承接 chrisvpearse/phpcrypter 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

chrisvpearse/phpcrypter

Composer 安装命令:

composer require chrisvpearse/phpcrypter

包简介

A PHP source code encrypter.

README 文档

README

The goal of this open source package is security through obscurity.

It aims to offer an alternative to delivering your closed source projects in plaintext. Instead, you can opt to deliver them in ciphertext (encrypted), alongside a binary PHP extension which will decrypt them on the fly.

This package uses symmetric encryption, therefore the AES-256 key (which is only known to you as the developer), can be unique per project and/or release. To avoid being detected by hex editors (e.g. Hex Fiend) and the strings command, the key is stored within the binary as an XOR cipher, split into 32 parts. Additionally, the XOR key is also split into 32 parts. All 64 key parts are then shuffled together along with 64 random key parts (128 parts in total) to ensure that the AES-256 and XOR key parts never appear in the same place twice.

Why encryption, not obfuscation?

If you search for an obfuscation package, there is almost always a complimentary deobfuscation package available (written by someone else), which renders the original package obsolete (unfortunately). On the other hand, AES-256 encryption hasn't been broken (yet)!

That being said, I would certainly consider obfuscation as a compliment to encryption. If your source code is obfuscated first (before encryption) and someone tries to reverse engineer your project by looking at the opcodes and stepping through it, it would be much more difficult to understand.

Typically, obfuscation focuses on altering the execution flow of your source code, combined with the scrambling of the names of your classes, methods, functions, variables and string literals. Because obfuscation essentially rewrites your code, it inevitably comes with a few "gotchas" along the way. Encryption, on the other hand, keeps your code intact (exactly as you wrote it).

Requirements

macOS/Linux

  1. PHP ^8.2
  2. phpize

Windows

This package was built with support for Windows in mind, however, it has not been tested yet.

Installation

The below assumes that you're currently in your application's root directory.

$ composer require chrisvpearse/phpcrypter --dev

Usage

Generate a Key

$ ./vendor/bin/phpcrypter generate [--clean] [--] <name> [<payload>]

The below command will generate a unique AES-256-CBC symmetric key named foo:

$ ./vendor/bin/phpcrypter generate foo

Additionally, a .phpcrypter/foo directory will be created in your application's root, containing a PHP extension skeleton. The symmetric key is the ❤️ of the skeleton 🦴 — they will both be used to later build a binary PHP extension of the same name (foo.so).

A good rule of thumb is one key (and therefore one PHP extension) per project.

The output of the above command will be similar to the following:

Success!
Payload: pAYL0AD==

❗ Please remember to add /.phpcrypter to your .gitignore file.

‼️ Additionally, it is important to save the payload in a password manager, such as 1Password or pass.

Build the PHP Extension

macOS/Linux

$ cd .phpcrypter/foo
$ phpize
$ ./configure
$ make
$ make install

The above commands will build a PHP extension named foo.so and copy it into your PHP extension directory. The directory can be found via the following command:

$ php -i | grep ^extension_dir

You should then add the following line to your php.ini configuration file:

extension=foo.so

The location of the loaded php.ini configuration file can be found via the following command:

$ php -i | grep "Loaded Configuration File"

Next, verify that the extension is loaded:

$ php -m | grep foo
foo

Encrypt Directories and/or Files

$ ./vendor/bin/phpcrypter encrypt <payload> <path>...

The below encrypts multiple directories and files at once. You must specify the previously obtained payload as the first argument.

$ ./vendor/bin/phpcrypter encrypt "pAYL0AD==" \
  "dir-1" \
  "dir-2" \
  "file-1.php" \
  "file-2.php"

❗ The contents of any PHP files found in the above paths will be overwritten. It is highly recommended that you create a new Git branch for these files:

$ git checkout -b encrypted

Decrypt

If you're just experimenting, it's useful to be able to encrypt and decrypt at will. The below decrypts any directories and/or files previously encrypted with the payload argument:

$ ./vendor/bin/phpcrypter decrypt <payload> <path>...

❗ Again, the contents of any PHP files found in the above paths will be overwritten.

What does an encrypted file look like?

<?php // @foo
if (! extension_loaded('foo')) exit('The "foo" extension is not loaded');
#pAYL0AD==

The PHP code block should be self explanatory, however, the final line contains a base64 encoded string containing the phpcrypter version, the IV (initialization vector) and the encrypted source code.

How does it work?

By default, when the extension is loaded, it simply hooks into the internals of PHP, namely the zend_compile_file() function, but it doesn't do anything, unless the foo.decrypt configuration option is set to 1 (it is set to 1 by default).

If you set foo.decrypt to 0 in your php.ini configuration file, it is recommended that you use ini_set('foo.decrypt', 1) in any unencrypted PHP files which include/require encrypted files. For example, if you would like to encrypt a controller, you should use ini_set() within an unencrypted base controller. You cannot use ini_set() within encrypted PHP files because zend_compile_file() works at a lower level.

Below are some autocannon benchmarks (10 connections for 10s):

Extension Loaded Extension Enabled File Encrypted Avg. Latency
No No No 2860.78 ms
Yes php.ini No 2923.03 ms
Yes php.ini Yes 2970.96 ms
Yes ini_set() Yes 2890.86 ms

Deployment

When you're ready to deploy your encrypted files, you should build an extension for that platform if it differs from your workstation, for example, Linux vs. macOS.

Global Installation

In the event that you need to install multiple extensions on the same server (for different projects), you should consider installing phpcrypter globally:

$ composer global require chrisvpearse/phpcrypter

Generate a PHP Extension Skeleton With a Payload

You must specify the previously obtained payload as the second argument, so that the same key becomes the ❤️ of this skeleton 🦴 too.

$ cd ~/.composer

$ export HISTCONTROL=ignorespace
$  ./vendor/bin/phpcrypter generate foo "pAYL0AD=="
$ unset HISTCONTROL

💡 Using HISTCONTROL=ignorespace prevents any commands that are prefixed with a space from appearing in your shell's history.

Build the PHP Extension Again

You should refer to the previous section, following the appropriate steps for this particular platform.

Deploy

You are now ready to deploy your encrypted PHP files! 🚀

Credits

License

The MIT License (MIT).

chrisvpearse/phpcrypter 适用场景与选型建议

chrisvpearse/phpcrypter 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 127 次下载、GitHub Stars 达 71, 最近一次更新时间为 2023 年 12 月 20 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「phpcrypter」 「chrisvpearse」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 chrisvpearse/phpcrypter 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 chrisvpearse/phpcrypter 我们能提供哪些服务?
定制开发 / 二次开发

基于 chrisvpearse/phpcrypter 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

与 chrisvpearse/phpcrypter 相关的其它包

同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:

统计信息

  • 总下载量: 127
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 72
  • 点击次数: 9
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 71
  • Watchers: 3
  • Forks: 3
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2023-12-20