![]() |
![]() |
![]() |
||||
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
![]() ![]() |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
![]() |
#1 |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Protecting PHP Code - Zend & Ioncube Are CRACKED
So Zend Guard and Ioncube have both been cracked. There are applications out there that do a decent job of decoding the files, especially if they were encoded with early versions of Zend or Ioncube. Newer versions are slightly more difficult but definitely possible. There's a site that will decode any encoded PHP script for $15.
Is there anything that actually works for protecting a commercial script?
__________________
I like pie. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#2 |
Confirmed User
Industry Role:
Join Date: Mar 2004
Location: Rock Hill, SC
Posts: 5,370
|
Any of the encoders are vulnerable... this is why you should obfuscate your code before you encode it... 9 times out of 10 the decoded versions of the script don't work because decoding isn't perfect... most decoders can't decode the script exactly as you wrote it. If you obfuscate your code they have almost no chance of being able to fix errors after they decode it.
http://alexking.org/blog/2004/02/07/...ting-php-code/ |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#4 | |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Quote:
BTW, I am gonna be your neighbor pretty soon. I am moving to a little town about an hour away from Charlotte this summer.
__________________
I like pie. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#5 |
Confirmed User
Join Date: May 2008
Location: Charlotte, NC
Posts: 342
|
You can't fight technology. Encoding will never be 100% effective - someone, somewhere will always break it.
Your best bet would be determining if your software could be deployed via SaaS. SOA and API's are the future. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#6 |
Pay It Forward
Industry Role:
Join Date: Sep 2005
Location: Yo Mama House
Posts: 76,984
|
if a script is good even the thieves will want to buy it
![]()
__________________
TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law! DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#8 |
Confirmed User
Join Date: May 2008
Location: Charlotte, NC
Posts: 342
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#9 |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
As long as we're naming names, the site I tried is zendcrack.com and they did a perfect job.
This shit is scary. One of the most used scripts in the adult business can be cracked for a few bucks. If I were a malicious type guy I could put the code up for free download and suddenly there would be thousands and thousands of sites using it. All those dollars invested in design and licenses would be for nothing.
__________________
I like pie. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#10 |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
I've been involved in open source projects since the beginning of the movement but no matter what anyone tries to tell you, it's next to impossible to turn a profit. The only people who benefit are the people that use the software. I am a firm believer in "pay to play."
__________________
I like pie. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#11 |
Too lazy to set a custom title
Industry Role:
Join Date: Aug 2002
Posts: 55,283
|
I dont mind paying for scripts that use encoders as long as I know the owner or people using them, Hate to see if run some malicious code.
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. ![]() WP Stuff |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#12 | |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Quote:
![]() ![]()
__________________
I like pie. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#13 | |
Industry Role:
Join Date: Aug 2006
Location: Little Vienna
Posts: 32,235
|
Quote:
but not sure can ioncube and source guardian can be decoded as some other sites says how they can.I bet they are scam same as that phpdecoders.But again it is probably possible but i think right now it is not available to public decoding of ioncube and source guardian. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#14 |
Confirmed User
Join Date: Dec 2004
Location: NL (Eindhoven), CZ(Prague), FR(Concarneau)
Posts: 3,958
|
Zend is insecure, it's the way they encrypt. Sourceguardian is very good, same goes for IonCube. They both have been cracked in the past, but they are pretty secure now. I'm sticking with Sourceguardian.
![]()
__________________
[img]http://****************/sig/fhv3_j2_624x80_2.gif[/img] $35-40 Per Signup, 60-70% Rev Share, over 80 Sites, Exclusive Sites, tons of free content 14,000+ Free hosted Galleries, RSS feeds, Domain Hosting, Embedded Flash Movies Join Fetish Hits now! ICQ: 358652230 |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#15 | |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Quote:
__________________
I like pie. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#16 |
sex dwarf
Join Date: May 2002
Posts: 17,860
|
Encrypting PHP code is asinine. All it does is protect incompetent coders from public scrutiny.
__________________
/(bb|[^b]{2})/ |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#17 | |
sex dwarf
Join Date: May 2002
Posts: 17,860
|
Quote:
Meanwhile, most businesses would stick with legal versions. Because, after all, illegally using software is a rather big liability for any serious business.
__________________
/(bb|[^b]{2})/ |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#18 | |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Quote:
Most webmasters here will steal something before they'll pay for it. For the few that will happily pay I bet there are a couple hundred who will steal. Everyone knows they won't go to jail for using an unlicensed script.
__________________
I like pie. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#19 | |
sex dwarf
Join Date: May 2002
Posts: 17,860
|
Quote:
If you focus on the higher end of the market, and build up a relationship with some of the main hosting companies, it gets much easier. A few years back, when I still worked as programmer, I had several hosting companies notify me of people trying to pirate my software on their servers when they spotted it. Small-time webmasters would try and steal stuff, of course, but professionals usually paid. And a number of the small-timers "upgraded" to legal versions once their business grew, so even the piracy wasn't a full loss.
__________________
/(bb|[^b]{2})/ |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#20 | |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Quote:
My favorite incident was when a little shithead from eastern Europe took my code, modified the admin templates and was selling it as his own creation. I did pursue him until he stopped but that was really a wakeup call for me.
__________________
I like pie. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#21 |
Confirmed User
Industry Role:
Join Date: Dec 2002
Location: Behind the scenes
Posts: 5,190
|
anything compiled can be decompiled in any language and platform, although it is against licensing and tou.
__________________
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#22 |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
I have yet to see C++ decompiled accurately. Development time is substantially increased though, especially for me. I'm not smart enough to code C++ quickly.
__________________
I like pie. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#23 | |
Confirmed User
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
|
Quote:
Both ZendGuard and IonCube. Only thing you can do: write better code. Decompiling C++ is one thing, but disassembling it is another thing all together - and been done for ages.. It's a hell of a lot easier to trace into C++/ASM/VB/Whatever than it is PHP ![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#24 | |
Confirmed User
Industry Role:
Join Date: Mar 2004
Location: Rock Hill, SC
Posts: 5,370
|
Quote:
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#25 |
Confirmed User
Join Date: Mar 2009
Posts: 193
|
Being able to decode and reverse engineer / modify are 2 entirely different things.
Anything that can be run can be disassembled. I used to crack video games in the early 90's using nothing more than a hex editor and knowledge of Intel assembly opcodes. It's very challenging and time consuming though. PHP is more obscure though because nobody cares about the low levels of PHP. I'm currently developing a few products and when I release them they will be source code or SaaS.
__________________
Adult Software Solutions (ICQ 559884738) PHP, MySQL, Flash, Actionscript, Java, Wowza, CMS, Tube, VOD, CRM, Dating, Social Networks, Paysites, TGPs, Directories and more. If you can think it I can build it. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#26 |
Confirmed User
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
|
Don't kid yourself on that one. People are very interested in your PHP source.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#27 |
So Fucking What
Industry Role:
Join Date: Jul 2006
Posts: 17,189
|
you could host your "meat and potatoes" code on your own dedicated hardware. anything worth cracking gets cracked ...
__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself ![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#28 |
Confirmed User
Join Date: Mar 2009
Posts: 193
|
I was referring to the C/assembly/opcode level implementation of PHP. I have never met a person in my life who could read compiled PHP code from a hex editor. I know several that can do that with programs compiled to native intel assembly.
__________________
Adult Software Solutions (ICQ 559884738) PHP, MySQL, Flash, Actionscript, Java, Wowza, CMS, Tube, VOD, CRM, Dating, Social Networks, Paysites, TGPs, Directories and more. If you can think it I can build it. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#29 |
Confirmed User
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 9,228
|
The php decoders are terrible. They don't get anything even close to the original code...
__________________
Mechanical Bunny Media Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#30 |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Yes they do. Test out the site I posted. I have completely functional code from a previously encoded script.
__________________
I like pie. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#31 | |
Confirmed User
Join Date: Nov 2005
Posts: 2,167
|
Quote:
With obfuscation, the code comes up clean aswell, but the function names are messed, however, they still hold same "name", and can be easilly renamed.
__________________
agentGFY *at* gmail.com |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#32 |
Confirmed User
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
|
Yes they do - more often than not with original variable names, too.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#33 | |
Confirmed User
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
|
Quote:
![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#34 | |
Too lazy to set a custom title
Industry Role:
Join Date: May 2004
Location: West Coast, Canada.
Posts: 10,217
|
Quote:
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#35 | |
I help you SUCCEED
Industry Role:
Join Date: Nov 2003
Location: The Pearl of the Orient Seas
Posts: 32,195
|
Quote:
![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#36 |
Confirmed User
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
|
The tests I ran, everything was returned, including original variable names, and formatting.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#37 | |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Quote:
Haven't tried obfuscated code yet. Common sense tells me I will get decoded yet still obfuscated code back. Obfuscated code can be cleaned up and made readable again with a little effort so I'm pretty sure it's not stopping anyone.
__________________
I like pie. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#38 | |
So Fucking What
Industry Role:
Join Date: Jul 2006
Posts: 17,189
|
Quote:
![]()
__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself ![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#39 |
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
Numbnuts, there's nothing you can tell me that I don't already know. Fuck off, turd.
__________________
I like pie. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#40 |
there's no $$$ in porn
Industry Role:
Join Date: Jul 2005
Location: icq: 195./568.-230 (btw: not getting offline msgs)
Posts: 33,063
|
<----- doesn't trust encoded/encrypted php code.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#41 |
Industry Role:
Join Date: Aug 2006
Location: Little Vienna
Posts: 32,235
|
Yep i finded program for decoding ioncube so i have both programs for zend and ioncube now for free.
Which means if i ever will do script i will have to find other solution to encode it. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#42 | |
So Fucking What
Industry Role:
Join Date: Jul 2006
Posts: 17,189
|
Quote:
"Is there anything that actually works for protecting a commercial script?" Then why are you asking turd ? I just told you the only way shit for brains ... now click my sig ![]()
__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself ![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#43 | |
Confirmed User
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
|
Quote:
#2 - You mess up something on you end, you kill a bunch of sites #3 - You get ddos'd off the planet, you kill a bunch of sites #4 - You get hacked, and they push code to a bunch of sites, you hack a bunch of sites. #5 - They decode your app, comment out the dependency, and resume life |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#44 | |
So Fucking What
Industry Role:
Join Date: Jul 2006
Posts: 17,189
|
Quote:
So let everyone tell you all this bullshit and I'll tell you what you already know. You can't protect your code. Impossible. ... happy now. ![]()
__________________
best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself ![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |