Darsyn Obfuscate
Obfuscate source code and decrypt it during run-time., (*1)
This is not designed to securely encrypt source code; merely obfuscate
source code to ensure that any extraction of partial and/or full source code has
been done with intent. This can then provide extra evidence in any legal dispute
you have with said party., (*2)
This obfuscation method is a proof-of-concept and is not efficient
performance-wise., (*3)
Setup
[
// You *MUST* exclude the vendor directory from being checked for
// obfuscated code.
__DIR__ . '/vendor',
],
]);
// This file (the entry script) must not be obfuscated, in order to load
// Autoloaders and the Obfuscator library.
// Now continue your application logic as normal, any further files that are
// loaded will be checked if they are obfuscated and decrypted.
```
## The Magic
The Obfuscator will intercept PHP files as they are loaded and transform
(de-obfuscate) the source code before it is handed over to PHP's parsing engine.
## Example
A PHP file on the filesystem will look like this:
```php
aFcZG1BjeU4PAhFTEUEQAEM0AhViHgsdTAQyJ08HB1IBAxhFH15rZAFTEU9zCggFGhwcMDtVCwoPFyU2
BkEZDRJPAQQ3Bw0BTAYzJwpAIBoGH0wMAXwtABpUE08fCQYHSW8qCAkYUxJOIEUPElUCGzdPAxETARhM
ER0AFh0XEBwBH1ljCgAXABYcGEUGYh4qU09VUhMQQg8GB0VIIQYKB0kGHQAHARBFGWEQEQoaHE0JYUVZ
AEEVbgBJUwBOT1QAHwAVGwZOVEtUGwwQWEwXCRdEABxLVUMUEUYVHQlUSQYbFgYdDgsbCQkAIB8AFAdF
U3tkT1QAQQBTRUNVUkUATAcYUwQxAEkbVABTUVRSCAQNHhVUHEcEBw0KBl9bCxxUNQ8RExQVAEUGQEJL
Fh0bFw9LUgwAEDpKPRpOWgBHUwdBQVoHSABdRSc8ICBjPyoreT49IXAoIWE6ICYMZ0VBTlQAVE8ALkxY
f1JFTFldbxNp
But PHP's parsing engine will receive this:, (*4)
<?php
namespace AppBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
class DefaultController extends Controller
{
public function indexAction()
{
return $this->render(':default:index.html.twig', [
'base_dir' => realpath($this->getParameter('kernel.root_dir') . '/..') . DIRECTORY_SEPARATOR,
]);
}
}
To-do
- [ ] Performance (the bytecode of de-obfuscated source code currently does not get cached in OpCache).
- [ ] Completely disable userland cache so that de-obfuscated code isn't saved to the filesystem.
- [ ] Allow disabling of original AOP source transformers.
Wallogit.com
