I came across many ways and countless number of applications to encode php files, as in zend encoder and iconcube, as well as applications like php lockit.
my question is, what is the most effective way to ensure my encoded files wont be decoded.
the following criteria are a plus:
no need for extra plugins for php.
lightweight and no extensive resource power during decryption
free and easy to use
encoding via windows platform (i do not wish to encode files in the main server)
I've seen a lot of Wordpress malware obfuscated like this:
eval(base64_decode('some-base64-encoded-php-payload'));
This definitely won't ensure that your files can't be decoded, though. At best, it may make your program more "moron resistant." (I dare not say "moron proof".)
If people out there can reverse Stuxnet, they can reverse your PHP, you know? But if you're just trying to hide your code from casual reading, the above might be helpful.
Related
I know that \Phar and \PharData exist, but I'm having some trouble with the methods they supply so far. I'm still having to detect the mime-type / file type by whatever means, before determining which Phar*::method() to use in an attempt to extract the archive and do work on the files it contains.
Is there a go-to, "easy-button" class that I could include (maybe some package available via composer) that handles this at a very high level? Or am I failing to use the Phar and friends properly or in need of re-RTM so far?
Basically, I want to do the following (it's a CLI script that I control for now, so security, while important with this type of thing, is on the backburner for now):
Detect that a file might be an archive of some kind.
Validate that it seems to be one of the following: .tar, .gz, .tar.gz, or .zip.
If so, attempt to extract the archive and then parse the content of it's actual files.
Is there an "easy-button" for this that I'm unaware of, or do I need to build some logic that guesses as best it can as to what type of archive it might be, and then try to use the appropriate Phar* method to attempt to extract it's files and do whatever work I need to on them?
I hope that makes sense the way I wrote it. I'm trying to avoid re-inventing the wheel for a mini-project here if someone has already figured all of this out basically.
So, while continuing to research this I ended up seeing my own (this) SO question in google search results, which annoys me for some reason. So just in case someone stumbles upon this looking for a good solution, I've since found a couple by searching https://packagist.org/search/?q=archive (go figure):
Here's a few of them that seem promising.
wapmorgan/UnifiedArchive:
wapmorgan/UnifiedArchive (packagist)
wapmorgan/UnifiedArchive (github source)
Features (at first glance):
Only has one requirement of pear/archive_tar (which includes a few
more utility classes also from pear).
It attempts to detect the filetype for you, so it could eliminate the need to do that on your own.
alchemy/zippy:
alchemy/zippy (packagist)
alchemy-fr/Zippy (github source)
Features (at first glance):
Code looks to have been very well designed.
Seems to integrate with Laravel and guzzle\guzzle (the popular php http client) in some way so that might be an advantage for some.
zetacomponents/Archive
zetacomponents/Archive (packagist)
zetacomponents/Archive (github source)
Features (at first glance):
It seems to be a pure php implementation? If so that's just awesome.
Last updated 15 days ago, so it's the most active of the three I mentioned.
Seems to be maintained by an organization as opposed to a single person.
It has the most downloads by far on packagist (when searching for "archive"), and though I haven't played with it yet, that's usually a good sign.
Disclaimer: I have only actually tried wapmorgan/UnifiedArchive as of this writing, and so far it's exactly what I was looking for.
Anyway, I hope this helps anyone who might stumble upon this question.
If you don't need pure php and if your code is running on a linux machine, a
exec('uncompress [-cfv] [file...]');
or a
exec('unzip filename.zip -d destination');
will extract the file and make it usable for php.
Of course you need to check the extension (zip, tar, etc) in order to call the right command
I need to translate several PHP files (HTML Code + PHP Tags) into another language.
Google Translator's Kit allows this, but clears the PHP Tags, erases class="" attributes (?!) and adds html, head tags & what not. Completely useless.
How can I (ideally in batch) translate these files using any kind of automated translation service?
Thanks.
bmargulies is the most clear-cut way of doing it. However, it takes times.
If you're in a pinch, or want to cut corners, a relatively simple way to do it is to use regular expressions to filter your code out yourself. Match over multiple lines (/s flag in preg), store the match, and replace with a hash. Any hash. Just make sure it doesn't map to anything in any language.
Do the same for HTML tags if they are proving to be annoying to Google.
Translate with Google.
Replace back the hashes. Voila! Job done! If you're feeling even more daring, instead of replacing the hashes back, replace them with an l18n-suitable structure might prove to be even more worthwhile.
You need to internationalize the code. You need to move all the translatable strings out into a separate file, so that you can shove that through Google and then easily drop in the results.
Researching the topic of PHP I18N will prove rewarding.
Google Translator toolkit is for documents - not so much for source code. You can organize your program's strings as documents and translate them in Google Translator toolkit, and there are, in fact, software projects that do it, but it's contrived. It would be much better to use a different method, as the other people here say.
Put the translatable strings in separate files - you can use something like YAML or JSON, for example, or to just organize your strings as PHP arrays (that's how it's done in MediaWiki, for example). Each message should have a key. Use one file per language or one file with all the languages, and the strings grouped by languages. (By the way, use ISO 639-3 language codes - don't make up your own. Then you'll be able to reuse them in HTML lang attributes.)
After you organized your strings like that, write functions that load the strings from these files by message key and language code, and use these functions to display the messages - never use hardcoded strings.
Finally, put your files up for translation using software such as Pootle, Transifex, Zanata, or the MediaWiki Translate extension.
(Disclaimer: I am a developer of the MediaWiki Translate extension.)
Using something like Gettext (namely php-gettext) is IMHO best approach to do that. Another widely used option is to simply extract strings to separate files (be it PHP or JSON) and translate these. However I'd recommend to use Gettext as you will be using standard format with wide range of available tools.
Is there a native PHP wbxml API that can be used platform-independently? Perhaps a loadable module?
I have seen the pecl implementations but I have not been able to successfully work with the builds on win32 platforms.
I am not an expert, but what I found out there numbered two options, essentially.
One, the pecl library that you are having trouble with.
Two, I found WBXML encoder and decoder classes in Horde of all places. They might give you a starting point, and since they are open source, they might meet your needs quite nicely. Here is a link where I found them.
http://phpxref.com/xref/horde/lib/XML/WBXML/index.html
I don't know a huge amount about WBXML, but from what I can gather it's a binary-formatted XML file. I suppose at the simplest you could use the XML modules such as simpleXML to generate your XML document, output it as a string and then use PHP's built in file handling functions (fopen, fwrite, etc) to dump the string as binary data to a file. To reverse the process load the file as a string and have SimpleXML parse it.
However, without knowing the specific details of the WBXML format, I'm sure there's more to it tan that. You'd also have to implement the necessary code yourself, but as you could implement it in PHP itself that should make cross-platform portability a bit simpler to accomplish.
Not really an answer as such, I'm afraid, but I hope it gets you going in the right direction.
I'm writing a WordPress plugin to create an eBook from a selected category in most major eBook formats. I would like to support MobiPocket since that's the format used by the Kindle but I'm not sure how to go about it. From what I've read .mobi files are actually Palm Resource Databases (PRC) but I haven't been able to find a PHP class to work with these.
I thought about using exec along with KindleGen but that would be undesirable as it would complicate initial setup. I've also thought about hosting a web service somewhere and using XML-RPC to accomplish this but that also complicates things.
My question is: is there a PHP class/library (PHP-only preferred) that can work with PRC or even better, a class that specialises in creating MobiPocket ebooks? (needs to be open source since I'm releasing under the GPL)
I've tried searching but haven't been able to find anything.
I don't know whether you're still looking for this PHP library, but just in case: https://github.com/raiju/phpMobi. This is a library that creates mobi files from html files.
It's should still be seen as an experimental version, but it should work without a problem for basic document with a few images.
Unfortunately not; however, the binary compiled format is an open specification available at:
http://www.mobipocket.com/dev/article.asp?BaseFolder=prcgen
The only direct way of transforming the uncompiled format is using the native XML functionality of PHP to create them and then invoking a compiler with exec, which I understand you don't want to do. If you go with this route, the link above also has details about this XML format.
You might want to try the mobiperl tools,
https://dev.mobileread.com/trac/mobiperl/wiki
Please note I haven't tested them yet. But they have been
around since at least 2007 so they should work well by now.
google "Mobiperl - Perl tools for handling MobiPocket files" to
find a thread on mobileread board discussing it. As a new
poster I can't put 2 hyperlinks into my reply.
Another tool I have recently found (but not yet tested), is: http://www.phpclasses.org/package/8173-PHP-Generate-Kindle-ebook-file-in-mobi-format.html#files
It is based upon KindleGen, and looks pretty straight forward to implement.
I was looking for php encoder and found a zend safeguard. I googled about safeguard and found out that there are many decoders for zend safeguard.
Zend told me that it is not possible to decode zend encoded files, but users over the internet do not agree.
I cannot seem to find a clear answer for my situation.
what do you guys think?
To put it simply, it must be decoded for you to be able to run it. At some point, the encrypted data is decrypted to PHP bytecode during normal operation, meaning it's possible for someone to capture that bytecode and store it, unencrypted.
However, it's probably impossible to retrieve the original PHP source, just like you can't get the original C++ code, comments and all, by decompiling a .exe file.
So, in the end, both sides are right, for specific meanings of "decode".
And tools like Zend Guard will never stop a determined attacker, making their value questionable.
The source code can be decoded back in to valid PHP, there are some less than reputable services out there..
However, not encoding your source normally works out fine, since it allows people to hack their own code in to make a slightly customised version