Protecting Php Code

[S_DLA_S Th3 1r4Q1 Cr4Ck3r]

Hi Guys

This is my first thread in here

and i really love PHP

any way ..

I like to code some stuff from time to time and i'd like to protect the source code

i tried to base64_encode() but it is reallly easy to decode (a 10 yo can decode it )

then i heard about Obfuscating and tried it and it was fine but not secure enough

then i came accrose this file it is a PHP Shell but i found the encoding really a peace of art (ps. I decode it in 10 min.)

but i guess only semi-Pros can Decode it!!

So How can i encode by php code like this file

http://208.42.97.54/.sdlas/.sdlas.txt

 

ps. If u like to decode it just decode the last eval()

and replace :

eval(td_dec($eval));

With

echo td_dec($eval);

 

I hope i didn't bother you

 

[mentalist]

at what level do you want to do this, what situation will it be used in? I ask this because in most situations it will eventually be in plaintext format at some point to be executed!

 

do you know the difference between encoding,  cyphering and encrypting?

[Chinese]

make sure whether theres no copyright

http://refactormycode.com/codes/218-eval-encoded-file-decoder

[ToonMariner]

have a look at zend guard or ion cube

[S_DLA_S Th3 1r4Q1 Cr4Ck3r]

Thnx Guys For the replay

at what level do you want to do this, what situation will it be used in? I ask this because in most situations it will eventually be in plaintext format at some point to be executed!

 

do you know the difference between encoding,  cyphering and encrypting?

well i want to encode my PHP Shell So "Script kiddies" Can't Modify it

and yes i know the difference between encoding,  cyphering and encrypting

 

have a look at zend guard or ion cube

The Problem That They need Modules to be installed on the server

 

make sure whether theres no copyright

http://refactormycode.com/codes/218-eval-encoded-file-decoder

Thnx man That Was Help full But i Want to encode Not Decode !!

 

 

So Please Guys Any Other suggestions ??

[redarrow]

Here goes a boring statement.

 

I have recently been going over the encrypting method,

off most programs, ZEND and ion cube,

 

i have found, there a company or web site ill say, that you pay a little fee, that can decrypt the encoded pages form the both programs.

 

even Theo, they say that ion cube better, but it preference, they both can be decrypted.

 

these are only, the two programs on the .net, that hold there weight, in encrypting php.

 

The both company's state, that it best you, lock the user's ip to the current script and encrypt the pages for more security.

 

everyone i have chatted to also say, what man/women builds, can also be re built or decrypted.

 

i was advised, from a well known programmer, to not worry and encrypt the code, and also add a lock to the domain name, or ip address, in question buying the script.

 

unfortunately there no way of encrypting, any code that is 100% secure.

 

WARNING...

 

most programmers that pay for code, want the code source to adapt to there current protect.

 

A lot off programmers that provide programmers the source code, have seen a improvement in sales.

 

and also those who provide code in php, that has been programed in oop have also seen a increase in sales.

[Yesideez]

If you're not planning on passing your code to anyone else and you're only using it for your own site then there's no need whatsoever to encrypt your PHP scripts.

[S_DLA_S Th3 1r4Q1 Cr4Ck3r]

Here goes a boring statement.

 

I have recently been going over the encrypting method,

off most programs, ZEND and ion cube,

 

i have found, there a company or web site ill say, that you pay a little fee, that can decrypt the encoded pages form the both programs.

 

even Theo, they say that ion cube better, but it preference, they both can be decrypted.

 

these are only, the two programs on the .net, that hold there weight, in encrypting php.

 

The both company's state, that it best you, lock the user's ip to the current script and encrypt the pages for more security.

 

everyone i have chatted to also say, what man/women builds, can also be re built or decrypted.

 

i was advised, from a well known programmer, to not worry and encrypt the code, and also add a lock to the domain name, or ip address, in question buying the script.

 

unfortunately there no way of encrypting, any code that is 100% secure.

 

 

 

Well Thnx But you see , I want to protect my script from script kidies

so i like any way of encoding like this file

http://208.42.97.54/.sdlas/.sdlas.txt

 

and IonCube And Zend all need a module to be installed on the server and i don't want that

So What will you do if you want to protect your script !!

If you're not planning on passing your code to anyone else and you're only using it for your own site then there's no need whatsoever to encrypt your PHP scripts.

Well That's Kinda Right , I want the script to be used only by me But There is a Huge Chance the Others Can Obtain A copy (by some means !!)

 

Please Advise me !! considering my previous replys Please

[redarrow]

If it where your code is not being distributed to the public, then how can they get your files.

 

this sounds like you don't understand how Apache works, or never used any Apache security.

 

example of protecting a included file.

<Files ~ "\.inc(.php)?$">
   Order allow,deny
   Deny from all
   Satisfy All
</Files> 

 

 

last example to protect a single file

AuthName "Realm Name"
AuthType Basic
AuthUserFile /.htpasswd
Allow From All
<Files file.xxx>
Deny From All
</Files>

 

had to throw this in for fun

 

To block hotlinking, you can use something like this in a .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?your-domain.com/.*$ [NC]
RewriteRule \.(mp3|fla|mpg)$ - [F]

[S_DLA_S Th3 1r4Q1 Cr4Ck3r]

If it where your code is not being distributed to the public, then how can they get your files.

 

this sounds like you don't understand how Apache works, or never used any Apache security.

 

 

 

 

well redarrow

Thnx For The .htaccess

I am A "Grey Hacker"

And Some Times I upload my files on A Hacked Sites

So In The Same Way I Hacked The Site Others Can !!

And If you Like Some More Info !! http://www.google.com/search?q=S_DLA_S

 

I hope You Got The Whole Idea By now

And I am Really Thankfull For your help

[redarrow]

If you are a gray hacker,

then you should really understand the black book and rules, and also no Linux verry well.

 

so learning Apache will be easy like eating a carrot.

 

you must understand ruby very well php must be very easy for you.

lucky sod lol all the best pal.

 

 

WARNING EVERYONE.

 

A hacker is a person, that no how to get into nearly ever think, or likes to no a back door and when in don't do nothing except look.

 

but a cracker is a person that get in and destroys everything there worse .

 

the media will tell you that a hacker are bad wait till they come across  a cracker. (sounds funny lol)

[S_DLA_S Th3 1r4Q1 Cr4Ck3r]

If you are a gray hacker,

then you should really understand the black book and rules, and also no Linux verry well.

 

so learning Apache will be easy like eating a carrot.

 

you must understand ruby very well php must be very easy for you.

lucky sod lol all the best pal.

loolz

Well

That's All True

But I was Woundering if you guys know i way to encode scripts that i don't !!

Thnx Again Dude 

[redarrow]

there you go darling one just for you babes lol.

 

http://phpisus.blogspot.com/2009/02/obfuscating-php-codes.html

 

This will impress you read the info.

[S_DLA_S Th3 1r4Q1 Cr4Ck3r]

WARNING EVERYONE.

 

A hacker is a person, that no how to get into nearly ever think, or likes to no a back door and when in don't do nothing except look.

 

but a cracker is a person that get in and destroys everything there worse .

 

the media will tell you that a hacker are bad wait till they come across  a cracker. (sounds funny lol)

Really Liked That Part

I Am Happy To Hear That

So There Is Some One Who Know The difference !! lolz

 

Any Way I hope I am Welcome Here As A Security Adviser

[S_DLA_S Th3 1r4Q1 Cr4Ck3r]

 

there you go darling one just for you babes lol.

 

http://phpisus.blogspot.com/2009/02/obfuscating-php-codes.html

ha ha ha

lo000olz

Thnx My Love  ;D

But Still Not Powerfull Enough !!

[mentalist]

if a hacker got access to uploading sites to your server then it wouldn't really matter if you'd encoded you code, because they'd have ability to decode, etc... unless of course they were ankle biters who had just used back doors that others had provided.

[redarrow]

The only thing i can think of, is to hide the files outside the root directory,

then use mod_proxy to redirect to the file from the domain name.

 

arrrrrrrr lol

[Yacoby]

A hacker is a person, that no how to get into nearly ever think, or likes to no a back door and when in don't do nothing except look.

No, a hacker is "A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary." (Wikipedia)

 

A Hacker has nothing to do with committing illegal acts, which is what he wants the code for. (At least in the UK, it violates the Computer Misuse Act. I assume other countries have similar laws).

[redarrow]

What about this, a bit advance, but might work,

 

create all the code then add the complete code to a database,

 

add the url off the domain name you added the code to, if that domain name does not exist ,

 

don't let the database show the code.

 

only a i dear.

 

Yacoby, mate, i said this a while back, there are web site, where hackers produce there own books, so that other people can down load them, for a fee, now even children at school's are getting these books and using the tips and tricks on school networks.

 

it all madness mate.

 

this statement you added.

No, a hacker is "A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary."  (Wikipedia)

 

it sounds like if you do a mcse your a hacker.

[mentalist]

A hacker is a person, that no how to get into nearly ever think, or likes to no a back door and when in don't do nothing except look.

No, a hacker is "A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary."  (Wikipedia)

 

A Hacker has nothing to do with committing illegal acts, which is what he wants the code for. (At least in the UK, it violates the Computer Misuse Act. I assume other countries have similar laws).

 

This is why I use the term hacker, because it applies to both the inquisitive and nefarious, even though I know the difference. I call myself a hacker, because I hack through k's of lines of code to find the little significant part...

[redarrow]

these are all the programs offered sorry that it.

 

 

http://www.seocompany.ca/software/free-encryption-software.html

[mentalist]

funny thing about that page red-arrow is that its entitled 'encryption', but non of it's encrypted, it's just encoded or obfuscated... even an ankle biter could have a go at working that out...

[Yesideez]

I think this topic should be locked by admin/moderator and the poster warned.

 

I find all this talk about "hacking" laughable and not a topic suitable for this site.

 

S_DLA_S Th3 1r4Q1 Cr4Ck3r, the way you're talking is making me think you're nothing more than a script kiddy. I used to hack (and crack and redarrow - no, you've got that bit very much wrong!!!) and prefer to put my experience and knowledge into more positive things like advising AGAINST this sort of activity.

 

Why do I think you're nothing more than a script kiddy?

 

ha ha ha

lo000olz

Thnx My Love  ;D

But Still Not Powerfull Enough !!

 

Any Way I hope I am Welcome Here As A Security Adviser

 

Oh, that and your name.

 

Laughable.

 

There are so few people out there that can really call themselves what you're claiming to be and prefer to keep a low profile. The others just sit there using tools others have created not understanding what really is going on behind the code.

[Daniel0]

Bar the horrendous grammar, I don't see anything wrong with the contents of this topic.

[ToonMariner]

hacking/cracking is a serious issue and one that needs open discussion.  unless you know how people gain access to your systems/code how on earth are you going to learn counter measures????