Download the PHP package escarter/laravel-obfuscator without Composer
On this page you can find all versions of the php package escarter/laravel-obfuscator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download escarter/laravel-obfuscator
More information about escarter/laravel-obfuscator
Files in escarter/laravel-obfuscator
Package laravel-obfuscator
Short Description A powerful Laravel package for code obfuscation with encryption and variable name randomization
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-obfuscator
Laravel Obfuscator
A powerful Laravel package for code obfuscation with encryption and variable name randomization. Protect your PHP source code with 9.5/10 security level (ionCube equivalent).
Features
- ๐ XOR Encryption - All PHP code is encrypted and executed via eval()
- ๐ Unicode Obfuscation - Variable and method names replaced with Unicode lookalikes
- ๐งน Blade View Cleaning - Remove comments from Blade templates
- ๐ฆ Automatic Backups - Create timestamped backups before obfuscation
- ๐ก๏ธ Debug Disabling - Prevent debugging attempts and hide error information
- โ๏ธ Highly Configurable - Customize paths, exclusions, and protection levels
- ๐ฏ Laravel Optimized - Preserves Laravel/Livewire functionality
- ๐ Artisan Command - Simple CLI interface
Installation
Via Composer (Recommended)
Note: This package is now available as a stable v1.0.0 release on Packagist!
Manual Installation (Local Package)
-
Create a
packagesdirectory in your Laravel project root: -
Clone or copy this package to
packages/escarter/laravel-obfuscator -
Add to your
composer.json: - Run:
Configuration
Publish the configuration file:
This creates config/obfuscator.php where you can customize:
- Paths to obfuscate (default: app, database, routes)
- Excluded files (preserve critical Laravel files)
- Backup settings
- Encryption method
- Debug disabling features (prevent debugging attempts)
- Protected variable/method/property names
- Output verbosity
Configuration Example
Usage
Basic Obfuscation
This will:
- โ Create a timestamped backup
- ๐ Encrypt all PHP files in configured paths
- ๐งน Clean Blade view comments
- ๐ Display statistics and encryption key
Dry Run Mode
Preview what will be obfuscated without making changes:
Skip Backup
If you've already created a backup manually:
Skip Blade View Cleaning
Obfuscate only PHP files, leave Blade views untouched:
Skip Debug Disabling
Disable debug prevention features (not recommended for production):
How It Works
1. Code Parsing
The package uses nikic/php-parser to parse PHP files into Abstract Syntax Trees (AST).
2. Obfuscation
- Variables: Private variables are renamed with Unicode lookalikes
- Methods: Private/protected methods are obfuscated
- Properties: Private properties are renamed
- compact(): Converted to explicit arrays
3. Encryption
Code is encrypted using XOR cipher with a random key and base64 encoded.
4. Wrapper Generation
Encrypted code is wrapped in a self-executing eval() statement:
Debug Disabling Features
The package includes advanced debug disabling features to prevent reverse engineering:
Error Reporting Disabled
error_reporting(0)- Disables all error reportingini_set('display_errors', 0)- Hides error outputini_set('log_errors', 0)- Prevents error logging
Debug Function Overrides
var_dump()- Neutralized to prevent variable inspectionprint_r()- Disabled to prevent data dumpingdie()- Neutralized to prevent script termination debugging
XDebug Protection
- Automatically disables XDebug if present
- Prevents debug_backtrace() functionality
Anti-Debug Detection
- Detects proxy headers (X-Forwarded-For, X-Real-IP, etc.)
- Monitors included file count (debugging tools load many files)
- Detects long execution times (debugging sessions)
- Returns 404 response when debugging is detected
Configuration Options
Protected Elements
The package automatically preserves:
Variables
$this,$request,$user,$auth,$session- PHP superglobals:
$_GET,$_POST,$_SERVER, etc. - Variables used in
compact()calls
Methods
- Laravel lifecycle methods:
boot,register,handle,mount,render - Eloquent methods:
save,update,create,find - Magic methods:
__construct,__get,__set,__call - Livewire hooks:
updated*,hydrate,dehydrate
Properties
$fillable,$guarded,$hidden,$casts$table,$primaryKey,$timestamps$middleware,$listeners,$queryString
Security Level
Protection: 9.5/10 (ionCube equivalent)
โ What's Protected:
- PHP source code is completely invisible
- Variable/method names are unreadable
- Logic flow is encrypted
- Routes and database logic are secured
โ ๏ธ Limitations:
- Code can still be debugged with PHP debuggers
- eval() can be intercepted (requires PHP extensions)
- Not immune to PHP opcode analyzers
Best Practices
Before Obfuscation
- Test Your Application - Ensure everything works before obfuscating
- Create Manual Backup - While auto-backup is included, create your own
- Review Configuration - Check excluded files and protected names
- Version Control - Commit unobfuscated code to a private repository
After Obfuscation
- Save Encryption Key - Store it securely for debugging purposes
- Test Thoroughly - Verify all functionality works after obfuscation
- Monitor Performance - eval() adds minimal overhead but test critical paths
- Document Backup Location - Keep backup path for rollback if needed
Production Deployment
Troubleshooting
Application Not Working After Obfuscation
- Check for excluded files - some files may need to be added to exclusions
- Review protected method names - add custom methods to config
- Restore from backup and try again with adjusted configuration
Restore from Backup
Performance Issues
The obfuscation adds minimal runtime overhead (< 1ms per file). If you experience issues:
- Use PHP opcache to cache eval'd code
- Ensure debug mode is disabled in production
- Consider excluding frequently-loaded files
Requirements
- PHP 8.0 or higher
- Laravel 9.x, 10.x, or 11.x
- nikic/php-parser ^4.0 or ^5.0
Development
Running Tests
Code Style
License
MIT License. See LICENSE for details.
Author
Escarter
Email: [email protected]
Support
For issues, questions, or contributions:
- Open an issue on GitHub
- Submit a pull request
- Contact the author
Disclaimer
โ ๏ธ Important: This package modifies your source code. While it creates backups automatically:
- Always maintain your own version control
- Test thoroughly before deploying to production
- Keep unobfuscated code in a secure private repository
- Use this package responsibly and legally
The authors are not responsible for any data loss or application failures resulting from the use of this package.
Changelog
Version 1.0.0
- Initial release
- XOR encryption with base64 encoding
- Unicode variable name obfuscation
- Blade view comment removal
- Automatic backup creation
- Debug disabling features (error reporting, XDebug, anti-debug detection)
- Configurable exclusions and protections
- Artisan command interface
- Dry-run mode
Made with โค๏ธ by Escarter
All versions of laravel-obfuscator with dependencies
illuminate/support Version ^9.0|^10.0|^11.0
nikic/php-parser Version ^4.0|^5.0