Thicket™ Obfuscator for PHP
The PHP Obfuscator tool scrambles PHP source code to make it very difficult to understand or reverse-engineer (example). This provides significant protection for source code intellectual property that must be hosted on a website or shipped to a customer. It is a member of SD's family of Source Code Obfuscators.
"We tried other leading vendors' approaches, but these limited our distribution channels.
With SD, we have eliminated distribution restrictions."|
Sheryl Hamilin, President, Bizy Inc. See Press Release.
"I purchased your PHP Thicket Obfuscator a couple weeks ago and wanted to let you know how things
have been going. My entire code base is now obfuscated and working and I love your product."|
Mr. Tom Tompkins, Owner, RedCart Solutions, LLC
Thicket™ Obfuscator for PHP Features
- Replaces variable, function, class, and constant names with nonsense names without affecting functionality
(to our knowledge, none of the other obfuscators do all of these)
- User definable list of preserved names
- Predefined list of commonly-used PHP system preserved-identifiers provided
- Facility to handle variable names embedded in eval'd string literals
- Strips comments and whitespace
- User definable comment filtering, to preserve Copyright and public interface documentation
- Obfuscates an entire set of files in one step, consistently, without breaking the source code
- Absolutely no changes required to your source code (exception: "eval()" requires slight changes)
- No changes needed to the customer's PHP compilation or execution procedures or environment; he can run what he has now. No need for optimizers or other complex additions. Unlike PHP "Encoders", you don't have to insist your customer or web hosting service configure his PHP server your way.
- Parses entire code base for syntax. Finds errors before you release the code.
- Option to neatly format PHP source and indent files according to their nesting level, to aid development before obfuscation. Will also format the HTML embedded in the PHP scripts.
- Output encoding in ASCII, European ASCII (ISO-8859-1), or UNICODE (UTF8 or UTF16)
- Command line and GUI interfaces
- PHP4 and PHP5 versions
Semantic Designs is flattered that Zend has decided to offer a PHP obfuscator product, following our leadership in the obfuscator market. You shouldn't be flattered that their price is 5 times ours, and they want it annually. And for their best ("strong") obfuscation, they also require the Zend optimizer installed, which may be difficult to convince your customer to do. Our solution, while compatible with the Optimizer, does not require it, yet provides the same "strong" protection (and a bit more, in that we can obfuscate function names in strings, which Zend apparantly cannot).
Note: There are some competing PHP "protectors" that "encrypt" or "encode" unaltered source code. Those products require your encrypted source code to be shipped to your customer with the very code it takes to decrypt your source. Any competent PHP coder should be able to trivially execute that decoder to see your source. Worse, there are absolutely amazing free decoding tools used to trivially decode such protections. What this means is that those encoders provide no protection at all. (Interestingly, Zend offers this useless option as part of their product).
True obfuscators such as Thicket use nonsense identifier names, making those names impossible to understand by themselves. No "decoder" exists or can be built to ungarble such names; a would-be thief will have to work hard and dig deeply into the obfuscated source code to even begin guessing what each identifier might have meant.
Additional Note: You may be tempted to try POBS or some other free obfuscator script. You will find those scripts, while well intentioned, do not really work reliably, and run very slowly on large PHP packages because they are based on slow PHP string hacking. Our PHP Obfuscator works quickly and reliably on even the most arcane (if legal) PHP code.