Mgccl's Ivory Towerso tired

Obfuscation, is used to make codes hard to impossible to be interpreted by human. A script virus have to be hard to detect, so it have to change itself by using obfuscation. To finish the challenge to make a polymorphic self replicating script in YoungCoders, obfuscation will do just that.

PHP obfuscation is quite simple:

Take out comment
For many script, no comment will be good enough.
Comment are anything after // or #and end with space, also they are not inside any quotes. Multi-line comments start with /* and end with */, so it's pretty easy to remove.

Change the variable name to long and meaning less ones

The simplest way is to use MD5 operation on the variable name and replace them. Find variables is easy, anything have $ prefix that are not inside any single quote. there can be things in front of $, include ";", ",","-","+","*","&","$". some of them can be in the end of the variable. Normally end of variable is a space.
Note these variables should not be replaced, include $this, $_SERVER, $_POST, $_GET, $_REQUEST, $_SESSION, $_COOKIE.

Do the same to the functions

The functions must be non PHP built in functions. To do that, find all "function" statement that creates another function. Those functions will be the ones to change. To locate a function to be replaced, find anything with a "(" after the function name, and outside quotes. This will also take out the "(" in classes.

Trashing(not recommended, because slows the code down)

Trashing is to add completely useless code and comments. like

//add these trash
$asdfasdf = 3000;
$iamtrash = 'I love to trash the place...';

Encryption(not recommended, because slow the code down...GREATLY)
Encryption is to encrypt a data, then use part of the script(or PHP built in) function of the script to decrypt it. Here are some simple ones that does not need to write any function to decrypt them.
-Change Numbers into equations

//this
$a = 10;
//into
$a = pow((10 + 2) - 2, 1);

-Change word into chr() functions

//this
$a = 'cool';
//into 
$a = chr(99).chr(111).chr(111).chr(108);

-Add one of those simple encryptions

//this
$a = 'This is an encoded string';
//into 
$a = base64_decode('VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==');
//this
$b = foo bar@baz;
//into 
$b = rawurldecode(foo%20bar%40baz);

There is a PHP script made for obfuscation, POBS, which is dated, last version is from 2003.

Editor Comment:

I wrote this just to clear my mind. Not much people will find this useful. like why create a obfuscated script even you can't read? commercial programs can use some programs to compile the script. But I think this is still some concept to know, sometimes if you want to create a shareware in PHP(what are you thinking!!!), this can be a way to let user can't get the source code unless paid to you.