PHP Encryption and Decryption Methods

PHP encryption is a method of obfuscating scripts in such a way that it offers additional protection and prevents unauthorized editing of the scripts. This article discusses both encryption and decryption.

You might have seen encrypted PHP scripts which may look like the one below:

<?php eval(gzinflate(base64_decode(‘FZfHDoTYEUV/ZXYzIxbkJFseAU1qcg4bi9TknPl64z0SUK/
evef8859///NHcSTdX+VTD78u2Yq/0mQtCOy/
eZGNefHXn0L8kz5jKAueDcZhVNSnh9+OYd6flsK+PCKjqtEnIJoRtF3TO+
GH4UyCIED/st8VD9APjg8Nj+m1ysH0OIjnWTbNnIa+
P4Xyh7gC3XsCCgIOdqVtDlCOaQsau4uAKCI+
aEQxXEg96A4GpOsr85SHX9FcHSL6R+h57gJZzBE872FRE6v7vNdZpzaBU+
GYWOpCnDOMU5n16lgPBE3Qh5ejKZqYA7YSRf3y’))); ?>

If you’re interested, you can check out the actual encryption tool for this. In the above example, the complete sets of PHP codes are not visible and are replaced by an obfuscated method of encoding. This article attempts to explain the methods of encrypting and decrypting PHP scripts. One of the popular ways to encrypt scripts is to encode the scripts into another data format such as base 64 encoding.

The decryption process is the exact opposite of the encryption process. The scope of this article covers reversible encryption/decryption processes. Although in PHP it is possible to provide one-way encryption, with techniques such as MD5 encoding, this type of encoding cannot be reversed or decoded. It is ideal for storing passwords in the database, which adds an extra layer of security over storing them in text format. For some differences in the methods, see the screen shot below.

For example, WordPress uses MD5 encoding when storing passwords in the MySQL database. So even if the database has been compromised, the hacker cannot retrieve the actual password (in text format) being used for the admin login.

{mospagebreak title=Base 64 Encoding and Compression/Decompression Techniques}

PHP widely supports the base 64 encoding technique because it is ubiquitous in programming and IT practices. If you are interested in learning other applications of base 64 encoding, you can find a number of references.

In PHP, to convert a certain string to Base 64, you use a built-in function, namely base64_encode()

<?php

$string = ‘The quick brown fox jumps over the lazy dog';

$base64 =base64_encode($string);

echo $base64;

?>

The above script converts the string “The quick brown fox jumps over the lazy dog” to base 64 format, which is:

VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZw==

Applying the above concept to PHP scripts, we should treat the PHP code as a “string” except for the PHP tags. For example, say you have written a simple PHP script below:

<?php

$sum=5+5;

echo $sum;

?>

To encrypt is to encode only:

$sum=5+5;

echo $sum;

The equivalent base 64 script is:

<?php

$a=base64_encode(‘$sum=5+5;

echo $sum;’);

echo $a;

?>

This will output: JHN1bT01KzU7DQplY2hvICRzdW07

According to the PHP.net page: http://www.php.net/base64_encode , base 64 encoded data takes up to ~33% more space than the usual data when it is not encoded. This means that the encoded/encrypted PHP script will take up a lot of space as compared to the same script when unencrypted. Because of this, we need to compress the encoded base 64 data. See file size comparison below:

 

In PHP, two common functions are used to compress and decompress strings. These are the gzinflate() and gzdeflate() functions. Below is an example script for compressing a string using gzdeflate function:

<?php

//compress string

$compress = gzdeflate(‘The quick brown fox jumps over the lazy dog’, 9);

//uncompress

$decompress = gzinflate($compress);

echo $decompress;

?>

This is effective in reducing the file size of base 64 encoded data. Note that to retrieve or decompress, you use the opposite function (gzinflate). The figure “9” in the gzdeflate function means maximum compression level.

{mospagebreak title=PHP Eval Function in Encoding Methods}

Since the encrypted output is a string (after applying compression and base 64 encoding techniques), we need to tell PHP that the encoded string is indeed a script. To do this, we need to use the eval() function in PHP. The purpose of this function is to evaluate a string as a PHP code; you can research the details of the eval() function on your own.

The standard encoded PHP script (encrypted) takes a form similar to this example:

<?php eval(gzinflate(base64_decode(‘FZfHDoTYEUV/ZXYzIxbkJFseAU1qcg4bi9TknPl64z0SUK/evef8859///
NHcSTdX+VTD78u2Yq/0mQtCOyA7YSRf3y’))); ?>

To encode the PHP script into the above form, we will utilize the steps below:

Step 1: Capture the PHP script to be encoded and convert it to a string, except for the PHP tags (<?php and ?>)

Step 2: Compress the string using the gzdeflate function (using the maximum compression level) and assign the compressed string to a PHP variable.

Step 3: Encode the compressed string using base 64 encoding and assign the encoded string to a PHP variable.

Step 4: To let PHP interpret/parse correctly the encoded scripts, append the decoding, decompression and use eval functions, as shown below:

<?php

eval(gzinflate(base64_decode(‘This is the encoded and compressed PHP script strings except the start <?php and end tags ?>’)));

?>

{mospagebreak title=Case Example: Encoding a Working PHP Script}

Let’s use the encoding theory on an actual working application. Consider that you have the following PHP scripts:

<?php

session_start();

$stringgen = mt_rand(10000, 99999);

//store generate random number to a session

$_SESSION["answer"]=$stringgen;

//create image 50 x 50 pixels

$imagecreate = imagecreate(50, 50);

// white background and blue text

$background = imagecolorallocate($imagecreate, 255, 255, 255);

$textcolor = imagecolorallocate($imagecreate, 0, 0, 255);

// write the string at the top left

imagestring($imagecreate, 5, 5, 10, $stringgen, $textcolor);

// output the image

header("Content-type: image/png");

$image= imagepng($imagecreate);

?>

The above script generates a random number between 10,000 and 99999 and then outputs it to HTML as an image. This is a typical captcha script. We will try to encrypt/encode the above script using base 64 encoding. The processes are as follows (based on the steps in the previous section).

<?php

// Step 1.Capture the script and convert to string except tags

$string= ‘session_start();

$stringgen = mt_rand(10000, 99999);

//store generate random number to a session

$_SESSION["answer"]=$stringgen;

//create image 50 x 50 pixels

$imagecreate = imagecreate(50, 50);

// white background and blue text

$background = imagecolorallocate($imagecreate, 255, 255, 255);

$textcolor = imagecolorallocate($imagecreate, 0, 0, 255);

// write the string at the top left

imagestring($imagecreate, 5, 5, 10, $stringgen, $textcolor);

// output the image

header("Content-type: image/png");

$image= imagepng($imagecreate);';

//Step 2: Compress the string using gzdeflate function with maximum compression

$compressed = gzdeflate($string, 9);

//Step 3: Encoding the compressed strings to base 64 data format. This will do the actual work of obfuscating the scripts.

$encode = base64_encode($compressed);

//Step 4: echo the eval, decompression and decoding function

echo "&lt;"."&#63;"."php";

echo ‘<br />';

echo ‘eval(gzinflate(base64_decode(‘.’&#39;’.$encode.’&#39;’.’)));';

echo ‘<br />';

echo ‘?’.’>';

?>

The above script forms the foundation of PHP script encryption using base 64 encoding. The encoding script above delivers the results shown below:

<?phpeval(gzinflate(base64_decode(‘jZBNa4QwEIbvC/sfBunBhS26hRzaxVPpoZf24LEUiTqr0piEZGTtv28+
bJU9NYSQycz7zDuxaO2gZGWJG0oP5/3uzpIZZNehhAJGqgyXbXrK3TrCo1++
KMssKYPgqtBwQvBVagQ5jTUaIAUcbEQ7YlW+lOXr+9tHwqW9okk+
i7VLoDUGPWUYeYfAcpj9oYcZhXX68LyUFLCJUuZMsTw6gms/uIKaN1+
dUZNswXmCWkwIhDM5zib1i1FCGS6Eajxt2+gID4ytR/gZjwmK/8jzsBepd2e8O+
oR4ujAKUSkNAi8OH9BHpM3LBb2yfHWf3P3Pz9LCzWRniI1yPe7HnmLJk2elSSUdE/
fGp9iMtOyS8JYIVwm0je9D+cf’)));?>

Here is a screen shot of the encoded results in the browser:

One of the tricky parts of the script is outputting the PHP script tags to HTML. For example, you cannot just output:

echo ‘<?php';

This is because it will parse and will not be displayed on the HTML browser. Instead, you will convert these characters into ASCII character HTML code. For example, the symbol for < is &lt; So instead of using this:

echo ‘<?php';

this is recommended:

echo "&lt;"."&#63;"."php";

You can refer to the detailed HTML equivalents of ASCII characters here: http://www.web-source.net/symbols.htm  

Decryption Techniques

Since the entire process is reversible, the encoded/encrypted strings can be reversed to reveal the true codes. Let us reverse the example above.

To start reversing the base 64 inner function, the output is the compressed string of PHP code.

<?php

//Step 1. Reverse the base 64 encoding

$decoded = base64_decode(‘jZBNa4QwEIbvC/sfBunBhS26hRzaxVPpoZf24LEUiTqr0piEZGTtv28+
bJU9NYSQycz7zDuxaO2gZGWJG0oP5/3uzpIZZNehhAJGqgyXbXrK3TrCo1++
KMssKYPgqtBwQvBVagQ5jTUaIAUcbEQ7YlW+lOXr+9tHwqW9okk+
i7VLoDUGPWUYeYfAcpj9oYcZhXX68LyUFLCJUuZMsTw6gms/
uIKaN1+dUZNswXmCWkwIhDM5zib1i1FCGS6Eajxt2+gID4ytR/gZjwmK/
8jzsBepd2e8O+
oR4ujAKUSkNAi8OH9BHpM3LBb2yfHWf3P3Pz9LCzWRniI1yPe7HnmLJk2elSSUdE/
fGp9iMtOyS8JYIVwm0je9D+cf’);

//Step 2. Decompress the decoded code

$decompress = gzinflate($decoded);

//Step 3. Display the code

echo $decompress;

?>

After decompression, the code can then be displayed.

[gp-comments width="770" linklove="off" ]
antalya escort bayan antalya escort bayan