  incorrectly   e g   fail to identify the public API of the code correctly     Yes  it obfuscates identifiers identically across pages  if it didn t do that  the result wouldn t work

User · Answer

People will offer you obfuscators  but no amount of obfuscation can prevent someone from getting at your code   None   If your computer can run it  or in the case of movies and music if it can play it  the user can get at it   Even compiling it to machine code just makes the job a little more difficult   If you use an obfuscator  you are just fooling yourself   Worse  you re also disallowing your users from fixing bugs or making modifications   Music and movie companies haven t quite come to terms with this yet  they still spend millions on DRM   In interpreted languages like PHP and Perl it s trivial   Perl used to have lots of code obfuscators  then we realized you can trivially decompile them   perl -MO Deparse some program   PHP has things like DeZender and Show My Code   My advice   Write a license and get a lawyer   The only other option is to not give out the code and instead run a hosted service   See also the perlfaq entry on the subject

User · Answer

Using SourceGuardian is good as it comes with a cool and easy to use GUI.

But be aware:

Pay attention to its -rather funny- licensing terms.

You are only allowed to run 1 per machine -so far this is acceptable
If you want to run the command line interface on another machine, say your web server, YOU WILL NEED ANOTHER LICENSE (Yes, it's funny and I can hear you laughing too).

User · Answer

Nothing will be perfect  If you just want something to stop non-programmers then here s a little script I wrote you can use    lt  php  infile   SERVER  argv   1    outfile   SERVER  argv   2   if    infile      outfile        die  Usage  php    SERVER  argv   0    lt input file gt   lt output file gt  n      echo  Processing  infile to  outfile n    data  ob end clean     gt     data  php strip whitespace  infile      compress data  data gzcompress  data 9      encode in base64  data base64 encode  data      generate output text  out   lt  ob start    a      data     eval gzuncompress base64 decode  a     v ob get contents   ob end clean     gt       write output text file put contents  outfile  out

User · Answer

The best I ve seen is Zend Guard

User · Answer

The best I ve seen is Zend Guard

User · Answer

Obfuscation is only adding another layer of potential bugs and security vulnerabilities to your program  Please don t do it   The kind of people who write obfuscation software usually seem very sketchy and non-skilled anyway   If your code is  great   crackers will go through great lengths to spread it  regardless of whether or not it is obfuscated  If nobody knows cares about your code  they probably won t  either

User · Answer

People will offer you obfuscators  but no amount of obfuscation can prevent someone from getting at your code   None   If your computer can run it  or in the case of movies and music if it can play it  the user can get at it   Even compiling it to machine code just makes the job a little more difficult   If you use an obfuscator  you are just fooling yourself   Worse  you re also disallowing your users from fixing bugs or making modifications   Music and movie companies haven t quite come to terms with this yet  they still spend millions on DRM   In interpreted languages like PHP and Perl it s trivial   Perl used to have lots of code obfuscators  then we realized you can trivially decompile them   perl -MO Deparse some program   PHP has things like DeZender and Show My Code   My advice   Write a license and get a lawyer   The only other option is to not give out the code and instead run a hosted service   See also the perlfaq entry on the subject

[php] Is there a code obfuscator for PHP?

Examples related to php

Examples related to obfuscation