通过
搜索
搜索pmdunggh / yakpro-po
YAK Pro - Php Obfuscator:基于pk-fr/yakpro-po的分支,为Ohke框架进行了定制
1.0.7
2023-07-07 03:33 UTC
Requires
- php: >=7.0
- nikic/php-parser: ^4.0
This package is not auto-updated.
Last update: 2024-09-27 09:16:29 UTC
README
YAK Pro - Php Obfuscator
YAK Pro代表Yet Another Killer Product.
免费、开源、MIT许可下发布。
此工具使用最佳现有的php解析器PHP-Parser 4.x解析php,这是一个由nikic编写的出色的php解析库。
您只需下载zip存档,并将其解压缩到PHP-Parser子目录下,或进行git clone...
警告
yakpro-po 2.x works on PhpParser 4.x
it will run on php >= 7.0, obfuscating code for php 5.2 to php 7.3
If you are running php 5.3 or higher,
Please use unsupported [yakpro-po 1.x](https://github.com/pk-fr/yakpro-po/tree/1.x) which works on 1.x branch of PhpParser.
yakpro-po.cnf自述文件包含许多配置选项!请查看!
演示:yakpro-po 演示。
先决条件:php 7.0或更高版本,PHP-Parser 4.x。
注意:此工具是为了混淆纯php源代码而编写的。它不打算与html和嵌入的php一起使用(自行承担风险...您可以尝试禁用语句打乱...)。您仍然可以使用echo <<<END ... END;语法在php中嵌入html!
什么是Php混淆?
当您有一个想要分发的php项目时,由于php是一个脚本解释器,您也分发您软件的所有源代码!
您可能出于任何原因,希望其他人无法理解、修改或修改您的软件。
由于您的软件必须由php运行时理解,但需要非常难以由人类理解,因此混淆是实现此目标的一种非常好的方式。
YAK Pro - Php Obfuscator混淆主要功能
-
删除所有注释、缩进,并生成一个单行程序文件。
-
通过替换为if goto语句来混淆if、else、elseif、for、while、do while。
-
混淆字符串字面量。
-
混淆
- 变量、函数、常量。
- 类、接口、特性。
- 属性、方法。
- 命名空间。
- 标签。
-
打乱语句。
-
递归地混淆项目的目录。
-
类似于Makefile的时间戳机制,仅重新混淆自上次混淆以来已更改的文件。
-
许多配置选项,让您可以完全控制项目中的混淆内容!
为什么还需要另一个Php混淆器?
我开始测试一些现有的php混淆工具,但没有找到适合我所有需求的一个。我需要一个简单的命令行工具,基于高度可定制的配置文件,能够做到:
- 快速,并且根据文件的时间戳仅重新混淆已更改的文件。
- 保留一些文件和/或目录不进行混淆。
- 不包含在混淆目标中,一些在源项目中存在的文件/目录。
- 接受不混淆的名称列表和/或名称前缀。
因此,我开始编写这个工具。1.0版本在短短几天内就完成了...
设置
Note: This setup is also valid for Windows 10 Anniversary with bash installed...
1. Prerequisites: git and php-cli (command line interface) packages.
on ubuntu: (adapt according your linux distribution)
# apt install git
# apt install php-cli
do not forget to install all other php modules that you are using within your software:
for example: apt install php-mysql if you are using mysql...
2. Navigate to the directory where you want to install yakpro-po (/usr/local is a good idea):
# cd /usr/local
3. Then retrieve from GitHub:
# git clone https://github.com/pk-fr/yakpro-po.git
4. Go to the yakpro-po directory:
# cd yakpro-po
5. Then retrieve from GitHub:
# git clone https://github.com/nikic/PHP-Parser.git
6. Check that yakpro-po.php has execute rights, otherwise:
# chmod a+x yakpro-po.php
7. Create a symbolic link in the /usr/local/bin directory
# cd /usr/local/bin
# ln -s /usr/local/yakpro-po/yakpro-po.php yakpro-po
8. You can now run yakpro-po
# yakpro-po --help
# yakpro-po test.php
Modify a copy of the yakpro-po.cnf to fit your needs...
Read the "Configuration file loading algorithm" section of this document
to choose the best location suiting your needs!
That's it! You're done!
用法
yakpro-po根据配置文件进行混淆!(请参阅配置文件加载算法)
yakpro-po source_filename将代码混淆到stdout
yakpro-po source_filename -o target_filename将代码混淆到目标文件名
yakpro-po source_directory -o target_directory 递归地将代码混淆到 target_directory/yakpro-po 中(如果不存在,则创建)。
yakpro-po --config-file config_file_path 根据 config_file_path。
yakpro-po --clean 需要target_directory出现在您的配置文件中!递归删除 target_directory/yakpro-po。
配置文件加载算法
(第一个找到的将被使用)
--config-file argument value
YAKPRO_PO_CONFIG_FILE environment variable value if existing and not empty.
filename selection:
YAKPRO_PO_CONFIG_FILENAME environment variable value if existing and not empty,
yakpro-po.cnf otherwise.
file is then searched in the following directories:
YAKPRO_PO_CONFIG_DIRECTORY environment variable value if existing and not empty.
current_working_directory
current_working_directory/config
home_directory
home_directory/config
/usr/local/YAK/yakpro-po
source_code_directory/default_conf_filename
if no config file is found, default values are used.
You can find the default config file as an example in the yakpro-po.cnf file of the
repository.
Do not modify it directly because it will be overwritten at each update!
Use your own yakpro-po.cnf file (for example in the root directory of your project)
When working on directories,
context is saved in order to reuse the same obfuscation translation table.
When you make some changes in one or several source files,
yakpro-po uses timestamps to only reobfuscate files that were changed
since the last obfuscation.
This can save you a lot of time.
caveats: does not delete files that are no more present...
use --clean command line parameter, and then re-obfuscate all!
其他命令行选项
(覆盖配置文件设置)
--silent do not display Information level messages.
--debug (internal debugging use) displays the syntax tree.
-s or
--no-strip-indentation multi line output
--strip-indentation single line output
-sp <source-path> Path for the source file or source directory
--source-path <source-path> Path for the source file or source directory
--context <context-path> Path for context directory
--no-shuffle-statements do not shuffle statements
--shuffle-statements shuffle statements
--no-obfuscate-string-literal do not obfuscate string literals
--obfuscate-string-literal obfuscate string literals
--no-obfuscate-loop-statement do not obfuscate loop statements
--obfuscate-loop-statement obfuscate loop statements
--no-obfuscate-if-statement do not obfuscate if statements
--obfuscate-if-statement obfuscate if statements
--no-obfuscate-constant-name do not obfuscate constant names
--obfuscate-constant-name obfuscate constant names
--no-obfuscate-variable-name do not obfuscate variable names
--obfuscate-variable-name obfuscate variable names
--no-obfuscate-function-name do not obfuscate function names
--obfuscate-function-name obfuscate function names
--no-obfuscate-class_constant-name do not obfuscate class constant names
--obfuscate-class_constant-name obfuscate class constant names
--no-obfuscate-class-name do not obfuscate class names
--obfuscate-class-name obfuscate class names
--no-obfuscate-interface-name do not obfuscate interface names
--obfuscate-interface-name obfuscate interface names
--no-obfuscate-trait-name do not obfuscate trait names
--obfuscate-trait-name obfuscate trait names
--no-obfuscate-property-name do not obfuscate property names
--obfuscate-property-name obfuscate property names
--no-obfuscate-method-name do not obfuscate method names
--obfuscate-method-name obfuscate method names
--no-obfuscate-namespace-name do not obfuscate namespace names
--obfuscate-namespace-name obfuscate namespace names
--no-obfuscate-label-name do not obfuscate label names
--obfuscate-label-name obfuscate label names
--scramble-mode identifier|hexa|numeric force scramble mode
--scramble-length length ( min=2; max = 16 for scramble_mode=identifier,
max = 32 for scramble_mode = hexa or numeric)
--whatis scrambled_name retrieves original symbol from obfuscation context.
(usefull for debugging your code when you give away
obfuscated code, and keep the same obfuscation context).
Tip: do not include the $ symbol, or use \$ because
$ has special meaning in shell.
-h or
--help displays help.
您必须注意以下事项
If your obfuscated software makes use of external libraries
that you do not obfuscate along with your software:
if the library consists of functions:
set the $conf->obfuscate_function_name to false in your yakpro-po.cnf config file,
or declare all the functions names you are using in $conf->t_ignore_functions
example : $conf->t_ignore_functions = array('my_func1','my_func2');
if the library consists of classes :
set the $conf->obfuscate_class_name,
$conf->obfuscate_property_name,
$conf->obfuscate_method_name
to false in your yakpro-po.cnf config file...
... or declare all the classes, properties, methods names you are using in
$conf->t_ignore_classes,
$conf->t_ignore_properties,
$conf->t_ignore_methods.
This is also true for PDO::FETCH_OBJ that retrieves properties from external source
(i.e. database columns).
准备您的软件以运行混淆的提示
At first you can test obfuscating only variable names...
If you obfuscate functions, do not use indirect function calls like
$my_var = 'my_function';
$my_var();
or put all the function names you call indirectly in the $conf->t_ignore_functions array!
Do not use indirect variable names!
$$my_var = something;
or put all the variable names you use indirectly in the $conf->t_ignore_variables array!
Do not use PDO::FETCH_OBJ but use PDO::FETCH_ASSOC instead!
or disable properties obfuscation in the config file.
If you use the define function for defining constants, the only allowed form is when the
define function has exactly 2 arguments, and the first one is a litteral string!
You MUST disable constants obfuscation in the config file, if you use any other forms
of the define function!
There is no problem with the const MY_CONST = something; form!
性能考虑
Except for the statements shuffling obfuscation option,
the obfuscated program speed is almost the same than the original one.
$conf->shuffle_stmts is set to true by default.
If you encounter performance issues, you can either set the option to false,
or fine tune the shuffle parameters with the associated options.
You must know that the lesser the chunk size, the better the obfuscation,
and the lower your software performance!
(during my own tests, the maximum of obfuscation costs me about 13% of performance)
You can tune it as you wish!
已知问题
sedimentation-fault 报告了在项目中对大量大文件进行混淆时,PHP的垃圾回收器可能会出现段错误的问题 #75。
Trying to obfuscate ~5000 PHP files of ~1000 lines each, yakpro-po stopped after processing ~1600 files
with a simple (and frustrating) Segmentation fault
Workaround:
There is a stack overflow in garbage collector. The solution is to increase limit for stack.
To see your current limit, type
ulimit -s
I had 8192 - for a task of this size obviously totally undersized...
Change this to something more appropriate, say
ulimit -s 102400
and retry - the segmentation fault is gone! :-)