5.6. Obfuscation Settings
The following shows the Obfuscation tab of the Project Settings dialog:
Some strings remain in the PHP bytecode stream after encoding. For example, local variable names are present after compilation. To prevent these strings from appearing in encoded files, the Encoder features an optional obfuscation processor that is used after the PHP source has been encoded to compiled bytecode.
The checked boxes determine which aspects of the compiled PHP bytecode
will be obfuscated. Currently class and method names, line numbers,
global function names and local variable names can be obfuscated.
The Obfuscation key should contain a secret phrase to be used
when obfuscating strings. A random obfuscation key can be created by
clicking on the Generate random key button. The obfuscation
algorithm is a one way process that would require a brute force attack
and knowledge of the key to reverse.
While it can be desirable to obfuscate names, it is sometimes necessary to prevent specific class, method and function names from being obfuscated. Such cases include elements in non-obfuscated code that are to be referenced from obfuscated code, elements in obfuscated scripts that are to be called by unencoded scripts, and functions in obfuscated code used as callbacks to builtin functions.
To specify these exceptions, a text file should be created with the required elements. The text file can contain sections identified with [classes], [methods] and [functions], followed by the names of the classes, methods and functions occurring one per line in the relevant section. Namespaces should be used where relevant. The absolute path to this file should be entered in the Exclusion file field.
An example of an exclusion file is below:
Blank lines and text appearing after a
Copyright 2002-2021 ionCube Ltd. All rights reserved.