Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:74455
Return-Path: <nicolai.scheer@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 85792 invoked from network); 23 May 2014 13:52:58 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 May 2014 13:52:58 -0000
Authentication-Results: pb1.pair.com smtp.mail=nicolai.scheer@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=nicolai.scheer@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.52 as permitted sender)
X-PHP-List-Original-Sender: nicolai.scheer@gmail.com
X-Host-Fingerprint: 209.85.213.52 mail-yh0-f52.google.com  
Received: from [209.85.213.52] ([209.85.213.52:50479] helo=mail-yh0-f52.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 23/63-01753-9B25F735 for <internals@lists.php.net>; Fri, 23 May 2014 09:52:58 -0400
Received: by mail-yh0-f52.google.com with SMTP id z6so4221378yhz.25
        for <internals@lists.php.net>; Fri, 23 May 2014 06:52:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=4ZN7F1DwHOIaDUR9deYQtslXMmqjN+0MF3pcwAB0B7c=;
        b=PUAGQhn9sFgH6HeqNv5V4k+Uj+faFRBLgL4zwN3EA8AzYdMnUQqXC+vt0A94Qtm7QF
         DrH+YjOoMLJSZSt6Dyd3UT5dFvHgj8iN+lEQDcWjnC6msHlun29c9tkqj2oV6K/iczxs
         UYmjxZETRPcc1GOtxOMd/D0e8NHMBf8ETmJtIGRTM9t39IYP6PxXM2NLHgzb4uVFsEh5
         mebFjEAwAFXylm0roN42oFRDEsToLY5vXWDr2MBv8mWFLxpviKnnGhTGohBkJd7kVlst
         /3LIQaauAb7pt5xPZpMzVnj5t8I/oHIOQdebRPOuArTUpqutqP3w3OQ6vNblyDCic/jc
         oG/g==
MIME-Version: 1.0
X-Received: by 10.236.125.69 with SMTP id y45mr7510077yhh.42.1400853175252;
 Fri, 23 May 2014 06:52:55 -0700 (PDT)
Received: by 10.170.88.215 with HTTP; Fri, 23 May 2014 06:52:55 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.10.1405211750000.4404@whisky.home.derickrethans.nl>
References: <CAOg_pRQxKsJPgFaZ6_y7Rf1i4Bfkbx+FhCxuBtE9PWu58uOfOQ@mail.gmail.com>
	<6048BA05-CC13-46DD-8439-9CB4EE29078B@ajf.me>
	<9EBA95A7-B9F7-41F0-AE2B-283260753E5A@googlemail.com>
	<B58A4DF4-52FE-41D9-896C-5396DDC7CB8B@ajf.me>
	<CAOg_pRSmVdw1Y9g-RrW8dBNSpBZVHavJQzSGUCjZu5wXhuUMCQ@mail.gmail.com>
	<537CBD67.4000008@lerdorf.com>
	<CAOg_pRTvbaVmDdLhmEOi5g1BJ_KgQnJffrXcY_0b4XosLgBTWA@mail.gmail.com>
	<alpine.DEB.2.10.1405211750000.4404@whisky.home.derickrethans.nl>
Date: Fri, 23 May 2014 15:52:55 +0200
Message-ID: <CAOg_pRTy_51aC5U+KzHnc0n96tMHNNUZOM7P0uee90hrpguJLQ@mail.gmail.com>
To: Derick Rethans <derick@php.net>
Cc: Rasmus Lerdorf <rasmus@lerdorf.com>, Andrea Faulds <ajf@ajf.me>, 
	Kevin Ingwersen <ingwie2000@googlemail.com>, PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=20cf30363a8be4bbca04fa118b6b
Subject: Re: [PHP-DEV] encode php scripts with opcache compatibility
From: nicolai.scheer@gmail.com (Nicolai Scheer)

--20cf30363a8be4bbca04fa118b6b
Content-Type: text/plain; charset=UTF-8

Hi!

On 22 May 2014 00:53, Derick Rethans <derick@php.net> wrote:

> On Wed, 21 May 2014, Nicolai Scheer wrote:
>
> > Do you have an example of a tool that can reverse opcodes to php code?
> > Maybe I did not search for the right thing, I did not stumble upon any.
>
> It exists, there are tools. I might have seen code that does it.
>
> > I always thought the opcodes where kind of cryptic, at least a bit... I'm
> > not longing for "true" protection. It's enough if the scripts can not be
> > read and modified in an easy way.
>
> Yes, that is definitely possible. I actually have a working extension
> for PHP 5.3 and 5.4 that stores encrypted opcodes. PHP 5.5 not yet
> implemented.
>

That's very interesting. Guess you won't share the code?

Maybe we can get a little more technical again... As I already said, the
blenc extension would be a good start (just store encrypted php sources),
at least for me to experiment with. Unfortunately it crashes php when used
with opcache. To be more precise it seems to crash, when an included file
is served from opcache's cache.

I tried to do my own minimal extension for testing purposes. It justs
overrides zend_compile_file, so it can read base64 encoded files.

It boils down to:

zend_op_array *my_compile(zend_file_handle *file_handle, int type TSRMLS_DC)
{
    char *buf, *decoded_buf;
    size_t buf_size, decoded_buf_size = 0;
    zval *code;
    zend_op_array *opcode = NULL;

    zend_stream_fixup( file_handle, &buf, &buf_size  );

    if ( strncasecmp( buf, "BS64:", 5 ) == 0 )
    {
        MAKE_STD_ZVAL(code);

        // just base64_decode the file...
        decoded_buf = php_base64_decode(buf+5, buf_size-5,
&decoded_buf_size );

        // cut <?php...
        ZVAL_STRINGL( code, decoded_buf+5, decoded_buf_size-5, TRUE );

        opcode = zend_compile_string( code, (char*)file_handle->filename
TSRMLS_CC );

        efree(decoded_buf);
        efree(code);
    }
    else
    {
        opcode = zend_compile_file_original( file_handle, type TSRMLS_CC );
    }

    return opcode;
}

The "encoded" files just contain the string "BS64:" followed by the base64
encoded script.

I tested this one on windows, 32bit, php 5.5.12, VC11 NTS using the shipped
opcache extension using the php embedded webserver.

The main file:

<?php

echo "hello world - me\n";
require_once __DIR__ . '/class_1.php';
#echo "stuff?";


The "encoded" file class_1.php:

BS64:PD9waHANCg0KY2xhc3MgY2xhc3NfMQ0Kew0KCXB1YmxpYyBmdW5jdGlvbiBfX2NvbnN0cnVjdCgpDQoJew0KCQllY2hvICJjcmVhdGVkIG9iamVjdCBmcm9tIGNsYXNzIDFcbiI7DQoJfQ0KDQp9DQo=

If I run this once (php started via php -S localhost:8000) it works fine. I
added a lot of debug comments to the opcache code ensuring it runs through
the methods I expect.
If I run this twice, everything is still ok. Now, if I just uncomment the
"echo stuff" in the main script and run it again, php crashes.

That's the very same behaviour I get with blenc. I don't know why it is
crashing. I had an intermediate example where it crashed everytime I used
an included encoded script, but I can not reproduce this again.

It seems, as if the opcode returned from zend_compile_string differs from
the usual zend_compile and this crashes the engine when this opcode is
executed again (fetched from opache). Also, there are memory leaks reported
for the function above (zend_opcode.c and plain_wrapper.c), maybe I'm just
doing it wrong?

Any insight is very appreciated. I know this approach is stupid simple, but
I'm just trying to figure out which way I could proceed and how stuff works
down there.

Thanks for any help!

Greetings

Nico

--20cf30363a8be4bbca04fa118b6b--