Compile hhvm code into byte code & remove the source files

Question

Is it possible to compile the php source code into hhvm byte code the first time and them remove the source files. The byte code may be regenerated when the script files are updated, apparently needing a manual comand to do so. If it is possible then how?

Read a little about Repo.Authoritative I think it is somewhat closer, but please explain if you agree to the same.

Regarding my question, I want to protect my web application from license theft, a php code even if obfuscated can be somehow made to bye-pass license check. Bye-passing it in hhvm byte code seems difficult, hence the enquiry.

Please help me with other suggestions as well

Answer 1

Repo authoritative kinda does this, but it's not intended for what you want. It compiles all your PHP code into a single repo, for performance reasons -- it gets to assume that what goes into the repo is all the code that will ever exist (you aren't allowed to load things outside the repo), and so it can do a lot of clever optimizations based on that. But since you can't extend the repo once it's been built, it's not good for distributing any sort of library where you may need to add code later. It actually wasn't built to be distributed at all; the format is very version specific and it's likely that even a minor point release of HHVM won't be able to read an older (or newer) release's repo.

It also isn't a great form of obfuscation. It contains optimized "HHBC" instructions ("HipHop bytecode"), which aren't terribly difficult to reverse back into PHP code, particularly if someone were incentivized to build a tool for it. The difficulty of doing this would be on par with writing a C# or Java decompiler -- a good tool with good heuristics can get you something that is very close to the original source code. (Decompiling C, by comparison, is much harder.)

So no, I wouldn't use repo authoritative for this. I think it would cause you more trouble than it's worth for the reasons above, and may not even solve your problem. HHVM doesn't have any good mechanism for this -- PHP was designed to be read an interpreted off of source files on disk. HHVM happens to have a couple intermediate languages, including HHBC, for optimization purposes, but they aren't designed for obfuscation.

You may want to look for a PHP source obfuscator, which would do source transformations on your code before the PHP interpreter (either PHP5 or HHVM) ever see it. That's well beyond my expertise.

You may also want to carefully consider whether it's worth the effort of trying to defeat dishonest people, which is ultimately going to be a losing battle. (It's always possible to defeat license protection like this.) Spending a little time to keep honest people honest is what I would personally do, and you should carefully consider the tradeoffs before spending a lot of time and energy doing this as opposed to otherwise working on your product.