hide your php source code (expired)

Posted January 2, 2008
Filed under: Information, PHP, Security | Tags: , , , , |

I’m a big fan of the open source philosophy but sometimes it’s useful to have an unreadable binary source code.
In this posting i will show you how to use and how to install bcompiler to encode your scripts in phpbytecode, enabling you to protect the source code.

First we need a source file (source.php) and convert it with make_bytecode.php to a byte code file (crypt.php).

The source.php is an example php file you can add your own code here.

<?php
if ($_GET['foo'] == “bar”) {
echo “bar”;
} else {
echo “foo”;
}
?>

make_bytecode.php converts the source.php to crypt.php. Make sure that crypt.php is writeable.

<?php
$f = fopen(”crypt.php”, “w”);
bcompiler_write_header($f);
bcompiler_write_file($f, “source.php”);
bcompiler_write_footer($f);
?>

After executing make_bytecode.php in your browser or command line crypt.php should be generated.

As you can see in the picture below the source code of crypt.php isn’t readable but you can execute the php code like any other php file.

bcompiler crypt file output

Install:

The package and information you can find here:
http://pecl.php.net/package/bcompiler
I installed bcompiler on Debian Etch, but it should work on any Linux systems and on windows too.

If not installed you have to install the php-developer package (php4 or php5):
sudo aptitude install php5-dev

I also had to install the libbz2-dev, to prevent the error message “configure: error: Please reinstall the BZip2 distribution” from the pecl installer.
sudo aptitude install libbz2-dev

After that I installed bcompiler version 0.8 over the pecl installer:
sudo pecl install channel://pecl.php.net/bcompiler-0.8

Make sure that the installer return this line at the end “install ok: channel://pear.php.net/bcompiler-0.8″.
If not check the error messages and try to fix it!

Add extension=bcompiler.so to your php.ini

10 Comments so far

  1. Jason on February 6, 2008

    Excellent Post! Much agreed with the open source philosophy… I look forward to reading more.

  2. ganes | scholarships on February 6, 2008

    is it possible to do this if I use a share hosting?

  3. Metathione on February 6, 2008

    great post. i liked it…

  4. b23 on February 6, 2008

    I don’t think that it’s possible on shared hosts.

  5. tk on February 14, 2008

    This is misleading. Bytecode is not really encrypted or even that obfuscated really, anyone could still decompile the file to pseudocode. It is just not readable by notepad or a normal text browser. This is the same reason the Visual Studio .NET has a built-in obfuscator tool now. To assist in preventing someone from decompiling the bytecode into a human-readable format…

  6. Kumar Chetan Sharma on March 23, 2008

    Hey buddy, you need the bcompiler installed at the target server to make your closed source stuff work and as it happens, one can read your files, kool

  7. me on April 11, 2008

    is the protection of php source code only recommended on distributed php scripts or even in the web?

    i mean, the index.php on the website, is there a possibility the php codes will be shown as well??

  8. S.V. Sureshkumar on July 15, 2008

    Bcompiled code (php5 ) not working for postgress database operation in Debaian/ubuntu environment. Please give me a replay to work the bcompiled code for database operation
    SVS

  9. S.V. Sureshkumar on July 24, 2008

    bcompiled code is not working in firefox 2 in ubundu 5 & Debian. Please give me the tips to run bcompiled code

  10. b23 on July 27, 2008

    This post has expired, I think. I was not able to install the bcompiler again quickly.
    Maybe you can ask any of the maintainers for help: http://pecl.php.net/package/bcompiler.

    good luck.