The principle and practice of modifying the Zend engine to implement PHP source code encryption

1. Basic Principles
Consider intercepting the interface for PHP to read source files. At first, I considered dealing with the interface between Apache and PHP, see apache's src/modules/php4/mod_php4.c (this is the file that PHP statically compiles into apache, make install), in send_php() The file pointer is intercepted in the function, using the method of temporary file, and the file pointer is replaced after decryption. This method has been tested and proven to be feasible. However, two file operations must be used, which is inefficient and cannot be used for DSO. Shuangyuan Nursing Home
Therefore, I reconsidered the process of intercepting PHP reading files and loading them into the cache. After a strenuous search, I found that zend-scanner.c does this in the Zend engine. Start modifying this file. Lighting project

2. Implementation method

Using libmcrypt as the encryption module, now using the DES method ECB mode encryption,

The following is the source code of file encryption:

C++ code
/* ecb.c--- ----------------cut here-----------*/
/* encrypt for php source code version 0.99 beta
we are using libmcrypt to encrypt codes , please
install it first.
compile command line:
gcc -O6 -lmcrypt -lm -o encryptphp ecb.c
please set LD_LIBRARY_PATH before use.
GNU copyleft, designed by wangsu , miweicong */

#define MCRYPT_BACKWARDS_COMPATIBLE 1
#define PHP_CACHESIZE 8192
#include < mcrypt.h >
#include < stdio.h >
#include < stdlib.h >
#include < math.h >
#include < sys/types.h >
#include < sys/stat.h >
#include < fcntl.h >

main(int argc, char** argv)
{

int td, i ,j,inputfilesize,filelength;
char filename[255];
char password[12];
FILE* ifp;
int readfd;
char *key;
void *block_buffer;
void *file_buffer;
int keysize;
int decode=0;
int realbufsize=0;
struct stat *filestat;

if(argc == 3) {
strcpy(password,argv[1]);
strcpy(filename,argv[2]);
} else if(argc == 4 && !strcmp(argv[1],"-d")){
strcpy(password,argv[2]);
strcpy(filename,argv[3]);
decode= 1;
printf("Entering decode mode ... n");
} else {
printf("Usage: encryptphp [-d] password filenamen");
exit(1);
}

keysize=mcrypt_get_key_size (DES);
key=calloc(1, mcrypt_get_key_size(DES));

gen_key_sha1( key, NULL, 0, keysize, password, strlen(password));
td=init_mcrypt_ecb(DES, key, keysize);

if((readfd=open(filename,O_RDONLY,S_IRUSR|S_IWUSR|S_IRGRP))==-1){
printf("FATAL: Can't open file to read");
exit(3);
}

filestat=malloc(sizeof(stat));

fstat(readfd,filestat);
inputfilesize=filestat- >st_size;
printf("filesize is %d n",inputfilesize);
filelength=inputfilesize;

inputfilesize =((int)(floor(inputfilesize/PHP_CACHESIZE))+1)*PHP_CACHESIZE;

if((file_buffer=malloc(inputfilesize))==NULL){
printf("FATAL: can't malloc file buffer.n ");
exit(2);
}
if((block_buffer=malloc(PHP_CACHESIZE))==NULL){
printf("FATAL: can't malloc encrypt block buffer.n");
exit(2) ;
}

j=0;
while(realbufsize=read (readfd,block_buffer, PHP_CACHESIZE)){
printf(".");
if(!decode){
if(realbufsize< PHP_CACHESIZE){
for( i=realbufsize;i< PHP_CACHESIZE;i++){
((char *)block_buffer)[i]=' ';
}
}
mcrypt_ecb (td, block_buffer, PHP_CACHESIZE);
} else {
mdecrypt_ecb (td, block_buffer , realbufsize);
}
memcpy(file_buffer+j*PHP_CACHESIZE,block_buffer,PHP_CACHESIZE);
j++;
}

close(readfd);

if((ifp=fopen(filename,"wb"))== NULL){
printf("FATAL: file access error.n");
exit(3);
}
fwrite ( file_buffer, inputfilesize, 1, ifp);

free(block_buffer);
free(file_buffer);
free(filestat);
fclose(ifp);
printf("n");

return 0;

}
/*--- end of ecb.c ----------- --------------------------*/
Because ECB mode is a block encryption with a determined block length, some null characters are filled in here. International Exhibition

Then, modify Zend/zend-scanner.c in the php code as follows:

(My php version is 4.01pl2, SUNsparc/solaris 2.7, gcc 2.95;)

Add before the file:

#define MCRYPT_BACKWARDS_COMPATIBLE 1
#include < mcrypt.h >

　 Then, comment out the definition of YY_INPUT around line 3510.

　Then, modify the yy_get_next_buffer() function around line 5150:
Add the definition to the function header:
void *tempbuf;
char *key;
char debugstr[255];
int td,keysize;
int x,y;
FILE *fp;
Then, comment out the sentence
YY_INPUT( (&yy_current_buffer- >yy_ch_buf[number_to_move]),
yy_n_chars, num_to_read );
.
Change to:

tempbuf=malloc(num_to_read);
if((yy_n_chars=fread(tempbuf,1,num_to_read,yyin))!=0){
/*decode*/
#define password "PHPphp111222"
# debug 0

keysize=mcrypt_get_key_size(DES);
key=calloc(1, mcrypt_get_key_size(DES));
gen_key_sha1( key, NULL, 0, keysize, password, strlen(password));
td=init_mcrypt_ecb(DES define , key, keysize);
mdecrypt_ecb(td, tempbuf, yy_n_chars);
memcpy((&yy_current_buffer- >yy_ch_buf[number_to_move]),tempbuf,yy_n_chars);
if(debug){
fp=fopen("/tmp/ logs","wb");
fwrite("nstartn",7,1,fp);
fwrite(tempbuf,1,yy_n_chars,fp);
fwrite("nenditn",7,1,fp);
fclose (fp);
}
}
free(tempbuf);

Then, compile php and install it in the normal way. Because I am not familiar with libtool, I chose the static method and added -- when configuring. with-mcrypt, so I don’t have to manually modify the Makefile cable tray

3. Tests and results

After compiling php and apache, I used encryptphp compiled by ecb.c to encrypt several files, which are < 1K, 10K+ , and 40K+, an error occurs when processing 40K size files, and other files are normal. Plastic floor
This is because the ECB encryption method of the block determines that fixed-length blocks must be used. Therefore, please give me some advice on which stream encryption method can be used to take into account zend's cache processing method of reading 8192 bytes each time. (The block length read by zend each time on other platforms may be different)

For more related content, please pay attention to the PHP Chinese website (www.php.cn)!