Case Example: Encoding a Working PHP Script - PHPPHP encryption is a method of obfuscating scripts in such a way that it offers additional protection and prevents unauthorized editing of the scripts. This article discusses both encryption and decryption.
print this article SEARCH DEV SHED |
Let’s use the encoding theory on an actual working application. Consider that you have the following PHP scripts: <?php session_start(); $stringgen = mt_rand(10000, 99999); //store generate random number to a session $_SESSION["answer"]=$stringgen; //create image 50 x 50 pixels $imagecreate = imagecreate(50, 50); // white background and blue text $background = imagecolorallocate($imagecreate, 255, 255, 255); $textcolor = imagecolorallocate($imagecreate, 0, 0, 255); // write the string at the top left imagestring($imagecreate, 5, 5, 10, $stringgen, $textcolor); // output the image header("Content-type: image/png"); $image= imagepng($imagecreate); ?> The above script generates a random number between 10,000 and 99999 and then outputs it to HTML as an image. This is a typical captcha script. We will try to encrypt/encode the above script using base 64 encoding. The processes are as follows (based on the steps in the previous section). <?php // Step 1.Capture the script and convert to string except tags $string= 'session_start(); $stringgen = mt_rand(10000, 99999); //store generate random number to a session $_SESSION["answer"]=$stringgen; //create image 50 x 50 pixels $imagecreate = imagecreate(50, 50); // white background and blue text $background = imagecolorallocate($imagecreate, 255, 255, 255); $textcolor = imagecolorallocate($imagecreate, 0, 0, 255); // write the string at the top left imagestring($imagecreate, 5, 5, 10, $stringgen, $textcolor); // output the image header("Content-type: image/png"); $image= imagepng($imagecreate);'; //Step 2: Compress the string using gzdeflate function with maximum compression $compressed = gzdeflate($string, 9); //Step 3: Encoding the compressed strings to base 64 data format. This will do the actual work of obfuscating the scripts. $encode = base64_encode($compressed); //Step 4: echo the eval, decompression and decoding function echo "<"."?"."php"; echo '<br />'; echo 'eval(gzinflate(base64_decode('.'''.$encode.'''.')));'; echo '<br />'; echo '?'.'>'; ?> The above script forms the foundation of PHP script encryption using base 64 encoding. The encoding script above delivers the results shown below: <?phpeval(gzinflate(base64_decode('jZBNa4QwEIbvC/sfBunBhS26hRzaxVPpoZf24LEUiTqr0piEZGTtv28+ Here is a screen shot of the encoded results in the browser:
One of the tricky parts of the script is outputting the PHP script tags to HTML. For example, you cannot just output: echo '<?php'; This is because it will parse and will not be displayed on the HTML browser. Instead, you will convert these characters into ASCII character HTML code. For example, the symbol for < is < So instead of using this: echo '<?php'; this is recommended: echo "<"."?"."php"; You can refer to the detailed HTML equivalents of ASCII characters here: http://www.web-source.net/symbols.htm Decryption Techniques Since the entire process is reversible, the encoded/encrypted strings can be reversed to reveal the true codes. Let us reverse the example above. To start reversing the base 64 inner function, the output is the compressed string of PHP code. <?php //Step 1. Reverse the base 64 encoding $decoded = base64_decode('jZBNa4QwEIbvC/sfBunBhS26hRzaxVPpoZf24LEUiTqr0piEZGTtv28+ //Step 2. Decompress the decoded code $decompress = gzinflate($decoded); //Step 3. Display the code echo $decompress; ?> After decompression, the code can then be displayed.
blog comments powered by Disqus |
|
|
|
|
|
|
|
/ 13 
