PHPackages pelock/stringencrypt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. pelock/stringencrypt ActiveLibrary[Security](/categories/security) pelock/stringencrypt ==================== Official PHP client for the StringEncrypt.com Web API — generate polymorphic decryptors for many programming languages. 1.0.1(1mo ago)32010Apache-2.0PHPPHP ^8.1 Since Apr 14Pushed 1mo ago2 watchersCompare [ Source](https://github.com/PELock/StringEncrypt-WebAPI)[ Packagist](https://packagist.org/packages/pelock/stringencrypt)[ Docs](https://www.stringencrypt.com)[ RSS](/packages/pelock-stringencrypt/feed)WikiDiscussions master Synced 1w ago READMEChangelog (1)DependenciesVersions (2)Used By (0) StringEncrypt — String & File Encryption for PHP Developers =============================================================== [](#stringencrypt--string--file-encryption-for-php-developers) [![License](https://camo.githubusercontent.com/b29de0acdfd19013f1f02689b15c933e4a6c145be9efa718288f88ba3280b1c5/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d417061636865253230322e302d626c75652e737667)](LICENSE)[![PHP](https://camo.githubusercontent.com/ef363a5a30025ffef1857918c40fa01e97f03929e5f87d12a14bf334a7de9220/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253545382e312d3838393242462e737667)](composer.json) [StringEncrypt](https://www.stringencrypt.com) allows you to **encrypt strings and files** using a randomly generated algorithm, generating a unique decryption code (so-called [polymorphic code](https://www.pelock.com/articles/polymorphic-encryption-algorithms)) each time in the selected programming language. Available editions ------------------ [](#available-editions) StringEncrypt can be used: - Directly on its website - - You can download standalone Windows client - - You can use it via WebAPI interface - Visual Studio Code extension - - VS Code based editors (like Cursor etc.) - Plain text PHP string --------------------- [](#plain-text-php-string) ``` // $secret = "PHP string encryption" ``` Encrypted string in PHP source code format ------------------------------------------ [](#encrypted-string-in-php-source-code-format) ``` // encrypted with https://www.stringencrypt.com (v1.5.0) [PHP] // Encoding: Windows-1250 or match your source file // $secret = "PHP string encryption" $secret = [ 0x8E, 0x40, 0x56, 0xAE, 0x7A, 0x0B, 0x1D, 0x51, 0x5D, 0x63, 0x13, 0xDA, 0x6E, 0x3F, 0xDB, 0x5E, 0xB9, 0x79, 0x1F, 0xA6, 0x17 ]; $DGEPd = 0; for ($PBbql = 0; $PBbql < 21; $PBbql++) { $DGEPd = $secret[$PBbql]; for ($pNjYM = 0; $pNjYM < 4; $pNjYM++) { $DGEPd = ($DGEPd ^ 0x3D) & 0xFF; $DGEPd = (((~($DGEPd & 0xFF)) & 0xFF) + 1) & 0xFF; } $DGEPd = ($DGEPd ^ 0xB6) & 0xFF; $DGEPd = ($DGEPd ^ $PBbql) & 0xFF; for ($XnxLS = 0; $XnxLS < 2; $XnxLS++) { for ($qoZCp = 0; $qoZCp < 4; $qoZCp++) { $DGEPd = ((($DGEPd & 0xFF) >> 7) | (($DGEPd & 0xFF) 4) | (($DGEPd & 0xFF) > 4) | (($DGEPd & 0xFF) (8 - ($PBbql % 8)))) & 0xFF; } for ($UmJxX = 0; $UmJxX < 2; $UmJxX++) { for ($RGWvx = 0; $RGWvx < 4; $RGWvx++) { for ($xNBhy = 0; $xNBhy < 4; $xNBhy++) { $DGEPd = (($DGEPd & 0xFF) - 0x27) & 0xFF; } } } $DGEPd = (($DGEPd & 0xFF) + 1) & 0xFF; for ($lJFgB = 0; $lJFgB < 3; $lJFgB++) { $DGEPd = ($DGEPd ^ $PBbql) & 0xFF; $DGEPd = ((($DGEPd & 0xFF) > (8 - ($PBbql % 8)))) & 0xFF; for ($nGAaX = 0; $nGAaX < 2; $nGAaX++) { for ($RMrYp = 0; $RMrYp < 4; $RMrYp++) { $DGEPd = ($DGEPd ^ 0xFF) & 0xFF; } for ($pUZjW = 0; $pUZjW < 4; $pUZjW++) { $DGEPd = (($DGEPd & 0xFF) - $PBbql) & 0xFF; } $DGEPd = ($DGEPd ^ (($DGEPd & 0xFF) >> 6)) & 0xFF; } } $DGEPd = ($DGEPd ^ 0x27) & 0xFF; for ($QHPSD = 0; $QHPSD < 3; $QHPSD++) { $DGEPd = (($DGEPd & 0xFF) + 0x6C) & 0xFF; } for ($PquxI = 0; $PquxI < 4; $PquxI++) { $DGEPd = (($DGEPd & 0xFF) - 1) & 0xFF; for ($yCWuE = 0; $yCWuE < 2; $yCWuE++) { $DGEPd = (($DGEPd & 0xFF) - 0xAF) & 0xFF; for ($DFgxE = 0; $DFgxE < 4; $DFgxE++) { $DGEPd = (($DGEPd & 0xFF) + 0x1D) & 0xFF; $DGEPd = ($DGEPd ^ 0xFF) & 0xFF; } $DGEPd = (($DGEPd & 0xFF) + 1) & 0xFF; } for ($uadXk = 0; $uadXk < 4; $uadXk++) { $DGEPd = ($DGEPd ^ $PBbql) & 0xFF; } } $secret[$PBbql] = $DGEPd; } $secret = implode('', array_map(function ($c) { return chr($c & 0xFF); }, $secret)); echo secret; ``` The problem with plain text strings ----------------------------------- [](#the-problem-with-plain-text-strings) I'm a developer, and I love programming. I'm also an avid [reverse engineer](https://www.pelock.com/services). I perform a wide array of software analysis in my daily work and sometimes I find things in compiled applications that **shouldn't be exposed** to the first person with a simple hex-editor in hand. ### What can be found in application binaries? [](#what-can-be-found-in-application-binaries) Everything! I've listed a few examples of the things I found below. Sometimes these things shouldn't even be included in applications at all (they are there due to poor design choices or rushed work), but some are just cannot be avoided. - API keys - Database passwords - FTP passwords - Login credentials - Encryption & decryption keys - Custom code scripts in readable text - Complex SQL queries in plain text - Hidden website endpoints - BitCoin wallets locations - ...and many more Ask yourself, did you ever put some sensitive content in your software that you later regret? ### Why should I care? [](#why-should-i-care) If any of these things were to fall into the **wrong hands**, they could be used to compromise your software or your infrastructure. [![You don't want this to happen to your software.](https://camo.githubusercontent.com/6f89df7cc0708c82035a73ad15a64348429eca5768d4b5b0963678baec5e0e1c/68747470733a2f2f7777772e70656c6f636b2e636f6d2f696d672f656e2f70726f64756374732f737472696e672d656e63727970742f64617461626173652d70617373776f72642d706c61696e2d746578742e706e67)](https://camo.githubusercontent.com/6f89df7cc0708c82035a73ad15a64348429eca5768d4b5b0963678baec5e0e1c/68747470733a2f2f7777772e70656c6f636b2e636f6d2f696d672f656e2f70726f64756374732f737472696e672d656e63727970742f64617461626173652d70617373776f72642d706c61696e2d746578742e706e67) Take for example database passwords. A competitor could use them to view your database structure or dump all of its contents. You don't want to lose all your hard work because someone with a simple hex-editor can discover your password in plain text. The solution — String Encrypt ----------------------------- [](#the-solution--string-encrypt) I've decided to create a simple service called String Encrypt for developers, offering fast string & file encryption without the need to write custom encryption tools over and over again because I did that many times. String Encrypt can help you hide the things that shouldn't be visible at first glance to anyone with a hex-editor. [![StringEncrypt main window](https://camo.githubusercontent.com/bd49836bcb8365e75b24860a2b7250926700b835ec44fb194a8908dbbe2d7604/68747470733a2f2f7777772e737472696e67656e63727970742e636f6d2f696d616765732f737472696e67656e63727970742e706e67)](https://camo.githubusercontent.com/bd49836bcb8365e75b24860a2b7250926700b835ec44fb194a8908dbbe2d7604/68747470733a2f2f7777772e737472696e67656e63727970742e636f6d2f696d616765732f737472696e67656e63727970742e706e67) ### Say hello to polymorphic encryption! [](#say-hello-to-polymorphic-encryption) Forget about simple `xor` encryption! StringEncrypt comes with a unique encryption engine. It's a **polymorphic encryption engine**, similar to the encryption methods used by the software protection solutions and advanced computer viruses. ### How it works? [](#how-it-works) Let me explain how the polymorphic encryption process works. 1. A random set of encryption commands is selected (`xor`, `addition`, `subtraction`, `bit rotations`, `bit shifts`, `logical negation` etc.). 2. A random set of helper `encryption keys` is generated. 3. Every byte of the input string is encrypted with every encryption command in the random set. 4. Nested encryption loops are constructed 5. The decryption code in the selected programming language is generated with a reverse set of encryption commands. You can learn more about polymorphic engines from my articles and projects: - How to build a polymorphic engine in C++ - - Polymorphic engine in 32-bit MASM assembler - - Poly Polymorphic Engine - ### What does it mean? [](#what-does-it-mean) The encrypted content is **different** every time you apply StringEncrypt encryption to it. The algorithm is always **unique**, the encryption keys are always **randomly selected** and the decryption code is also **unique** for every time you use our encryption. StringEncrypt features ---------------------- [](#stringencrypt-features) - Out of box support for `UNICODE` (WideChar type in `C/C++` languages), `UTF-8` (multibyte) & `ANSI` (single byte) strings encodings - Configurable minimum & maximum number of encryption commands - Different ways to store the encrypted string (as a `global` or `local` variable if the selected programming language supports it) - Wide array of supported programming languages - You can automate the encryption process in your builds using our `WebAPI` interface (`PHP` and `Python` bindings) How to use StringEncrypt from PHP code? --------------------------------------- [](#how-to-use-stringencrypt-from-php-code) The preferred way of StringEncrypt module installation is via composer(). Run: ``` composer require pelock/stringencrypt ``` The installation package is available at ### Basic string encryption usage example (with default options) [](#basic-string-encryption-usage-example-with-default-options) ```