Re: encode php scripts with opcache compatibility

From:	Nicolai Scheer	Date:	Wed, 21 May 2014 14:27:50 +0000
Subject:	Re: encode php scripts with opcache compatibility
References:	1 2 3 4	Groups:	php.internals
Request:	Send a blank email to internals+get-74413@lists.php.net to get a copy of this message

Hi,

yes, we are shipping code to customers and they should not read the source.
The level of protection gained from obfuscated code is not enough, but just
delivering the opcodes would be ok.

I know that the opcode array might be dumped, this is just to raise the
bar. If I just obfuscate the code there's still the possibilty left to edit
the code directly.

Greetings

Nico


On 21 May 2014 15:52, Andrea Faulds <ajf@ajf.me> wrote:

>
> On 21 May 2014, at 14:47, Kevin Ingwersen <ingwie2000@googlemail.com>
> wrote:
>
> > There are decent obfuscators? … have not seen any.
> > And then, obfuscated code can be reversed still, whilst „sort of“
> compiled code is far harder to reverse engeneer.
>
> For languages which don’t compile down to machine code, like PHP, C#,
> Java, JavaScript, Python, Perl or Ruby, obfuscation and (if it doesn’t use
> byte code) minification is really the best you can get. Such languages
> necessarily cannot be compiled down to the metal, so if you really don’t
> want anyone to read your code, I’m not sure there’s anything you can do.
> Then again, even x86 machine code can be decompiled.
> --
> Andrea Faulds
> http://ajf.me/
>
>
>
>
>


   

Thread (32 messages)

• Nicolai ScheerWed, 21 May 2014 10:20:43 +0000
  • Andrea FauldsWed, 21 May 2014 13:28:54 +0000
    • Kevin IngwersenWed, 21 May 2014 13:47:05 +0000
      • Andrea FauldsWed, 21 May 2014 13:52:41 +0000
        • Nicolai ScheerWed, 21 May 2014 14:27:50 +0000
          • Rasmus LerdorfWed, 21 May 2014 14:51:19 +0000
            • Martin KeckeisWed, 21 May 2014 19:40:50 +0000
              • Nicolai ScheerWed, 21 May 2014 20:06:30 +0000
            • Nicolai ScheerWed, 21 May 2014 20:12:51 +0000
              • Andrea FauldsWed, 21 May 2014 20:19:56 +0000
                • Andrey AndreevWed, 21 May 2014 21:39:51 +0000
                  • Johannes SchlüterWed, 21 May 2014 22:25:08 +0000
                    • Matteo BeccatiThu, 22 May 2014 07:37:12 +0000
                      • Nicolai ScheerThu, 22 May 2014 08:18:54 +0000
                    • Nicolai ScheerFri, 23 May 2014 13:31:52 +0000
              • Derick RethansWed, 21 May 2014 22:53:04 +0000
                • Nicolai ScheerFri, 23 May 2014 13:52:55 +0000
                  • Nicolai ScheerTue, 27 May 2014 09:20:47 +0000
              • Rowan CollinsWed, 21 May 2014 23:08:24 +0000
  • Bas van BeekThu, 22 May 2014 07:08:24 +0000
    • Kevin IngwersenThu, 22 May 2014 13:47:37 +0000
      • Arvids GodjuksThu, 22 May 2014 14:01:04 +0000
        • Nicolai ScheerFri, 23 May 2014 13:25:55 +0000
          • Arvids GodjuksFri, 23 May 2014 13:39:30 +0000
            • Nicolai ScheerFri, 23 May 2014 13:55:43 +0000
      • Johannes SchlüterThu, 22 May 2014 14:29:08 +0000
        • Bas van BeekThu, 22 May 2014 14:54:15 +0000
          • Johannes SchlüterThu, 22 May 2014 15:17:18 +0000
  • LazyThu, 22 May 2014 19:18:52 +0000
    • Nicolai ScheerFri, 23 May 2014 13:23:18 +0000
• Pierre JoyeWed, 21 May 2014 14:49:01 +0000Re: encode php scripts with opcache compatibility
• Thomas BleyThu, 22 May 2014 01:54:27 +0000Re: encode php scripts with opcache compatibility