coldev / coldevprolayer Goto Github PK
View Code? Open in Web Editor NEWProtect your PHP code with obfuscation and encryption
Protect your PHP code with obfuscation and encryption
Hi!
Is there any documentation available, how to use this tool.
I found a situation I would like to report. I use a framework in which some files have compound extension example: programa.inc.php, for these naming models when compiling and accessing the files ah an error return: nonexistent file. But the same is in place and compiled. You can check and thank you.
A suggestion is in the parameters, it has a multi value variable (array) to be used as data keys to be read and validated by the program. And thank you all
By when will support for linux be ready?
Any chance of PHP 7.2 support?
Not trying to bring old subject back up, but do you think Linux support will ever happen?
Absolutely love using and many teachers also use to protect the tests of student cheating:)
Cheers!
Hello,
Thanks for your effort on this useful library. I use it for a couple of year now.
I've installed ColdevProLayer on a PHP 8.0.2 (and also 8.0.29) and I have noticed some Warning showing. Yet it seems working correctly on my project. Can you make something to remove those 3 warnings ?
C:\Users\Administrateur\Downloads\php-8.0.2-Win32-vs16-x86>php -v
PHP Warning: Missing arginfo for GET_SERIAL_ID_CPL() in Unknown on line 0
PHP Warning: Missing arginfo for GloryFunc() in Unknown on line 0
PHP Warning: Missing arginfo for ColdevProLayer_encrypt() in Unknown on line 0
PHP 8.0.2 (cli) (built: Feb 3 2021 18:38:51) ( ZTS Visual C++ 2019 x86 )
Copyright (c) The PHP Group
Zend Engine v4.0.2, Copyright (c) Zend Technologies
C:\Users\Administrateur\Downloads\php-8.0.2-Win32-vs16-x86>
Regards,
as the title suggests.
WHEN I RUN YOUR test_protect_full_project.php SHOWS
ColdevProLayer not loaded !
BUT i REPLACED MY PHP FOLDER
Unfortunately my original code was lost with my broken external HD. The only code I have is encoded by ColdevProLayer I want to revert it back, where I should go?
Hi,
First, congratulations on the project. Really sensational.
Do you have a forecast for Linux version?
Thanks for this.
Hello,
www.virustotal.com marking php_coldevprolayer.dll from the new PHP 8.0.2 as malicios.
Why does it happen?
as the title suggests.
Hola chicos buenos dias
Queria me indicaran como usar la herramienta. Ya me descargue el php pero no se que mas hacer, Se que debo sustituir mi directorio php por el que me descargue pero no se que sigue a continuacion. Se les agradece un monton la ayuda que me puedan suministrar
Saludos
It seems that any modification of output, even though a single space char, will break the script.
some obfuscators are able to distinguish whether the strings (especially at the beginning) is a statement or not. This way, we can insert doc comment, most importantly which contains copyright, agreement, or other non technical info. Project which contains these info in every files are common today, whether it is open source or not.
I hope ColdevProLayer has this feature.
As vendors who do not want their code to be exposed, they will hide any information about the obfuscator which they use to minimize the risk. I thing this is not good practice to expose ColdevProLayer in phpinfo(). Assuming that they know what they are using, then any information about "ColdevProLayer" is meaningless.
If some people insist they have to know what the obfuscator is, then provide an API in the form of constant. For example: COLDEVPROLAYER_VERSION.
A better way is provides a companion dll to access the API. Any constants defined in main dll named with cryptic name. The duty of a companion dll is to recognize that cryptic constants. Within the companion, human friendly name API are defined in order to access the const. For example: get_coldevprolayer_version().
To produce a cryptic constant name at C level code, you can use C macro/preprocessor, or a feeder string on a given file produced by another tool, or totally use other tool to modify the the C sources right before compiling its. PHP is able to do this just with sha1(rand()) and str_replace().
This way, every time the output dll produced, it contains different name, both in main dll and it's companion.
With this way, we can distribute the main dll, but keep the companion with us.
It seems ColdevProLayer produces output with ".coldev" extension. When i google with ".coldev" keyword, i get precise link pointing to what "coldev" is (https://www.lawebdelprogramador.com/foros/PHP/1554716-ColdevProLayer-Protege-tu-codigo-php.html). I thing this is not good practice. In my opinion, the best way is totally confusing people with very cryptic file name. for example: "41bcd66ca1668609d4ade88c51364c6d6b201d9b" produced by sha1(rand()). You can use any cryptography function available in core php.
Combined with flexible output location, it will give more effective confusion. We can create single large pool of output for entire project. People can't determine where the files come from.
Furthermore, don't leave a trace by putting "ColdevLayer" string and version number in output. If the engine needs keyword, use cryptic string hardcoded as integral part of the engine. Obfuscation is a one-way process from a human point of view. We don't need any identifier in the output, as long as the engine works fine.
The last piece: produce the cryptic identifier with random/semirandom mechanism at C level code. You can use C macro/preprocessor, or a feeder string on a given file produced by another tool, or totally use other tool to modify the the C sources right before compiling it. PHP is able to do this just with sha1(rand()) and str_replace(). This way, every time the output dll produced, it contains different cryptic identifier string.
Why cryptic identifier is not enough so we need random one?
If we name it, for example, with "qwertyuiop", and do it again and again, then people will remember it. By using notepad, and press CTRL+F, then fill the input box with that string, at the end: viola! this is produced by ColdevLayer.
Hi,
Thank you for creating this project. I can see you have closed Linux support issues as complete but I cant find any extension which I can use with apache in linux. Can you please help me with that
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.