Enabling Zend®Guard Extension in Windows Azure Web Sites

Zend®Guard enables you to encode and obfuscate your code to help protect against reverse engineering. It’s understandable that someone would want to help protect their hard work by encoding it, but in order to execute this encoded source on a server it is necessary to enable an extension to decode the source prior to execution.

Getting Started with ZendGuard

Using ZendGuard is out of the scope of this article, as there is plenty of documentation around the process on the Zend Guard User Guide. If you’d like to get the quick overview, watch this video below:

Zend Guard Basics by Zend Documentation

ZendGuard Setup in Web Sites (default runtime)

In order to enable ZendGuard in Windows Azure Web Sites you will need to acquire ZendLoader.dll from the ZendGuard Download page. The remaining steps we will configure php which is built into the Windows Azure Web Sites environment.

Installing a Zend Extension in Windows Azure Web Sites

Now that we have the ZendLoader assembly let’s make sure that it’s loaded into the extensions list in the default php.ini file. We can do this by selecting the configure tab in your Web Site and adding an App Setting.

image

There are a number of reserved App Settings in Windows Azure Web Sites to configure a number of different parts of the default runtime experience, in this particular case we’re going to use PHP_ZendExtensions to load ZendLoader.dll into the default PHP Runtime Zend Extension list.

Ensure you  download the proper ZendLoader.dll for your PHP Version.

As you can see in the image below, the an app setting is created with the key PHP_ZendExtensions and the value bin\ZendLoader.dll, which is a semi-colon delimited list of relative paths in this case the ZendLoader.dll will need to be placed in a bin directory off the root of the Web Site.

You can upload the DLL file via FTP, or download it directly to the bin directory in your Windows Azure Web Site by using KuduExec, which I’ll use to download the .user.ini file later in this article.

image

With the assembly in the PHP pipeline, we still need to do some custom configuration to the php.ini via the .user.ini file. I have created a .user.ini which captures all of the configuration settings available to ZendGuard as well as a command to turn off WinCache file caching which is required in order for ZendGuard to operate.

To demonstrate another feature of Windows Azure Web Sites, let’s use KuduExec to download the .user.ini file into our Windows Azure Web Site using curl.

KuduExec – The Windows Azure Web Sites Command Line

First things first, in order to use KuduExec you need to have it available on your local machine. KuduExec is written in Node.js which you will need installed and configured on your machine. To download KuduExec, use the following command to install it globally on your system.

npm install kuduexec -g

Now let’s look at how to connect to our command line in Windows Azure Web Sites:

kuduexec https://<deployment-user>@<dns-namespace>.scm.azurewebsites.net

Enter your Deployment Password to login to the Windows Azure Web Sites command line. You can download the .user.ini file from a Gist the following curl command:

curl -O https://gist.github.com/SyntaxC4/6084034/raw/cd8e1e27cbaa45db25f94be51968960bf71276bf/.user.ini

Note

Depending on your ZendGuard configuration, you may need to change some of the zend_loader settings.

Exit KuduExec by typing exit.

Refresh the PHP Configuration

By default, PHP is configured to refresh it’s settings from the php.ini file every 300 seconds (5 minutes), you can force this to refresh immediately by doing a Web Site reset.

You can confirm ZendGuard is configured by looking at the following sections of the phpinfo output:

image

image

Deploying your ZendGuard Encoded Application

There are many ways to upload content in Windows Azure Web Sites as described in this list of PHP Tutorials. After ZendGuard encodes the application code, the index.php file in my example looks like this:

image

The actual file is a simple echo of phpinfo()

image

Conclusion

In this example, I demonstrated how to configure ZendGuard with the built in PHP runtime in Windows Azure Web Sites. This will allow you to run your ZendGuard Encoded and Obfuscated code in a highly scalable hosting environment. It is also possible to set up ZendGuard using the Bring Your Own Runtime functionality, which I will explain in a future blog post upon request in the comments below.

  • Reggie Chen

    Hi,
    If I just use FTP deploy, the .user.ini file is to be uploaded at root? (wwwroot)
    I was successful to enable Zend Guard with 5.4 runtime, but not PHP 5.3 … The binary I download is version 3.3 I think it is the version work with 5.3 runtime.