Encrypt php by base64

Forum Moderators: coopster

Message Too Old, No Replies

Encrypt php by base64

sdlas

8:42 am on Dec 13, 2008 (gmt 0)

HI Guys
i always was encrypting my scripts
with base64 and use the eval() and base64_decode() to execute the script
but this method is really can't secure your sopy rights cuz any one can encrypt the base64
so i searched and googled a lil bit and found out that there is a way
to encrypt php with base64 but with a hash
so can you tell me how ?
or is there any way of encrypting my php script that's doesn't need any thing to be installed on the server (like the Zend Module)
i hope i didn't bore you :D
and I hope 2 get an answer
thnx in advance
c ya

sdlas

3:08 pm on Dec 13, 2008 (gmt 0)

well is there any way to encrypt php without installing any thing on the server ?

henry0

4:52 pm on Dec 13, 2008 (gmt 0)

sdlas, Welcome to WebmasterWorld!

you can use something like

$encription = md5(base64_encode($str));

Lord Majestic

5:24 pm on Dec 13, 2008 (gmt 0)

base64 is encoding, not encryption.

hashing won't help you since it is one way - you can't easily de-hash it back.

You need something like Zend Module to achieve what you want.

henry0

5:59 pm on Dec 13, 2008 (gmt 0)

agreed, "encription" is only a 50% valid term :)
BUT hash is also called one way encription!

Lord Majestic

6:08 pm on Dec 13, 2008 (gmt 0)

BUT hash is also called one way encription!

No, it's not encryption even though good hashes often use cryptographical techniques. What you want to achieve requires 100% decryption of your code, hashes won't work here.

henry0

7:05 pm on Dec 13, 2008 (gmt 0)

to encrypt php with base64 but with a hash

We know it may not be "decoded"
but it answers the question
even if useless :)

Lord Majestic

7:08 pm on Dec 13, 2008 (gmt 0)

I don't think it answers his question, at least the way I read it:

or is there any way of encrypting my php script that's doesn't need any thing to be installed on the server (like the Zend Module)

I think OP clearly wants to keep his source code in secret and thus wants to encrypt it, but it will still need to be executed - calculating MD5 hash of his source code won't help achieve this objective. :)

sdlas

8:22 pm on Dec 13, 2008 (gmt 0)

well thnx guys for your reply
and sorry for my missunderstanding of the terms
but i know how it is hard to decrypt a md5 hash (cuz i usually have endless strugles with md5 :D)
and way i have to show you this script -though i don't want to cuz u may see it like ann ad- and i wanted to know what the method that was used to encode it and is there an easy way to decode it the script in the next reply

[edited by: coopster at 2:25 pm (utc) on Dec. 17, 2008]
[edit reason] removed specifics [/edit]

sdlas

8:31 pm on Dec 13, 2008 (gmt 0)

please Take a look at the last line
there is eval(base64_decode(
so is that base64 ?
i am just confused
c ya guys and sorry for troubling u

[edited by: eelixduppy at 9:09 pm (utc) on Dec. 13, 2008]
[edit reason] no URIs please [/edit]

Lord Majestic

8:38 pm on Dec 13, 2008 (gmt 0)

base64 is encoding, one could say it is encryption without password. It's trivial to "decrypt" such "protected" PHP source files, it will just give you totally false sense of security, might as well not bother "encrypting" it using base64.

sdlas

8:47 pm on Dec 13, 2008 (gmt 0)

well man did u saw the script i posted
do u know how did the made it ?
can i decode it ? and how do i encode my php script the same way ?
i hope i am not bothering u with my questions

Lord Majestic

8:49 pm on Dec 13, 2008 (gmt 0)

It's difficult for me to read what you say - you need to make an effort when you write posts and avoid stuff like "u" etc.

sdlas

8:54 pm on Dec 13, 2008 (gmt 0)

I am so sorry
u=you ,2=To , cuz =because ,thnx=Thanks ,c=See ,ya=You :D=big smile
i really need to know how this script is encoded

[edited by: eelixduppy at 9:10 pm (utc) on Dec. 13, 2008]
[edit reason] removed URI [/edit]

sdlas

4:12 am on Dec 14, 2008 (gmt 0)

so any one can help me please ?

janharders

12:31 am on Dec 16, 2008 (gmt 0)

don't post urls, they'll just get removed by a moderator. post a _small_ excerpt of the encryption you see - or just read the install-docs the script you've got comes with. if it's secure, it'll probably need some extra software to be installed on your server or it's not (pure) php.

there is no way to really encrypt a php-script without using zend or similar addons. you can obfuscate your script all you want, though. have it run 5000 base64-encodings and loop them back, remove all the extra white space etc. no sane person will want to touch your code then and the insane ones are not the ones to worry about. or: switch to perl, no one can read perl anyway ;)

sdlas

3:49 pm on Dec 16, 2008 (gmt 0)

thnx man
well i used php obfuscater and a programe called PHP Lockit!
and with that combination it really rocks :D
and about perl well it is a nice and easy programing lang. and it is really not that complicated to read ;D
so thnx man

sdlas

3:56 pm on Dec 16, 2008 (gmt 0)

<?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=5552;eval((base64_decode('<snipped encoded PHP code>')));return;?>

<snipped encoded file contents>

[edited by: coopster at 2:17 pm (utc) on Dec. 17, 2008]
[edit reason] evaluated code contains executable mailer and personal details [/edit]

sdlas

3:57 pm on Dec 16, 2008 (gmt 0)

that was the script and it is a small mailer that i done
please try to decode it
and if some one can decode it tell me here
thnx again

coopster

2:24 pm on Dec 17, 2008 (gmt 0)

It was very easy to decode as it is was encoded using basic base64 encoding with predefined stops -- note the number 5552 in the preset variable. To decode it was just reading up to a certain point in the file and strtr [php.net] with predefined to/from pairs, that could either be static or could have been created on the fly when it was first encoded.

sdlas

2:58 pm on Dec 17, 2008 (gmt 0)

woo0o man
thx for decoding the code
and i am really sorry for the misunderstanding
and i hope i can be useful for Ur forum in the futur
thnx again guys