Online PHP Code Obfuscator / Version 1.5

Firstly: Like all other code obfuscators out there (that don't require you to install server-side extensions), this method of obfuscation is not 100% foolproof. Any code that can be eval'd can be read. But although possible, being able to read the original code would be hard and take a lot of effort. Unlike other PHP code obfuscators, this can not be decoded/decrypted by the obfuscation decrypters you can find online.

Protip: The "Encode variable names" and "Encode user-defined function names" obfuscation options might not be compatible with your code, so if your obfuscated code doesn't work then try disabling these options.

And finally... I provide this as a free service and would like feedback on this, so if you have any suggestions, bugs or just want to say thanks, let me know in the comments form.

php code

obfuscation options

Strip whitespace and comments
Encode variable names
Encode user-defined function names
Scramble slice
preg_match Stub
Encryption -- Encryption depth:
Encryption Depth: The amount of times the obfuscator will encrypt and pack the code. More depth means bigger filesize and more work for the CPU to run the encrypted code. The benefit of this though is that it would take someone much more effort to decrypt it and read the original code.
I am only allowing a maximum encryption depth of 3. If you want even better security with up to 50x encryption depth then please contact me.
If you found this useful, please consider leaving a comment or liking this page on Facebook.

Comments (39)

  1. cocco / Reply February 19, 2014 at 12:08 am

    I decrypted the result, there is NO malicious code or else.
    However this encoder is good job, now the first time I needed to decode a file because I lost the original one, I spent an hour with it.

  2. Jake / Reply February 4, 2014 at 7:57 am

    Hi mate, I like this obfuscator. Any where I can get the source code?

    • atomiku / Reply February 13, 2014 at 4:06 pm

      Hey there. Get in touch with me via the contact form and we can arrange a sale of the source code. Cheers

  3. Jimmy / Reply January 11, 2014 at 6:32 am

    this is excellent..!!! thnk u so much…..

  4. cartem / Reply December 25, 2013 at 10:20 am

    thanks :)) nice job.

  5. Ivan / Reply December 21, 2013 at 8:07 pm

    Constantly obfuscation page does not load until the end. Have to try again and again until you get a full page.

  6. Samet / Reply December 19, 2013 at 2:46 pm

    But i get error when i try on two different files to obfuscate… ( this two files included on single file… )

  7. Samet / Reply December 19, 2013 at 2:36 pm

    Great work. I hope your publishing soon this tool on desktop version… I always used x3 depth encode but i’m not sure about performance… Maybe not prevent this method for prof. thief , but absolutely stopped junior thief :) Thanks…

  8. Сергей / Reply December 1, 2013 at 2:42 am

    Спасибо за ресурс! Отличная работа и хорошая защита!

  9. Matrixclub / Reply November 27, 2013 at 9:42 am

    nice job

  10. Anirban Nath / Reply November 27, 2013 at 6:18 am

    Notice: Undefined variable: xcfcd in C:\xampp\htdocs\**\***.php on line 2
    Notice: Undefined variable: xce84 in C:\xampp\htdocs\**\**.php on line 3
    Notice: Undefined variable: x6222 in C:\xampp\htdocs\**\**.php on line 4
    Notice: Undefined variable: x6d4a in C:\xampp\htdocs\**\**.php on line 5

    Keeps on getting this errors , any help will be much appreciated !

    • atomiku / Reply November 28, 2013 at 4:46 am

      Have you tried disabling the ‘Encode variable names’ option?

      • Anirban Nath / Reply November 28, 2013 at 6:16 am

        yep , But now getting a different error :( !

        Notice: Undefined variable: xcfcd in C:\xampp\htdocs\test\studyroom.php(2) : regexp code(1) : eval()’d code on line 1
        Notice: Undefined variable: xce84 in C:\xampp\htdocs\test\studyroom.php(2) : regexp code(1) : eval()’d code on line 2
        Notice: Undefined variable: x6222 in C:\xampp\htdocs\test\studyroom.php(2) : regexp code(1) : eval()’d code on line 3
        Notice: Undefined variable: x6d4a in C:\xampp\htdocs\test\studyroom.php(2) : regexp code(1) : eval()’d code on line 4

      • Anirban Nath / Reply November 28, 2013 at 6:27 am

        If i uncheck all option and just keep encryption depth its working fine ! But is it a good chioice ?? Was wondering u have any standalone (desktop) version of this php obfuscator !

        Anyways Nice work ! Thanks for replying

  11. Kyle Coots / Reply November 22, 2013 at 3:56 pm

    Thanks, works great!

    You should consider coming up with some kinda of API for this or a way to obfuscate a whole framework/project at one time. That wouold be awesome!

  12. Root(RED) / Reply November 6, 2013 at 5:39 pm

    :) Thanks (y) Like it.. works like a charm :D LOL

  13. walt / Reply October 23, 2013 at 9:00 pm

    Hi,
    I think there is a little bug.
    if I obfuscate this code : phpinfo();

    your programme give me :

    When I execute this code, it show me phpinfo(); instead executing this function.

    When I decode de preg_prelace, I found if I remove this ‘\x3f\x3e’, the code work fine.

    $xcfcd .= “\x3f\x3e\x70\x68″;
    $xa87f .= “\x70\x69\x6e\x66″;
    $xc9f0 .= “\x6f\x28\x29\x3b”;
    eval($xcfcd . $xa87f . $xc9f0);

  14. Derry / Reply October 6, 2013 at 7:54 pm

    very nice

  15. Aziz Mazgour / Reply September 11, 2013 at 12:05 am

    This works perfectly.

  16. none / Reply August 28, 2013 at 2:07 pm

    strip white space and comment not seems to work

    I put

    and i get

    ?>

    with space , comment and php tag for bonus ;)

  17. none / Reply August 28, 2013 at 1:37 pm

    hello

    http://www.php.net/manual/en/reference.pcre.pattern.modifiers.php

    => regex /e Warning This feature has been DEPRECATED as of PHP 5.5.0. Relying on this feature is highly discouraged.

  18. Ketan Kulkarni / Reply August 9, 2013 at 8:23 am

    Nice utility!
    Good work!
    Ketan

  19. Rojo / Reply August 8, 2013 at 12:07 pm

    There is a problem. If you have a structure where there is an include in one file. If you encode the include file and then also encode the file that calls the include file, there are errors thrown. Settings are level 3.

  20. Rahul / Reply August 6, 2013 at 12:30 pm

    Is there any way to decrypt this encrypted code?
    I mean, are your sure they cant reverse engineer to get original code?

    • atomiku / Reply September 3, 2013 at 8:38 am

      Yes, someone has made a decrypter for my obfuscator. It was bound to happen eventually, as I say in the post, all obfuscated code can be decrypted. It’s impossible to make an obfuscator thats fool proof, unless you use server side extensions.

  21. Mahesh / Reply August 1, 2013 at 7:50 am

    This works perfectly. Thanks.

  22. bertrand / Reply July 30, 2013 at 2:57 pm

    hello,

    c’est dommage que c’est outils n’exécute pas le code php lors du décodage?? du coup il me sert strictement à rien, je comprend pas même à quoi il sert pour obscusifier du php??

    j’ai tenté un eval( devant en vain…

    merci quand même

  23. adh / Reply July 20, 2013 at 2:49 pm

    Hi
    I have tow php file after code by your site give under error

    Parse error: syntax error, unexpected ‘.’ in 2.php(2) : regexp code(1) : eval()’d code(4) : eval()’d code on line 1

    file 1.php

    <?php
    for($i=1;$i

    file 2.php
    <?php
    for($i=1;$i<=3;$i++)
    echo "$i”;
    ?>

    Please help

  24. BEnas / Reply April 20, 2013 at 6:50 am

    Cleans perfectly

  25. Shaurya Gupta / Reply April 19, 2013 at 10:57 pm

    Thanks

  26. Rapture / Reply March 18, 2013 at 9:46 am

    Thanks for this tool, I’ve used a lot of obfuscators but this one is the best I’ve found, no errors, clean and very useful :)

  27. HOST RAZOR / Reply March 13, 2013 at 12:10 am

    I am a system administrator for a company and I deal with these alerts on a daily basis; basically any antivirus be on win32 (kaspersky/avg/sophos) and even on linux/unix systems such as clamav will have signatures set and these detect false positives, one lucky example is a plugin for WHM(cPanel) called WHMXtra, they had obfuscated code hidden in there plugin that nobody knew about, it was to login to a database and enter the number 1 every time somebody used it (so they could get an estimate on plugin usage) and this was flagged on my system as a virus, after decrypting the code I found it and emailed them (they had completley forgot that it was there) and planned to move it after next release.

    If your not sure open it up in a sandbox and test first, watch any changes that may occur. Just because an anti virus flags it up as a threat does not 100% guarantee its a virus.

    Viruses/Trojans/Malware these days are often not detected by your anti virus anyway! “Real Hackers” use crypted programming and hide the data from anti virus scanners making it impossible to detect unless they have an heuristic scanner or more advanced technology – so your never safe unless you sandbox something unknown first!! – “lol @ hacker”

  28. wewt / Reply March 11, 2013 at 2:25 am

    I can confirm this is not a virus.

  29. hacker / Reply March 9, 2013 at 4:13 pm

    this is a virusssssssssss……….liarss………….fake.

    • atomiku / Reply March 9, 2013 at 7:34 pm

      Hey there. This isn’t a virus, and hopefully someone with a bit of skill will be able to look into the obfuscated code to see what it’s doing to prove that it’s not a virus.

      Why do you think it’s a virus? If it’s because your virus scanner is picking it up, it would be because when people make PHP backdoors they obfuscate it with the same methods that this obfuscator uses. Any online PHP obfuscator you use will have the same result.

      What I’m trying to say is: It’s just a false positive! This PHP obfuscator isn’t a virus.
      Someone please back me up on this.

      • Alex / Reply February 4, 2014 at 3:48 pm

        It was fun making a deobfuscator for your obfuscator. Unless the source has been edited, I can confirm there is no backdoor added to the obfuscated code.

        • atomiku / Reply February 13, 2014 at 4:07 pm

          Ah yes, are you lombokcyber.com?

    • mahmoud / Reply August 9, 2013 at 8:01 pm

      It not a virus, i just decode it.

    • Jeffery Dilegge / Reply February 8, 2014 at 4:55 am

      You are an idiot.

Leave a Comment

Twitter