A PHP code obfuscator implemented in java as a proof of concept

README.md

This is a PHP code obfuscator.

It is pretty plain and it's purpose is to demonstrate how a PHP obfuscator works in practice.

==Usage==

java -jar Coolphpobfuscator.jar phpfilename.php

The output will be printed in the standard output.

code.php

<?php

/**
* Better use arrays by reference
* http://php.net/manual/en/language.references.php
*
*/

$input = "this is my sample which is sorted and simple";

echo "Input: ".$input."<br/>";

foreach(explode(" ",$input) as $in)
{	
	if(isset($firstarray[strlen($in)][$in]))
		$firstarray[strlen($in)][$in]++;
	else
		$firstarray[strlen($in)][$in] = 1;
}

ksort($firstarray);
foreach($firstarray as &$secarray)
{
	ksort($secarray);
}
print_r($firstarray);

?>

Coolphpobfuscator.java

package coolphpobfuscator;

import java.io.File;
import java.io.FileNotFoundException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Scanner;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 *
 * @author periklis master_ex ntanasis - [email protected]
 */
public class Coolphpobfuscator {

    // found here: http://snippets.dzone.com/posts/show/3686
    public static String md5(String s) throws Exception {
        MessageDigest m = MessageDigest.getInstance("MD5");
        m.update(s.getBytes(), 0, s.length());
        return new BigInteger(1, m.digest()).toString(16);
    }

    public static void main(String[] args) throws FileNotFoundException, NoSuchAlgorithmException, Exception {
        if (args.length == 0) {
            System.err.println("Arguments are missing");
            System.exit(1);
        }

        File input = new File(args[0]);
        Scanner in = new Scanner(input);

        String code = "";

        while (in.hasNext()) {
            code += in.nextLine() + "\n";
        }

        /**
         * Here we'll start erasing and altering stuff
         */        
        code = code.replaceAll("\t", "");        // not tabs
        code = code.replaceAll("\n+", " ");        // not line breaks
        code = code.replaceAll("/\\*.*\\*/", " ");  // remove the comments        
        code = code.replaceAll(" *; *", ";");  // remove spaces after ;      
        code = code.replaceAll(" *[{] *", "{"); 
        code = code.replaceAll(" *[}] *", "}");  
        code = code.replaceAll(" *[=] *", "=");  
        code = code.replaceAll(" *[<] *", "<");  
        code = code.replaceAll(" *[>] *", ">");  
        code = code.replaceAll(" *[(] *", "(");  
        code = code.replaceAll(" *[)] *", ")");  
        code = code.replaceAll(" *[,] *", ","); 
        code = code.replaceAll(" +", " "); 

        Pattern MY_PATTERN = Pattern.compile("\\$(\\w|\\d)+");  // match variable names
        Matcher m = MY_PATTERN.matcher(code);

        ArrayList<String> variables = new ArrayList();

        // place every variable name in an array
        int index = 0;
        while (m.find(index)) {
            if (!variables.contains(m.group())) {
                variables.add(m.group());
            }
            index = m.end();
        }

        // rename the variables with their md5hash (with a leading a infront to
        // ensure that their name will start with letter)
        Iterator<String> itr = variables.iterator();
        while (itr.hasNext()) {
            String variablename = itr.next();
            code = code.replaceAll("\\" + variablename, "\\$a" + Coolphpobfuscator.md5(variablename));
        }

        // Print the code after the changes
        System.out.println(code);

    }
}

output.php

<?php $a6c6f2ffa347ef13815db0c336428e5a1="this is my sample which is sorted and simple";echo "Input: ".$a6c6f2ffa347ef13815db0c336428e5a1."<br/>";foreach(explode(" ",$a6c6f2ffa347ef13815db0c336428e5a1)as $a679baf73baafa7c9f0ada0622c739c32){if(isset($ad490419709e2e8f3f8176b1dd07bb281[strlen($a679baf73baafa7c9f0ada0622c739c32)][$a679baf73baafa7c9f0ada0622c739c32]))$ad490419709e2e8f3f8176b1dd07bb281[strlen($a679baf73baafa7c9f0ada0622c739c32)][$a679baf73baafa7c9f0ada0622c739c32]++;else $ad490419709e2e8f3f8176b1dd07bb281[strlen($a679baf73baafa7c9f0ada0622c739c32)][$a679baf73baafa7c9f0ada0622c739c32]=1;}ksort($ad490419709e2e8f3f8176b1dd07bb281);foreach($ad490419709e2e8f3f8176b1dd07bb281 as &$a9b6dfdb0fc4e83a29530c5166ed7907f){ksort($a9b6dfdb0fc4e83a29530c5166ed7907f);}print_r($ad490419709e2e8f3f8176b1dd07bb281);?>

Compiling and running:

javac coolphpobfuscator/Coolphpobfuscator.java
jar cf obfuscator.jar coolphpobfuscator 
java -cp obfuscator.jar coolphpobfuscator.Coolphpobfuscator inputfile.php

@MasterEx the remove comment regex will broken the source code when more than one comment.

To fix change it to:

    code = code.replaceAll("/\\*.*?\\*/", " "); // line 47

@MasterEx

I don't think this will work if you have the below code:

 <?php
 echo "Show this ; to the      ;      ;      browser";
 echo "test <span style='color: green;'>ok</span>";
 ?>

1. Since the spaces between the ";" will be removed.
2. The space between "test" and "ok" will be removed.

I think the only way to get it 100% correct is by implementing a PHP parser. Of course the easiest solution would be to use the php_strip_whitespace() method, however it doesn't remove all spaces (it keeps 1 space).

Then first use php formatter before using the obfuscator.