Thanks thunder, I know it’s called obfuscation. My auto correct seemed to change it so I said encryption instead. Encryption was definitely the wrong word to use. It’s like every day I come across another plugin eather encrypted with fopo or rarely by something else. I know how to decode fopo. It’s not that easy but with practice it gets easier.
Simple solution: You can not. Most obfusocators (especially web ones) have reverting ones. Also, they are made to be readable by PHP, and PHP could simply dump the actual clean code from memory. Advanced solution: Write your own PHP library to deobfusocate your own obfusing methods (or actually just to make PHP being able to read them) and hope that it does not get reverse-engineered, load PHP with that dll and the obfusocated plugin, and be safe.
while true most of us here cant reverse engineer an extension, you still have to deal with some dude that will reverse engineer it and make a decoder for it again obfuscation is just raising the level+effort to unobfuscate it one can argue that pharing is an obfuscation tactic itself and using base64 is also obfuscating, it's just easily undone so we stash multiple of them to make it tiring to unbase64 something for 100times and using extension is the same, but now you let the extension to handle the obfuscation and execution dont even forget how un-user friendly to have to install it to run your plugin which i doubt it possible for most hosting providers
Maybe is wasn’t a good idea to post someone else’s work as php format In The first place. I’ll just delete my comment. And never get involved in forums again.
not really, i do it frequently when people ask me to deobfuscate random code they find because it's not secure to run code you dont know what they are doing you can be allowing a virus to run that deletes all your server and everything but again everyone have their own moral stand on this
Now we come to the ultimate question: why do we care? Why do we want to hide the source code? If you simply want to avoid people selling your plugin under their name, you can't anyway, because you can't stop them from modifying plugin.yml anyway. Using a wrapper, all occurrences of your name can be replaced as well.
i dont know, there's a few clues doe: credit, one developer want to show he owns XYZ code, one developer dont want anyone to see the inner secret working which one may want to keep secret(say having that cool effect in your plugin as a selling factor without having it stolen(which always fails)) malicious code, one developer have some dangerous code that can grant developer say a backdoor of some sort, but he dosent want it to be discovered so he hid it under obfuscation
that’s the biggest reason why I learned how to decode fopo. I always check the source code before loading it on my server. Also I have never found a obfuscated plugin/Phar that I found dangerous. I’m good at reading code, but I cannot code php and/or Java. Never had the time to learn.
Most people I know in the pmmp community use fopo to gain credit. modifying the plugin.yml file is not the solution. Fopo obfuscaters like to send a logger that says who it’s by. $This->getLogger()->notice(“plugin by blah blah blah. Or something”);
Some like to troll people too. They take someone else’s work and remove all credit and then fopo it and claim it as theirs.
The best and only way to obfuscate your code is to make a really nice plugin with a really complicated structure that it's impossible to copy. If your plugin isn't that complicated, there isn't really something worth so much effort copying.