Web Analytics Made Easy - Statcounter

Alllangs Source Code Obfuscation - Upload sh/pl/py/php/r,R/js/ps1/rb scripts

README

For a seamless obfuscation of your scripts, please abide by the following rules:

  1. Ensure all uploaded scripts are properly named:
    • For example, all Python scripts submitted must have a .py extension:
      • my_script.py
    • Avoid spaces in the names of your scripts:
      • my script.py
  2. Once your script has been dropped into the Upload area, it will be automatically obfuscated.
    • After obfuscation completes, you will be redirected to the download page.
      • The download page will have a separate "Zip Link" for the obfuscated version of each uploaded script.
        • OR, you can just click on the "PACKAGED" link to get all freshly obfuscated scripts in one zip file.

How do I log in?

After payment has been completed and validated, an email will be dispatched to the email address associated with your payment account.

Please note the following:

  1. Login.page:
    • OnDemand
      • Your username will be the email address that is linked to your payment account
      • Your password will be the #Trans.ID, which will be included in the confirmation email from paypal
  2. If you are unable to login after payment and account validation, please don't panic!
    • Your account is automatically created after payment confirmation. The approval happens after that, and also after passing through a few user eligibility validations.
      • What are User Eligibility Validations?
        • User eligibility validations were designed to detect and refuse registration attempts from users with unscrupulous intentions.
          • If we detect that a request originated from a profile such as this, payment is refunded immediately, and the registration attempt denied.

For monthly subscribers (not OnDemand):

In the space provided for Host List, specify the comma seperated list of hostnames(fqdns) you wish to grant access to your encrypted scripts. Note, the hostname(s) provided during encryption will be only hosts on which the encrypted script(s) can be run. The script(s) will not function on any other host!

For monthly subscribers (not OnDemand):

In the space provided, specify when you wish for your script to expire.

    Examples:

    • 7d = 7 Days
    • 2w = 2 Weeks
    • 4mo = 4 Months
    • 7000d = 19+ Years
    • July-18-2022_15:00 = Specific date

If no option is selected, the default option will be "off". Which means your script will not expire!

In the space provided for Function names, specify the comma seperated list of functions you wish to protect, if using RStudio/Rconsole.

Choose 'no' (recommended) to disable the ability to debug your encrypted script

This setting forces your protected script to validate itself with our servers before allowing users to run it.

  • NOTE: If an attempt is made to run a satelite enabled obfuscated script on a host without internet connectivity, the script will abort.

There are many different types and levels of security settings that can be encoded in an obfuscated code.

Who needs this?

  • Those who wish to retain as much control as is possible of all critical scripts

Why would anyone need tight control of their scripts?

  • For security of course - that's obvious enough - right?
    • Security through obfuscation?
      • Absolutely!
      • But they said 'security through obfuscation' should not be considered security - how do you reconcile that?
        • 'They' said a lot of things...most of them factually incorrect
          1. 'They' said there's no way to prevent unauthorized modifications to your code once it is in someone else's possession
            • The assumption being, if the user is on a system he has full admin rights on, he can do whatever he pleases.
          2. They said, (and some of them actually believe) that an obfuscated script is only marginally (if at all) safer than its plain text version.
            1. The assumption here also is that any obfuscation (that anyone comes up with) is confined only to the scrambling of a few variables or text.
              • That is a bad, woefully reckless, assumption!
                • Depending on the level of security desired by the script author, settings on an obfuscated script can involve:
                  1. Enforced online sourcing of an obfuscated code
                  2. Online sourcing authorization only for a select list of IPs
                  3. Restrictions of hosts on which an obfuscated code can be executed
                  4. Restrictions of user accounts permitted to run obfuscated scripts
                  5. Prevent executions initiated through certain programs, utilities...
                  6. Allow the executions of code only in specific time periods...
                  7. ..... the list goes on...really!
                • Suffice it to say that the worst move a hacker can make (if they get in your system), is to blindly run an obfuscated code authored by us.
                  • Because, whenever that script fails to run, we will NOT provide detailed reasons. We just gently alert the proper contacts.
        • We proved them wrong.
          • Remember to always ask yourself these simple questions:
            • Is a castle with doors and windows more secure than a castle without?
            • Are castles without doors more secure than castles with intelligent conscious doors?
              • What are intelligent conscious doors?
                • Intelligent conscious doors are automated, AI-backed mechanisms that guages user motivations (based on their approach) and reacts in realtime to threatening actions
            • Are your treasures more secure when protected and disguised through elements of the environment, or are they better left out in the open?
  • Monitoring & Analysis of Metrics
    • Periods of Executions, Users, Hosts/IPs
      • Know the different periods during which your scripts are being executed, from where, and by whom
    • The feature becomes all the more important, when the scripts being obfuscated contain sensitive credentials
      • If you need to hardcode passwords or api keys in a script, you will want to ensure you keep tabs on where your scripts are located and who is running them
    • Yes, we come from a SRE background...of 20+ years
  • How does secure imports work?
    • There are different types of import security...
    • The particular one equipped with all OnDemand scripts is known as online sourcing...
      • It means, each time your script is executed, an attempt must be made to remotely source an important component of that script, through our web services, otherwise the execution is aborted
        • Yes, this means you can monitor how often your scripts are being sourced...and also obtain other publically available basic information about the source requestor.
          • This is yet another opportunity to not only detect the whereabouts of your code, but to also build a unique profile for unidentifiable requestors
            • Some users may be unidentifiable for legitimate reasons, but generally, most users who take repeated steps to conceal their identity are usually doing it for rapscallion reasons
    • Online Sourcing - Requires a centralized privately reachable web service (note, for OnDemand scripts, we provide that web service)
      • Obfuscated scripts that are considered highly sensitive and confidential, will need to remotely validate themselves through this service.
        • Validation means that the usages (or executions) of your obfuscated scripts will only be authorized IF and only IF specific conditions can be confirmed
        • If the preset conditions are not met, the user will be denied access to the services provided by your obfuscated code. And yes, all denials will be logged.
      • With this option enabled, you now have the ability to answer previously unthinkable questions:
          1. Who is using my code?
          2. Where has my code been used?
          3. How often is my code being used?
          4. Has anyone attempted to hack my script?
          5. Are there any attempts to bypass the expiration dates of my scripts?
          6. Why am i seeing these strange usage patterns from UserH? Is it a problem with my code?
          7. Hmmm...why am I not seeing any activity from UserA?... He bought it but hasn't used it...hmmm
            • When a user purchases an online-sourced obfuscated script from you, you should expect to see usage metrics from that user
              • Lack of metrics could be the first indicator that a user is attempting to prod your script for vulnerabilities
                • In that case, you can immediately, as an extra precaution, change all passwords or api keys that may have been hardcoded in that script

Obfuscation of a variety of scripts (sh,pl,py,rb,r/rmd,ps1,php,js)

In the context of protection, an obfuscator is a tool designed to convert plain text code into an unreadable text which still qualifies as a runnable, functioning script.

In other words, an obfuscator is generally used to accomplish one or more of the following goals:

  • Prevent modifications to commercial scripts - Ensure no one, regardless of privilege, is allowed to make changes to an obfuscated code
  • Retain the ability to sell or share scripts without the crippling fear of your intellectual property falling into the wrong hands
  • Gathering usage metrics on sensitive code once it is shared with the external/outside world
  • Regulate how long commercial scripts can be used - Define and enforce date locks or expiration dates
  • Moderate the list of users who are authorized to run specific scripts
  • Regulate where (on which systems) your obfuscated code is authorized for usage
  • Safeguard confidential credentials stored within your scripts
The complexity of your scripts does not matter. At all.

Any script obfuscated through AtShai.com/EnScrypt.io should be expected to work exactly as the original. If your original plain text script has bugs in it, then, yes, the obfuscated version will also have bugs. Therefore, we strongly recommend confirming the plain text scripts you're uploading actually works.

We are very confident our obfuscation tools can thoroughly obfuscate any script given to it and we welcome you to test and confirm for yourself. If your obfuscated script is unable to execute for some odd reason, there's no need panic or feel dejected (we actually understand). Just notify us immediately so we can address it.

Only for Rcode/Rscript obfuscations, do we require 2 libraries...namely digest and base64enc. These will be the only packages you'll need to install, if you dont have them already. For other languages however, there are NO addons or extra modules required.

It depends entirely on the payment option chosen. For ondemand obfuscations, if you anticipate resubmissions of the same scripts multiple times, we recommend the 3-Day/Access ($4.95) option. This option allows for the submission of 10 different scripts (with unique names). And permits a total of 100 RE-submissions.

However, when the list of all scripts submitted for obfuscation is uniqued, the total cannot be more than the number of scripts allowed for the plan you purchased.

Example:

  • example1.py can be re-submitted multiple times
  • example2.py can be re-submitted multiple times
  • example3.py can be re-submitted multiple times
  • example4.py can be re-submitted multiple times
  • example5.py can be re-submitted multiple times
  • example6.py can be re-submitted multiple times
  • example7.py can be re-submitted multiple times
  • example8.py can be re-submitted multiple times
  • example9.py can be re-submitted multiple times
  • example10.py can be re-submitted multiple times
  • ....
  • example11.py can be re-submitted multiple times
  • example12.py can be re-submitted multiple times

But example11.py cannot be uploaded because you’ve already submitted 10 different scripts before it.

It is highly unlikely for a valid script obfuscated by us to encounter issues with execution.

In the very rare event that happens, you have two options:

  1. Contact us immediately and provide as much information as possible
    • We will prioritize issues like this with the utmost urgency
  2. If we're unable to fix the problem to your satisfaction
    • We will gladly issue you a refund!

Yes. However, the size of an obfuscated script is reduceable through the security settings applied to it during obfuscation. Also, considering that the obfuscated method used for ondemand requires internet connection, you can expect the size to be much smaller.

While we do keep a watchful eye over obfuscated script sizes, please note that in the grand scheme of things the script size shouldn't be of too much concern...so long as the obfuscation delivers on protecting your code and the obfuscated code isn't noticeably slow.

Nevertheless, we understand every customer is different. Therefore, if it is critical for you to have the sizes of your obfuscated scripts significantly reduced, just contact us. We'll implement a more customized solution for you.
Yes you can.

If you're submitting your scripts through our ondemand interface, you're allowed to upload up to the limit specified in your payment details.

If you wish to submit large volumes of scripts, feel free to contact us to discuss other options.

Protect Code - Secure variable content, Hide Source Code

All scripts uploaded through this OnDemand portal will have some strict security features enabled by default.

Default Security Features

  1. Duplication Prevention
    • This feature ensures the name you gave to your obfuscated script at the time of obfuscation is the same name it will be forever known by. If changed, script will abort.
  2. Expiration Date Control
    • This feature ensures all obfuscated scripts expire within the time period mentioned in your payment details. The allowed time is of course verified and validated remotely with our servers. This means we will be notified of all unauthorized attempts to prolong the usage of the obfuscated code.
  3. Self-Defend/Self-Destruction
    • This feature handles the process of terminating the execution of a protected script whenever it is under attack. We understand once an obfuscated script is sent out into the wild, anyone can try all sorts of hacks on it. And as such, we have built in some defensive capabilities in all obfuscated scripts to combat this very real possibility. If during execution of a protected script, we sense that it has been maliciously altered, we will cause the script to abort, and self destruct!
Generally, yes. But for OnDemand script obfuscations, features such as expiration date controls are preset by us based on the plan you chose

It is generally believed that 'obfuscation' is not possible. And there are myriad of reasons for why those who believe this, think this way. One of such reasons is that, they believe no matter how heavily obfuscated a code is, someone smart enough or someone with enough time on their hands can always crack the obfuscation.

While this has some modicum of truth to it, the reality is, no matter how smart the "hacker" is, no matter how much time they have on their hands, there is only a finite number of tactics they can employ to try to hack an obfuscated script, especially one like ours, equipped with dynamic intelligence.

So long as it remains true that there is only a limited number of ways to hack a script, our obfuscation will always prevail. We can always develop counter measures to counteract whatever loopholes a persistent hacker is able to discover. That is what we do. That is precisely what we specialize in and we have spent years perfecting the many different methodologies used in our obfuscation process.

Experience has taught us that source code security is an absolute must. It is important that you, as a company or developer, remain informed on where your code is being used and how it is being used. Not only will this provide you with insights on how to make your software more useful to your users, it'll also reveal the identity of any nefarious entity seeking to gain unauthorized access to your intellectual property and the frequency of such misbehaviors.
If any one of your obfuscated scripts isn't working exactly as the original version, don't panic. Just let us know. We'll help you get to the bottom of the issue.

An obfuscated code will fail to execute if any of the following conditions are true:
  1. The plain text version of the script (which you submitted) is buggy and does not work.
    • If this is the case, you'll need to fix that first before re-submitting to the obfuscator.
  2. The obfuscated script was altered in one way or other..i.e. adding/removing text from it, script name was changed, script was put through a debugger
    • If this is the case, you'll need to get the fresh copy of the obfuscated script from the zip file that it came in OR just undo the unauthorized changes.
  3. You're running the obfuscated script on a host on which you configured it not to run on.
    • If this is the case, you'll get an error alerting you about the issue.
  4. You're attempting to import an obfuscated script from within a non-obfuscated plain text script
    • If you obfuscated your script with the 'secureimport' setting enabled, then tried to 'include' or 'require' it from an unprotected script, you will be confronted with an error message.
  5. You're attempting to execute a satelite enabled obfuscated script on a host without internet connectivity
    • Whenever a script is obfuscated with the satelite feature enabled, that means the author wants to retain tight control over the usage of the script
      • And if this is the case here, the obfuscated script will fail to function, and might even self-destruct if it cannot remotely validate itself.
Our Obfuscator has quite a number of security settings, some of which have already been listed on this page.

However, there are some other settings that will never be made public unless to an established customer.

  1. We take the security of all scripts protected by us, very seriously.
    • And as such, we consider the disclosure of sensitive security details as an unnecessary risky endeavor.
  2. Nevertheless, it is worth noting that, some of these private settings were developed specifically for clients with unique customization requests.
    • Therefore, if you wish to have a particular setting customized to your liking or developed (if it doesnt already exist in our arsenal of features), let us know.
If you obfuscate a script which you intend to import from other scripts, please note the following:

  1. For obvious security reasons, we have restricted the ability to import an obfuscated code from within a non-obfuscated plain text script.
  2. If you wish to import scripts from within other scripts, you'll need to ensure all associated scripts are obfuscated.
    • If an attempt is made to import an obfuscated script from within a plain text script, the obfuscated code will fail to execute.
Yes, you could. However, if there's any application you wish to prevent from being able to execute your code, feel free to let us know.



Shell scripts (.sh/.bash/.ksh/.ksh93)

OnDemand (Available)

Perl scripts (.pl/.pm)

OnDemand (Unavailable)

Python scripts (.py)

OnDemand-(available)

Ruby scripts (.rb)

OnDemand (Unavailable)

PHP scripts (.php)

OnDemand (Unavailable)

R Scripts (.r/.R/.rmd/.RMD)

OnDemand-(available)

PowerShell (.ps1) scripts

OnDemand-(available)

JavaScript files (.js/.Js/.JS)

OnDemand (Unavailable)

NodeJS scripts (.js)

OnDemand (Unavailable)

LUA

(.lua, Roblox)

OnDemand (Unavailable)

Windows Batch scripts (.bat)

OnDemand (Unavailable)

sh,pl,py,r/rmd,php,ps1,js,rb

Contact Us

    • 1/Day Access

      $ 1.95
      • [Single script] Obfuscations
      • Online Script Submissions
      • Up to 1 unique Scripts
      • Up to 15 total Re-Submissions
      • Enforced Online Sourcing
      • [oScripts requires internet connection]
      • Works wherever prgm.language is installed!
      • Debugging / Traceback Prevention
      • Tamper Resistance Capability
      • Guard against unauthorized modifications
      • Duplication Prevention Feature
      • [Script Name Preservation]
      • Enforced Expiration Restrictions (1-Day)
      • [oScript will expire after 24 hours]




    • 3/Day Access

      $ 4.95
      • [Single script] Obfuscations
      • Online Script Submissions
      • Up to 10 unique Scripts
      • Up to 100 total Re-Submissions
      • Enforced Online Sourcing
      • [oScripts requires internet connection]
      • Works wherever prgm.language is installed!
      • Debugging / Traceback Prevention
      • Tamper Resistance Capability
      • Guard against unauthorized modifications
      • Duplication Prevention Feature
      • [Script Name Preservation]
      • Enforced Expiration Restrictions (3-days)
      • [oScripts will expire after 72 hours]




Alllangs Obfuscator - Protect Alllangs scripts through Obfuscation - Obfuscate any Alllangs script no matter how large or complex it is!

# Uploaded Alllangs scripts (3 alllangs files at a time)