-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] Yak and A.I. ? #121
Comments
Can you please add some more detail on this? Which "well-known AI" was it and what code you gave it to de-obfuscate? I mean, maybe it can resolve small, simple pieces of code, but does it also manage to de-obfuscate complex programs with hundreds, or even thousands of lines? And how did it know that, say, your obfuscated constant kvVIgcZOKDckqVxb was, say, LABEL_ORDERS? That's impossible, I dare say. |
It may be very well possible, if you forgot to remove yakpro-po comments. I always have a line like this in my workflow, at the end of the obfuscation process:
This finds all PHP/CSS files in the
If you don't do the above and leave
Of course, here you need the original , unobfuscated directory, but maybe someone wrote a script to bypass this and just de-obfuscate with the help of I am curious if your AI tool can de-obfuscate a program with comments removed as above. |
For information, the AI I use is ChatGPT 3.5. Just ask it to unobfuscate the code and it does so. It will then understand the code and restore (or rewrite) the variables in a very clear and readable way. Having spoken to other people who have tried it with other obfuscation tools, the result is impeccable. Note: I'm not comfortable explaining the deobfusquer method in detail. I'll edit the post in a few days to remove the explanation. The idea is to make people aware of the fact that obfuscation is no longer a method of securing one's code and can be broken in a few seconds by anyone, at least in my opinion... and I think that low-level ofuscation tools like zend guard should still resist, but I've never tested it. |
Well, no, not really. First of all, Therefore, if we have a chance to protect PHP source code, obfuscation is the way to go, not encryption.
Again, you are not being clear enough. To stay in my example above, does it change Plus:
Works exactly as the original, but good luck understanding the logic! :-) P.S. Feel free to post the unobfuscated version by |
to be very honest :
What cannot forever be reverted because information is lost :
It seems enough for me to say that obfuscation is the best way to protect code... |
Any chance this will be updated so it can be used with modern php scripts? php-8 is here to stay, unfortunately |
The new GPT4o model (maybe it would also work with gpt3) works AWFULLY GOOD in resolving gotos, at least in small code snippets. |
Hello,
I've been using yak for years and love the work that's been done so far. Well done.
However, IT is evolving and so are the tools. The AI revolution is now here.
I did a test with a well-known AI, and passed some code obfuscated by yak to the AI.
It gave me back the original code in a matter of seconds.
I think that with AI, high-level obfuscation is unfortunately obsolete, because I can't see any system that can defeat AI.
What do you think?
The text was updated successfully, but these errors were encountered: