PHP代码加密技术 郭新华 PHPCON2018
PHP作为一门脚本语言,部署的方式一般都是源码部署,这种方式无法安全的分发代码,黑客拿到源码后也很容易知道你的业务逻辑,实施有针对性的攻击,代码加密部署无疑会大大提高整个应用的安全性,我将逐一讲述如何实现PHP代码的加密,加密后有什么负面影响,以及数据加密相关的内容。
展开查看详情
1.PHP —@swoole
2.• pecl • swoole-src • • php-cp swoole-mysql-proxy swoole-serialize swoole-compiler
3.• • • • etc…
4.php AST opcodes vm PHP_OS opcodes
5.—
6.• ( ) • ( )
7.— • $reflection->getDocComment ()
8. — radius circum hash • $$var_name !0 => $radius • compact extract !1 => $circum • include stack stack • etc… Notice: Undefined variable: $_432345234
9. — pass opcodes /* CSE, STRING construction */ /* Constant conversion and jumps */ /* ++, +=, series of jumps */ /* INIT_FCALL_BY_NAME -> DO_FCALL */ /* CFG based optimization */ /* DFA based optimization */ /* CALL GRAPH optimization */ /* SCCP (constant propagation) */ • optimize /* TMP VAR usage */ /* NOP removal */ • /* Merge equal constants */ /* Adjust used stack */ /* Remove unused variables */ separate /* DCE (dead code elimination) */ /* Collect constants */ /* Inline functions */ /* etc…*/ vm
10.- • need to migrate from php72
11.— ( )
12. 1 3 4 2 • • recv send return • copy • jmp jmpz jmpnz • init fcall do fcall • opcodes • etc… • • etc… • etc… • • • etc…
13.( )
14. — llvm bitcode opcode llvm IR llvm pass bitcode llvm
15.——————- ——————
16.
17. if(a==1) echo 1 if(a==2) echo 2 if(a==3) echo 3 echo ‘end’
18. switch next if(a==1) if(a==2) if(a==2) if(a==3) next =1; echo 1; next =3; echo 2; next =3; echo 2; next =5; echo 3; else next = 6; else next = 6; else next = 6; else next = 6; next =2; next =4; next =4; next =6; echo ’end’; return;
19. md5 _8739482343 hash hash zif_md5 zif_md5
20./ opcode handler vm handler opcode handler ZEND_ECHO echo_handler ZEND_MUL mul_handler ZEND_RETURN return_handler opcode / c .. .. .
21.handler opcode handler c opcode handler opcode handler opcode handler opcode handler opcode handler .. c .. .
22. (vmp) my_vm my_opcode my_handler my_opcode my_handler • zend_vm my_opcode my_handler • • my_opcode my_handler • handler my_opcode my_handler .. .. .
23.my_jmpz_handler
24.my_echo_handler
25.• • • • •
26.• •
27.swoole compiler —---- + +
28. swoole compiler php( + php git )
29.thanks