Skip to content

Fix token scrambling to preserve type hints and magic constants#4

Merged
archisgore merged 4 commits intomainfrom
fix/token-scrambling-type-hints
Jan 25, 2026
Merged

Fix token scrambling to preserve type hints and magic constants#4
archisgore merged 4 commits intomainfrom
fix/token-scrambling-type-hints

Conversation

@archisgore
Copy link

@archisgore archisgore commented Jan 25, 2026

Summary

Fixes critical bugs in the token scrambling system that were causing PHP parse errors in WordPress and other applications.

Problems Fixed

1. Type Hints Being Scrambled

Problem: Function parameter type hints like string, int, bool were being scrambled, causing parse errors.

Root Cause: The transformer checked the previous token when it saw (, expecting to find function, but the previous token was the function NAME, not the keyword.

Example error:

PHP Parse error: syntax error, unexpected variable "$text" in wp-includes/compat-utf8.php on line 441

Fix: Walk backwards up to 5 tokens to find the function or fn keyword, correctly detecting parameter lists.

2. Magic Constants Being Scrambled

Problem: PHP magic constants (__DIR__, __FILE__, __LINE__, etc.) were being added to the dictionary and scrambled in the PHP interpreter itself.

Root Cause: The scrambler treated magic constants as regular keywords and scrambled them in both application code AND the PHP interpreter source.

Fix:

  • Added MagicConstants map to blacklist these constants
  • Modified AddToEEWords() to skip magic constants
  • Modified substituteWordsInString() to skip magic constants when processing lexer/parser files

Changes

encrypted-execution/src/transformer/token-aware-transformer.php

  • Fixed parameter list detection by walking back through tokens
  • Now correctly preserves type hints in function parameters

encrypted-execution/src/scrambler/dictionaryHandler.go

  • Added MagicConstants map with all PHP magic constants
  • Modified AddToEEWords() to exclude magic constants from dictionary

encrypted-execution/src/scrambler/scrambler.go

  • Added magic constant check in substituteWordsInString()
  • Prevents scrambling in PHP source files

encrypted-execution/src/scrambler/go.mod

  • Added Go module file for proper dependency management

Testing

Tested with WordPress 6.9:

  • ✅ Keywords properly scrambled (function → scrambled version)
  • ✅ Type hints preserved (string $text stays as string)
  • ✅ Magic constants preserved (__DIR__ not scrambled)
  • ✅ PHP interpreter successfully recompiled with scrambled tokens
  • ✅ Scrambled WordPress files execute correctly

Impact

This fixes the fundamental token scrambling mechanism, enabling:

  • WordPress encrypted execution
  • Any PHP application using type hints (PHP 7.0+)
  • Applications using magic constants

🤖 Generated with Claude Code

archisgore and others added 4 commits January 25, 2026 07:12
@archisgore @claude
Fix token scrambling to preserve PHP keywords and magic constants
3e5459a 
This commit fixes critical issues in the PHP token scrambler that were
causing syntax errors when executing scrambled WordPress code.

## Changes Made

### 1. Token-Aware Transformer (`token-aware-transformer.php`)
- Added protection for PHP language keyword tokens (T_FUNCTION, T_WHILE, T_IF, etc.)
- Added protection for PHP magic constant tokens (T_DIR, T_FILE, T_LINE, T_CLASS_C, etc.)
- Removed non-existent token constants (T_DIE, T_EXIT, T_AND_EQUAL) that don't exist in PHP 8.5
- Changed fallback behavior to NOT transform unknown token types

### 2. Dictionary Handler (`dictionaryHandler.go`)
- Added `MagicConstants` map to blacklist PHP magic constants from scrambling
- Modified `AddToEEWords()` to skip magic constants (__DIR__, __FILE__, __LINE__, etc.)
- These constants must never be scrambled as they are compile-time values

### 3. Scrambler (`scrambler.go`)
- Modified `substituteWordsInString()` to skip magic constants during token processing
- Prevents magic constants from being added to the scrambling dictionary

## Problem Statement

The previous implementation scrambled ALL tokens found in PHP source files,
including:
1. PHP language keywords (function, while, if, for, etc.) - caused parse errors
2. PHP magic constants (__DIR__, __FILE__, etc.) - caused runtime errors

## Solution

The fix operates at two levels:

**Level 1: Dictionary Generation (Go scrambler)**
- Magic constants are excluded from the dictionary during PHP recompilation
- This ensures the PHP interpreter itself understands these constants

**Level 2: Application Code Transformation (PHP transformer)**
- Keywords and magic constants are preserved when transforming WordPress files
- Only user-defined tokens (functions, variables, classes) are scrambled

## Testing

Tested with WordPress 6.9 scrambling:
- ✅ WordPress files transform without parse errors
- ✅ PHP keywords preserved (function, while, if, etc.)
- ✅ Magic constants preserved (__DIR__, __FILE__, etc.)
- ✅ PHP recompiles successfully with scrambled dictionary

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@archisgore @claude
Fix token scrambling to preserve type hints and magic constants
ff98d12 
This commit fixes critical issues in the token scrambling system:

1. **Token-aware transformer: Fix parameter list detection**
   - Previously failed to detect function parameter lists correctly
   - Was checking previous token expecting 'function', but found function name instead
   - Now walks back up to 5 tokens to find 'function' or 'fn' keyword
   - Correctly preserves type hints (string, int, bool, etc.) in parameters

2. **Dictionary handler: Exclude magic constants from scrambling**
   - Added MagicConstants map to blacklist PHP magic constants
   - Prevents __DIR__, __FILE__, __LINE__, etc. from being scrambled
   - Modified AddToEEWords() to skip magic constants
   - Ensures PHP interpreter can still understand these compile-time constants

3. **Scrambler: Skip magic constants in source transformation**
   - Added check in substituteWordsInString() to skip magic constants
   - Prevents scrambling when processing PHP lexer/parser files
   - Checks both lowercase and uppercase versions

These fixes ensure WordPress and other PHP applications can be properly
scrambled while maintaining type safety and PHP's built-in functionality.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@archisgore @claude
Fix test script to use token-aware-transformer.php instead of transfo…
1d41a0f 
…rm-php.py

- Update Dockerfile.test-symbols to copy files from encrypted-execution/src/ paths
- Install PHP CLI instead of Python
- Update test-symbol-scrambling-docker.sh to use token-aware-transformer.php

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@archisgore @claude
Remove python3 json formatting from test script
50bc43d 
Use cat instead of python3 -m json.tool to display JSON dictionary,
since Python is no longer installed in the test image.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@archisgore archisgore merged commit 23ba561 into main Jan 25, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@archisgore