System

What’s obfuscation and what is it good for?

Written by  on Dezember 3, 2015

To see how PHP code obfuscation works, you might check out the Free Online PHP Obfuscator. What happens there, makes your code completeley unreadable. But, it creates an enormous base64 encoded file, which simply might be too much. Also I had some troubles with *larger* php scripts with around 50 lines.
Nevertheless, you’ll be able to copy a neat trick from there. First a function name gets decoded in hex. If you have no idea about how to do it check out string to hex. So now you are able to encode your function name into a variable

$a="\x73\x79\x73\x74\x65\x6d"

Now we are able to replace the calls to the system function with our variable from

system("openssl req -noout -modulus -in testfile.csr >/dev/null 2>&1",$ret);

to

$a("openssl req -noout -modulus -in testfile.csr >/dev/null 2>&1",$ret);

So what is it good for? Could you hide from the disabled function in the php.ini? That’s a clear no! But this helps, when there is some nasty “maleware scanner” that would delete your scripts from your webspace because of containing a call of the system function.
Is it secure? As always it depends. If you use PHP to execute some hardcoded shell script, this might work in a secure way. If you hand input to your scripts, you should be extra sure, that you know what you are doing!
Will it scale? I guess no. There is no protection from PHP in a way that you might DDOS yourself i.e. your webspace.
Also check for race conditions. Just think about what will happen, when you write into a file – and another call to the webserver will write into the same file.

Zitat des Tages

Written by  on Januar 19, 2010

Never touch a running system.
Wir warten erst, bis nichts mehr geht!

Was der Admin über seine Server wissen sollte

Written by  on Januar 5, 2010
  • What is the system concerned with?
  • How does it work?
  • Where is the data worked with, or where is funcionality achieved?
  • Who works with data and achieves functionality?
  • When is it done?

Zitat des Tages

Written by  on Dezember 30, 2009

The longer I work on websites, the more surprised I am at the creativety of complex systems in finding ways to fail.

— Leider hab ich die Quelle nicht notiert, war aber sicher irgend ein Buch *grml*

Operating Systems – Design And Implementation

Written by  on September 21, 2008

The UNIX system has a command, nice, which allows a user to voluntarily reduce the priority of his process, in order to be nice to the other users. Nobody ever uses it.


Operating Systems Design and Implementation (Prentice Hall Software Series)

Was man mit einem Schraubenzieher nicht alles anstellen kann

Written by  on Juni 23, 2007

Das Folgende Zitat nimmt bezug auf die Unix Toolbox und das sich mit den einzelnen Tools alles mögliche anstellen lässt, nicht nur das vorgesehene:

You can do a lot more with a screwdrive than thightening and loosening screws.

– Essential System Administration, O'REILLY, AEleen Frish

Neues auf Walterschlag.net

Written by  on Februar 18, 2007

Schön langsam könnte es etwas werden für eine einfach zu handhabende Website von Walterschlag bei Sallingstadt in der Marktgemeinde Schweiggers! Unter walterschlag.net wurden jetzt bereits erste Versuche mite Joomla! gestartet und wir hoffen alle, dass sich hier bald mehr tut!

walterschlag.net