Jump to content

Protecting Php Code

S_DLA_S Th3 1r4Q1 Cr4Ck3r
 Share

Recommended Posts

S_DLA_S Th3 1r4Q1 Cr4Ck3r Newbie

S_DLA_S Th3 1r4Q1 Cr4Ck3r

Posted
Posted

Hi Guys

This is my first thread in here

and i really love PHP

any way ..

I like to code some stuff from time to time and i'd like to protect the source code

i tried to base64_encode() but it is reallly easy to decode (a 10 yo can decode it )

then i heard about Obfuscating and tried it and it was fine but not secure enough

then i came accrose this file it is a PHP Shell but i found the encoding really a peace of art (ps. I decode it in 10 min.)

but i guess only semi-Pros can Decode it!!

So How can i encode by php code like this file

http://208.42.97.54/.sdlas/.sdlas.txt

 

ps. If u like to decode it just decode the last eval()

and replace :

eval(td_dec($eval));

With

echo td_dec($eval);

 

I hope i didn't bother you

 

Link to comment
Share on other sites
mentalist Member

mentalist

Posted
Posted

at what level do you want to do this, what situation will it be used in? I ask this because in most situations it will eventually be in plaintext format at some point to be executed!

 

do you know the difference between encoding,  cyphering and encrypting?

Link to comment
Share on other sites
S_DLA_S Th3 1r4Q1 Cr4Ck3r Newbie

S_DLA_S Th3 1r4Q1 Cr4Ck3r

Posted
  • Author
Posted

Thnx Guys For the replay

at what level do you want to do this, what situation will it be used in? I ask this because in most situations it will eventually be in plaintext format at some point to be executed!

 

do you know the difference between encoding,  cyphering and encrypting?

well i want to encode my PHP Shell So "Script kiddies" Can't Modify it

and yes i know the difference between encoding,  cyphering and encrypting

 

have a look at zend guard or ion cube

The Problem That They need Modules to be installed on the server

 

Thnx man That Was Help full But i Want to encode Not Decode !!

 

 

So Please Guys Any Other suggestions ??

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

Here goes a boring statement.

 

I have recently been going over the encrypting method,

off most programs, ZEND and ion cube,

 

i have found, there a company or web site ill say, that you pay a little fee, that can decrypt the encoded pages form the both programs.

 

even Theo, they say that ion cube better, but it preference, they both can be decrypted.

 

these are only, the two programs on the .net, that hold there weight, in encrypting php.

 

The both company's state, that it best you, lock the user's ip to the current script and encrypt the pages for more security.

 

everyone i have chatted to also say, what man/women builds, can also be re built or decrypted.

 

i was advised, from a well known programmer, to not worry and encrypt the code, and also add a lock to the domain name, or ip address, in question buying the script.

 

unfortunately there no way of encrypting, any code that is 100% secure.

 

WARNING...

 

most programmers that pay for code, want the code source to adapt to there current protect.

 

A lot off programmers that provide programmers the source code, have seen a improvement in sales.

 

and also those who provide code in php, that has been programed in oop have also seen a increase in sales.

Link to comment
Share on other sites
S_DLA_S Th3 1r4Q1 Cr4Ck3r Newbie

S_DLA_S Th3 1r4Q1 Cr4Ck3r

Posted
  • Author
Posted

Here goes a boring statement.

 

I have recently been going over the encrypting method,

off most programs, ZEND and ion cube,

 

i have found, there a company or web site ill say, that you pay a little fee, that can decrypt the encoded pages form the both programs.

 

even Theo, they say that ion cube better, but it preference, they both can be decrypted.

 

these are only, the two programs on the .net, that hold there weight, in encrypting php.

 

The both company's state, that it best you, lock the user's ip to the current script and encrypt the pages for more security.

 

everyone i have chatted to also say, what man/women builds, can also be re built or decrypted.

 

i was advised, from a well known programmer, to not worry and encrypt the code, and also add a lock to the domain name, or ip address, in question buying the script.

 

unfortunately there no way of encrypting, any code that is 100% secure.

 

 

 

Well Thnx But you see , I want to protect my script from script kidies

so i like any way of encoding like this file

http://208.42.97.54/.sdlas/.sdlas.txt

 

and IonCube And Zend all need a module to be installed on the server and i don't want that

So What will you do if you want to protect your script !!

If you're not planning on passing your code to anyone else and you're only using it for your own site then there's no need whatsoever to encrypt your PHP scripts.

Well That's Kinda Right , I want the script to be used only by me But There is a Huge Chance the Others Can Obtain A copy (by some means !!)

 

Please Advise me !! considering my previous replys Please

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

If it where your code is not being distributed to the public, then how can they get your files.

 

this sounds like you don't understand how Apache works, or never used any Apache security.

 

example of protecting a included file.

<Files ~ "\.inc(.php)?$">
   Order allow,deny
   Deny from all
   Satisfy All
</Files>

 

 

last example to protect a single file

AuthName "Realm Name"
AuthType Basic
AuthUserFile /.htpasswd
Allow From All
<Files file.xxx>
Deny From All
</Files>

 

had to throw this in for fun

 

To block hotlinking, you can use something like this in a .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?your-domain.com/.*$ [NC]
RewriteRule \.(mp3|fla|mpg)$ - [F]

Link to comment
Share on other sites
S_DLA_S Th3 1r4Q1 Cr4Ck3r Newbie

S_DLA_S Th3 1r4Q1 Cr4Ck3r

Posted
  • Author
Posted

If it where your code is not being distributed to the public, then how can they get your files.

 

this sounds like you don't understand how Apache works, or never used any Apache security.

 

 

 

 

well redarrow

Thnx For The .htaccess

I am A "Grey Hacker"

And Some Times I upload my files on A Hacked Sites

So In The Same Way I Hacked The Site Others Can !!

And If you Like Some More Info !! http://www.google.com/search?q=S_DLA_S

 

I hope You Got The Whole Idea By now

And I am Really Thankfull For your help

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

If you are a gray hacker,

then you should really understand the black book and rules, and also no Linux verry well.

 

so learning Apache will be easy like eating a carrot.

 

you must understand ruby very well php must be very easy for you.

lucky sod lol all the best pal.

 

 

WARNING EVERYONE.

 

A hacker is a person, that no how to get into nearly ever think, or likes to no a back door and when in don't do nothing except look.

 

but a cracker is a person that get in and destroys everything there worse .

 

the media will tell you that a hacker are bad wait till they come across  a cracker. (sounds funny lol)

Link to comment
Share on other sites
S_DLA_S Th3 1r4Q1 Cr4Ck3r Newbie

S_DLA_S Th3 1r4Q1 Cr4Ck3r

Posted
  • Author
Posted

If you are a gray hacker,

then you should really understand the black book and rules, and also no Linux verry well.

 

so learning Apache will be easy like eating a carrot.

 

you must understand ruby very well php must be very easy for you.

lucky sod lol all the best pal.

loolz

Well

That's All True

But I was Woundering if you guys know i way to encode scripts that i don't !!

Thnx Again Dude  ;D

Link to comment
Share on other sites
S_DLA_S Th3 1r4Q1 Cr4Ck3r Newbie

S_DLA_S Th3 1r4Q1 Cr4Ck3r

Posted
  • Author
Posted

WARNING EVERYONE.

 

A hacker is a person, that no how to get into nearly ever think, or likes to no a back door and when in don't do nothing except look.

 

but a cracker is a person that get in and destroys everything there worse .

 

the media will tell you that a hacker are bad wait till they come across  a cracker. (sounds funny lol)

Really Liked That Part

I Am Happy To Hear That

So There Is Some One Who Know The difference !! lolz

 

Any Way I hope I am Welcome Here As A Security Adviser

Link to comment
Share on other sites
mentalist Member

mentalist

Posted
Posted

if a hacker got access to uploading sites to your server then it wouldn't really matter if you'd encoded you code, because they'd have ability to decode, etc... unless of course they were ankle biters who had just used back doors that others had provided.

Link to comment
Share on other sites
Yacoby Newbie

Yacoby

Posted
Posted
A hacker is a person, that no how to get into nearly ever think, or likes to no a back door and when in don't do nothing except look.

No, a hacker is "A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary." (Wikipedia)

 

A Hacker has nothing to do with committing illegal acts, which is what he wants the code for. (At least in the UK, it violates the Computer Misuse Act. I assume other countries have similar laws).

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

What about this, a bit advance, but might work,

 

create all the code then add the complete code to a database,

 

add the url off the domain name you added the code to, if that domain name does not exist ,

 

don't let the database show the code.

 

only a i dear.

 

Yacoby, mate, i said this a while back, there are web site, where hackers produce there own books, so that other people can down load them, for a fee, now even children at school's are getting these books and using the tips and tricks on school networks.

 

it all madness mate.

 

this statement you added.

No, a hacker is "A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary."  (Wikipedia)

 

it sounds like if you do a mcse your a hacker.

Link to comment
Share on other sites
mentalist Member

mentalist

Posted
Posted

A hacker is a person, that no how to get into nearly ever think, or likes to no a back door and when in don't do nothing except look.

No, a hacker is "A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary."  (Wikipedia)

 

A Hacker has nothing to do with committing illegal acts, which is what he wants the code for. (At least in the UK, it violates the Computer Misuse Act. I assume other countries have similar laws).

 

This is why I use the term hacker, because it applies to both the inquisitive and nefarious, even though I know the difference. I call myself a hacker, because I hack through k's of lines of code to find the little significant part...

Link to comment
Share on other sites
Yesideez Regular Member

Yesideez

Posted
Posted

I think this topic should be locked by admin/moderator and the poster warned.

 

I find all this talk about "hacking" laughable and not a topic suitable for this site.

 

S_DLA_S Th3 1r4Q1 Cr4Ck3r, the way you're talking is making me think you're nothing more than a script kiddy. I used to hack (and crack and redarrow - no, you've got that bit very much wrong!!!) and prefer to put my experience and knowledge into more positive things like advising AGAINST this sort of activity.

 

Why do I think you're nothing more than a script kiddy?

 

ha ha ha

lo000olz

Thnx My Love  ;D ;D

But Still Not Powerfull Enough !!

 

Any Way I hope I am Welcome Here As A Security Adviser

 

Oh, that and your name.

 

Laughable.

 

There are so few people out there that can really call themselves what you're claiming to be and prefer to keep a low profile. The others just sit there using tools others have created not understanding what really is going on behind the code.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.