Home arrow PHP arrow Page 4 - PHP Encryption and Decryption Methods

Case Example: Encoding a Working PHP Script - PHP

PHP encryption is a method of obfuscating scripts in such a way that it offers additional protection and prevents unauthorized editing of the scripts. This article discusses both encryption and decryption.

TABLE OF CONTENTS:
  1. PHP Encryption and Decryption Methods
  2. Base 64 Encoding and Compression/Decompression Techniques
  3. PHP Eval Function in Encoding Methods
  4. Case Example: Encoding a Working PHP Script
By: Codex-M
Rating: starstarstarstarstar / 13
November 03, 2009

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Letís use the encoding theory on an actual working application. Consider that you have the following PHP scripts:

<?php

session_start();

$stringgen = mt_rand(10000, 99999);

//store generate random number to a session

$_SESSION["answer"]=$stringgen;

//create image 50 x 50 pixels

$imagecreate = imagecreate(50, 50);

// white background and blue text

$background = imagecolorallocate($imagecreate, 255, 255, 255);

$textcolor = imagecolorallocate($imagecreate, 0, 0, 255);

// write the string at the top left

imagestring($imagecreate, 5, 5, 10, $stringgen, $textcolor);

// output the image

header("Content-type: image/png");

$image= imagepng($imagecreate);

?>

The above script generates a random number between 10,000 and 99999 and then outputs it to HTML as an image. This is a typical captcha script. We will try to encrypt/encode the above script using base 64 encoding. The processes are as follows (based on the steps in the previous section).

<?php

// Step 1.Capture the script and convert to string except tags

$string= 'session_start();

$stringgen = mt_rand(10000, 99999);

//store generate random number to a session

$_SESSION["answer"]=$stringgen;

//create image 50 x 50 pixels

$imagecreate = imagecreate(50, 50);

// white background and blue text

$background = imagecolorallocate($imagecreate, 255, 255, 255);

$textcolor = imagecolorallocate($imagecreate, 0, 0, 255);

// write the string at the top left

imagestring($imagecreate, 5, 5, 10, $stringgen, $textcolor);

// output the image

header("Content-type: image/png");

$image= imagepng($imagecreate);';

//Step 2: Compress the string using gzdeflate function with maximum compression

$compressed = gzdeflate($string, 9);

//Step 3: Encoding the compressed strings to base 64 data format. This will do the actual work of obfuscating the scripts.

$encode = base64_encode($compressed);

//Step 4: echo the eval, decompression and decoding function

echo "&lt;"."&#63;"."php";

echo '<br />';

echo 'eval(gzinflate(base64_decode('.'&#39;'.$encode.'&#39;'.')));';

echo '<br />';

echo '?'.'>';

?>

The above script forms the foundation of PHP script encryption using base 64 encoding. The encoding script above delivers the results shown below:

<?phpeval(gzinflate(base64_decode('jZBNa4QwEIbvC/sfBunBhS26hRzaxVPpoZf24LEUiTqr0piEZGTtv28+
bJU9NYSQycz7zDuxaO2gZGWJG0oP5/3uzpIZZNehhAJGqgyXbXrK3TrCo1++
KMssKYPgqtBwQvBVagQ5jTUaIAUcbEQ7YlW+lOXr+9tHwqW9okk+
i7VLoDUGPWUYeYfAcpj9oYcZhXX68LyUFLCJUuZMsTw6gms/uIKaN1+
dUZNswXmCWkwIhDM5zib1i1FCGS6Eajxt2+gID4ytR/gZjwmK/8jzsBepd2e8O+
oR4ujAKUSkNAi8OH9BHpM3LBb2yfHWf3P3Pz9LCzWRniI1yPe7HnmLJk2elSSUdE/
fGp9iMtOyS8JYIVwm0je9D+cf')));?>

Here is a screen shot of the encoded results in the browser:

One of the tricky parts of the script is outputting the PHP script tags to HTML. For example, you cannot just output:

echo '<?php';

This is because it will parse and will not be displayed on the HTML browser. Instead, you will convert these characters into ASCII character HTML code. For example, the symbol for < is &lt; So instead of using this:

echo '<?php';

this is recommended:

echo "&lt;"."&#63;"."php";

You can refer to the detailed HTML equivalents of ASCII characters here: http://www.web-source.net/symbols.htm  

Decryption Techniques

Since the entire process is reversible, the encoded/encrypted strings can be reversed to reveal the true codes. Let us reverse the example above.

To start reversing the base 64 inner function, the output is the compressed string of PHP code.

<?php

//Step 1. Reverse the base 64 encoding

$decoded = base64_decode('jZBNa4QwEIbvC/sfBunBhS26hRzaxVPpoZf24LEUiTqr0piEZGTtv28+
bJU9NYSQycz7zDuxaO2gZGWJG0oP5/3uzpIZZNehhAJGqgyXbXrK3TrCo1++
KMssKYPgqtBwQvBVagQ5jTUaIAUcbEQ7YlW+lOXr+9tHwqW9okk+
i7VLoDUGPWUYeYfAcpj9oYcZhXX68LyUFLCJUuZMsTw6gms/
uIKaN1+dUZNswXmCWkwIhDM5zib1i1FCGS6Eajxt2+gID4ytR/gZjwmK/
8jzsBepd2e8O+
oR4ujAKUSkNAi8OH9BHpM3LBb2yfHWf3P3Pz9LCzWRniI1yPe7HnmLJk2elSSUdE/
fGp9iMtOyS8JYIVwm0je9D+cf');

//Step 2. Decompress the decoded code

$decompress = gzinflate($decoded);

//Step 3. Display the code

echo $decompress;

?>

After decompression, the code can then be displayed.



 
 
>>> More PHP Articles          >>> More By Codex-M
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: