Author |
Message |
horf
Joined: 27 Nov 2015 Posts: 4
|
Posted: Fri Nov 27, 2015 1:45 pm Post subject: Ofuscate variables without method parameters |
|
|
Hi there
Is there a way to obfuscate variables, but keep the variables defined in method parameters?
The best would be to only keep them for specific methods (prefix in the method name or public methods).
Example for an ideal obfuscation result:
Code: |
class testClass{
// Do not obfuscate mathod name & parameter name for method with prefix "action"
public function actionTest($id){
$obfusc123 = 'test' . $id;
$this->obfuscMethod123($obfusc123 );
}
private function obfuscMethod123($obfusc456){
echo $obfusc456;
}
}
|
Is there a way to configure this? |
|
Back to top |
|
 |
horf
Joined: 27 Nov 2015 Posts: 4
|
Posted: Fri Dec 04, 2015 10:59 am Post subject: |
|
|
I've got the answers from the support:
Quote: | It's not possible to exclude with placeholders in the obfuscation exclusion list.
Excluding a class name will exclude just the name of the class from being obfuscated and not any contents of the class, such as methods
If you exclude the method or function, the variables within will also be excluded from obfuscation. For security reasons, excluding a method name will also exclude it from being obfuscated in all classes having a method of the same name, which avoids needing a reversible obfuscation technique.
It's not possible to exclude specific variables from obfuscation. |
So the only solution would be to generate a list of all methods (completely excluded from obfuscation) and the classes (not to be renamed). |
|
Back to top |
|
 |
liaison ionCube Support
Joined: 16 Dec 2004 Posts: 2788
|
Posted: Mon Dec 07, 2015 12:02 pm Post subject: |
|
|
Thanks for summarising. ionCube of course is not a source code obfuscator, where all you have for protection is code mangling that's largely reversible and nothing to stop code sharing. The main protection in ionCube comes from code compilation where the source code is eliminated, and the option of new techniques in version 9 such as code encryption with keys that don't exist until some point during runtime, posing new challenges for attackers as there's no static key to be found and used, which follows the principle that it's safer to keep your safe combination in your head than written on a post-it note inside a desk drawer. Obfuscation in ionCube is still useful as it renames to remove meaning from symbols, but it's secondary to the much more important mechanism of the dynamic algorithmic keys, which is where effort in using is best spent. _________________ Community Admin |
|
Back to top |
|
 |
latestsoftwares24
Joined: 03 Mar 2016 Posts: 1 Location: USA
|
Posted: Thu Mar 03, 2016 1:16 pm Post subject: |
|
|
this is very nice and informative sharing.. |
|
Back to top |
|
 |
|