3

I saw this thread after wondering if a PHP obfuscator exists. It gave me the question:

Why is it necessary to obfuscate PHP code if PHP files aren't supposed to be downloadable/"decompilable" in the first place?

Community
  • 1
  • 1
Adam
  • 612
  • 4
  • 13
  • 23
  • It isn't. (*comment too short*) – h2ooooooo Feb 05 '14 at 12:44
  • It's indeed not. However, in some cases people allow a piece of software, such as wordpress or a full system, to be downloaded and used by a client. If they don't want the client to know what the code is, but be able to use it nonetheless, they can have it obfuscated. – Tularis Feb 05 '14 at 12:45
  • What about if you give your php code to your client and you do not want him to modify the code – Hassan Feb 05 '14 at 12:45
  • 1
    PHP projects often get outsourced which means anyone who gets hold of the code can see it and change it. PHP obfuscators are actually supposed to solve that problem but in the end they are often more trouble than worth it. –  Feb 05 '14 at 12:47
  • 6
    It isn't, but some developers consider that their code is so incredibly beautiful that if other developers were to see it in all its full glory it would render them blind; so for the benefit of those other developers, they uglify it – Mark Baker Feb 05 '14 at 12:47
  • It is good to know how it works anyway to understand deobfuscation of a hackers code inserted in your website. – Daniel W. Feb 05 '14 at 12:52
  • http://www.obfuscator.info/php_obfuscators_encoders.html – Ferrakkem Bhuiyan Feb 05 '14 at 12:57
  • @code360 - I'm not sure a site that mentions `Pearl` [sic] as a programming language for writing obfuscators is quite as good a reference on coding as it might be. There is a Pearl programming language, but it' a specialist language for real-time and multitasking coding; not as obvious a language to use for obfuscation as the more common `Perl` language – Mark Baker Feb 05 '14 at 21:55

3 Answers3

5

It's designed to obfuscate distributed PHP code. For example, say you're selling a forum system but offer a free trial. If someone can just go in and disable the payment check, then what's the point of selling it?

Zoey Mertes
  • 3,139
  • 19
  • 23
  • At some point the PHP compiler will get real PHP code anyway, and this deobfuscating must be part of the PHP code, so essentially you're just adding another layer of horribleness. It'd be like encrypting data in javascript using a static key that's present in the source. – h2ooooooo Feb 05 '14 at 12:47
  • Is this a minecraft block in your picture? – Daniel W. Feb 05 '14 at 12:47
  • 1
    You should mention that you can decrypt the code even if it has been passed through an obfuscator like ion cube. There tools. IMHO it is pointless. If somebody really wants to decrypt it he can find a way. – floriank Feb 05 '14 at 12:49
  • 1
    @h2ooooooo In most forms of obfuscation, the "PHP compiler" will *not* ever see the original, readable code. It will see functionally equivalent but much harder to comprehend code. The machine doesn't mind because it's valid PHP code, only humans are prevented from understanding it. –  Feb 05 '14 at 12:50
2

It's true that php-code cannot be showed/downloaded directly.

But, for example, you write a software for somebody else and don't want him to change anything on your software, obfuscation makes it harder for him to understand, what your code does.

Maarkoize
  • 2,601
  • 2
  • 16
  • 34
  • 1
    Bad argument. Crackers cracks binary .exe files with very strong protection/encryption models which is a million times harder than this. To break/understand PHP obfuscated code is a peace of sh*t. Every code on the planet can be reverse-engineered if somebody _has_ that code and a _real_ need to break it – Agnius Vasiliauskas Nov 30 '18 at 07:41
1

PHP obfuscation does exactly the the job of stripping comments, whitespaces, and scrambling identifiers. you get details above mention link

Ferrakkem Bhuiyan
  • 2,741
  • 2
  • 22
  • 38