How to view hidden php file

Hello House,

Please i need to understand this as am new to obfuscation and hidden php.
I typed a php code and functions and i wanted to obfuscate it to make it unreadable.
So i went online and found a obfuscate source on github.
However after i obfuscated my code i discovered it created a file. and that file contained just

$__='printf';$_='Loading Class/Code Name';

However my original source php code is not seen in the file yet the code works.
And I have tried to copy $__=‘printf’;$_=‘Loading Class/Code Name’; and paste in another file and run it but the original php functions i created is not running, so i noticed the functions only run on that particular file that the obfuscate created.

And if i want to use that functions in any other php code i must include the file that has $__=‘printf’;$_=‘Loading Class/Code Name’;

My question is:

  1. How is it possible that a plain empty php file that contains just $__=‘printf’;$_=‘Loading Class/Code Name’; will be working perfectly and executing all the functions i have created in it before obfuscating?

  2. Is there a way to decode or view back my original code from that file.

  3. I love everything about the way the code was entirely hidden but can someone see the code? and what if the owner of the obfuscate script at GitHub has other hidden functions that may harm my site, how can i find out?

  4. I am curious to know how a hidden php code encoded in an practically empty php file yet is working perfectly?

Please i need guide and advise.
Thanks so much i appreciate all contribution.

Please supply the link to the “GitHub obfuscate code” because a search revealed umpteen Repositories.

here is the link https://github.com/pH-7/Obfuscator-Class

The code works well just that i need to understand why is working that way and how safe it is for me to use it in protecting my php script

1 Like

Protect from what?

from copies or redistribution, especially i want to allow the function to work only on a given domain

Please my focus is mainly on how possible is for an empty php file be executing codes that is not visible when the php file is viewed in a text editor, practically an empty php file with just one line of code yet is doing multiple functions.

I know of base64 encoders atleast you can see some jargon written inside the php code but this one is a plain php file yet working perfectly.

It’s not empty, its filled with spaces. Try scrolling all the way to the right.

This obfuscator won’t do that.

really empty spaces that translate into original code and functions? can it be ever decoded? or can i convert the empty spaces back to php readable code?

it will do exactly that, not the obfuscate but the original code that will protect the domain will be written by me and then i obfuscate

Try reading the file, explode it to get lines, then trim to strip all spaces from the lines. Then echo them.

All the code is there, it’s just padded with loads and loads of spaces. The spaces are just spaces. There is no code hidden in the spaces.

i will try this and get back at my finding if am able to see the file, but if not i may upload the file php for you to read and paste what i wrote in the php file before i obfuscated it to know if you were able to read it

Who are you trying to protect your code from?

1 Like

How would anyone gain access to the source code unless it is publicly made available online or server is hacked.

Is just my way of licensing my script, so the person download the script and host in his server, or even WordPress plugin for example, and now the script he downloaded is only configured to work in his domain so no multiple domain allowed

script are not hosted on my server, the script is hosted on the users end

For clarification whom i am protecting the code from is not very much my concern for now, as i want to know if that obfuscate file can ever be decoded or viewed.

To answer who i am protecting it from, here is the scenerio, I created a WordPress plugin and if anyone buys it i will ask for his domain name, add the license for that domain and obfuscate and send the plugin to the person, now when he try to install in multiple domain it will not work

Why protect the source unless it has hard coded credentials which it shouldn’t.

if it shouldn’t, then how then do you license your script?

Does each license have different credentials.