Whitespace Obfuscator for PHP
After reading the article about obfuscation in JavaScript (namely, the third part of the article), I became interested in such obfuscator for PHP.
Obfuscator, which was discussed in the article turned JavaScript-code into invisible (at first glance), consisting of tabs and spaces code.
The bottom line is to represent each symbol of the source code as the code of this symbol translated into a binary system. Then replace 1 with spaces, and 0 with tabs (of course, and vice versa).
')
With the implementation of this algorithm in PHP, everything is as simple as JavaScript.
Everything seems to be normal here (if you don’t go into details), now I’ll give an example of calling obfuscated code.
It seems that the value returned by the function will be “mixed” (if I understand correctly, then void - how would it be a part of it?), But this is if we go into details.
It seems to me that it turned out to be quite tolerable, but still this type of obfuscator cannot be claimed to work (it is implied in practice) (I know that a banal thing was said). It was rather done for fun, at least it was interesting for me to see the result.
Thank you for your attention, good luck.
Obfuscator, which was discussed in the article turned JavaScript-code into invisible (at first glance), consisting of tabs and spaces code.
The bottom line is to represent each symbol of the source code as the code of this symbol translated into a binary system. Then replace 1 with spaces, and 0 with tabs (of course, and vice versa).
')
With the implementation of this algorithm in PHP, everything is as simple as JavaScript.
Obfuscator code:
function obfuscate($code) { $len = strlen($code); $obf = ''; for ($i = 0; $i < $len; $i++) { // i- $bin = decbin(ord($code[$i])); // , 0 $bin = ($binLen = strlen($bin) > 7) ? $bin : implode('', array_fill(0, 8 - strlen($bin), '0')) . $bin; // 1 , 0 , $obf .= str_replace(array('1', '0'), array(chr(9), chr(32)), $bin); } return $obf; } Everything seems to be normal here (if you don’t go into details), now I’ll give an example of calling obfuscated code.
Deobfuscator ("Performer")
function include_o($file) { $file = trim($file); // if ( empty($file) || !is_readable($file) ) { throw new Exception("Filename is empty or file isn't readable"); } $string = file_get_contents($file); $len = strlen($string); $out = ''; for ($i = 0; $i < $len; $i++) { /* * 8 , * */ $out .= chr(bindec(str_replace(array(chr(9), chr(32)), array('1', '0'), substr($string, $i, 8)))); $i += 7; } if (!empty($out)) { eval($out); } } It seems that the value returned by the function will be “mixed” (if I understand correctly, then void - how would it be a part of it?), But this is if we go into details.
Conclusion
It seems to me that it turned out to be quite tolerable, but still this type of obfuscator cannot be claimed to work (it is implied in practice) (I know that a banal thing was said). It was rather done for fun, at least it was interesting for me to see the result.
Thank you for your attention, good luck.
Source: https://habr.com/ru/post/458710/
All Articles