Home > Article > Backend Development > Introduction to several methods of PHP code encryption
How to protect your PHP code:
Code Obfuscation Encryption
The actual encryption does not count, the specific implementation idea is Encrypt the code with base64, then perform string mapping on the string in base64 (randomly generate dictionary obfuscation), and then eval executes this method, which can be cracked and restored.
represents the code as follows:
<?php function RandAbc($length = "") { // 返回随机字符串 $str = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; return str_shuffle($str); } $filename = 'index.php'; //要加密的文件 $T_k1 = RandAbc(); //随机密匙1 $T_k2 = RandAbc(); //随机密匙2 $vstr = file_get_contents($filename); $v1 = base64_encode($vstr); $c = strtr($v1, $T_k1, $T_k2); //根据密匙替换对应字符。 $c = $T_k1.$T_k2.$c; $q1 = "O00O0O"; $q2 = "O0O000"; $q3 = "O0OO00"; $q4 = "OO0O00"; $q5 = "OO0000"; $q6 = "O00OO0"; $s = '$'.$q6.'=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$'.$q1.'=$'.$q6.'{3}.$'.$q6.'{6}.$'.$q6.'{33}.$'.$q6.'{30};$'.$q3.'=$'.$q6.'{33}.$'.$q6.'{10}.$'.$q6.'{24}.$'.$q6.'{10}.$'.$q6.'{24};$'.$q4.'=$'.$q3.'{0}.$'.$q6.'{18}.$'.$q6.'{3}.$'.$q3.'{0}.$'.$q3.'{1}.$'.$q6.'{24};$'.$q5.'=$'.$q6.'{7}.$'.$q6.'{13};$'.$q1.'.=$'.$q6.'{22}.$'.$q6.'{36}.$'.$q6.'{29}.$'.$q6.'{26}.$'.$q6.'{30}.$'.$q6.'{32}.$'.$q6.'{35}.$'.$q6.'{26}.$'.$q6.'{30};eval($'.$q1.'("'.base64_encode('$'.$q2.'="'.$c.'";eval(\'?>\'.$'.$q1.'($'.$q3.'($'.$q4.'($'.$q2.',$'.$q5.'*2),$'.$q4.'($'.$q2.',$'.$q5.',$'.$q5.'),$'.$q4.'($'.$q2.',0,$'.$q5.'))));').'"));'; $s = '<?php '."\n".$s."\n".' ?>'; //echo $s; // 生成 加密后的PHP文件 $fpp1 = fopen('temp_'.$filename, 'w'); fwrite($fpp1, $s) or die('写文件错误'); ?>
Confuse garbled characters
The code obfuscation variable also has some things similar to the principle of 1, but it changes the string to non-human characters between ASCII 127 and 255, and there are characters that the editor cannot understand. , the result is 100% able to be cracked and restored, it is just a matter of time.
Issuing opcode
Do not distribute the code, but precompile the PHP code first and distribute the opcode. After PHP7, opcache deeply integrates this thing. After PHP7, you can use this method to protect it. Source code, but it will also be decompiled by opcode and will be cracked.
Write a PHP extension with obfuscation and encryption
Write a PHP extension with obfuscation and encryption, but any open source PHP extension will be cracked unless you write your own encryption algorithm and encrypt the PHP code , and then use the C voice to write extended closed source. Others don’t know your encryption and cracking ideas, so the possibility of being cracked is very small.
Swoole Compiler
The one produced by swoole is to take the generated opcode and then obfuscate the encryption. Then this is awesome. If you want to execute this, it is obvious that the zend engine is It is impossible to recognize the obfuscated and encrypted opcode, so he actually needs to rewrite zend, so the supporting zend engine also needs to be changed.
Related recommendations:
PHP video tutorial: //m.sbmmt.com/course/list/29/type/2.html
The above is the detailed content of Introduction to several methods of PHP code encryption. For more information, please follow other related articles on the PHP Chinese website!