Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pk-fr/yakpro-po

YAK Pro - Php Obfuscator
https://github.com/pk-fr/yakpro-po

obfuscation obfuscator php php-obfuscator

Last synced: about 1 month ago
JSON representation

YAK Pro - Php Obfuscator

Awesome Lists containing this project

README

        

[Cette page en Français](https://github.com/pk-fr/yakpro-po/blob/master/locale/fr/README.md)

# YAK Pro - Php Obfuscator

**YAK Pro** stands for **Y**et **A**nother **K**iller **Pro**duct.

Free, Open Source, Published under the MIT License.

This tool parses php with the best existing php parser [PHP-Parser 4.x](https://github.com/nikic/PHP-Parser/tree/4.x/),
which is an awesome php parsing library written by [nikic](https://github.com/nikic).

You just have to download the zip archive and uncompress it under the PHP-Parser subdirectory,
or make a git clone ...

### Warning:
yakpro-po 2.x works on PhpParser 4.x
it will run on php >= 7.0, obfuscating code for php 5.2 to php 7.3

If you are running php 5.3 or higher,
Please use unsupported [yakpro-po 1.x](https://github.com/pk-fr/yakpro-po/tree/1.x) which works on 1.x branch of PhpParser.

The yakpro-po.cnf self-documented file contains many configuration options!
Take a look at it!

Demo : [yakpro-po demo](https://www.php-obfuscator.com/?demo).

Prerequisites: php 7.0 or higher, [PHP-Parser 4.x](https://github.com/nikic/PHP-Parser/tree/4.x/).

Note: This tool has been written in order to obfuscate pure php sources.
it is not intended to be used with html and embeded php inside
(use at your own risks...you may try to deactivate statements shuffling...).
You can still embed html within php using the echo <<obfuscate_function_name to false in your yakpro-po.cnf config file,
or declare all the functions names you are using in $conf->t_ignore_functions
example : $conf->t_ignore_functions = array('my_func1','my_func2');

if the library consists of classes :
set the $conf->obfuscate_class_name,
$conf->obfuscate_property_name,
$conf->obfuscate_method_name
to false in your yakpro-po.cnf config file...
... or declare all the classes, properties, methods names you are using in
$conf->t_ignore_classes,
$conf->t_ignore_properties,
$conf->t_ignore_methods.

This is also true for PDO::FETCH_OBJ that retrieves properties from external source
(i.e. database columns).

## Hints for preparing your Software to be run obfuscated

At first you can test obfuscating only variable names...

If you obfuscate functions, do not use indirect function calls like
$my_var = 'my_function';
$my_var();
or put all the function names you call indirectly in the $conf->t_ignore_functions array!

Do not use indirect variable names!
$$my_var = something;
or put all the variable names you use indirectly in the $conf->t_ignore_variables array!

Do not use PDO::FETCH_OBJ but use PDO::FETCH_ASSOC instead!
or disable properties obfuscation in the config file.

If you use the define function for defining constants, the only allowed form is when the
define function has exactly 2 arguments, and the first one is a litteral string!
You MUST disable constants obfuscation in the config file, if you use any other forms
of the define function!
There is no problem with the const MY_CONST = something; form!

## Performance considerations

Except for the statements shuffling obfuscation option,
the obfuscated program speed is almost the same than the original one.

$conf->shuffle_stmts is set to true by default.

If you encounter performance issues, you can either set the option to false,
or fine tune the shuffle parameters with the associated options.

You must know that the lesser the chunk size, the better the obfuscation,
and the lower your software performance!

(during my own tests, the maximum of obfuscation costs me about 13% of performance)

You can tune it as you wish!

## Known Issues

[segmentation fault](https://github.com/php/php-src/issues/8193)

opcache crashes on Ubuntu 21.10 - php 8.0.8 (segfault) both within apache2 and cli when
shuffle-statements is turned on for big files

works perfectly with newer versions of php (8.0.16 8.1 )

[sedimentation-fault](https://github.com/sedimentation-fault) reported on issue [#75](https://github.com/pk-fr/yakpro-po/issues/75) that a segmentation fault could occure in php's garbage collector when obfuscating many big files in a project:

Trying to obfuscate ~5000 PHP files of ~1000 lines each, yakpro-po stopped after processing ~1600 files
with a simple (and frustrating) Segmentation fault

Workaround:

There is a stack overflow in garbage collector. The solution is to increase limit for stack.
To see your current limit, type

ulimit -s

I had 8192 - for a task of this size obviously totally undersized...
Change this to something more appropriate, say

ulimit -s 102400

and retry - the segmentation fault is gone! :-)