Obfuscator API Documentation

Automate obfuscation with our flexible Web API for software developers and programmers.

Description

You can use all of the features of Obfuscator via our Web API interface.

The Obfuscator API is based on POST requests and a JSON encoded response.

To make the call, you must first create an array with configuration parameters, then a simple call to Obfuscate() will return the result as a JSON array.

public function Obfuscate($params);
public JsonValue Obfuscate(NameValueCollection paramsArray);
$params["code"] [in, optional]
Activation code, without it, Obfuscator runs in demo version mode.
$params["command"] [in]
Obfuscator command to execute. Available commands:
Command Description
"login" Login to the service to validate the activation key and retrieve count of available usage credits.
"obfuscate" Perform the source code obfuscation.
$params["compression"] [in, optional]
Source code compression. If set to true, you need to compress input source code e.g. $params["source"] = @base64_encode(@gzcompress($string, 9); and after obfuscation you need to decompress the obfuscated source code $decompressed = @gzuncompress(@base64_decode($result["output"]));
$params["source"] [in, optional]
Source code in MASM format.
$params["code_mixup"] [in, optional]
Change code execution flow to nonlinear path.
$params["change_logic"] [in, optional]
Mutate original opcodes into series of other equivalent instructions.
$params["mutation_passes"] [in, optional]
Mutation passes for the $params["change_logic"] obfuscation method.
$params["expand_calls"] [in, optional]
Hide procedure calls by replacing call instructions with opaque predicates (WinApi etc.).
$params["resolve_const"] [in, optional]
Resolve WinApi constants to numerical values (so they can be obfuscated as unsigned integer values).
$params["assume_stdcall"] [in, optional]
Assume WinApi calling convention (EAX, ECX & EDX registers can be changed before call).
$params["insert_fake_jumps"] [in, optional]
Insert fake jumps (jx + jnx).
$params["insert_reg_jumps"] [in, optional]
Insert register jumps (jmp reg32).
$params["rep_prefix"] [in, optional]
Prefix junk opcodes with rep/repxx.
$params["insert_seh"] [in, optional]
Insert junk SEH handlers (invoke misguiding exceptions).
$params["insert_com_jumps"] [in, optional]
Insert COM like jumps (jmp dword ptr [imm32 + rnd]).
$params["com_min"] [in, optional]
Min. number of COM like jumps.
$params["com_max"] [in, optional]
Max. number of COM like jumps.
$params["insert_junks"] [in, optional]
Insert junk instructions between original instructions.
$params["junks_min"] [in, optional]
Min. number of junks per command.
$params["junks_max"] [in, optional]
Max. number of junks per command.
$params["fake_cmd"] [in, optional]
Insert fake commands (add reg32,1 + sub reg32,1 etc.).
$params["fake_cmd_32"] [in, optional]
Insert fake 32 bit commands.
$params["fake_cmd_16"] [in, optional]
Insert fake 16 bit commands.
$params["fake_cmd_8"] [in, optional]
Insert fake 8 bit commands.

Return values

$result["error"] [out]
Error code. One of the following:
Name Value Description
ERROR_SUCCESS 0 Everything went fine.
ERROR_NOPROC 1 Obfuscator didn't find any procedures to obfuscate.
ERROR_NOFLAGS 2 You didn't specify any obfuscation options.
ERROR_INPUT 3 Malformed source code, check the syntax.
ERROR_INPUT_SIZE 4 Source code size is too big. Most probably you hit the demo mode limitation.
$result["output"] [out, optional]
Obfuscated source code.
$result["demo"] [out]
Are we running in full or demo mode.
$result["credits_left"] [out]
Usage credits left for the provided activation code.
$result["expired"] [out, optional]
If set to true it means our activation code has expired (it was the last run).
$result["string_limit"] [out, optional]
Source code size limit for full & demo version.
$result["junks_min"] [out, optional]
Min. number of junks for the $params["junks_min"] parameter.
$result["junks_max"] [out, optional]
Max. number of junks for the $params["junks_max"] parameter.
$result["com_min"] [out, optional]
Min. allowed number of COM junks for the $params["com_min"] parameter.
$result["com_max"] [out, optional]
Max. allowed number of COM junks for the $params["com_max"] parameter.
$result["mutation_passes_min"] [out, optional]
Min. allowed number of mutation passes for the $params["mutation_passes"] parameter.
$result["mutation_passes_max"] [out, optional]
Max. allowed number of mutation passes for the $params["mutation_passes"] parameter.

Examples

<?php

////////////////////////////////////////////////////////////////////////////////
//
// Obfuscator Web API usage example
//
// Version        : v1.0
// Language       : PHP
// Author         : Bartosz Wójcik
// Web page       : https://www.pelock.com
//
////////////////////////////////////////////////////////////////////////////////

// include main library
include ("obfuscator.php");

//
// set up parameters
//
$params = array();

//
// activation code, you can leave it empty for demo version, but keep in
// mind that there are many limitations in demo version)
//
$params["code"] = "";

//
// API command to execute
//
// "obfuscate" - obfuscate source code
// "login" - checks current activation code
//
// Return values
//
// $result["error"] [out]
//   Error code.
//
// $result["output"] [out, optional]
//   Obfuscated source code.
//
// $result["demo"] [out]
//   Are we running in full or demo mode.
//
// $result["credits_left"] [out]
//   Usage credits left for the provided activation code.
//
// $result["expired"] [out, optional]
//   If set to true it means our activation code has expired (it was the last run).
//
// $result["string_limit"] [out, optional]
//   Source code size limit for full & demo version.
//
// $result["junks_min"] [out, optional]
//   Min. number of junks for the $params["junks_min"] parameter.
//
// $result["junks_max"] [out, optional]
//   Max. number of junks for the $params["junks_max"] parameter.
//
// $result["com_min"] [out, optional]
//   Min. number of junks for the $params["com_min"] parameter.
//
// $result["com_max"] [out, optional]
//   Max. number of junks for the $params["com_max"] parameter.
//
// $result["mutation_passes_min"] [out, optional]
//   Min. number of junks for the $params["mutation_passes"] parameter.
//
// $result["mutation_passes_max"] [out, optional]
//   Min. number of junks for the $params["mutation_passes"] parameter.
//
$params["command"] = "obfuscate";

//
// source code compression
//
// if you set it to true, you need to compress input source code
//
// $params["source"] = @base64_encode(@gzcompress($string, 9)
//
// and after obfuscation you need to decompress obfuscated source code
//
// $decompressed = @gzuncompress(@base64_decode($result["output"]));
//
$params["compression"] = false;
//$params["compression"] = true;

//
// input source code in MASM format
//
$source = 'return_true proc uses esi edi ebx
xor ecx,ecx
mov eax,1
ret
return_true endp';

if ($params["compression"] == false)
{
	$params["source"] = $source;
}
else
{
	$params["source"] = @base64_encode(@gzcompress($source, 9));
}

//
// change code execution flow to nonlinear path.
//
$params["code_mixup"] = "1";

//
// mutate original opcodes into series of other equivalent instructions.
//
$params["change_logic"] = "1";

//
// Mutation passes for the $params["change_logic"] obfuscation method.
//
$params["mutation_passes"] = "1";

//
// Hide procedure calls by replacing call instructions with opaque predicates (WinApi etc.).
//
$params["expand_calls"] = "1";

//
// Resolve WinApi constants to numerical values (so they can be obfuscated as unsigned integer values).
//
$params["resolve_const"] = "1";

//
// Assume WinApi calling convention (EAX, ECX & EDX registers can be changed before call).
//
$params["assume_stdcall"] = "1";

//
// Insert fake jumps (jx + jnx).
//
$params["insert_fake_jumps"] = "1";

//
// Insert register jumps (jmp reg32).
//
$params["insert_reg_jumps"] = "1";

//
// Prefix junk opcodes with rep/repxx.
//
$params["rep_prefix"] = "1";

//
// Insert junk SEH handlers (invoke misguiding exceptions).
//
$params["insert_seh"] = "1";

//
// Insert COM like jumps (jmp dword ptr [imm32 + rnd]).
//
$params["insert_com_jumps"] = "1";

//
// Min. number of COM like jumps.
//
$params["com_min"] = "1";

//
// Max. number of COM like jumps.
//
$params["com_max"] = "1";

//
// Insert junk instructions between original instructions
//
$params["insert_junks"] = "1";

//
// Min. number of junks per command.
//
$params["junks_min"] = "1";

//
// Max. number of junks per command.
//
$params["junks_max"] = "1";

//
// Insert fake commands (add reg32,1 + sub reg32,1 etc.).
//
$params["fake_cmd"] = "1";

//
// Insert fake 32 bit commands.
//
$params["fake_cmd_32"] = "1";

//
// Insert fake 16 bit commands.
//
$params["fake_cmd_16"] = "1";

//
// Insert fake 8 bit commands.
//
$params["fake_cmd_8"] = "1";

//
// obfuscate source code
//
$result = obfuscate($params);

if ($result != false)
{
	if ($result["error"] == ERROR_SUCCESS)
	{
		// if compression was enabled, we need to
		// decompress the output source code
		if ($params["compression"] == true)
		{
			$source = @gzuncompress(@base64_decode($result["output"]));
		}
		else
		{
			$source = $result["output"];
		}

		// display obfuscated source code
		echo "<pre>".$source."</pre>";

		// display number of credits left
		echo "<p>You have {$result['credits_left']} credits left.</p>";

		// activation code has expired, notify user
		if ($result["expired"] == true)
		{
			echo "<p>Your activation code has expired!</p>";
		}
	}
	else
	{
		echo "An error occurred (code ".$result["error"].")";
	}
}
else
{
	echo "Cannot connect to the API interface!";
}

?>
<?php

////////////////////////////////////////////////////////////////////////////////
//
// Obfuscator Web API usage example
//
// Version        : v1.0
// Language       : PHP
// Author         : Bartosz Wójcik
// Web page       : https://www.pelock.com
//
////////////////////////////////////////////////////////////////////////////////

// include main library
include ("obfuscator.php");

//
// setup parameters
//
$params = array();

//
// activation code, you can leave it empty for demo version, but keep in
// mind that there are many limitations in demo version)
//
$params["code"] = "";

//
// API command to execute
//
// "obfuscate" - obfuscate source code
// "login" - checks current activation code
//
// Return values
//
// $result["error"] [out]
//   Error code.
//
// $result["output"] [out, optional]
//   Obfuscated source code.
//
// $result["demo"] [out]
//   Are we running in full or demo mode.
//
// $result["credits_left"] [out]
//   Usage credits left for the provided activation code.
//
// $result["expired"] [out, optional]
//   If set to true it means our activation code has expired (it was the last run).
//
// $result["string_limit"] [out, optional]
//   Source code size limit for full & demo version.
//
// $result["junks_min"] [out, optional]
//   Min. number of junks for the $params["junks_min"] parameter.
//
// $result["junks_max"] [out, optional]
//   Max. number of junks for the $params["junks_max"] parameter.
//
// $result["com_min"] [out, optional]
//   Min. number of junks for the $params["com_min"] parameter.
//
// $result["com_max"] [out, optional]
//   Max. number of junks for the $params["com_max"] parameter.
//
// $result["mutation_passes_min"] [out, optional]
//   Min. number of junks for the $params["mutation_passes"] parameter.
//
// $result["mutation_passes_max"] [out, optional]
//   Min. number of junks for the $params["mutation_passes"] parameter.
//
$params["command"] = "login";

//
// execute API command
//
$result = obfuscate($params);

if ($result != false)
{
	if ($result["demo"] == true)
	{
		echo "<p>You are running in DEMO mode</p>";
	}
	else
	{
		echo "<p>You are running in FULL mode</p>";

		// display number of credits left
		echo "<p>You have {$result['credits_left']} credits left.</p>";
	}

	echo "<p>Source code max. length {$result['string_limit']} characters</p>";
}
else
{
	echo "Cannot connect to the API interface!";
}

?>

Requirements

PHP Library obfuscator.php
C# Library obfuscator.cs

Questions?

If you would like to ask me about Obfuscator, or something's not clear, mail me. I'll be happy to answer all of your questions.