php源码加密方法详解
<p>虽然PHP是世界上最好的语言,但是也有一些因为弱类型语言的安全性问题出现。WordPress历史上就出现过由于PHP本身的缺陷而造成的一些安全性问题,如CVE-2014-0166 中的cookie伪造就是利用了PHP Hash比较的缺陷。</p><p>下面为大家介绍一种源码加密技术:</p>
<p><strong>加密软件(php_screw)</strong></p>
<p>下载地址:http://sourceforge.net/projects/php-screw/</p>
<p>描述:php文件通常以文本格式存贮在服务器端, 很容易被别人读到源代码, 为了对源代码进行保护, 可以采用对源代码进行加密的方式.要实现该功能需要两部分</p>
<p>一是:加密程序,实现对PHP文件的加密</p>
<p>另一个就是:对加密过的PHP文件进行解析, 以得到运行结果. 前者的实现比较简单, 就是一程序而已. 后者的实现大部分都是通过php module的形式来实现的。</p>
<p><code>php_screw</code>(螺丝钉)可以实现以上的功能.最新版本是1.5,可以在sourceforge上下载.</p>
<p><code>php_screw</code> 是一个日本人开发的PHP加密程序,但只能在LINUX下运行</p>
<p><strong>安装</strong></p>
<p>描述:安装的目的其实就是产生两个文件,一个是用于加密PHP文件的screw, 另一</p>
<p>个就是php加载的解析模块php_screw.so</p>
<p><strong>安装环境</strong></p>
<p>系统:centos 5.3</p>
<p>软件:Apache 2.2.9</p>
<p>PHP 5.2.10</p>
<p>以上环境全部是自己下载配置安装的。具体的Apache+php+mysql安装方法请从网上搜索。</p>
<p><strong>安装步骤</strong></p>
<p>1.用tar解压缩 tar -zxvf php_screw-1.5.tar.gz</p>
<p>2.进入php_screw-1.5目录开始安装</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
<p class="line number2 index1 alt1">2</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">cd php_screw-1.5</code></p>
<p class="line number2 index1 alt1"><code class="php plain">phpize</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>关于phpize ,它在php5-dev扩展模块中 只要安装php5-dev模块就行了。</p>
<p>./confiugre</p>
<p>3.设置自己用来加密的密码</p>
<p>复制代码 代码如下:</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
<p class="line number2 index1 alt1">2</p>
<p class="line number3 index2 alt2">3</p>
<p class="line number4 index3 alt1">4</p>
<p class="line number5 index4 alt2">5</p>
<p class="line number6 index5 alt1">6</p>
<p class="line number7 index6 alt2">7</p>
<p class="line number8 index7 alt1">8</p>
<p class="line number9 index8 alt2">9</p>
<p class="line number10 index9 alt1">10</p>
<p class="line number11 index10 alt2">11</p>
<p class="line number12 index11 alt1">12</p>
<p class="line number13 index12 alt2">13</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">vi my_screw.h</code></p>
<p class="line number2 index1 alt1"><code class="php spaces"> </code><code class="php plain">-- Please change the encryption SEED key (pm9screw_mycryptkey) into the</code></p>
<p class="line number3 index2 alt2"><code class="php spaces"> </code><code class="php plain">values according to what you like.</code></p>
<p class="line number4 index3 alt1"><code class="php spaces"> </code><code class="php plain">The encryption will be harder to </code><code class="php keyword">break</code><code class="php plain">, </code><code class="php keyword">if</code> <code class="php plain">you add more values to the</code></p>
<p class="line number5 index4 alt2"><code class="php spaces"> </code><code class="php plain">encryption SEED </code><code class="php keyword">array</code><code class="php plain">. However, the size of the SEED is unrelated to</code></p>
<p class="line number6 index5 alt1"><code class="php spaces"> </code><code class="php plain">the time of the decrypt processing.</code></p>
<p class="line number7 index6 alt2"><code class="php spaces"> </code><code class="php plain">* If you can read </code><code class="php keyword">and</code> <code class="php plain">understand the source code, to modify an original</code></p>
<p class="line number8 index7 alt1"><code class="php spaces"> </code><code class="php plain">encryption logic will be possible. But in general, this should not</code></p>
<p class="line number9 index8 alt2"><code class="php spaces"> </code><code class="php plain">be necessary.</code></p>
<p class="line number10 index9 alt1"><code class="php spaces"> </code><code class="php plain">OPTIONAL: Encrypted scripts get a stamp added to the beginning of the</code></p>
<p class="line number11 index10 alt2"><code class="php spaces"> </code><code class="php plain">file. If you like, you may change this stamp defined by</code></p>
<p class="line number12 index11 alt1"><code class="php spaces"> </code><code class="php plain">PM9SCREW </code><code class="php keyword">and</code> <code class="php plain">PM9SCREW_LEN in php_screw.h. PM9SCREW_LEN must</code></p>
<p class="line number13 index12 alt2"><code class="php spaces"> </code><code class="php plain">be less than </code><code class="php keyword">or</code> <code class="php plain">equal to the size of PM9SCREW.</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>4.编译</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">make</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>5.拷贝modules目录下的php_screw.so文件到/usr/lib/php5/extension目录下</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">cp modules/php_screw.so /usr/lib/php5/extension/</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>6.编辑php.ini文件</p>
<p>在php.ini文件里,加入如下语句</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">extension=php_screw.so</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>7.重新启动Apache</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">/srv/apache/bin/apachectl restart</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>8.编译加密工具</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
<p class="line number2 index1 alt1">2</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">cd tools</code></p>
<p class="line number2 index1 alt1"><code class="php plain">make</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>9.将tools目录下加密用的工具screw拷贝到适当目录</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">cp screw /usr/bin/</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>经过以上的10步,就已经把php_screw-1.5全部安装完成了。并且现在的php也已经支持解释加密过的php文件了</p>
<p><strong>使用</strong></p>
<p>1.现写一个要加密的php文件。</p>
<p>我写了如下的一个用来测试php速度的test.php文件</p>
<p>复制代码 代码如下:</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
<p class="line number2 index1 alt1">2</p>
<p class="line number3 index2 alt2">3</p>
<p class="line number4 index3 alt1">4</p>
<p class="line number5 index4 alt2">5</p>
<p class="line number6 index5 alt1">6</p>
<p class="line number7 index6 alt2">7</p>
<p class="line number8 index7 alt1">8</p>
<p class="line number9 index8 alt2">9</p>
<p class="line number10 index9 alt1">10</p>
<p class="line number11 index10 alt2">11</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain"><?</code></p>
<p class="line number2 index1 alt1"><code class="php variable">$a</code><code class="php plain">=0;</code></p>
<p class="line number3 index2 alt2"><code class="php variable">$t</code><code class="php plain">=time();</code></p>
<p class="line number4 index3 alt1"><code class="php keyword">for</code><code class="php plain">(</code><code class="php variable">$i</code><code class="php plain">=0;</code><code class="php variable">$i</code><code class="php plain"><5000000;</code><code class="php variable">$i</code><code class="php plain">++)</code></p>
<p class="line number5 index4 alt2"><code class="php spaces"> </code><code class="php plain">{</code><code class="php variable">$a</code><code class="php plain">=</code><code class="php variable">$a</code><code class="php plain">*</code><code class="php variable">$i</code><code class="php plain">;}</code></p>
<p class="line number6 index5 alt1"><code class="php variable">$t1</code><code class="php plain">=time();</code></p>
<p class="line number7 index6 alt2"><code class="php functions">echo</code> <code class="php string">"<p>"</code><code class="php plain">;</code></p>
<p class="line number8 index7 alt1"><code class="php functions">echo</code> <code class="php string">"It used:"</code><code class="php plain">;</code></p>
<p class="line number9 index8 alt2"><code class="php functions">echo</code> <code class="php variable">$t1</code><code class="php plain">-</code><code class="php variable">$t</code><code class="php plain">;</code></p>
<p class="line number10 index9 alt1"><code class="php functions">echo</code> <code class="php string">"seconds"</code><code class="php plain">;</code></p>
<p class="line number11 index10 alt2"><code class="php plain">?></code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>将上面的test.php文件放到/var/www/目录下。通过浏览器访问,将显示出php在大量计算时的速度(粗略估计)</p>
<p>2.将我们写的php文件加密</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
<p class="line number2 index1 alt1">2</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">cd /</code><code class="php keyword">var</code><code class="php plain">/www/</code></p>
<p class="line number2 index1 alt1"><code class="php plain">screw test.php</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>我们加密后,现在目录下的test.php文件就是我们已经加密的了。而源文件被改名为test.php.screw存放了。</p>
<p>我们现在再测试一下test.php,看看能否正常使用?速度如何?</p>
<p>我比较了一下,加密前后的速度大概一样,基本没有太多的损失。</p>
<p>3.批处理加密文件</p>
<p>在debian, apache2, php5上测试过对.html文件加密后,能正确解析;</p>
<p>php_screw如何对当前目录下,对目录下包含的文件,以及包含目录下的文件进行整体加密</p>
<table class="syntaxhighlighterphp" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td class="gutter">
<p class="line number1 index0 alt2">1</p>
<p class="line number2 index1 alt1">2</p>
</td>
<td class="code">
<div class="container">
<p class="line number1 index0 alt2"><code class="php plain">find ./ -name </code><code class="php string">"*.php"</code><code class="php plain">-</code><code class="php functions">print</code><code class="php plain">|xargs -n1 screw </code><code class="php comments">//加密所有的.php文件</code></p>
<p class="line number2 index1 alt1"><code class="php plain">find ./ -name </code><code class="php string">"*.screw"</code> <code class="php plain">-</code><code class="php functions">print</code><code class="php plain">/xargs -n1 rm </code><code class="php comments">//删除所有的.php源文件的备份文件</code></p>
</div>
</td>
</tr>
</tbody>
</table>
<p>这样在当前目录下的所有.php文件就全部被加密了。</p>
<p>相了解更多相关问题请访问php中文网:PHP视频教程</p>
<p>以上就是php源码加密方法详解的详细内容,更多请关注php中文网其它相关文章!</p><br><br>
来源:https://www.cnblogs.com/xiondun/p/12618307.html
頁:
[1]