This powerful php-base obfuscator can protect from your codes for making non-readable scripts. Of the capabilities of this mixer is setting access for specific system, antitamper, expiration of application, license, obfuscator output style (raw/base64), etc.
for obfuscatoring we need require alomencoder.obfs.php :
include_once "alomencoder.obfs.php";
after that, we define $settings parameter, then use method AlomEncoder::obfuscator()
/**
* @method AlomEncoder::Obfuscator()
* @param string|callable $code (php code with tags and html code | php file name | an callable)
* @param array $settings = [] (obfuscate settings parameter)
*/
$settings = [
'rounds' => [
'main' => [
'depth' => 1
]
],
'license' => [
'title' => 'example',
'author' => 'Avid'
]
];
$obfs = AlomEncoder::obfuscator("file.php", $settings);
file_put_contents("file.obfs.php", $obfs); // save obfuscated script
Index | Type | Description |
---|---|---|
license | array | License settings |
additional | array | Additional settings |
identify | array | Identify settings |
date | array | Date settings |
rounds | array | Rounds settings |
style | array | Style settings |
handler | array | Handler settings |
Index | Type | Default | Description |
---|---|---|---|
type | string | "comment" | Type of license. comment/file/remove |
license_file | string | "alomObfuscator.php.license" | If type of license set to file, then this option is name of license file. |
license_key | string | null | We can build a license code system using the license key definition. |
license_verifier_api | string | null | For license code systems we can define an api url for verifing and controlling license codes. The format of license code should be like https://example.com/%code% then alom will then replace %code% with the md5(license_code). The response should be in format "status" or "status/warning_log" where status is 0/1 or true/false and warning_log is an string. |
text | string | "This script has protected by Alom." | Main text of license on top |
title | string | "Obfuscated by Alom" | |
copyright | string | null | |
description | string | null | Description of script |
checksum | bool | false | If set to true then, checksum of script replace with that. |
sience | string | null | |
... | string | null | Other optional parameters. |
Index | Type | Description |
---|---|---|
antitamper | string|callable | A part of the script that is not obfuscated and visible and can not be manipulated and changed by the user. |
optional | string|callable | A part of the script that is not obfuscated and visible and can be manipulated and changed by the user. |
shutdown | string|callable | A part of the obfuscatored script for execution on shutdown. |
Index | Type | Description |
---|---|---|
uname | array | Uname identify settings |
username | array | Username identify settings |
ipaddr | array | Ipaddr identify settings |
hostname | array | Hostname identify settings |
filename | array | Filename identify settings unique file name of obfuscated file |
include_key | string | decryption key for IKE including files |
files | array | List of file paths that are required to run the script. |
Index | Type | Description |
---|---|---|
value | string | Value of property. |
hashed | boolean | Property is hashed with md5 raw. default=false |
Index | Type | Description |
---|---|---|
ready | int(unix time) | Start of allowed time for the program to run. |
expiration | int(unix time) | End of allowed time for the program to run. |
Index | Type | Description |
---|---|---|
main | array | Main round settings |
minify | array | Minify round settings |
optwister | array | Optwister round settings (slow running) |
partitioning | array | Partitioning round settings (slow running) |
antidebugger | array | Antidebugger round settings |
antihooking | array | Antihooking round settings |
unmeaning | array | Unmeaning round settings |
qbc | array | QBC round settings |
Index | Type | Default | Description |
---|---|---|---|
depth_type | string | "logpower" | Complexity function of depth. It can be one of the values of constant, logarithm, logpower, square, linear. |
depth | float | 1 | Complexity of obfuscator steps. |
base64rand_round | boolean | false | |
deflate_round | boolean | true | |
iterate_base64 | int | 0 |
Index | Type | Default |
---|---|---|
enable | boolean | false |
fast | boolean | false |
Index | Type | Default |
---|---|---|
enable | boolean | true |
deep | boolean | false (because slow running) |
Index | Type | Default |
---|---|---|
variables | boolean | true |
strings | boolean | true |
statements | boolean | true |
var2str | boolean | false |
salt | string | ALOM_UNIQUE_RANDOM |
prefix | string | '_' |
size | int | 10 |
free | array | [] |
Index | Type | Default |
---|---|---|
enable | boolean | false(for optwister, qbc)/true(for minify, antidebugger) |
Index | Type | Default | Description |
---|---|---|---|
separated_loader | array | null | Separated loader settings |
halt_mode | boolean | false | enable/disable halt mode. |
hide_errors | boolean | true | enable/disable display errors. |
hide_eval | boolean | true | enable/disable run main script in inner eval. |
global_cache | boolean | true | enable/disable global caching for enabled hide_eval setting. |
display | string | "base64" | raw/hex/bin/base64/base64r display model. |
Index | Type | Description |
---|---|---|
decoder_file | string | If you put the address of the file alomdecoder.obfs.php in this section, this file will be prevented from being repeated and program files will use this file to run. |
Index | Type | Parameters | Description |
---|---|---|---|
error | callable | string $message, int $line | For syntax errors of script. |
status | callable | string $status, int $progress = null | For status and progressing of obfuscatoring. (longest level of obfuscator is main_walk state). |
Index | Type | Default |
---|---|---|
AlomEncoder::$logger | boolean | is cli |
You can use the function alom_autogit on top of your scripts for auto updating alom files.
require_once "alomtools.php";
/**
* Alom auto update files from github
* @method alom_autogit
* @param string $path = '.'
* @return bool
*/
alom_autogit("path/alom");
You can use this feature to automatically protect scripts on your system.
require_once "alomtools.php";
/**
* Alom auto protection method
* @method alom_protect
* @param string $file
* @param array $settings = []
* @return bool true if now obfuscatored and false if before obfuscatored or file dont exists
*/
alom_protect(__FILE__); // Protect the current file
You can use invisible keys to encrypt data. Invisible keys will only be available to the running program. Each time the desired constant is used, it will generate a random and fixed key for the program.
if(alom_protect(__FILE__)) // Protect current file for using invisible keys
die("Obfuscatored");
$key = bin2hex(ALOM_INVISIBLE_KEY32);
$contents = decrypt(file_get_contents("file.txt"), $key); // decrypt file contents
...
file_put_contents("file.txt", encrypt($contents, $key)); // encrypt file contents
unset($key); // delete key
invisible keys:
- ALOM_INVISIBLE_KEY[n=2,3,4,8,12,16,24,32,64,96,128,256,384,512,1024,2048,4096,8192] (n-bits binary string)
- ALOM_INVISIBLE_CHAR (one byte)
- ALOM_INVISIBLE_BIT (one bit)
- ALOM_INVISIBLE_INT (int32)
Protecting variables hides them and no one but the running program can access the contents of the variables. The protected variable will be removed at the end of the program.
if(alom_protect(__FILE__)) // Protect current file for using invisible keys
die("Obfuscatored");
$iv = "Hello world! 1234";
alom_protect_var($iv);
$key = bin2hex(ALOM_INVISIBLE_KEY32);
alom_protect_var($key);
$contents = decrypt(file_get_contents("file.txt"), $key, $iv); // decrypt file contents
...
file_put_contents("file.txt", encrypt($contents, $key, $iv)); // encrypt file contents
- ALOM_VERSION
- ALOM_VERSION_NUMBER
- ALOM_OBFUSCATED_TIME
- ALOM_OBFUSCATED_TIME_FLOAT
The act of removing comments and spaces and extra code from a script is called minifying.
/**
* @method AlomEncoder::minify
* @param string $src
*/
$src = file_get_contents("file.php"); // source code
$dst = AlomEncoder::minify($src); // minify source
file_put_contents("file.min.php", $dst); // save code
We can generate a license code for users to use the script by keeping the key used in the license secret. This license code can restrict the user's system or have a specific time frame to run the script. First we need alomtools.php file:
require_once "alomtools.php";
We have three thing for making license code:
License key is an private string for making license codes. We can create license key with:
string alom_license_key_generate(string $init = null);
If no text is entered, it will generate a random key.
A hash to restrict systems from running scripts. You can not set a limit by not entering options, but creating a systemhash is required.
string license_systemhash_generate(array $info = []);
The following is a list of variable $info options:
Index | Type | Default |
---|---|---|
uname | string | will not be limited |
username | string | will not be limited |
ipaddr | string | will not be limited |
hostname | string | will not be limited |
After creating the systemhash, you must apply the key to it so that no one but you can create the license code.
string alom_license_code_encrypt(string $systemhash, string $license_key, int(unix) $expiration = will not be limited, int(unix) $ready = will not be limited);
You can also decrypt the license code to systemhash, expiration time and ready time using the code and key.
array alom_license_code_decrypt(string $license_code, string $license_key);
You can paste or read the license code in the license file with the following functions.
string alom_get_license_code(string $file); // get license code from license file
bool alom_exists_license_code(string $file); // check if exists license code in license file
bool alom_insert_license_code(string $file, string $license_code); // insert license code into license file
You can set up an API system on your server to provide an online script so that you need to call this API for each run. It is not possible to run the script without connecting to the server.
# oscript server
require_once "alomtools.php";
/**
* Alom oscript web server (send to output)
* @method alom_prepare_oscript
* @param string $file obfuscated script with license_code
* @param string $license_key
* @param string $password = ''
* @return bool
*/
alom_prepare_oscript($file, $license_key);
And for client we need URL of script on server:
# oscript client
require_once "alomtools.php";
/**
* Alom oscript client
* @method alom_exec_oscript
* @param string $url
* @param string $password = ''
* @return string oscript code or false if oscript url is invalid
*
* @example include(alom_exec_oscript("https://example.code/oscript.php"));
*/
include(alom_exec_oscript("https://example.code/oscript.php"));
You can encrypt files that are being called indirectly by being included in obfuscatored scripts for more speed with this method. Note that your file is no longer executable without the key used, and you can use it by entering the key when scrambling the main script.
Include key is an private string for making IKE files. We can create include key with:
string alom_includekey_generate(string $init = null);
If no text is entered, it will generate a random key.
For make an IKE file you need source script (example file.php) and dest file name (example file.php.ike). then:
alom_includekey_encrypt_into("file.php", "file.php.ike", $key);
Also you can use other functions:
string alom_includekey_encrypt(string|callable $code, string $key);
string alom_includekey_decrypt(string $code, string $key);
int alom_includekey_encrypt_into(string|callable $code, string $file, string $key);
int alom_includekey_decrypt_into(string $code, string $file, string $key);
is_alom_obfuscated(string $file); // check if file is obfuscated by alom
alom_minify(string|callable $script); //
alom_minify_into(string $script, string $file); //
alom_obfuscate(string|callable $script); //
alom_obfuscate_into(string $script, string $file); //
alom_put(string $file, string|callable $script); //
alom_phpify(string|callable $script); //
alom_deflate(string|callable $script); //
alom_vanilla(string|callable $script); //
You can obfuscate all php files in source directory into dest directory. You can also specify whether or not to copy other files.
alom_obfuscate_dir(string $source, string $dest, array $settings = [], bool $copy = false);
- 2.8: Fix bugs for unmeaning, partitioning, optwister, gc_cache
- 2.8: Add handlers for programming obfuscator systems.
- 3.0: Support php version 8
- 3.0: Fixed unmeaning variables indexed by $GLOBALS
- 3.0: Fixed unmeaning variables for includes
- 3.0: Fixed unmeaning variables for phars
- 3.0: Fixed license code system
- 3.0: Add unmeaning.strings
- 3.0: Add unmeaning.var2str
- 3.0: Add unmeaning.statement
- 3.1: Add unmeaning.shuffling