Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 04-14-2009, 06:18 AM   #1
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Protecting PHP Code - Zend & Ioncube Are CRACKED

So Zend Guard and Ioncube have both been cracked. There are applications out there that do a decent job of decoding the files, especially if they were encoded with early versions of Zend or Ioncube. Newer versions are slightly more difficult but definitely possible. There's a site that will decode any encoded PHP script for $15.

Is there anything that actually works for protecting a commercial script?
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:02 AM   #2
nation-x
Confirmed User
 
nation-x's Avatar
 
Industry Role:
Join Date: Mar 2004
Location: Rock Hill, SC
Posts: 5,370
Any of the encoders are vulnerable... this is why you should obfuscate your code before you encode it... 9 times out of 10 the decoded versions of the script don't work because decoding isn't perfect... most decoders can't decode the script exactly as you wrote it. If you obfuscate your code they have almost no chance of being able to fix errors after they decode it.

http://alexking.org/blog/2004/02/07/...ting-php-code/
nation-x is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:17 AM   #3
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 55,283
http://phpdecoders.com/function.html

saw this being advertised on sitepoint
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:28 AM   #4
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by nation-x View Post
Any of the encoders are vulnerable... this is why you should obfuscate your code before you encode it... 9 times out of 10 the decoded versions of the script don't work because decoding isn't perfect... most decoders can't decode the script exactly as you wrote it. If you obfuscate your code they have almost no chance of being able to fix errors after they decode it.

http://alexking.org/blog/2004/02/07/...ting-php-code/
That's a pretty old post. A lot changes in 5 years. I sent a widely used script to a particular site that claims to be able to decode anything and they nailed it in less than an hour. The tools available for download didn't work for this script but these guys were able to do it. That shattered my faith in all of these encoders. I'll try to obfuscate some code, run it through Ioncube and send it to them to see what they come up with. If I had Zend Guard I would try that one too.

BTW, I am gonna be your neighbor pretty soon. I am moving to a little town about an hour away from Charlotte this summer.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:29 AM   #5
leek
Confirmed User
 
leek's Avatar
 
Join Date: May 2008
Location: Charlotte, NC
Posts: 342
You can't fight technology. Encoding will never be 100% effective - someone, somewhere will always break it.

Your best bet would be determining if your software could be deployed via SaaS. SOA and API's are the future.
leek is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:30 AM   #6
brassmonkey
Pay It Forward
 
brassmonkey's Avatar
 
Industry Role:
Join Date: Sep 2005
Location: Yo Mama House
Posts: 76,984
if a script is good even the thieves will want to buy it
__________________
TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law!
DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com
brassmonkey is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:31 AM   #7
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 55,283
open source 4 lyfe
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:32 AM   #8
leek
Confirmed User
 
leek's Avatar
 
Join Date: May 2008
Location: Charlotte, NC
Posts: 342
Quote:
Originally Posted by fris View Post
open source 4 lyfe
leek is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:34 AM   #9
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
As long as we're naming names, the site I tried is zendcrack.com and they did a perfect job.

This shit is scary. One of the most used scripts in the adult business can be cracked for a few bucks. If I were a malicious type guy I could put the code up for free download and suddenly there would be thousands and thousands of sites using it. All those dollars invested in design and licenses would be for nothing.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:37 AM   #10
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by fris View Post
open source 4 lyfe
I've been involved in open source projects since the beginning of the movement but no matter what anyone tries to tell you, it's next to impossible to turn a profit. The only people who benefit are the people that use the software. I am a firm believer in "pay to play."
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 07:39 AM   #11
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 55,283
I dont mind paying for scripts that use encoders as long as I know the owner or people using them, Hate to see if run some malicious code.
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 09:10 AM   #12
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by fris View Post
I dont mind paying for scripts that use encoders as long as I know the owner or people using them, Hate to see if run some malicious code.
That part does make me nervous. I like to see what I am running. I guess now I can.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 09:18 AM   #13
Klen
 
Klen's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Little Vienna
Posts: 32,235
Quote:
Originally Posted by fris View Post
http://phpdecoders.com/function.html

saw this being advertised on sitepoint
I think that is scam site if i remember correctly.Also i do know zend is very easy to decode
but not sure can ioncube and source guardian can be decoded as some other sites says how they can.I bet they are scam same as that phpdecoders.But again it is probably possible but i think right now it is not available to public decoding of ioncube and source guardian.
Klen is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 09:24 AM   #14
Sam Granger
Confirmed User
 
Sam Granger's Avatar
 
Join Date: Dec 2004
Location: NL (Eindhoven), CZ(Prague), FR(Concarneau)
Posts: 3,958
Zend is insecure, it's the way they encrypt. Sourceguardian is very good, same goes for IonCube. They both have been cracked in the past, but they are pretty secure now. I'm sticking with Sourceguardian.
__________________
[img]http://****************/sig/fhv3_j2_624x80_2.gif[/img]
$35-40 Per Signup, 60-70% Rev Share, over 80 Sites, Exclusive Sites, tons of free content
14,000+ Free hosted Galleries, RSS feeds, Domain Hosting, Embedded Flash Movies
Join Fetish Hits now!
ICQ: 358652230
Sam Granger is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 09:26 AM   #15
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by KlenTelaris View Post
I think that is scam site if i remember correctly.Also i do know zend is very easy to decode
but not sure can ioncube and source guardian can be decoded as some other sites says how they can.I bet they are scam same as that phpdecoders.But again it is probably possible but i think right now it is not available to public decoding of ioncube and source guardian.
Email some ioncube encoded code to that URL I posted above and see what happens. It'll cost a little $ but I assure you that it's not a scam site. The guy is actually pretty friendly.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 09:37 AM   #16
Libertine
sex dwarf
 
Libertine's Avatar
 
Join Date: May 2002
Posts: 17,860
Encrypting PHP code is asinine. All it does is protect incompetent coders from public scrutiny.
__________________
/(bb|[^b]{2})/
Libertine is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 09:39 AM   #17
Libertine
sex dwarf
 
Libertine's Avatar
 
Join Date: May 2002
Posts: 17,860
Quote:
Originally Posted by Babaganoosh View Post
As long as we're naming names, the site I tried is zendcrack.com and they did a perfect job.

This shit is scary. One of the most used scripts in the adult business can be cracked for a few bucks. If I were a malicious type guy I could put the code up for free download and suddenly there would be thousands and thousands of sites using it. All those dollars invested in design and licenses would be for nothing.
A few thousand sites might start using it, but both you and the owners of a fair number of those sites would be facing some serious jailtime.

Meanwhile, most businesses would stick with legal versions. Because, after all, illegally using software is a rather big liability for any serious business.
__________________
/(bb|[^b]{2})/
Libertine is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 09:48 AM   #18
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by Libertine View Post
A few thousand sites might start using it, but both you and the owners of a fair number of those sites would be facing some serious jailtime.

Meanwhile, most businesses would stick with legal versions. Because, after all, illegally using software is a rather big liability for any serious business.
If only that were true. I used to sell software written in Perl. Chasing down thieves and pirates was a constant chore. So much so that I stopped selling software. I couldn't even get hosts to shut down clients sites most of the time without jumping through all kinds of hoops. The only code I write is for my own use or on a strictly custom basis.

Most webmasters here will steal something before they'll pay for it. For the few that will happily pay I bet there are a couple hundred who will steal. Everyone knows they won't go to jail for using an unlicensed script.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 09:59 AM   #19
Libertine
sex dwarf
 
Libertine's Avatar
 
Join Date: May 2002
Posts: 17,860
Quote:
Originally Posted by Babaganoosh View Post
If only that were true. I used to sell software written in Perl. Chasing down thieves and pirates was a constant chore. So much so that I stopped selling software. I couldn't even get hosts to shut down clients sites most of the time without jumping through all kinds of hoops. The only code I write is for my own use or on a strictly custom basis.

Most webmasters here will steal something before they'll pay for it. For the few that will happily pay I bet there are a couple hundred who will steal. Everyone knows they won't go to jail for using an unlicensed script.
Then you must have been focusing on the lower end of the market.

If you focus on the higher end of the market, and build up a relationship with some of the main hosting companies, it gets much easier. A few years back, when I still worked as programmer, I had several hosting companies notify me of people trying to pirate my software on their servers when they spotted it.

Small-time webmasters would try and steal stuff, of course, but professionals usually paid. And a number of the small-timers "upgraded" to legal versions once their business grew, so even the piracy wasn't a full loss.
__________________
/(bb|[^b]{2})/
Libertine is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 10:06 AM   #20
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by Libertine View Post
Then you must have been focusing on the lower end of the market.

If you focus on the higher end of the market, and build up a relationship with some of the main hosting companies, it gets much easier. A few years back, when I still worked as programmer, I had several hosting companies notify me of people trying to pirate my software on their servers when they spotted it.

Small-time webmasters would try and steal stuff, of course, but professionals usually paid. And a number of the small-timers "upgraded" to legal versions once their business grew, so even the piracy wasn't a full loss.
Low end or not, there has to be a way to protect code without switching to compiled languages.

My favorite incident was when a little shithead from eastern Europe took my code, modified the admin templates and was selling it as his own creation. I did pursue him until he stopped but that was really a wakeup call for me.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 10:13 AM   #21
Serge Litehead
Confirmed User
 
Serge Litehead's Avatar
 
Industry Role:
Join Date: Dec 2002
Location: Behind the scenes
Posts: 5,190
anything compiled can be decompiled in any language and platform, although it is against licensing and tou.
__________________

Last edited by Serge Litehead; 04-14-2009 at 10:14 AM..
Serge Litehead is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 10:36 AM   #22
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by holograph View Post
anything compiled can be decompiled in any language and platform, although it is against licensing and tou.
I have yet to see C++ decompiled accurately. Development time is substantially increased though, especially for me. I'm not smart enough to code C++ quickly.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 10:42 AM   #23
quantum-x
Confirmed User
 
quantum-x's Avatar
 
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
Quote:
Originally Posted by Babaganoosh View Post
I have yet to see C++ decompiled accurately. Development time is substantially increased though, especially for me. I'm not smart enough to code C++ quickly.
Right, these things have been cracked for ages.
Both ZendGuard and IonCube.

Only thing you can do: write better code.

Decompiling C++ is one thing, but disassembling it is another thing all together - and been done for ages..

It's a hell of a lot easier to trace into C++/ASM/VB/Whatever than it is PHP

Last edited by quantum-x; 04-14-2009 at 10:46 AM.. Reason: Less profanity ;)
quantum-x is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 10:48 AM   #24
nation-x
Confirmed User
 
nation-x's Avatar
 
Industry Role:
Join Date: Mar 2004
Location: Rock Hill, SC
Posts: 5,370
Quote:
Originally Posted by fris View Post
http://phpdecoders.com/function.html

saw this being advertised on sitepoint
Why would you post that fris? Sometimes I wonder about you.
nation-x is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 11:28 AM   #25
AdultSoftwareSolutions
Confirmed User
 
AdultSoftwareSolutions's Avatar
 
Join Date: Mar 2009
Posts: 193
Being able to decode and reverse engineer / modify are 2 entirely different things.

Anything that can be run can be disassembled. I used to crack video games in the early 90's using nothing more than a hex editor and knowledge of Intel assembly opcodes. It's very challenging and time consuming though. PHP is more obscure though because nobody cares about the low levels of PHP.

I'm currently developing a few products and when I release them they will be source code or SaaS.
__________________
Adult Software Solutions (ICQ 559884738)
PHP, MySQL, Flash, Actionscript, Java, Wowza, CMS, Tube, VOD, CRM, Dating, Social Networks, Paysites, TGPs, Directories and more.
If you can think it I can build it.
AdultSoftwareSolutions is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 11:36 AM   #26
quantum-x
Confirmed User
 
quantum-x's Avatar
 
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
Quote:
Originally Posted by AdultSoftwareSolutions View Post
PHP is more obscure though because nobody cares about the low levels of PHP.
Don't kid yourself on that one. People are very interested in your PHP source.
quantum-x is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 11:42 AM   #27
2012
So Fucking What
 
2012's Avatar
 
Industry Role:
Join Date: Jul 2006
Posts: 17,189
you could host your "meat and potatoes" code on your own dedicated hardware. anything worth cracking gets cracked ...
__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself
2012 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 11:49 AM   #28
AdultSoftwareSolutions
Confirmed User
 
AdultSoftwareSolutions's Avatar
 
Join Date: Mar 2009
Posts: 193
Quote:
Originally Posted by quantum-x View Post
Don't kid yourself on that one. People are very interested in your PHP source.
I was referring to the C/assembly/opcode level implementation of PHP. I have never met a person in my life who could read compiled PHP code from a hex editor. I know several that can do that with programs compiled to native intel assembly.
__________________
Adult Software Solutions (ICQ 559884738)
PHP, MySQL, Flash, Actionscript, Java, Wowza, CMS, Tube, VOD, CRM, Dating, Social Networks, Paysites, TGPs, Directories and more.
If you can think it I can build it.
AdultSoftwareSolutions is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 12:32 PM   #29
k0nr4d
Confirmed User
 
k0nr4d's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 9,228
The php decoders are terrible. They don't get anything even close to the original code...
k0nr4d is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 12:43 PM   #30
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by k0nr4d View Post
The php decoders are terrible. They don't get anything even close to the original code...
Yes they do. Test out the site I posted. I have completely functional code from a previously encoded script.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 12:49 PM   #31
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,167
Quote:
Originally Posted by k0nr4d View Post
The php decoders are terrible. They don't get anything even close to the original code...
You've not searched good then. I've had both zend and ioncube decoded completelly acuratelly.

With obfuscation, the code comes up clean aswell, but the function names are messed, however, they still hold same "name", and can be easilly renamed.
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 01:25 PM   #32
quantum-x
Confirmed User
 
quantum-x's Avatar
 
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
Quote:
Originally Posted by k0nr4d View Post
The php decoders are terrible. They don't get anything even close to the original code...
Yes they do - more often than not with original variable names, too.
quantum-x is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 01:26 PM   #33
quantum-x
Confirmed User
 
quantum-x's Avatar
 
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
Quote:
Originally Posted by AdultSoftwareSolutions View Post
I was referring to the C/assembly/opcode level implementation of PHP. I have never met a person in my life who could read compiled PHP code from a hex editor. I know several that can do that with programs compiled to native intel assembly.
Sure, but there's not much need, with Zend Platform - you can debug and trace the PHP bitcode anyhow
quantum-x is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 03:31 PM   #34
Tempest
Too lazy to set a custom title
 
Industry Role:
Join Date: May 2004
Location: West Coast, Canada.
Posts: 10,217
Quote:
Originally Posted by Babaganoosh View Post
That's a pretty old post. A lot changes in 5 years. I sent a widely used script to a particular site that claims to be able to decode anything and they nailed it in less than an hour. The tools available for download didn't work for this script but these guys were able to do it. That shattered my faith in all of these encoders. I'll try to obfuscate some code, run it through Ioncube and send it to them to see what they come up with. If I had Zend Guard I would try that one too.
Have you got the results of your obfuscate test yet? Which obfuscator did you use? And what's the link to the site that does the decoding? Think I'm going to need to run some of my own damn tests as well.
Tempest is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 03:33 PM   #35
$5 submissions
I help you SUCCEED
 
$5 submissions's Avatar
 
Industry Role:
Join Date: Nov 2003
Location: The Pearl of the Orient Seas
Posts: 32,195
Quote:
Originally Posted by nation-x View Post
Any of the encoders are vulnerable... this is why you should obfuscate your code before you encode it... 9 times out of 10 the decoded versions of the script don't work because decoding isn't perfect... most decoders can't decode the script exactly as you wrote it. If you obfuscate your code they have almost no chance of being able to fix errors after they decode it.

http://alexking.org/blog/2004/02/07/...ting-php-code/
Great post. Thanks!
$5 submissions is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 03:38 PM   #36
quantum-x
Confirmed User
 
quantum-x's Avatar
 
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
Quote:
Originally Posted by Tempest View Post
Have you got the results of your obfuscate test yet? Which obfuscator did you use? And what's the link to the site that does the decoding? Think I'm going to need to run some of my own damn tests as well.
The tests I ran, everything was returned, including original variable names, and formatting.
quantum-x is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 04:53 PM   #37
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by Tempest View Post
Have you got the results of your obfuscate test yet? Which obfuscator did you use? And what's the link to the site that does the decoding? Think I'm going to need to run some of my own damn tests as well.
zendcrack.com

Haven't tried obfuscated code yet. Common sense tells me I will get decoded yet still obfuscated code back. Obfuscated code can be cleaned up and made readable again with a little effort so I'm pretty sure it's not stopping anyone.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 04:58 PM   #38
2012
So Fucking What
 
2012's Avatar
 
Industry Role:
Join Date: Jul 2006
Posts: 17,189
Quote:
Originally Posted by Babaganoosh View Post
zendcrack.com

Haven't tried obfuscated code yet. Common sense tells me I will get decoded yet still obfuscated code back. Obfuscated code can be cleaned up and made readable again with a little effort so I'm pretty sure it's not stopping anyone.
if you make your app dependent on a service you run from your own server you can have less to worry about as far as someone stealing your code. license the service ... i guess that's part of what I was trying to say.
__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself
2012 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 05:03 PM   #39
Babaganoosh
♥♥♥ Likes Hugs ♥♥♥
 
Babaganoosh's Avatar
 
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
Quote:
Originally Posted by fartfly View Post
if you make your app dependent on a service you run from your own server you can have less to worry about as far as someone stealing your code. license the service ... i guess that's part of what I was trying to say.
Numbnuts, there's nothing you can tell me that I don't already know. Fuck off, turd.
__________________
I like pie.
Babaganoosh is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 05:27 PM   #40
u-Bob
there's no $$$ in porn
 
u-Bob's Avatar
 
Industry Role:
Join Date: Jul 2005
Location: icq: 195./568.-230 (btw: not getting offline msgs)
Posts: 33,063
<----- doesn't trust encoded/encrypted php code.
u-Bob is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 05:29 PM   #41
Klen
 
Klen's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Little Vienna
Posts: 32,235
Yep i finded program for decoding ioncube so i have both programs for zend and ioncube now for free.
Which means if i ever will do script i will have to find other solution to encode it.
Klen is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 05:29 PM   #42
2012
So Fucking What
 
2012's Avatar
 
Industry Role:
Join Date: Jul 2006
Posts: 17,189
Quote:
Originally Posted by Babaganoosh View Post
Numbnuts, there's nothing you can tell me that I don't already know. Fuck off, turd.
Is it that time of the month again?
"Is there anything that actually works for protecting a commercial script?"

Then why are you asking turd ? I just told you the only way shit for brains ...

now click my sig
__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself
2012 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 05:36 PM   #43
quantum-x
Confirmed User
 
quantum-x's Avatar
 
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
Quote:
Originally Posted by fartfly View Post
if you make your app dependent on a service you run from your own server you can have less to worry about as far as someone stealing your code. license the service ... i guess that's part of what I was trying to say.
#1 - Your server goes down, you kill a bunch of sites
#2 - You mess up something on you end, you kill a bunch of sites
#3 - You get ddos'd off the planet, you kill a bunch of sites
#4 - You get hacked, and they push code to a bunch of sites, you hack a bunch of sites.

#5 - They decode your app, comment out the dependency, and resume life
quantum-x is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 04-14-2009, 05:38 PM   #44
2012
So Fucking What
 
2012's Avatar
 
Industry Role:
Join Date: Jul 2006
Posts: 17,189
Quote:
Originally Posted by quantum-x View Post
#1 - Your server goes down, you kill a bunch of sites
#2 - You mess up something on you end, you kill a bunch of sites
#3 - You get ddos'd off the planet, you kill a bunch of sites
#4 - You get hacked, and they push code to a bunch of sites, you hack a bunch of sites.

#5 - They decode your app, comment out the dependency, and resume life
wow, turd. Tell me something I don't already know j/k

So let everyone tell you all this bullshit and I'll tell you what you already know. You can't protect your code. Impossible. ... happy now.
__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself
2012 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.