Deobfuscation

[isaac_cm]

Hello,

I use zend guard to obfuscate my PHP pages but the problem that I heard so many times there is tools can decompile (deobfuscate) what zend guard does to the files, Is it true ? if so what is the best way to protect PHP code ?

 

Thanks

[tibberous]

Ioncube

[Wuhtzu]

My guess would be if someone wants your code they'll get it, even though it requires them to somehow obtain your encrypted code (hacking server or something like that) and then decode your code.

 

This discussion supports my thoughts:

http://www.webhostingtalk.com/archive/index.php/t-476659.html

 

 

Back to the protection part....

 

How about letting no one except yourself have access to the code? Have your own server running "at home" and then just keep it as plain text php code. Or is it a matter of distributing (selling or similar) the code?

 

[MadTechie]

Ioncube

IonCube Encoder does not offer any protection against oparray_dumping or oparray disassembly

but then again nor does ZendEncoder, its alittle better but with a littel time to can decrypt the opcodes,

 

short and simple, if you give the source to someone they will hack it after X time.. its just how long X takes..

[isaac_cm]

Here is my experience:

This is very dangerous situation I cant let any one take my code because this way I only sell one copy and the owner will sell it as much as he want !!

 

I test encode using zend guard and decoded with dezender and I found dezender can only decode ver 3.6 I am just afraid that another tool popup to decode zend guard 4 or 5

 

What about sourceguardian ver 7 , did any one try it ?

[MadTechie]

when looking for the protection remember thats statements like

# Allows you to distribute time limited scripts for shareware purposes

# Allows you to distribute Domain and IP limited scripts that will only run on the IP or Domain you specify when encoding

are only true of the system is NOT reversed..

 

These system have all been hacked.

• Zend Encoder *
  
• SafeGuard 3.6
  
• ionCube up to 6.5
  
• SourceGuardian *
  
• phpcipher *
  
• codelock *
  
• SourceCop (all version, from what i know - useless)
  

 

unsure of version, i'm sure theirs been a few new releases since i last checked

[MasterACE14]

your practically talking about piracy  :-\ What sought of scripts need this security anyway?

[isaac_cm]

your practically talking about piracy  :-\ What sought of scripts need this security anyway?

 

CMS software ofcourse what else !!!

[MasterACE14]

lol ok, I had in mind, "Nuclear Launch Codes" but thats just me 

[isaac_cm]

 

These system have all been hacked.

• Zend Encoder *
  
• SafeGuard 3.6
  
• ionCube up to 6.5
  
• SourceGuardian *
  
• phpcipher *
  
• codelock *
  
• SourceCop (all version, from what i know - useless)
  

 

unsure of version, i'm sure theirs been a few new releases since i last checked

 

seems you have the tool to hack all of them, however as I said zend 4 and 5 not hacked yet I hope they still that way

 

I am testing SourceGuardian now

[isaac_cm]

lol ok, I had in mind, "Nuclear Launch Codes" but thats just me 

 

I hope I can do system like that I would be so rich

[MasterACE14]

yeah  , kick Bill Gates out the window.

[tibberous]

Ioncube

IonCube Encoder does not offer any protection against oparray_dumping or oparray disassembly

but then again nor does ZendEncoder, its alittle better but with a littel time to can decrypt the opcodes,

 

short and simple, if you give the source to someone they will hack it after X time.. its just how long X takes..

 

Agreed of course, but more practically it can be thought of as How long it takes to hack vs How long it takes to rewrite. If you make a 100 page facebook clone script, and ioncube every damn page, I'm not going to go through 100 pages of your opt codes - I'm going to open notepad and start typing.