Jump to content

Encode / Obfuscate PHP code

wonderm00n

By wonderm00n
in PHP Coding Help

 Share

Recommended Posts

wonderm00n Newbie

wonderm00n

Posted
Posted

Hi there,

 

I'm developing a commercial application using PHP and in this particular case I need to encode/obfuscate the PHP code.

 

Is there a free solution for this, or I must use a tool like "ionCube", "Nusphere PHP Encoder", "Zend Guard", ... ?

 

If there's not a free solution to do this, what commercial one do you guys recommend. I don't need to have any licensing protection. I just want to be sure that my client will not be able to see the PHP code and change/copy it.

 

Thanks in advance,

Wonderm00n

Link to comment
Share on other sites
wonderm00n Newbie

wonderm00n

Posted
  • Author
Posted

This was the first result on a Google search for "free php encoder": http://www.byterun.com/free-php-encoder.php

 

Thanks Daniel0, but...

 

Not quite what I was looking for. This is a online tool and it's no good when you need to encode a PHP project that has 300+ files.

Their payed product, except "Lite" which is no good, cost around the same prices as the ones I referred on my first post.

 

Anyone?

Link to comment
Share on other sites
wonderm00n Newbie

wonderm00n

Posted
  • Author
Posted

if you have a commerical grade product you should have a commercial grade contract end of story.

 

A "commercial grade contract" is done with the client off course, but this does not guarantee that the code won't fall into the wrong hands anyway...

- The person that runs the server may not be the client, but an external company.

- Some of my clients employees may just grab the code.

- Etc...

Of course the "commercial grade contract" may protect me in a court of law, but if the code was already stolen it can spread in a matter of hours over the internet. Everyone knows that it's illegal to download copyrighted movies and music from the web, but everyone does it anyway...

 

I am "willing to be helped" and I really don't think "end of story" is helping.

 

So... If this forum is a "community forum", and you don't want to help, just don't reply to my post, instead of making a stupid comment like "end of story"... Everyone has their opinions and their way of working or making business. In this particular application I'm developing in PHP, this is my way of making business.

 

Anyway...

Anyone has experience with this one: http://www.raizlabs.com/software/phpobfuscator/  ?

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

if you have a commerical grade product you should have a commercial grade contract end of story.

 

A "commercial grade contract" is done with the client off course, but this does not guarantee that the code won't fall into the wrong hands anyway...

- The person that runs the server may not be the client, but an external company.

- Some of my clients employees may just grab the code.

- Etc...

Of course the "commercial grade contract" may protect me in a court of law, but if the code was already stolen it can spread in a matter of hours over the internet. Everyone knows that it's illegal to download copyrighted movies and music from the web, but everyone does it anyway...

 

 

 

 

IF you have something so great then you have such a great contract that has contingencies to if the product is illegal altered or distributed you have a legal right to seek damages from the party you distributed this to.

 

They will be a lot more secure about it then if they realize they will owe a ton if they release it.

 

 

As for encrypting it that is pointless because any version of encryption source code will require it to be decrypted to be compiled and process.  If they really want to figure out the decrypt they can and will.

 

PHP can not protect it self this way period end of story it only can slow it down.

Get your contract written properly.

Get a copy of all files saved to your systems in an archive and make md5checksums of all files for quick verification of the files. 

 

You can also request access to the server to run a md5checksum of the server files to verify their consitency

 

The only real way to prevent unauthorized access is to have a distributed system from your mysql to the remote server and locking it to a single source, but this in turn cost you money to run said mysql server.

Link to comment
Share on other sites
wonderm00n Newbie

wonderm00n

Posted
  • Author
Posted

cooldude832:

 

I do realize that everything that is encrypted has to be decrypted somewhere along the processing, and that reverse engineering is possible.

 

Even though the contract exists and it protects me in case of problems, I just want to make it "hard" to understand/change the code. My clients are not PHP gurus, because if they were they wont pay me or anyone else to code for them. I'm no guru also, I'm just programmer who wants to have an extra layer of protection in some specific projects. In this specific projects the client is not buying the code, but the "license" to use it.

 

Going back to the "reverse engineering" stuff... That's exactly why I'm seeking for a free product. If I could be guaranteed that no reverse engineering was possible I would gladly pay for a product.

 

Thanks,

Wonderm00n

Link to comment
Share on other sites
toplay Member

toplay

Posted
Posted

Go with the people that wrote the PHP engine:

 

http://www.zend.com/en/products/guard/

 

There's lots of things to consider, and after you encode the code another bout of QA must take place. I've come across minor peculiarities (bugs) after encoding, where I had to change PHP code to compensate for encoding problems. For instance: I had a constant defined as 0.50 and worked fine unencoded, but when it was encoded the code did not work because somehow the value became zero. Needless time was spent to narrow the problem down to this constant and the only solution at the time that seemed to work was making the value a string ('0.50') and then using floatval(). Strange things like that.

 

Good luck.

Link to comment
Share on other sites
wonderm00n Newbie

wonderm00n

Posted
  • Author
Posted

Go with the people that wrote the PHP engine:

 

http://www.zend.com/en/products/guard/

 

There's lots of things to consider, and after you encode the code another bout of QA must take place. I've come across minor peculiarities (bugs) after encoding, where I had to change PHP code to compensate for encoding problems. For instance: I had a constant defined as 0.50 and worked fine unencoded, but when it was encoded the code did not work because somehow the value became zero. Needless time was spent to narrow the problem down to this constant and the only solution at the time that seemed to work was making the value a string ('0.50') and then using floatval(). Strange things like that.

 

Good luck.

 

Thank YOU!

I'm going to try their free trial.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.