PHP code protection, obfuscation, and encoding

Update:

BCOMPILER is no longer supported past PHP 5.3, BUT, the same developer went back to developing APC, and now, there are APC functions that can do what bcompiler used to do.
I will come back to explain how to use it later (it works perfectly for me without the original files all together. the trick is 2 functions, apc_bin_load and apc_bin_dump.

The other good option is PHC (of phpcompiler.org).

A third option would be obfusc.com

End of update (2014-05-10)
—————————–

For encoding, there are 3 options

Before i waste your time, what i do is this, i obfuscate the code so that the function names, variable names, and other things are useless and meaningless to the reader, then i use bcompiler. Now here are the choices and programs i used through the years.

Zend Guard (formerly Zend Encoder)- Expensive ($600) – Some say they have cracked it but i have never seen any evidence of that, requires the free Zend Optimizer or Zend Guard Loader to run the encoded code
Ioncube – I have a license for this one, does what zend encoder does, needs it’s loader on the server to work, provides a cheaper encode-online edition for those with small projects, lowest license is for 200 dollars
bcompiler – Free, and probably faster than the other two, it is simply native PHP opcode, meaning you spare PHP the need to compile your code (interpret), making your code run faster, but reversing it is not very hard. to make reversing harder, you need to obfuscate your code (change variable names and function/method names to make the code unreadable, read below for software to obfuscate that are available online.
BENCODER v1.6 – Encode your PHP script using bcompiler – to facilitate using bcompiler

PHP Obfuscators

Here are just a few, if you google PHP obfuscator you will find hundreds 😀

truebug – $45
codeeclipse – free service, obfuscation happens online on the website
phpprotect.info – Simple free tool that obfuscates variable names, which is enough most of the time, it is very hard to read code with non descriptive variable names
iddin.sourceforge.net – all in German, but translating reveals that it is an obfuscator

Leave a Reply

Your email address will not be published. Required fields are marked *