php源代码加密，源码安全

https://github.com/del-xiong/screw-plus

http://git.oschina.net/splot/php-screw-plus

screw plus是一个开源的php扩展，作用是对php文件进行加密，网络上提供php加密的服务很多，但大多都只是混淆级别的加密，被人拿到加密文件问只要有足够耐心就能破解，与之不同的是，screw plus采用扩展来加解密，而且是全球金融业流行的高强度AES256加密，除非破解了服务器，否则黑客拿到了加密文件也只是一堆乱码。

同一个加密级别的有ioncube和官方的zend guard，但这两款都是收费的，一年至少数千元的费用并不值得普通开发者去尝试，而使用screw plus，你不需要多花一分钱。

下面以LNMP一键安装环境为例演示下screw plus的配置

首先克隆一份代码到服务器

git clone https://git.oschina.net/splot/php-screw-plus.git

进入项目目录，然后执行php的phpize文件，phpize是官方提供的可执行文件用于动态生成扩展开发环境，一般在php的bin目录下可以找到。lnmp的phpize

# /usr/local/phpphpize

Cannot find config.m4.

Make sure that you run '/usr/local/php/bin/phpize' in the top level source directory of the module

在

# cd /usr/local/src/lnmp-install-pakge/php-7.0.27/ext下找到工具

# ./ext_skel --extname=my_module

Creating directory my_module

Creating basic files: config.m4 config.w32 .gitignore my_module.c php_my_module.h CREDITS EXPERIMENTAL tests/001.phpt my_module.php [done].

To use your new extension, you will have to execute the following steps:

1.  $ cd ..

2.  $ vi ext/my_module/config.m4

3.  $ ./buildconf

4.  $ ./configure --[with|enable]-my_module

5.  $ make

6.  $ ./sapi/cli/php -f ext/my_module/my_module.php

7.  $ vi ext/my_module/my_module.c

8.  $ make

Repeat steps 3-6 until you are satisfied with ext/my_module/config.m4 and

step 6 confirms that your module is compiled into PHP. Then, start writing

code and repeat the last two steps as often as necessary.

执行了这个步骤以后你会看到这样的结果

Repeat steps 3-6 until you are satisfied with ext/my_module/config.m4 and step 6 confirms that your module is compiled into PHP. Then, start writing code and repeat the last two steps as often as necessary.

这样以后我们会在这个目录下生成一个目录叫my_module

进入这里面我们看看

# cd my_module/

# ls

config.m4  config.w32  CREDITS  EXPERIMENTAL  my_module.c  my_module.php  php_my_module.h  tests

然后我们要修改文件顺序是

config.m4

my_module.c

php_my_module.h 

# vim config.m4

将

dnl PHP_ARG_ENABLE(my_module, whether to enable my_module support,

dnl Make sure that the comment is aligned:

dnl [  --enable-my_module           Enable my_module support])

修改成

PHP_ARG_ENABLE(my_module, whether to enable my_module support,

Make sure that the comment is aligned:

[  --enable-my_module           Enable my_module support])

最后在该目录下运行

# /usr/local/php/bin/phpize

Configuring for:

PHP Api Version:         20151012

Zend Module Api No:      20151012

Zend Extension Api No:   320151012

编译配置

# ./configure --with-php-config=/usr/local/php/bin/php-config

编译时，发现少了个re2c

# wget https://nchc.dl.sourceforge.net/project/re2c/0.16/re2c-0.16.tar.gz

# tar -zxvf re2c-0.16.tar.gz 

# cd re2c-0.16/

# ./configure && make && make install

完成编译安装

# make(

./configure --with-php-config=/usr/local/php/bin/php-config)

/bin/sh /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/libtool --mode=compile cc -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -I. -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module -DPHP_ATOM_INC -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/include -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/main -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module -I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/lib  -DHAVE_CONFIG_H  -g -O2   -c /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/my_module.c -o my_module.lo 

 cc -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -I. -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module -DPHP_ATOM_INC -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/include -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/main -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module -I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/my_module.c  -fPIC -DPIC -o .libs/my_module.o

/bin/sh /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/libtool --mode=link cc -DPHP_ATOM_INC -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/include -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/main -I/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module -I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/lib  -DHAVE_CONFIG_H  -g -O2   -o my_module.la -export-dynamic -avoid-version -prefer-pic -module -rpath /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/modules  my_module.lo 

cc -shared  .libs/my_module.o   -Wl,-soname -Wl,my_module.so -o .libs/my_module.so

creating my_module.la

(cd .libs && rm -f my_module.la && ln -s ../my_module.la my_module.la)

/bin/sh /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/libtool --mode=install cp ./my_module.la /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/modules

cp ./.libs/my_module.so /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/modules/my_module.so

cp ./.libs/my_module.lai /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/modules/my_module.la

PATH="$PATH:/sbin" ldconfig -n /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/modules

----------------------------------------------------------------------

Libraries have been installed in:

   /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/modules

If you ever happen to want to link against installed libraries

in a given directory, LIBDIR, you must either use libtool, and

specify the full pathname of the library, or use the `-LLIBDIR'

flag during linking and do at least one of the following:

   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable

     during execution

   - add LIBDIR to the `LD_RUN_PATH' environment variable

     during linking

   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag

   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for

more information, such as the ld(1) and ld.so(8) manual pages.

----------------------------------------------------------------------

Build complete.

Don't forget to run 'make test'.

# make test

=====================================================================

PHP         : /usr/local/php/bin/php 

PHP_SAPI    : cli

PHP_VERSION : 7.0.27

ZEND_VERSION: 3.0.0

PHP_OS      : Linux - Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64

INI actual  : /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/tmp-php.ini

More .INIs  :   

---------------------------------------------------------------------

PHP         : /usr/local/php/bin/phpdbg 

PHP_SAPI    : phpdbg

PHP_VERSION : 7.0.27

ZEND_VERSION: 3.0.0

PHP_OS      : Linux - Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64

INI actual  : /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module/tmp-php.ini

More .INIs  : 

---------------------------------------------------------------------

CWD         : /usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module

Extra dirs  : 

VALGRIND    : Not used

=====================================================================

TIME START 2018-10-30 14:58:33

=====================================================================

PASS Check for my_module presence [tests/001.phpt] 

=====================================================================

TIME END 2018-10-30 14:58:33

=====================================================================

TEST RESULT SUMMARY

---------------------------------------------------------------------

Exts skipped    :    0

Exts tested     :   50

---------------------------------------------------------------------

Number of tests :    1                 1

Tests skipped   :    0 (  0.0%) --------

Tests warned    :    0 (  0.0%) (  0.0%)

Tests failed    :    0 (  0.0%) (  0.0%)

Expected fail   :    0 (  0.0%) (  0.0%)

Tests passed    :    1 (100.0%) (100.0%)

---------------------------------------------------------------------

Time taken      :    0 seconds

=====================================================================

This report can be automatically sent to the PHP QA team at

http://qa.php.net/reports and http://news.php.net/php.qa.reports

This gives us a better understanding of PHP's behavior.

If you don't want to send the report immediately you can choose

option "s" to save it.You can then email it to [email protected] later.

Do you want to send this report now? [Yns]:

进入tools

# cd tools

# make

把生成的 my_module.so复制到扩展目录下

# cp my_module.so /usr/local/src/lnmp-install-pakge/php-7.0.27/ext 

进入php.ini

# vim /usr/local/php/lib/php.ini

添加

extension=/usr/local/src/lnmp-install-pakge/php-7.0.27/ext/my_module.so

然后重启php服务 这时可以放个php文件输出phpinfo信息，如果看到以下提示说明扩展生效了

在扩展的tools目录，执行./screw [路径]，[路径]可以是单个文件也可以是文件夹，然后就可以实现加密了。

/screw [PATH] -d 解密代码