Some of us normal people don't use composor but your application replies on it for some dependencies ergo making your documentation wrong.

Your docs imply that you can git clone the repo to get up and running which is false.

Might be an idea to add the dependencies to the app!

function foo() {
  static $abc;
  $abc = 'xyz';
}

becomes

function foo() {
  static $abc;
  $blablabla = 'xyz';
}

the $abc is not obfuscated ??

It would be great to have a grunt version of your obfuscator.

In one of my projects i'm using grunt to build a WordPress plug-in. The only step which is not really "gruntified" is the obfuscation of the code. As a workaround I'm using the grunt-exec module but it would be great to have your obfuscator as a "native" grunt plug-in.

I don't want to use the grunt-hazy module (another obfuscator) since i really appreciate the great work you've put in this project.

In my project, I work with indirect function names or variable names.... ( i.e. $$v = 'xxx')
they all start with a prefix .

is it possible to add a joker in
obfuscator.scramble_variable.ignore: (and obfuscator.scramble_private_method.ignore:)

• foo*

meaning variable (or function) starting by foo

How to ignore obfuscator folder?

For example the vendor folder.

I have some classes with private constructors and after running the obfuscator the constructor function is being renamed from __construct to sp29fb99

The construction mechanism is then broken.

Thanks a lot for this tool!

Variable variables are not supported, are they?
(I think it's pretty logical that they aren't but I just want to be sure.)
http://php.net/manual/en/language.variables.variable.php

There seems to be an issue when obfuscating the 3rd party PHP library Swift.

The error output is as follows:

Obfuscating /example.com/apps/backend/lib/Swift-4.0.3/test-suite/lib/Sweety/Runner/HtmlRunner.php
PHP Warning: strlen() expects parameter 1 to be string, object given in /home/prime/php-obfuscator/src/Naneau/Obfuscator/Node/Visitor/Scrambler.php on line 67
PHP Catchable fatal error: Object of class PhpParser\Node\Expr\Variable could not be converted to string in /home/prime/php-obfuscator/src/Naneau/Obfuscator/StringScrambler.php on line 53

Wonder if it is as simple as wrapping the call in question inside of a try-catch block and just returning the $node as is if the scramble call fails.

Happy to take a swing at this particular issue myself, if you think the above could work.

I have tried this on my project, but it did not work.
I have at least narrowed down to this variable that should not be modified: $_FILES

Please fix this soon, so I can see if I can use this on my project.

Hi
Any example on how to run obfuscator from withing php script without going through command line.
Thanks

Hello,
is it possible don't remove annotations "comments"? All works fine, but after remove annotations, my app stop worked :( What can I do?
Thank you for you answer.

I tried this on ubuntu 20.04 with php 7.2. What happens is, it just removes the new line now variable method name change. I am not sure if this is happening for the specific version i mentioned.

Hello.
I'd like to use Obfuscator in my project build, but sometimes user reports me that he got a PHP error/notice. This information goes with file name and the line number. I suppose that it will be very difficult to associate obfuscated PHP statement with original PHP statement without any Source Map.

Is there any ability to produce Source Map files? May be something like this JSON:

[{ "source": { "line": 410, "code": "$data['length']" }, "obfuscated": { "line": 15, "code": "$sp216f0c['length']" } }, ... ]

i cant run the bin/obfuscate from windows. add the batch script on bin folder please

Hello,
Is there a way to encrypt function names and property names?
Thank you for hard work on this library.

for example this is the output for your review.

    public function setTimeout(int $spb436b4)
    {
        $this->config->timeout = $spb436b4;
    }

I don't know about the possibility yet, but an interesting angle would be to shuffle the code (possibly even across files, although that gets much more complicated because of include hierarchies). For some things, like function definitions, it should absolutely be possible as their order only matters when violations will be created.

For the project I am interested in obfuscating, the programming style is very procedural. Many small functions. Their physical location grouping currently implies associations that could easily be obfuscated by shuffles.

In this issue I just hope to start a discussion about plausible issues with this. For classes w/ dependence hierarchies, the semantics are a bit weird, so it might be difficult to do. For example,

class A {}
class B extends A {}
class C extends B {}

is valid and works as intended as the order is correct. Interestingly though, this works too:

class C extends B {}
class A {}
class B extends A {}

Note that the first line is dependent on the third line, but the parser (PHP 5.5.20 (cli)) is totally happy with that. BUT, as soon as we have more than 1 layer of out of order references, it does not work:

class C extends B {}
class B extends A {}
class A {}

PHP Fatal error: Class 'B' not found in test8.php on line 3

Just copy paste encrypted code to PHP formatter like http://www.phpformatter.com/

Use encryption extension like phpbolt.com

And if yes, which configuration is needed?

Let's take very simple php:

<?php
foo();

function foo() {
 $var = 0;
}
?>

Result:

<?php
foo(); function foo() { $sp333434 = 0; }

Though variable name is scrambled, function name remains intact.

Is there any possibility to ignore stripping out code blocks with annotations?

Hi,

in (ScrambleVariable) it does not define the variable which already renamed in rename array

it should be like this ?
https://gist.github.com/codex-corp/a1646c14b1b1fd02cc09

Can you "encode" all strings constants as well?

Really great work so far. I suspect this might come from the Symfony project or something, but I would appreciate some documentation on the high level structure to help me make some larger changes to this project. I realize this is a big ask, so I've started a bit of the work. Here's what I've understood so far (and perhaps a starting point for the documentation):

• Console\Command provides the command line interface via a very self-explanatory class; offers some configuration (parameterization) that all comes from a Symfony parent class. Importantly, it is expected to hold an Obfuscator which defines the method Obfuscate. This can be considered the basic entry point (as the wrapper code to create an Application is cookiecutter)
• _Node\Visitor_s are the important tools which decide how to deal with the semantic content of the code. After parsing via PHP Parser, each node is "visited". Each visitor inherits from the abstract class Scrambler (scrambler.php). Each of these visitors define a function enterNode that defines a condition that decides whether to call the scramble function or not based on properties of the node (this probably comes from PhpParser's NodeVisitorAbstract, but needs to be checked)
• Events are currently cookie cutter wrappers for dealing with files. Seems like a compatibility layer for another library (to actually enter a file). Needs more detail about how it gets integrated (assuming there's ever plausibly going to be non-file events a user wants to interact with).
• StringScrambler defines the class which actually decides how to scramble a variable. Used by the node visitors.

My main interest in this is modifying it so it can scramble public class functions when obfuscating a "full project" (aka we know all the calls). As far as I can tell, that is going to be a challenge because the node visitor only sees the class itself, not the other files that may call it... that said, the function scrambling must already do this, so it seems to not be impossible?

THIS THREAD DISCUSSES TWO SEPARATE ISSUES: documentation of the code "structure" and the implementation of a mechanism for obfuscating non-private methods.

inconsistency between README.md and real behaviour.

with php 5.3, I have the following error:
PHP Parse error: syntax error, unexpected T_USE, expecting T_FUNCTION in /usr/local/php-obfuscator/src/Naneau/Obfuscator/Node/Visitor/ScramblePrivateMethod.php on line 45

it works ok on php 5.5

according README.md :
It is compatible with PHP up to and including 5.5.

any plans for php 5.6 or php 7 ?

That way the output code will save band and the size of the files tpl, html, js and etc will be optimised for the browser.

I will be interesting that it does it inside the the strings like "

It will certainly make the whole package really really interesting it will be 1 step solution.

private function getLanguages(){
return $this->getApplication()->getLanguages(); //this is a public function
}

private function HASH(){
return $this->getApplication()->HASH();
}

I have a class which contains private static function and the function is renamed correctly. Problem is that the calls are not. Here's an example:

class Foo {
    private static function writer($msg) {
        echo $msg;
    }

    public static function bar() {
        self::writer('Hello World!');
    }

    public function message($msg) {
        self::writer($msg);
    }
}

After obfuscating it looks like this

class Foo { private static function sp69b0f6($sp0fa127) { echo $sp0fa127; } public static function bar() { self::writer('Hello World!'); } public function message($sp0fa127) { self::writer($sp0fa127); } }

[Exception]
Could not parse file "/data/wwwroot/a/service_tracking/app/admin/controller/AgentController.php"

[PhpParser\Error]
Syntax error, unexpected T_LIST, expecting T_STRING on line 2

[PhpParser\Error]
Syntax error, unexpected '{', expecting T_STRING on line 2

Hi, with some php-files I got this error:
Obfuscating stage/interfaces/formAPI.php
testPHP Warning: strlen() expects parameter 1 to be string, object given in /root/obfuscator/php-obfuscator-master/src/Naneau/Obfuscator/Node/Visitor/Scrambler.php on line 67
PHP Catchable fatal error: Object of class PhpParser\Node\Expr\ArrayDimFetch could not be converted to string in /root/obfuscator/php-obfuscator-master/src/Naneau/Obfuscator/StringScrambler.php on line 53

and it crashed. I had a look to the code (StringScrambler) and I try to catch the error, but it seams like, that now some variables are not right referenced. Any idea, what to do with this?

protected function scramble(Node $node, $var = 'name')
{
    // String/value to scramble
    $toScramble = $node->$var;
    if(is_object($toScramble))
       return $node;
    // Make sure there's something to scramble
    if (strlen($toScramble) === 0) {
        throw new InvalidArgumentException(sprintf(
            '"%s" value empty for node, can not scramble',
            $var
        ));
    }

    // Should we ignore it?
    if (in_array($toScramble, $this->getIgnore())) {
        return $node;
    }

    // Prefix with 'p' so we dont' start with an number
    $node->$var = $this->scrambleString($toScramble);

    // Return the node
    return $node;
}

Thanks,
Nerd

Hello,

Thanks a lot for this great obfuscator.

I was wondering if it was possible to add an exclude option?

I have tried different ways to address the path in Windows CMD.

./bin/obfuscate obfuscate C:/xampp/htdocs/phptest/before C:/xampp/htdocs/phptest/after
bin/obfuscate obfuscate C:/xampp/htdocs/phptest/before C:/xampp/htdocs/phptest/after
./bin/obfuscate obfuscate C:\xampp\htdocs\phptest\before C:\xampp\htdocs\phptest\after
bin/obfuscate obfuscate C:\xampp\htdocs\phptest\before C:\xampp\htdocs\phptest\after
obfuscate C:/xampp/htdocs/phptest/before C:/xampp/htdocs/phptest/after
obfuscate C:\xampp\htdocs\phptest\before C:\xampp\htdocs\phptest\after
obfuscate /before /after

Whatever path I use it gives me the below error:

  [Symfony\Component\Console\Exception\CommandNotFoundException]
  There are no commands defined in the "C" namespace.

Original:

<?php

function test() {
  static $hello = 'Hello world!';
  print $hello;
}

Obfuscated:

<?php
function test() { static $hello = 'Hello world!'; print $sp93cba0; }

Notice how the variable retains its original name in the static declaration but is referenced as $sp93cba0 in the code that follows.

Is this a known issue? Is there a fix/workaround?

I was wondering if there was a reason to only obfuscate the private functions and not the public and protected ones?

Fatal error: Uncaught RuntimeException: Dependencies/Composer not installed in /data/data/com.termux/files/home/php-obfuscator/bin/obfuscate:13
Stack trace:
#0 {main}
thrown in /data/data/com.termux/files/home/php-obfuscator/bin/obfuscate on line 13

i already install Composer,and run command and then this happend

Hello, can i use this to obfuscate my php code ? then run it without any loader like Zend or IonCube.

Let's say simple PHP code like this ?

Can this script obfuscated and can i run without any loader ?
Or any live demo ?
thanks in advance.

The command is successfully executed, but the service that should be promised is not done.

Ofuscate only variables... Useless

How to exclude global variables like in CodeIgniter "./application/views/" folder

original:

become: