Protect your PHP code Now!
Sound PHP source code protection
Welcome!
Check the download page if you want to evaluate Obfusc PHP.
You can use Obfusc free for medium and small projects
. Send me an email if you used Obfusc and you like it!


Note:
Some of questions below are for older versions of Obfusc. With 2.2 your project configuration will require minimal intervention.
You just create a project, obfuscate it and it works!
Keep your sql scripts and templates under the same project folder with your php sources and Obfusc will not obfuscate some potential names you keep in templates or database. Of course manual intervention can improve your obfuscation rate but as always there is a risk of breaking things with manual work so Obfusc guarantee that you don't have to do a lot of manual configuration. Advanced control (in step 3 for example) could be usefull in some limited situations when you want to obfuscate 100% a very small critical piece of code. For the rest of the code Obfusc is obfuscating only those names that it can prove to be safe. With dynamic evaluation,templates,keeping code in database,etc it is hard (practically impossible for a program) to prove the obfuscation safeness for all php identifiers so where it can't prove let you decide (remain as in the original sources). Obfusc decision are the safest possible,your code will work fine after obfuscation. You don't need to change your programs as other obfuscators are requesting at the cost of some identifiers remaining as in the original sources. Should be fair enough :) With the added encoding from 2.0 it will be hard to see even those few remained identifiers.
As a conclusion: you just have to know that checking "Level 2" in settings from the first step is enough in 99% of cases.


Frequently Asked Questions

Q. Failed installation on non English language installed systems (Portuguese!)

Ocasionally some users reported errors installing Obfusc on such system, my suggestion for these users is to install the .net framework 2.0 and Visual c++ 2005 from Microsoft's site manually.

Quick links: 

http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en
http://www.microsoft.com/Downloads/details.aspx?displaylang=en&FamilyID=32bc1bee-a3f9-4c13-9c99-220b62a191ee


Q. I have php code in the database... [better,automated solution from 2.1,see above]

One customer asked support about this.. It is not possible to solve this problem without help from the scripts author.
There are 3 possible
solutions with Obfusc:
  1. create a list with preserved names that contains all names from database. Click on "Edit your list of preserved names" and add all names you have.
  2. dump the content of tables that contain code in a php file (take care,put code inside blocks).
    Put this file in the project folder and uncheck it in the tree
    at step 2. All names from it will be in the red tab "auto preserved". You problem should be solved because all identifiers from "auto preserved" tab are NOT obfuscated.
  3. if you inserted that php code with a php script,put this file in the project folder and check the check-box in step 1 "Your scripts generate php code..." . This check will make that all identifiers that appear in strings (even single quoted,strings without php code,etc) to NOT be obfuscated.
I like first and second solution because they have a better rate of obfuscation, but correctness of obfuscated script comes fist and you can use 3 as the last resort.

Q. Can Obfusc encode or encrypt my script?

As you know, all encoding or encryption without modifications on server is reversible. The only thing that protect your code by a skilled programmer that want to look at your code is to rename identifiers to nonsense,complex names (you can have very long and ugly names by setting Obfuscating style and Min Length).
But because some customers want encoding,to prevent normal users looking at their code, we are working for this feature in the next version 1.3 that will come in 1-2 weeks. If you already purchased a keycode, it will work fine with 1.3.


Q. Obfusc modifed Y in date('Y-m-d')?
Somebody reported this bug. Actually what happened was that he clicked on Y identifier in the grid! You can obfuscate a word part of strings but by default they are NOT checked (in the right panel)! Use "none" at encoding and you can detect problems if your script doesn't work after obfuscation. With Obfusc you have full control and you can obfuscate without modifications any script. Controlling those grids can be tricky but fortunately you don't have to do this. Still, it could be usefull in some limited situations when you want to obfuscate 100% a very small,critical piece of code.


Q. I have no idea if Obfusc is working or not, the size limitation in the demo speaks against a professional tool. You should make a time limited demo.
I'm not sure why you think that limitation in the size of the project is less professional then time limits.
My thinking is: because an obfuscator is a program that you use rarely, if I provide the full working version many people will just forget to buy.
If you look to other products they have file number limitation that I find much worse then limitation of number of identifiers.
Also, you have a 30 days refund period without questions!. You can just buy,test it and if you don't like I will refund! If you send me an email I can send you a license key with an increased limit to test Obfusc . If you find it useful you buy if not you have to tell me why it is not working or why you don't want to buy. In the end, it is all about trust.


Q. Are default settings safe?

They are not the safest!
Check all options for safest settings!
It all depends on your code. If you are not sure,first try to
check also "your scripts generate php code " and even HTML creates identifiers and you get the safest settings.
We advice you to create a list with preserved variables and to not set above options,because the number of obfuscated names will decrease a bit. When all options are checked your obfuscated code should work without any problem,otherwise we consider it a bug.

Remember,if you find any real bug we will offer you as a gift a keycode for the Freelancer Version.


Q. Settings. What do they mean,when to check?

Default settings should work fine,but sometimes you need to check the additional check boxes or to manually create a list with preserved names.
  • Delete comments - no more comments. You can add a list of words in the edit labeled "Don't obfuscate comments starting with:" and all comments begining with such words will be preserved
  • Strip whitespaces - makes your sources even more hard to understand. If you find any bug with this option,or want different behaviour,have new ideas please send us an email.
  • Obscure strings - the same as above.
  • Your code converts simple strings to identifiers - basically it means that words that appear in simple strings like 'word' or "word" will not be obfuscated and will go to unsure for manual verification.
  • Html create identifiers - paranoid check, it is better to rewrite your code and not use it because your code will not work with all servers and php configurations.
  • Your code generates php code or use 'register_globals on' - it means that words that appear in strings will not be obfuscated and will go to unsure for manual verification.

Q. Nice tabs,what do they mean?

  • Auto preserved - contains identifiers found in ini files or in php files you decided not to obfuscate.
  • Case sensitivity -shows identifiers that are used both lower and upper case. We choose not to obfuscate such identifiers,because it can introduce unexpected problems.Make you decision manually,usually this tab contains few identifiers.
  • Obfuscate - contains identifiers that have no problem to be obfuscated,accordingly with your current settings.
  • Unsure - identifiers where you have to decide manually if will be or not obfuscated
  • Duplications - identifiers that have more than one declaration/definition. They can be symptoms of code generators so we don't obfuscate automatically.
  • Externals - identifiers that seem externally defined
  • Not used - identifiers that are only declared/defined but never used. It is best to remove such code from your project.
  • Ignored - words from strings and html,can be safely ignored,but you may want to take a look. If you want they can be obfuscated too,it is your decision.


Q:In what cases you fail to obfuscate correctly?

We take safe decisions in almost all cases,still, if you generate identifiers names from strings and use $$ syntax for example, it is better to edit manually a list with such identifiers and obfusc will safely ignore them.
We will fail to identify cases like:
$tricky ="V"."A"."R"
$$tricky =2
echo $VAR
Unfortunately we will obfuscate VAR and that code will not work anymore. This is not a reasonable code,but some variations can exist in real world.
It is easy to create a list yourself
with such names and add to preserved list.
When we tested a lot of open sources we did this only a few times,and it is something easy to catch

Q:
What do unique words and unique identifiers mean?

We consider words any possible identifier even if it appears in strings or in html.
For example in a code like : $VAR1="$VAR2 word3 word4 VAR1" there are 4 unique words but only 2 unique identifiers.


Q: I don't have Internet access,what is online activation?
A: This is a joke,right ? I'm not sure how you read this without Internet :)
You have to activate online Obfusc but you can use obfusc without online activation for a short period.
Without activating you have to write your email and the key code every time you create a new project.
If you received a license key but you failed to activate online,just copy paste it,press "just continue" and Obfusc will work with the capabilities of your license key until you restart it. Our servers are online all the time (99.9% ) but in some cases you could like this behaviour.


Obfusc Support


If you like Obfusc, need support or you want to suggest a new feature please send an e-mail to:
abss at axiologic.ro