Principles and Practices of modifying Zend engine to implement PHP source code encryption

Source: Internet
Author: User
Tags mcrypt

I. Basic Principles
Consider intercepting interfaces for PHP to read source files. At the beginning, I considered processing from the interface between APACHE and PHP. For more information, see src/modules/PhP4/mod_php4.c of Apache. (This is Php compiled into Apache in static mode, make install file), intercept the file pointer in the send_php () function, use the temporary file method, decrypt and replace the file pointer. This method has been tested and proved to be feasible. However, two file operations are required, which is inefficient and not applicable to DSO. Shuangyuan nursing home
As a result, re-consider the process of intercepting PHP to read files and load them to the cache, after laborious search, found that the zend-scanner.c In the Zend engine is doing this. Start modifying this file. Lighting Engineering

II. Implementation Method Diagram

Libmcrypt is used as the encryption module, and the DES method is used for ECB mode encryption,

Below is the file encryptionSource code:

C ++Code
/* ECB. c ------------------- cut here -----------*/
/* Encrypt for PHP source code version 0.99 Beta
We are using libmcrypt to encrypt codes, please
Install it first.
Compile command line:
Gcc-o6-lmcrypt-lm-O encryptphp ECB. c
Please set LD_LIBRARY_PATH before use.
GNU Copyleft, designed by wangsu, miweicong */

# Define mcrypt_backwards_compatible 1
# Define php_cachesize 8192
# Include <mcrypt. h>
# Include <stdio. h>
# Include <stdlib. h>
# Include <math. h>
# Include <sys/types. h>
# Include <sys/STAT. h>
# Include <fcntl. h>

Main (INT argc, char ** argv)
{

Int TD, I, j, inputfilesize, filelength;
Char filename [255];
Char password [12];
File * IFP;
Int readfd;
Char * key;
Void * block_buffer;
Void * file_buffer;
Int keysize;
Int decode = 0;
Int realbufsize = 0;
Struct stat * filestat;

If (argc = 3 ){
Strcpy (password, argv [1]);
Strcpy (filename, argv [2]);
} Else if (argc = 4 &&! Strcmp (argv [1], "-d ")){
Strcpy (password, argv [2]);
Strcpy (filename, argv [3]);
Decode = 1;
Printf ("entering decode mode... n ");
} Else {
Printf ("Usage: encryptphp [-D] Password filenamen ");
Exit (1 );
}

Keysize = mcrypt_get_key_size (DES );
Key = calloc (1, mcrypt_get_key_size (DES ));

Gen_key_sha1 (Key, null, 0, keysize, password, strlen (password ));
TD = init_mcrypt_ecb (DES, key, keysize );

If (readfd = open (filename, o_rdonly, s_irusr | s_iwusr | s_irgrp) =-1 ){
Printf ("Fatal: Can't open file to read ");
Exit (3 );
}

Filestat = malloc (sizeof (STAT ));

Fstat (readfd, filestat );
Inputfilesize = filestat-> st_size;
Printf ("filesize is % d N", inputfilesize );
Filelength = inputfilesize;

Inputfilesize = (INT) (floor (inputfilesize/php_cachesize) + 1) * php_cachesize;

If (file_buffer = malloc (inputfilesize) = NULL ){
Printf ("Fatal: Can't malloc File Buffer. N ");
Exit (2 );
}
If (block_buffer = malloc (php_cachesize) = NULL ){
Printf ("Fatal: Can't malloc encrypt block buffer. N ");
Exit (2 );
}

J = 0;
While (realbufsize = read (readfd, block_buffer, php_cachesize )){
Printf (".");
If (! Decode ){
If (realbufsize <php_cachesize ){
For (I = realbufsize; I <php_cachesize; I ++ ){
(Char *) block_buffer) [I] = '';
}
}
Mcrypt_ecb (TD, block_buffer, php_cachesize );
} Else {
Mdecrypt_ecb (TD, block_buffer, realbufsize );
}
Memcpy (file_buffer + J * php_cachesize, block_buffer, php_cachesize );
J ++;
}

Close (readfd );

If (IFP = fopen (filename, "WB") = NULL ){
Printf ("Fatal: File Access Error. N ");
Exit (3 );
}
Fwrite (file_buffer, inputfilesize, 1, IFP );

Free (block_buffer );
Free (file_buffer );
Free (filestat );
Fclose (IFP );
Printf ("N ");

Return 0;

}
/* --- End of ECB. c ------------------------------------*/
Because ECB mode is block encryption with a fixed block length, some null characters are entered here. International Exhibition

Then, modify the Zend/zend-scanner.c in PHP Code as follows:

(My PHP version is 4.01pl2, suniscsi/Solaris 2.7, GCC 2.95 ;)

Before the file is added:

# Define mcrypt_backwards_compatible 1
# Include <mcrypt. h>

Then, comment out the definition of yy_input before and after about 3510 rows.

Then, modify the yy_get_next_buffer () function before and after about 5150 rows:
Define the function header:
Void * tempbuf;
Char * key;
Char debugstr [255];
Int TD, keysize;
Int X, Y;
File * FP;
Then, comment out
Yy_input (& yy_current_buffer-> yy_ch_buf [number_to_move]),
Yy_n_chars, num_to_read );
This sentence.
Changed:

Tempbuf = malloc (num_to_read );
If (yy_n_chars = fread (tempbuf, 1, num_to_read, yyin ))! = 0 ){
/* Decode */
# Define password "phpphp111222"
# Define debug 0

Keysize = mcrypt_get_key_size (DES );
Key = calloc (1, mcrypt_get_key_size (DES ));
Gen_key_sha1 (Key, null, 0, keysize, password, strlen (password ));
TD = init_mcrypt_ecb (DES, key, keysize );
Mdecrypt_ecb (TD, tempbuf, yy_n_chars );
Memcpy (& yy_current_buffer-> yy_ch_buf [number_to_move]), tempbuf, yy_n_chars );
If (Debug ){
Fp = fopen ("/tmp/logs", "WB ");
Fwrite ("nstartn", 7,1, FP );
Fwrite (tempbuf, 1, yy_n_chars, FP );
Fwrite ("nenditn", 7,1, FP );
Fclose (FP );
}
}
Free (tempbuf );

Then compile PHP and install it as usual. Because I am not familiar with libtool, I chose static mode and added -- With-mcrypt in configure, in this way, I don't have to manually modify the makefile cable tray.

Iii. Test and Result

Compile PHP, Apache, and use ECB. c-compiled encryptphp encrypts several files, which are <1 K, 10 K +, and 40 K +. Errors occur when processing 40 k files. Other files are normal. Plastic Floor
This is because the ECB encryption method of the block determines that the fixed length block must be used. Therefore, please give us some advice on the stream encryption method which can take into account the Zend cache processing method that reads 8192 bytes each time. (The length of each Zend read block on other platforms may be different)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.