oops-org-php / mod_screwim Goto Github PK
View Code? Open in Web Editor NEWPHP Screw Improved - PHP script encryption tool
License: Other
PHP Screw Improved - PHP script encryption tool
License: Other
A clear and concise description of what the bug is.
Steps to reproduce the behavior:
A clear and concise description of what you expected to happen.
Should see error like "PHP Fatal error: screwim_decrypt(): ScrewIm decode error. A preset dictionary is required. The adler field shall be set to the Adler-32 checksum of the dictionary chosen by the compressor. In this case, you should suspect that ScrewIm's encode key is not correct. in /var/www/test.php on line 10"
But we can see
[keybyte] => 660be24db113c74072239d0fe7123420
[keystr] => 2918, 19938, 5041, 16583, 9074, 3997, 4839, 8244
[headerlen] => 14
So using key from this output we can do "screwim -k 660be24db113c74072239d0fe7123420 enc.php" end get decoded file
[이슈]
Ubuntu 18 , php 7.4.5 환경에서 mod_serewim 컴파일 안됨
(PHP 7.4.5 (cli) (built: Apr 19 2020 07:36:30) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.5, Copyright (c), by Zend Technologies )
make install 시도시, 다음과 같은 에러 발생
mod_screwim/php_screwim.c:198:38 : error : 'zned_stream {aka struct _zend_stream}' has no member named 'mmap'
mod_screwim/php_screwim.c:227:28 : error : 'ZEND_HANDLE_MAPPED' undeclared (first use in this function); did you mean 'ZEND_HANDLE_FP'?
[상황]
ScrewIm module is basically to compare force the magic key at the beginning of a file.
Therefore, ScrewIm does not matter whether the file is encoded, it opens all the files and checks for a magic key.
Considering normal server operation, most files will not be encoded with ScrewIm. And, in such environment, checking the magic key of whole files is very damaging to performance.
So, I suggest adding the screwim.enable INI option.
The default value of this option is false. If this value is not true, ScrewIm will not work.
For example:
# PHP ini configuration
fcrewim.enable = 1
# mod_php
<Directory /path>
php_falg screwim.enable on
</Directory>
# PHP Cli envionments
[root@host ~]$ php -d screwim.enable=1 encrypted.php
# embeded php code
<?php
ini_set ('screwim.enable', true);
require_once 'encrypted.php';
ini_set ('screwim.enable', false);
require_once 'normal.php';
blah_blah();
?>
I hope the author can support the encryption of phar packages. I'm using hyperf framework and I haven't been able to find an encryption protection scheme.
I implore the author to consider helping.
Thank you very much.
Describes how to extract the encode key from the module file (php_screw.so or screwim.so) file using objdump on https://github.com/dehydr8/php_unscrew .
Currently, mod_screwim does not issue a compile warning message.
We will add the -Wall
option.
Is your feature request related to a problem? Please describe:
For example I have several servers, installed on the client site and development is going right on them.
I want to encode files on this servers but not decode them.
Describe the solution you'd like:
There should be encode only binary, so I can run it and encode file with no parameters passed.
Or better way: binary, which will encode without additional params, but Decoding must ask for a key / password.
Describe alternatives you've considered:
A clear and concise description of any alternative solutions or features you've considered.
For now I can't use the same binary to encode, because it can be also used to decode with no problem.
Additional context:
Add any other context or screenshots about the feature request here.
Basically new binary should copy behaviour of api. Code anything, decode to file — only with key / password (and key / password must not be given as parameter, because shell history can store it).
On PHP 8.1.0 and after, screwim-encrypt function returns wrong data.
Since PHP 8.1, the screwim_encrypt function malfunctions as the filename member of the zend_file_handle structure changes from character point to zend_string point.
typedef struct _zend_file_handle {
union {
FILE *fp;
zend_stream stream;
} handle;
const char *filename;
zend_string *opened_path;
zend_stream_type type;
/* free_filename is used by wincache */
/* TODO: Clean up filename vs opened_path mess */
zend_bool free_filename;
char *buf;
size_t len;
} zend_file_handle;
typedef struct _zend_file_handle {
union {
FILE *fp;
zend_stream stream;
} handle;
zend_string *filename;
zend_string *opened_path;
zend_uchar type; /* packed zend_stream_type */
bool primary_script;
bool in_list; /* added into CG(open_file) */
char *buf;
size_t len;
} zend_file_handle;
[user@host mod_screwim]$ php -n -d 'extension_dir=./modules/' -d 'extension=screwim.so' <<<-EOL
<?php
$ctx = <<<EOL
<?php
echo "I'm OK\n";
EOL;
$data = screwim_encrypt ($ctx);
$fp = fopen ('test-sub.php', 'wb');
fwrite ($fp, $data, strlen ($data));
fclose ($fp);
ini_set ('screwim.enable', true);
require_once ('./test-sub.php');
?>
EOL
retruns "I'm OK" strings when execute upper code.
우선, 좋은 툴을 공개해주셔서 감사드립니다.
설치해서 테스트해보고 있는데요.... 아래의 이슈가 있어서 문의 드립니다.
아래의 기능을 원천적으로 제거할 방법이 없는지요?
본 Tool 을 사용하여 암호화한 중요 파일을 패키지화 해서 타인에게 제공한 이유 타인이 해당 파일을
복호화 할 수 있다면 본 Tool 의 의미가 없어지는 것 아닌지요?
참고로, 아래의 가이드 대로 configure 시에 --enable-screwim-decrypt 옵션을 주지 않았서 복호화를
막으려고 했는데... 이 옵션과 상관 없이.... CLI 모드에서 /usr/bin/screwim -d *.screw 명령어로 복호 파일이 생성되야 하는 이유를 모르겠습니다.
-- 아래 ---
configure 시에, --enable-screwim-decrypt 옵션을 주면, 복호화 기능(screwim_decrypt(), screwim_seed())이 추가 됩니다. 즉, 암호화된 PHP 파일을 복호화 할 수 있다 는 의미입니다.
--enable-screwim-decrypt 옵션은 배포용으로 빌드를 할 경우에는 절대 추가하면 안됩니다!
답변 부탁드립니다.
감사합니다.
우선, 좋은 툴을 공개해주셔서 감사드립니다.
설치해서 테스트해보고 있는데요.... 아래의 이슈가 있어서 문의 드립니다.
암호화된 파일 확장자가 php 인 경우 오류
(암호화된)test.php.screw 파일을 test.abc 로 변경해도 기존 (원본)test.php 파일 기능 정상작동
즉, 확장자가 php 가 아닌 경우는 암호화된 파일이 원본 파일 기능을 정상적으로 수행합니다.
본 Tool 을 사용해서 특정(중요) 파일을 암호화해서 타인에게 제공한 경우 만약, 암호화된 파일 확장자가 php 가 아닌 다른 확장자라면 암호화되었다는 지표가 되어 타인의 복호화 의도를 도울 수 있을 것으로
판단됩니다.
즉, 암호화된 파일과 일반 파일을 확장자로 구분해줘야 하는 상황이 되어 본 Tool 의 기본의도를 훼손하는 게 아닌가 하는 생각이 듭니다.
이 이슈를 해결할 방법이 없는지 궁금합니다.
감사합니다.
Change version of master branch to 1.0.4
following arginfo constant support:
Do you also support php8.0?
please...
Can you make universal clii tool, which will ask for keybyte for decode and encode? So we can use one binary for all installations/customers?
If -k is not passed, then keybyte should be asked, so keybyte will not goes to .bash_history
안녕하세요.
make시 add_property_string 매크로에 오류가 발생 하여 문의 드립니다.
[컴파일 환경]
PHP 5.6.31 (cli) (built: Sep 25 2017 14:34:20)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with Zend Guard Loader v3.3, Copyright (c) 1998-2014, by Zend Technologies
with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2015, by Zend Technologies
with Suhosin v0.9.37.1, Copyright (c) 2007-2014, by SektionEins GmbH
[root@localhost:/usr/local/src/mod_screwim-master]# make
/bin/sh /usr/local/src/mod_screwim-master/libtool --mode=compile gcc -m64 -I. -I/usr/local/src/mod_screwim-master -DPHP_ATOM_INC -I/usr/local/src/mod_screwim-master/include -I/usr/local/src/mod_screwim-master/main -I/usr/local/src/mod_screwim-master -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -march=nocona -O2 -pipe -c /usr/local/src/mod_screwim-master/php_screwim.c -o php_screwim.lo
mkdir .libs
gcc -m64 -I. -I/usr/local/src/mod_screwim-master -DPHP_ATOM_INC -I/usr/local/src/mod_screwim-master/include -I/usr/local/src/mod_screwim-master/main -I/usr/local/src/mod_screwim-master -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -march=nocona -O2 -pipe -c /usr/local/src/mod_screwim-master/php_screwim.c -fPIC -DPIC -o .libs/php_screwim.o
/usr/local/src/mod_screwim-master/php_screwim.c:535:55: error: macro "add_property_string" requires 4 arguments, but only 3 given
/usr/local/src/mod_screwim-master/php_screwim.c: In function ‘zif_screwim_seed’:
/usr/local/src/mod_screwim-master/php_screwim.c:535: error: ‘add_property_string’ undeclared (first use in this function)
/usr/local/src/mod_screwim-master/php_screwim.c:535: error: (Each undeclared identifier is reported only once
/usr/local/src/mod_screwim-master/php_screwim.c:535: error: for each function it appears in.)
/usr/local/src/mod_screwim-master/php_screwim.c:536:53: error: macro "add_property_string" requires 4 arguments, but only 3 given
make: *** [php_screwim.lo] 오류 1
즐거운 시간 되세요.
hi is this ext support windows? i tried to build in windows but file config.w32 are missing.
thanks
no contents.
Using a php script to batch-encrypt the php code,report error “segmentation fault (core dumped)”.
Here is the php script:
$path='/home/PHPmi/phpmi.txt';
if(file_exists($path)){
$res=file_get_contents($path);
$arr=explode(',',$res);
foreach($arr as $k=>$v){
if($v){
$script=file_get_contents($v);
$encode=screwim_encrypt($script);
$result=file_put_contents($v,$encode);
if($result){
echo $v."--Successed !\n";
}else{
echo $v."--failed !\n";
}
}
}
echo count($arr)."Complete\n";
}
phpmi.txt is a file with the paths of php code's files.
Change version of master branch to 1.0.5
If the input value of screwim_decrypt is not encrypted, Integer orverflow occurs.
Warning: no Crypted data in /path/z.php on line 2
PHP Fatal error: Possible integer overflow in memory allocation (18446744073709551605 + 4096) in /path/z.php on line 2
Fatal error: Possible integer overflow in memory allocation (18446744073709551605 + 4096) in /path/z.php on line 2
<?php
$data = "11";
$val = screwim_decrypt ($data);
?>
Fatal error should not occur.
When a file is opened using include or require, the file_handle structure already has the file data in the handle.stream.mmap.buf member.
Therefore, if the value of file_handle-> type is ZEND_HANDLE_MAPPED, you do not need to reopen the encoded file, and you can use the value of file_handle-> handle.stream.mmap.buf.
This implementation can improve performance by allowing the file open to be made less once.
Segfault occurs in the screwim_compile_file API in the following cases:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.