Is it possible to just encrypt a portion of a full php script?
For example: Just encrypt the following, but leave the rest of the script non-ecrypted.
function getTimeStamp() {
return time();
}
Thanks.
No. If you provide more information about what you are trying to do SO may be able to give you alternative suggestions.
There isn't currently a way where you're able to encrypt sections of a PHP script in a manner where it's undecodable. However, there is multiple ways to do so in a way which can be decoded, but would be slightly hard for basic users.
Here's what your provided code would look like in a small encrypted manner that works in PHP:
$a='H';
$b='o';
eval(base64_decode("ZnVuY3Rpb24gZ2V0VGltZVN0YW1wKCkgew0KICAgI".($a)."Jld".$a."VybiB0aW1lKCk7DQp9DQ".$b."="));
Try it. I did it by encoding your code in BASE64 and then changing parts of the Base64 string into variables. If you deeply tie in the code with the system, it makes it harder to decode. eval() runs code within text.
Related
I just inherited a codeigniter application and looking trough the source code all the controllers have scrambled code. Example:
<?php $_X='-8588104972344438462';vMASFkAm('MTExMTAxMDAwMTAxMDEwMDAwMDAwEMMTA=');*
Is there any way to get back the original code?
Is this something codeigniter specific?
I don't have much experience with codeigniter. Please help.
If you have time and will, you can debug all that. See what each function outputs while making sure you replace any evals with echos, just to be on the safe side. The string parameter for that function looks like base64 encoded string, so you might want to decode that as well (or track where it's decoded in the code, and see the output). If it's not base64, it uses some more sophisticated algorithm where x and w seem like separators...
Unfortunately, unless you do it manually, variable by variable, function by function, etc... there's no way to get it back to the original state.
And, like the other answer said, this is in no way CodeIgniter-specific.
This is not CodeIgniter related. Looks like obfuscated code -- likely due to an exploit of some kind. I'd be concerned this server has been compromised.
https://www.google.com/search?q=is+my+server+compromised
To search a little deeper, I'd start by grepping through the codebase looking for
function vMASFkAm(
to see what's there.
Is it possible to encode a php script that can't be decoded or at least the most secure way?
Yes, but the PHP script will not be able to encode and decode itself. You would need to write another program to do it on behalf of the PHP script. However, you can obfuscate the text using the combination of base64_decode and eval. This allows you to insert code so that someone cannot do a simple Ctrl+F search for a function that may be foreign. For example this is "Hello World":
eval(base64_decode("ZWNobyAiSGVsbG8gV29ybGQiOw=="));
This applies to the content of the PHP code, not the file.
You mean that you want to distribute your code, but not let anyone else read / decompile it.
Zend write PHP, so the best place would be to consider using their encoder for this purpose: http://www.zend.com/en/products/guard/ You can also add licencing to the distribution.
There are others out there that obfuscate code - but obfuscation doesn't stop people copying it and, in many cases, won't stop someone from editing it if they really want to.
I have a php file. I just want to protect a few line in it. So I need to encrypt file but I still want it works like a normal php file. Which software/tool should I use now? Can you give me an advice.
I want something like this
<?php
...
normal code
...
encrypted code (Dfhjkllasjdoasd)
...
normal code
?>
Thank you
You can consider using IonCube, PhpSheild, SourceGuardian.
Looking for free? its can be build into php. check bCompiler
Please note, that these encoded/encrypted file can be included in other files too, so you can have some of your files encoded/encrypted and leave which you don't want to.
for Partial textual encryption & decryption see Best way to use PHP to encrypt and decrypt passwords?
You could consider moving the important bits into a separate file as functions and compiling them into a PHP extension using something like HipHop. It would increase the hassle of installing your software though, so you need to be sure it's worth it.
This may be a inappropriate question for SO, but I thought lets see :)
I'm writing a website in php. Every pageload may have 10-20 DB requests.
Using the result of the DB queries I need to generate a page.
The page would contain a topic (should be image or text) followed by comments. There could be mutiple topics like this.
Currently, I'm creating a string using the DB result and sending it to the browser.
When browser receives the string (as an ajax response), it parses using split functions and creates the HTML dynamically.
I'm basically a C++ programmer; relatively new to web development. So, I do not have fair understanding of the JS objects. How long of a string can JS variable hold? Is it ok to use split and generate HTML at the client.
I'm not generating the complete HTML at the server side to avoid any overhead because of string concatenation. I believe sending less no. of characters to the client (like I'm doing) is better as compared to sending complete HTML code.
Is something (or everything) wrong in my understanding :)
Any help is appreciated.
EDIT:
Well, I'll be highly grateful if I could get opinions in yes/no. What would you recommend. Sending HTML to the client or a string that will be used at the client to generate HTML?
Unless you have a specific reason for doing so, I think you should look into generating the HTML with PHP and sending it directly to the browser. PHP was built specifically for this purpose.
I think you be best off to look at jQuery and more specific to the AJAX method of that library. Also, take a look at JSON and you should be all good to go.
Have you considered using a templating engine like Smarty?
It's pretty simple to use, take a look at the crash course, you might like it! http://www.smarty.net/crash_course
I have a whole range of jQuery code, how do I stop users from seeing the actual code, or how can I encrypt the .js file.
Please suggest opensource
Thanks
Jean
[edit]
I don't want users to know how I have coded or copy my code
[edit]
Once I use the base62 encode, can it be reverse engineered?
Check out packer by Dean Edwards. It has the ability to encode your JS. You have to let your JS be world readable, otherwise a browser couldn't download it.
You cannot prevent your users from being able to see the source code of a Javascript file : it's executed by the user's browser, which means it must be readable on the client side.
The "best" you can do it minify/obfuscate it ; see for instance the YUI Compressor, which exists to minify JS files (so they are smaller, and can be transferred faster), but also has some obfuscating functionnalities.
If will make you Javascript code harder to read/understand -- but someone really motivated will still be able to read it ; well, it will take some time and a bit of work, but it'll still be possible.
You can use google closure compiler
http://code.google.com/closure/
The Closure Compiler compiles JavaScript into compact code, it obfuscates the code, it can still be read but it will be hard to trace and will take time
Try to pack the code with the packer:
http://dean.edwards.name/packer/
This is not like code encryption, but it obfuscate the code.
There is not really much point in encrypting your js file, everyone knows you can view the source code of anyone's website. I believe there are encryptors out there for javascript, but users will have to download the decryptor module to decrypt it. Also since the browser does need to interpret the code, it would probably not be that hard to circumvent.
You could obfuscate the code, but I would do this using a minification technique, and more for performance reasons rather that hiding the code, some obfuscators are more intrusive than others, but again, the code could be re-formatted, albiet the original variable names will not be recoverable.
You just can't encrypt JavaScript that runs on the client machine. Browsers need the unencrypted code in order to execute it!
This is the first thing I found, but it looks like it might do the job:
http://www.vincentcheung.ca/jsencryption/instructions.html
As others have mentioned though, the browser has to be be able to decrypt the code, so the user would also be able to (although it may be some work to do so).
You should look at obfuscation too, which will make the code much harder to reverse engineer.
http://www.javascriptobfuscator.com/Default.aspx