Closed sedimentation-fault closed 4 years ago
This is not a bug! refer to php documentation!
yakrpo-po takes it into account and randomizes cases for case-insensitive objects for better obfuscation!
After some searching, I realized that class names in PHP are case-insensitive, so it should not matter how ones writes them, in any combination of small/capital letters. :astonished:
Thus, you may disregard this 'bug' - it is none.
The reason why I get
Uncaught Error: Class 'BQYtu' not found
in my real project on a line like
$gZwln = new BQYtu();
is thus NOT the fact that the class is defined as
class bQyTu extends Ga6T3
but it must be something else...
...and just now I saw you comment @pk-fr , where you already said it. I'm sorry, I'm overworked...
Consider the following three PHP files:
a.php:
b.php:
class_xxx.php:
Putting them all inside a common directory test-yakpro-po and obfuscating with:
yakpro-po test-yakpro-po -o test-yakpro-po-obf
results in three obfuscated files. The yakpro-po.cnf used contains 'CLASS' in its $conf->t_ignore_constantsprefix array, so that the constant CLASS_XXX is not obfuscated and thus the inclusion of _classxxx.php should work. So far, so good.
The obfuscated files look like this:
a.php:
b.php:
class_xxx.php:
You can see that, although
class nPWpQ
in _classxxx.php and
$LJMmF = new npWpq();
in a.php seem to use 'the same' obfuscated string, the strings are NOT the same - they differ in case! I don't know where the rest of the world uses PHP (Windows?), but on my Linux system
nPWpQ != npWpq
and this has been so pretty much all the time...
This is a clear bug.
Looking inside the _yakpro-po/context/function_orclass file that can be found inside the obfuscated directory, I see that both names are 'stored' under the same, all-low-case key npwpq:
a:5:{i:0;s:3:"1.1";i:1;a:2:{s:35:"colorschemelineitemsimplesearchinfo";s:5:"npwpq";s:8:"lineitem";s:5:"aqejl";}i:2;a:2:{s:5:"npwpq";s:35:"colorschemelineitemsimplesearchinfo";s:5:"aqejl";s:8:"lineitem";}i:3;i:5;i:4;i:0;}
It looks as if the obfuscator does not pay attention to case and subsumes all instances of 'npwpq', in capital or small letters and in all possible combinations, under the same small-letter key npwpq.
I did not find any setting that allows case-sensitive obfuscations.
This bug is very important and should be rectified with high priority, if I may suggest. It renders class name obfuscation useless, at least on Linux.