ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


 
Post new topic   Reply to topic    ionCube Forum Index -> Programming

Ofuscate variables without method parameters
Author Message
horf



Joined: 27 Nov 2015
Posts: 4
PostPosted: Fri Nov 27, 2015 1:45 pm    Post subject: Ofuscate variables without method parameters Reply with quote
Hi there

Is there a way to obfuscate variables, but keep the variables defined in method parameters?
The best would be to only keep them for specific methods (prefix in the method name or public methods).

Example for an ideal obfuscation result:
Code:

class testClass{
    // Do not obfuscate mathod name & parameter name for method with prefix "action"
    public function actionTest($id){
        $obfusc123 = 'test' . $id;
        $this->obfuscMethod123($obfusc123 );
    }
    private function obfuscMethod123($obfusc456){
        echo $obfusc456;
    }
}


Is there a way to configure this?
Back to top
View user's profile Send private message
horf



Joined: 27 Nov 2015
Posts: 4
PostPosted: Fri Dec 04, 2015 10:59 am    Post subject: Reply with quote
I've got the answers from the support:

Quote:
It's not possible to exclude with placeholders in the obfuscation exclusion list.

Excluding a class name will exclude just the name of the class from being obfuscated and not any contents of the class, such as methods

If you exclude the method or function, the variables within will also be excluded from obfuscation. For security reasons, excluding a method name will also exclude it from being obfuscated in all classes having a method of the same name, which avoids needing a reversible obfuscation technique.

It's not possible to exclude specific variables from obfuscation.


So the only solution would be to generate a list of all methods (completely excluded from obfuscation) and the classes (not to be renamed).
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2788
PostPosted: Mon Dec 07, 2015 12:02 pm    Post subject: Reply with quote
Thanks for summarising. ionCube of course is not a source code obfuscator, where all you have for protection is code mangling that's largely reversible and nothing to stop code sharing. The main protection in ionCube comes from code compilation where the source code is eliminated, and the option of new techniques in version 9 such as code encryption with keys that don't exist until some point during runtime, posing new challenges for attackers as there's no static key to be found and used, which follows the principle that it's safer to keep your safe combination in your head than written on a post-it note inside a desk drawer. Obfuscation in ionCube is still useful as it renames to remove meaning from symbols, but it's secondary to the much more important mechanism of the dynamic algorithmic keys, which is where effort in using is best spent.
_________________
Community Admin
Back to top
View user's profile Send private message
latestsoftwares24



Joined: 03 Mar 2016
Posts: 1
Location: USA
PostPosted: Thu Mar 03, 2016 1:16 pm    Post subject: Reply with quote
this is very nice and informative sharing..
Back to top
View user's profile Send private message AIM Address
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> Programming All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2002-2018 ionCube Ltd  All rights reserved.
About ionCube | Jobs | Terms and Conditions | Privacy Policy