|
|
Overview
This chapter introduces some of the most common features of the Graphical User Interface and Command Line Interface to Nu-Coder PHP Encoder. Detailed description of Nu-Coder CLI and Nu-Coder GUI is given in subsequent chapters of this User Guide.
What is Nu-Coder?
Although the open-source distribution model is widely adopted by the PHP development community and works very well in many cases; encoding and protection of PHP source code is often critical to the distribution of commercial PHP applications.
Nu-Coder is a powerful PHP Encoder that enables PHP developers to protect their PHP code from tampering and unauthorized copying. Nu-Coder converts the source code of PHP Script into compiled PHP bytecodes for both accelerated runtime performance and maximum security. When License Manager is used the content of the file gets additionally encrypted increasing the level of protection.
NuSphere Nu-Coder consists of two components providing a dual layer of protection for PHP applications:
- PHP Encoder - executable named nu-coder (or nu-coder.exe for Windows)
- License Manager - executable named nu-licgen ( or nu-licgen.exe for Windows)
Nu-Coder converts the source code of PHP Script into compiled PHP bytecodes for both accelerated runtime performance and maximum security. These scripts can be loaded and run with PhpExpress - NuSphere Free PHP accelerator that provides support for loading of PHP files encoded with Nu-Coder and also speeds up the execution of both encoded and regular PHP files. Encoded PHP scripts are known to run at up to 120% faster than open-source scripts.
Nu-Coder's License Manager helps you manage the distribution of PHP applications by generating license keys that can required by encoded files to run. Using License Manager you can create trial and demo versions of PHP applications without any code changes.
Why do you need to encode PHP Applications?
- Piracy Protection: PHP developers and Independent Software Vendors (ISVs) can safely distribute their source code, knowing that their intellectual property is protected
- Reduced support burden: Since technical support personnel will be able to rule out PHP source code modifications
- Enhanced compliance: Enterprise customers can enforce internal policies and easily provide the support for a company's PHP Applications.
Functionality provided by Nu-Coder
The features include:
- Graphical and Command Line PHP Encoder
- License Manager for generation of license files for encoded PHP Scripts on all major platforms including Linux, Windows, Mac OS and Unix
- Ability to generate licenses automatically on-demand on the server
- Deployment on all major platforms including Linux, Windows, Mac OS and Unix
- Encoding PHP Scripts with compiled bytecodes
- Multi-level Obfuscation - Encode PHP Files and obfuscate the code in it by replacing the names of the variables, functions, methods of objects and scripts with generated ones
- Additional Encryption of PHP scripts with License Manager
- Better execution performance than regular PHP files
- Support for both PHP versions 4 and 5
- Tight integration with all NuSphere products, such as PhpED and PhpDock
Obfuscated Names
This form allows you to specify the levels of Advanced Obfuscation
How does obfuscation work
Good coding style encourages programmers to use intuitive names for variables and functions in the code. Unfortunately good code also makes it easier for reverse engineering and intuitive names become an undesirable help for a malicious user. Obfuscation provides protection in this case by replacing the names of the variables and functions with meaningless hashes or numbers making them impossible to detect. However, simple replacement of all functions with meaningless names would not work in case if the function is called from sources external to the project - which would be typical if the project is really a library to be used elsewhere. In addition to it, there will be the cases when the function is passes as a constructed parameter to another function or class, like in the following example:
<?php
$a = FetchNextRowFromDb($db);
$b = $a['PaymentMethod'];
$c = $b . "_func";
$result = $c($d, $e, $f);
...
|
As you can see in this example, the name of the function stored in the variable $c is fetched from a database and thus not known to Nu-Coder at the time of the encoding. If the function itself is obfuscated, the call on line #5 of this example will fail. This means that some user control is needed over the process of obfuscation.
To accomplish that Nu-Coder performs obfuscation in phases. At first the whole project is scanned to build the list of all names of the objects and check the way they use. If any indirect calls are found, Nu-Coder will issue a warning about it. After that all names of the objects are placed in a table and Auto obfuscation is applied to those that are found to be called directly in the source code. Others, that donhave direct calls but have a definition are left alone and not obfuscated. The user can override Nu-Coder and either disable or force the obfuscation using pop-up menu with Disable and Force buttons. Force should be used with caution for the reasons explained above.
The following GUI options are provided for obfuscation:
You can select one of the available types: Force, Disable and Auto.
- Force means replace of the name with some number, making it impossible to figure out what the original name was. This method is applicable if the original object is only called directly by name. For example when a function is called the most common way: myfunction($param1,$param2);
- Disable means that there should be no name replacement
- Auto - means nucoder determines whether the name should be obfuscated
Interfacing with Nu-Coder
NuSphere provides three different interfaces with Nu-Coder:
- Graphical User Interface to Nu-Coder
- Command Line Interface to Nu-Coder
- User of PhpED, NuSphere PHP IDE can also use Graphical User Interface to Nu-Coder provided in PhpED
All interfaces allow the user to pass various parameters to the encoder to control the way PHP Sources are compiled into bytecodes and the creation of output files. Using either of these interfaces you can:
- Specify the PHP version of the files that are being encoded
- Encode and protect PHP files in the entire given directory and its sub-directories
- Encode single PHP file and save results into output file.
- Tell Nu-Coder to create output file's name by appending given extension at the end of the source file name
- Overwrite the source file with encoded content
- Perform Syntax check only and not produce any encoded content
- In directory processing mode, encode only files with certain extensions (defaults are php and inc)
- Copy all non-php files into target directory
- Ignore errors and continue encoding
- Keep extended information for php debugger and php profiler
- Preserve line numbers information
- Turn off support for short php tags <? ?>
- Turn on support for asp style php tags <% %>
- Preserve and not strip php-doc comments, useful for reflection
- Create license files required to run encoded PHP scripts
|
|
|
|