yakpro po
ve strftime as it is deprecated as of php 8.1
法語頁面
YAK Pro代表Y et A another Killer Product 。
免費、開源,根據 MIT 許可證發布。
該工具使用現有最好的php解析器PHP-Parser 4.x來解析php,這是nikic編寫的一個很棒的php解析函式庫。
您只需下載 zip 檔案並將其解壓縮到 PHP-Parser 子目錄下,或進行 git 複製...
yakpro-po 2.x works on PhpParser 4.x
it will run on php >= 7.0, obfuscating code for php 5.2 to php 7.3
If you are running php 5.3 or higher,
Please use unsupported [yakpro-po 1.x](https://github.com/pk-fr/yakpro-po/tree/1.x) which works on 1.x branch of PhpParser.
yakpro-po.cnf 自文件檔案包含許多設定選項!看看吧!
演示:yakpro-po 演示。
先決條件:php 7.0 或更高版本、PHP-Parser 4.x。
注意:該工具是為了混淆純 php 原始碼而編寫的。它不適合與 html 和嵌入的 php 一起使用(使用需要您自擔風險...您可以嘗試停用語句洗牌...)。您仍然可以使用 echo <<<END ... END; 在 php 中嵌入 html。句法!
當您有一個要分發的 php 專案時,由於 php 是一個腳本解釋器,因此您也分發了軟體的所有原始程式碼!
您可能會因為任何原因希望其他人不理解、修改或改編您的軟體。
由於你的軟體必須能夠被php 運作時理解,但又需要很難被人類理解,因此混淆是實現這一目標的一個很好的方法。
刪除所有註解、縮排,並產生單行程式檔案。
透過用if goto語句取代if、else、elseif、for、while、do while 來混淆它們。
混淆字串文字。
打亂名稱:
洗牌聲明。
遞歸地混淆項目的目錄。
Makefile 類似基於時間戳記的機制,僅重新混淆自上次混淆以來更改的檔案。
許多配置選項可讓您完全控制專案中混淆的內容!
我開始測試一些已經存在的 php 混淆工具,但我沒有找到一個可以滿足我所有需求的工具。我想要一個簡單的命令列工具,基於高度可自訂的配置文件,它能夠:
於是我開始寫這個工具。 1.0版本已經在幾天內完成...
Note: This setup is also valid for Windows 10 Anniversary with bash installed...
1. Prerequisites: git and php-cli (command line interface) packages.
on ubuntu: (adapt according your linux distribution)
# apt install git
# apt install php-cli
do not forget to install all other php modules that you are using within your software:
for example: apt install php-mysql if you are using mysql...
2. Navigate to the directory where you want to install yakpro-po (/usr/local is a good idea):
# cd /usr/local
3. Then retrieve from GitHub:
# git clone https://github.com/pk-fr/yakpro-po.git
4. Go to the yakpro-po directory:
# cd yakpro-po
5. Then retrieve from GitHub:
# git clone https://github.com/nikic/PHP-Parser.git --branch 4.x
6. Check that yakpro-po.php has execute rights, otherwise:
# chmod a+x yakpro-po.php
7. Create a symbolic link in the /usr/local/bin directory
# cd /usr/local/bin
# ln -s /usr/local/yakpro-po/yakpro-po.php yakpro-po
8. You can now run yakpro-po
# yakpro-po --help
# yakpro-po test.php
Modify a copy of the yakpro-po.cnf to fit your needs...
Read the "Configuration file loading algorithm" section of this document
to choose the best location suiting your needs!
That's it! You're done!
yakpro-po根據設定檔進行混淆! (請參閱設定檔載入演算法)
yakpro-po source_filename將程式碼混淆到標準輸出
yakpro-po source_filename -o target_filename將程式碼混淆為 target_filename
yakpro-po source_directory -o target_directory遞歸地將程式碼混淆到 target_directory/yakpro-po (如果它不存在,則建立它)。
yakpro-po --config-file config_file_path根據config_file_path。
yakpro-po --clean要求 target_directory 存在於您的設定檔中!遞歸刪除target_directory/yakpro-po
(使用第一個找到的)
--config-file argument value
YAKPRO_PO_CONFIG_FILE environment variable value if existing and not empty.
filename selection:
YAKPRO_PO_CONFIG_FILENAME environment variable value if existing and not empty,
yakpro-po.cnf otherwise.
file is then searched in the following directories:
YAKPRO_PO_CONFIG_DIRECTORY environment variable value if existing and not empty.
current_working_directory
current_working_directory/config
home_directory
home_directory/config
/usr/local/YAK/yakpro-po
source_code_directory/default_conf_filename
if no config file is found, default values are used.
You can find the default config file as an example in the yakpro-po.cnf file of the
repository.
Do not modify it directly because it will be overwritten at each update!
Use your own yakpro-po.cnf file (for example in the root directory of your project)
When working on directories,
context is saved in order to reuse the same obfuscation translation table.
When you make some changes in one or several source files,
yakpro-po uses timestamps to only reobfuscate files that were changed
since the last obfuscation.
This can save you a lot of time.
caveats: does not delete files that are no more present...
use --clean command line parameter, and then re-obfuscate all!
(覆蓋設定檔設定)
--silent do not display Information level messages.
--debug (internal debugging use) displays the syntax tree.
-s or
--no-strip-indentation multi line output
--strip-indentation single line output
--no-shuffle-statements do not shuffle statements
--shuffle-statements shuffle statements
--no-obfuscate-string-literal do not obfuscate string literals
--obfuscate-string-literal obfuscate string literals
--no-obfuscate-loop-statement do not obfuscate loop statements
--obfuscate-loop-statement obfuscate loop statements
--no-obfuscate-if-statement do not obfuscate if statements
--obfuscate-if-statement obfuscate if statements
--no-obfuscate-constant-name do not obfuscate constant names
--obfuscate-constant-name obfuscate constant names
--no-obfuscate-variable-name do not obfuscate variable names
--obfuscate-variable-name obfuscate variable names
--no-obfuscate-function-name do not obfuscate function names
--obfuscate-function-name obfuscate function names
--no-obfuscate-class_constant-name do not obfuscate class constant names
--obfuscate-class_constant-name obfuscate class constant names
--no-obfuscate-class-name do not obfuscate class names
--obfuscate-class-name obfuscate class names
--no-obfuscate-interface-name do not obfuscate interface names
--obfuscate-interface-name obfuscate interface names
--no-obfuscate-trait-name do not obfuscate trait names
--obfuscate-trait-name obfuscate trait names
--no-obfuscate-property-name do not obfuscate property names
--obfuscate-property-name obfuscate property names
--no-obfuscate-method-name do not obfuscate method names
--obfuscate-method-name obfuscate method names
--no-obfuscate-namespace-name do not obfuscate namespace names
--obfuscate-namespace-name obfuscate namespace names
--no-obfuscate-label-name do not obfuscate label names
--obfuscate-label-name obfuscate label names
--scramble-mode identifier|hexa|numeric force scramble mode
--scramble-length length ( min=2; max = 16 for scramble_mode=identifier,
max = 32 for scramble_mode = hexa or numeric)
--whatis scrambled_name retrieves original symbol from obfuscation context.
(usefull for debugging your code when you give away
obfuscated code, and keep the same obfuscation context).
Tip: do not include the $ symbol, or use $ because
$ has special meaning in shell.
-h or
--help displays help.
If your obfuscated software makes use of external libraries
that you do not obfuscate along with your software:
if the library consists of functions:
set the $conf->obfuscate_function_name to false in your yakpro-po.cnf config file,
or declare all the functions names you are using in $conf->t_ignore_functions
example : $conf->t_ignore_functions = array('my_func1','my_func2');
if the library consists of classes :
set the $conf->obfuscate_class_name,
$conf->obfuscate_property_name,
$conf->obfuscate_method_name
to false in your yakpro-po.cnf config file...
... or declare all the classes, properties, methods names you are using in
$conf->t_ignore_classes,
$conf->t_ignore_properties,
$conf->t_ignore_methods.
This is also true for PDO::FETCH_OBJ that retrieves properties from external source
(i.e. database columns).
At first you can test obfuscating only variable names...
If you obfuscate functions, do not use indirect function calls like
$my_var = 'my_function';
$my_var();
or put all the function names you call indirectly in the $conf->t_ignore_functions array!
Do not use indirect variable names!
$$my_var = something;
or put all the variable names you use indirectly in the $conf->t_ignore_variables array!
Do not use PDO::FETCH_OBJ but use PDO::FETCH_ASSOC instead!
or disable properties obfuscation in the config file.
If you use the define function for defining constants, the only allowed form is when the
define function has exactly 2 arguments, and the first one is a litteral string!
You MUST disable constants obfuscation in the config file, if you use any other forms
of the define function!
There is no problem with the const MY_CONST = something; form!
Except for the statements shuffling obfuscation option,
the obfuscated program speed is almost the same than the original one.
$conf->shuffle_stmts is set to true by default.
If you encounter performance issues, you can either set the option to false,
or fine tune the shuffle parameters with the associated options.
You must know that the lesser the chunk size, the better the obfuscation,
and the lower your software performance!
(during my own tests, the maximum of obfuscation costs me about 13% of performance)
You can tune it as you wish!
分段錯誤
opcache crashes on Ubuntu 21.10 - php 8.0.8 (segfault) both within apache2 and cli when
shuffle-statements is turned on for big files
works perfectly with newer versions of php (8.0.16 8.1 )
seperation-fault 報告了問題 #75,當混淆專案中的許多大型檔案時,php 的垃圾收集器中可能會出現分段錯誤:
Trying to obfuscate ~5000 PHP files of ~1000 lines each, yakpro-po stopped after processing ~1600 files
with a simple (and frustrating) Segmentation fault
Workaround:
There is a stack overflow in garbage collector. The solution is to increase limit for stack.
To see your current limit, type
ulimit -s
I had 8192 - for a task of this size obviously totally undersized...
Change this to something more appropriate, say
ulimit -s 102400
and retry - the segmentation fault is gone! :-)
