Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74455 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 85792 invoked from network); 23 May 2014 13:52:58 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 May 2014 13:52:58 -0000 Authentication-Results: pb1.pair.com smtp.mail=nicolai.scheer@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=nicolai.scheer@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.52 as permitted sender) X-PHP-List-Original-Sender: nicolai.scheer@gmail.com X-Host-Fingerprint: 209.85.213.52 mail-yh0-f52.google.com Received: from [209.85.213.52] ([209.85.213.52:50479] helo=mail-yh0-f52.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 23/63-01753-9B25F735 for ; Fri, 23 May 2014 09:52:58 -0400 Received: by mail-yh0-f52.google.com with SMTP id z6so4221378yhz.25 for ; Fri, 23 May 2014 06:52:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=4ZN7F1DwHOIaDUR9deYQtslXMmqjN+0MF3pcwAB0B7c=; b=PUAGQhn9sFgH6HeqNv5V4k+Uj+faFRBLgL4zwN3EA8AzYdMnUQqXC+vt0A94Qtm7QF DrH+YjOoMLJSZSt6Dyd3UT5dFvHgj8iN+lEQDcWjnC6msHlun29c9tkqj2oV6K/iczxs UYmjxZETRPcc1GOtxOMd/D0e8NHMBf8ETmJtIGRTM9t39IYP6PxXM2NLHgzb4uVFsEh5 mebFjEAwAFXylm0roN42oFRDEsToLY5vXWDr2MBv8mWFLxpviKnnGhTGohBkJd7kVlst /3LIQaauAb7pt5xPZpMzVnj5t8I/oHIOQdebRPOuArTUpqutqP3w3OQ6vNblyDCic/jc oG/g== MIME-Version: 1.0 X-Received: by 10.236.125.69 with SMTP id y45mr7510077yhh.42.1400853175252; Fri, 23 May 2014 06:52:55 -0700 (PDT) Received: by 10.170.88.215 with HTTP; Fri, 23 May 2014 06:52:55 -0700 (PDT) In-Reply-To: References: <6048BA05-CC13-46DD-8439-9CB4EE29078B@ajf.me> <9EBA95A7-B9F7-41F0-AE2B-283260753E5A@googlemail.com> <537CBD67.4000008@lerdorf.com> Date: Fri, 23 May 2014 15:52:55 +0200 Message-ID: To: Derick Rethans Cc: Rasmus Lerdorf , Andrea Faulds , Kevin Ingwersen , PHP Internals Content-Type: multipart/alternative; boundary=20cf30363a8be4bbca04fa118b6b Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility From: nicolai.scheer@gmail.com (Nicolai Scheer) --20cf30363a8be4bbca04fa118b6b Content-Type: text/plain; charset=UTF-8 Hi! On 22 May 2014 00:53, Derick Rethans wrote: > On Wed, 21 May 2014, Nicolai Scheer wrote: > > > Do you have an example of a tool that can reverse opcodes to php code? > > Maybe I did not search for the right thing, I did not stumble upon any. > > It exists, there are tools. I might have seen code that does it. > > > I always thought the opcodes where kind of cryptic, at least a bit... I'm > > not longing for "true" protection. It's enough if the scripts can not be > > read and modified in an easy way. > > Yes, that is definitely possible. I actually have a working extension > for PHP 5.3 and 5.4 that stores encrypted opcodes. PHP 5.5 not yet > implemented. > That's very interesting. Guess you won't share the code? Maybe we can get a little more technical again... As I already said, the blenc extension would be a good start (just store encrypted php sources), at least for me to experiment with. Unfortunately it crashes php when used with opcache. To be more precise it seems to crash, when an included file is served from opcache's cache. I tried to do my own minimal extension for testing purposes. It justs overrides zend_compile_file, so it can read base64 encoded files. It boils down to: zend_op_array *my_compile(zend_file_handle *file_handle, int type TSRMLS_DC) { char *buf, *decoded_buf; size_t buf_size, decoded_buf_size = 0; zval *code; zend_op_array *opcode = NULL; zend_stream_fixup( file_handle, &buf, &buf_size ); if ( strncasecmp( buf, "BS64:", 5 ) == 0 ) { MAKE_STD_ZVAL(code); // just base64_decode the file... decoded_buf = php_base64_decode(buf+5, buf_size-5, &decoded_buf_size ); // cut filename TSRMLS_CC ); efree(decoded_buf); efree(code); } else { opcode = zend_compile_file_original( file_handle, type TSRMLS_CC ); } return opcode; } The "encoded" files just contain the string "BS64:" followed by the base64 encoded script. I tested this one on windows, 32bit, php 5.5.12, VC11 NTS using the shipped opcache extension using the php embedded webserver. The main file: