Shulou(Shulou.com)06/02 Report--

This article introduces you the example analysis of PHP source code encryption, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Background: it may be necessary to encrypt the php source code in commercial cases

Php-beast is a PHP source code encryption module, which uses DES algorithm encryption, users can customize the encrypted key to encrypt the source code, can well protect your code. The main application scenarios are:

1) if the code is placed on the virtual host, there is a danger of leaking the source code.

2) Commercial protection, when the project needs to charge, you can encrypt your code from being modified.

The disadvantage of choosing to charge is that it costs money, but it may be more encrypted and better in terms of performance.

The advantages of choosing open source do not cost money, and the security or performance may not be as good as those charged.

Select php-beast as an extension of php to encrypt php code easily and quickly.

Have these characteristics

Provides functionality that can only be run on a specified machine. To use this feature, you can add the network card number that can run the machine in the networkcards.c file.

The validity period can be set when the code is used, but the code cannot be used beyond this validity period.

The default key can be customized and modified to improve the reliability of being stolen

Source code: liexusong/php-beast can refer to the documentation

Note that if the system has multiple php versions and the installation method is different, you need to install and extend to the corresponding php version example blog: install Swoole to the specified version in an environment where multiple PHP versions coexist.

Step 1 of Linux system installation (note that root installation guarantee permission is required)

$wget https://github.com/liexusong/php-beast/archive/master.zip$ unzip master.zip$ cd php-beast-master$ phpize$. / configure$ sudo make & & make install

After compilation, modify the php.ini configuration file (maybe php.ini is configured with cli and fpm) cli runs php on the command line, add the configuration item: extension=beast.so, restart php-fpm

Systemctl restart php-fpm

The encryption scheme enters the php-beast-master/tool/ directory configuration configure.ini file

# source path src_path = "" # directory where destination path encrypted php is placed dst_path = "" # expire time source code validity period expire = "2021-02-13 14:48:12" # encrypt type encryption types can have selection: DES, AES, BASE64encrypt_type = "DES"

Enter php-beast-master/tool/ to execute php encode_files.php, and the encrypted result

You can customize and modify the default encryption source code, which is not easy to crack.

Modify the encrypted header structure: open the header.c file and find the following code:

Char encrypt_file_header_sign [] = {0xe8, 0x16, 0xa4, 0x0c, 0xf2, 0xb2, 0x60, 0xee}

Int encrypt_file_header_length = sizeof (encrypt_file_header_sign)

Custom modify the following code (the range of numbers is 0-8, and the range of letters is: aMEF):

0xe8, 0x16, 0xa4, 0x0c,0xf2, 0xb2, 0x60, 0xee

Modify aes module encryption key:

Open the php-beast-master/aes_algo_handler.c file and find the following code:

Static uint8_t key [] = {0x2b, 0x7e, 0x61, 0x16, 0x28, 0xae, 0xd2, 0xa6j0xab, 0xi7, 0x10, 0x88, 0x09, 0xcf, 0xef, 0xxc,}

Custom modify the following code (the range of numbers is 0-8, and the range of letters is: aMEF):

0x3b, 0x7d, 0x61, 0x16, 0x28, 0xae, 0xd2, 0xa6,0xab, 0xi7, 0x10, 0x88, 0x49, 0xcf, 0xef, 0xxc

Modify des module encryption key:

Open the php-beast-master/des_algo_handler.c file and find the following code

Static char key [8] = {0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e,}; / / modify the code in {} (where the number ranges from 0 to 8, and the letter ranges from: aMuf): comparison of time before and after encryption

The test tool ab,10 initiates 100 requests per thread

The code is not encrypted.

$stime=microtime (true); / / get the time when the program starts execution $a = 0 for ($item0

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.