Protect your code with PHP screw

PHP is a straight-translated programming language, and everyone likes the advantage of PHP to be executed immediately, but the plaintext unencrypted code also has some bad things, such as the Secret keys and password written in Code, and so on, all of them are looked light.

Many PHP-built commercial products, the final department to the client machine, it is necessary to code encryption. At present, the business of encryption software has Zend guard (U.S. 600$) and PHP Encoder (199$), Zend Guard previously useful, is a very stable product, if the program well written, very few encryption after the results of the result is less than the forecast situation. Zend Guard Principle I guess it's written as opcode and then encrypted, and it's done by PHP Extension to decrypt it, since it's been able to decrypt the PHP opcode that's already done, so there's an official call for accelerated results. PHP Encoder I have not been useful, nor have I been pushed.

Today we are going to introduce php-screw this very simple encryption machine, and the way is to edit the Extension with proprietary decryption function, and then the encrypted PHP file can be decrypted through PHP Extension and execute the line. See Source Code Its actual method is very simple, that is, through the Zencode/zdecode to the encoding and decoding, the information will be added in front of the "pm9screw" string, to determine whether PHP files need to be decoded.

PHP Screw Installation

Directly from GitHub Clone a copy of the latest PHP screw Source Code, as follows:

git clone https://github.com/Luavis/php-screw

The first action is to modify the password file (my_screw.h), then we will use this code to compile the professional php Extension. So files, so want to take their own Extension to execute different password encrypted PHP will not be successful!

CD Php-screw

Vim My_screw.h

Edit file Pm9screw_mycryptkey This array, you can change the number or subtraction elements, the file content is as follows:

Short pm9screw_mycryptkey[] = {  11152, 368, 192, 1281, 62};

After modifying the archive, edit the Php5-dev, Php-config, gcc kit, and then execute the following command:

Phpize

./configure--with-php-config= which php-config

Make

The following lines are executed:

The well-translated so files will be placed in the module catalogue and hang it to php.ini.

Then we need to edit the encryption program and switch to the tools catalog for direct make:

CD Tools

Make

After editing, you will be able to produce screw, which can encrypt the PHP program directly and encrypt the original text after encryption. Screw, the following file name:

In addition, prior to the APC on the network of friends on how to do the editing and the way to do, interested friends can participate in the article and "Use APC to protect PHP code" article. However, APC's support for the new version of PHP is not enough, as PHP 5.6 does, and is a big suggestion to switch to Opcache. In fact, in PHP 7 used in the Opcache, you can see in the Source Code opcache.file_cache this kind of dark (Document download) parameters, unfortunately in the Opcache version of PHP 5.6 does not have this File_ca Che function. By using File_cache, it is true that Opcode can be translated and executed, and many articles in the continent are discussed.

If you really want to Opcode in PHP 5.6 and perform the separation, to move the PHP 7 opcache File Cache Feature to PHP 5.6 is difficult, after all, the bottom layer of the Zend API a lot more, had to be cruel to the collection, free of charge first use PHP screw retainer A little bit, anti-gentleman is not the villain .... See you again next time!

