As encoding becomes a regular part of your development cycle, you may start to wonder how you can automate the process and make it part of your continuous delivery model. The following article was contributed by Hendrik Prinsloo of Clevva who uses ionCube as part of their CI process.

How to introduce code obfuscation in your continuous delivery model

Please note: This article is about a potential way of making code obfuscation part of your continuous delivery model; it is not about whether the concept is viable or not.

What?
As a release manager or developer I would like to have the source code encoded when a new version is released without having to do it manually.

Why?
We used to have a machine in our office dedicated to run the ionCube software. Whenever a new version was released, someone had to manually execute a step-by-step sequence to create an encoded version thereof. The ionCube software allows you to do it very easily. However, if you have to do this frequently, the repetitive nature of it would drive you insane.

It was during this insanity that we decided to automate it. The idea is very simple: move it to a cloud server and trigger it remotely. This extended into adopting it in our deployment pipeline, making it completely automated.

How?

The developer pushes a tag (or a branch) to the remote repository. Bitbucket’s pipelines catches the new tag (or updated branch) and executes a script. This script connects to the remote machine via ssh and executes the ionCube Encoder.

Pros

  • Guaranteed compatibility of source code against the version of PHP
  • Reverse engineering attempts require more effort
  • Mitigate license manipulation/abuse

Cons

  • Setup time
  • Adds some time to your CD (depends on the size of your project)

 

Hello World

Step-by-step walkthrough to help you get started. You should be able to adapt this into your CI/CD flow regardless of what technology you are using.

Preparation

  1. Sign up for the ionCube Encoder trial and copy the download link (it will be emailed to your inbox)
  2. Set up public key authentication to the remote server

Let’s go

1. Copy git repo on local machine

me@local:/my-working-dir

git clone git@github.com:HendrikPrinsZA/ssh-ioncube.git &&

cd ssh-ioncube

 

2. Copy git repo on remote machine

administrator@devops.example.com:/var/www/html (ssh)

git clone git@github.com:HendrikPrinsZA/ssh-ioncube.git && cd
ssh-ioncube

3. Install ionCube PHP Encoder on remote machine

administrator@devops.example.com:/home/administrator (ssh)

wget
http://downloads3.ioncube.com/eval_download_packages/ioncube_encoder/linux_i686/en/ioncube_encoder_evaluation.tar.gz
tar -zxvf ioncube_encoder_evaluation.tar.gz

4. Trigger encoding from local machine

me@local:/my-working-dir/ssh-ioncube

./local.sh –host=”devops.example.com” \
–user=”administrator” \
–exec=”/var/www/html/ssh-ioncube/remote.sh” \
–source=”/var/www/html/ssh-ioncube/raw” \
–target=”/var/www/html/ssh-ioncube/encoded” \
–dir=”example-app” \

–encoder=”/home/administrator/ioncube_encoder_evaluation/ioncube_e
ncoder.sh” \
–verbose

 

 

How to introduce code obfuscation in your continuous delivery model