SitePoint Sponsor

User Tag List

Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 52
  1. #26
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by phpcodelock.com
    The actual size of your encrypted files (encoded with the PHP encryptor) usually end up reasonably smaller that the original, so theoretically the end-user download time is faster.
    errr whos theory that then

  2. #27
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    lol, how not likely is that, the HTML produced to the browser would be the same size, encrypted source file or not.
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.

  3. #28
    SitePoint Zealot pozmu's Avatar
    Join Date
    Jul 2001
    Location
    Poland/ Warsaw
    Posts
    111
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The codelock thing isn't a real encryptor.... It's very easy to hack/ crack it

  4. #29
    SitePoint Guru
    Join Date
    Feb 2002
    Posts
    625
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by pozmu
    The codelock thing isn't a real encryptor.... It's very easy to hack/ crack it images/smilies/frown.gif
    You know, i would be sooo tempted to go out and buy the software, encrypt a file and send it to youl And you show me how easy it is to "hack/crack" it. Just out of curiousity.
    [img]images/smilies/goof.gif[/img]

  5. #30
    SitePoint Zealot pozmu's Avatar
    Join Date
    Jul 2001
    Location
    Poland/ Warsaw
    Posts
    111
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    LOL, just send me 50% of this "encoder" price and I will show you how to become a "PHP hacker" . This software is worth nothing - you can actually see full source by just adding *one* line to the encoded file. Belive me, I checked this 10 minutes ago.

  6. #31
    Prolific Blogger silver trophy Technosailor's Avatar
    Join Date
    Jun 2001
    Location
    Before These Crowded Streets
    Posts
    9,446
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thinkaholic, your link has been removed. Please follow our self-promotion guidelines.
    Aaron Brazell
    Technosailor



  7. #32
    SitePoint Zealot colinr's Avatar
    Join Date
    Aug 2003
    Location
    san francisco, ca
    Posts
    198
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you might not face this problem if you didn't try to use an inherently open coding technology to produce work for which you wished was closed and encrypted.

    On another note, may i ask what this "bread-winning" code does for newbie web designers?

  8. #33
    Confirmed Halfwit
    Join Date
    Oct 1999
    Location
    Vancouver, BC, Canada
    Posts
    983
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by colinr
    you might not face this problem if you didn't try to use an inherently open coding technology to produce work for which you wished was closed and encrypted.
    Well, if I wish my application to "run" on a standard web server, I am pretty much limited to PERL, PHP or ASP. I could use ColdFusion, but that isn't as widely popular, etc...

    Quote Originally Posted by colinr
    On another note, may i ask what this "bread-winning" code does for newbie web designers?
    The next version of my software (www.snippetmaster.com) is a significant improvement over the existing one, and if I don't "protect" it I am 100% confident people will steal it. (With the existing version, I have found over 15 people selling my software as their own... )
    People just don't seem to care that they are stealing from me so I am forced to investigate, and probably utilize, an encoding scheme.

  9. #34
    SitePoint Evangelist Daijoubu's Avatar
    Join Date
    Oct 2002
    Location
    Canada QC
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Turck MMCache encoded files can be loaded even without it being installed
    I managed to do it via dl()

  10. #35
    Ribbit... Eric.Coleman's Avatar
    Join Date
    Jun 2001
    Location
    In your basement
    Posts
    1,268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Im using CodeLock...

    It's great, and working fine, but I don't need the level of encryption and what not to use IonCube or SG..

    BUT... I HIGHLY RECOMMEND STAYING -AWAY- FROM SOURCE GUARDIAN

    Google the following term

    SourceGuardianII

    And you'll know why...
    Eric Coleman
    We're consentratin' on fallin' apart
    We were contenders, now throwin' the fight
    I just wanna believe, I just wanna believe in us

  11. #36
    SitePoint Enthusiast mrobinson's Avatar
    Join Date
    Aug 2004
    Location
    New York, NY, USA
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you're serious about protecting your code from prying eyes then I would stay well away from any PHP based encoding system.

    The Source Guardian website came to my rescue here:
    Any PHP encryption program needs to decrypt the file at some time, so the code will be theoretically available to experienced crackers during its execution.
    I can't say don't use Source Guardian because I've never used it myself, but their website hasn't convinced me.

    The ionCube loaders work best if they can be installed on the server, but if you don't have access to this they are loaded at run-time instead (so installation isn't strictly necessary). All you need to do is make sure the files are on the server in the right place!

    IMO, CodeLock is only going to discourage casual observers and I wouldn't use it (a personal choice). Encoded source can be decoded in seconds. A related thread can be found here: Free PHP Script Encoder

  12. #37
    SitePoint Wizard DougBTX's Avatar
    Join Date
    Nov 2001
    Location
    Bath, UK
    Posts
    2,498
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The important bit is the process:

    normally:
    your php (upload this) -> encoded by PHP -> run by PHP

    with ionCube:
    your php -> encoded by ionCube (upload this) -> run by PHP

    with SourceGuardian:
    obscured code (upload this) -> original code -> encoded by PHP -> run by PHP

    As you can see, the SG route is longer (slower) and the original code is created from what is uploaded. That's what makes it easy crack. With ionCube, the code is not converted back to the original PHP, so revers engeneering it is much harder.

    Douglas

    Edit: also, there are many people out there running illegal closed source software on their computers... encoding your PHP is just a first step. Probably a good idea to have good encoding on large apps, just for the performance benifits.

    Edit 2: the SG site now says that it has "bytecode compilaton" as well as the encoding I described above - perhaps it iw worth a second look. It may be more like ionCube now - who knows. Someone with $250?
    Hello World

  13. #38
    Ribbit... Eric.Coleman's Avatar
    Join Date
    Jun 2001
    Location
    In your basement
    Posts
    1,268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    when you google SourceGuardianII, the name within each encoded file, the first results is a nice exe that will decompile any SG encoded script.

    Sucks for them.
    Eric Coleman
    We're consentratin' on fallin' apart
    We were contenders, now throwin' the fight
    I just wanna believe, I just wanna believe in us

  14. #39
    SitePoint Wizard DougBTX's Avatar
    Join Date
    Nov 2001
    Location
    Bath, UK
    Posts
    2,498
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The site says that the file has only been downloaded 26 times... doesn't look like that many people are bothered with it!

    Douglas
    Hello World

  15. #40
    Ribbit... Eric.Coleman's Avatar
    Join Date
    Jun 2001
    Location
    In your basement
    Posts
    1,268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, but it's on a ton of different sites

    I had to use it for a moment to do a product integration.... works well, but worries me..

    - Eric
    Eric Coleman
    We're consentratin' on fallin' apart
    We were contenders, now throwin' the fight
    I just wanna believe, I just wanna believe in us

  16. #41
    SitePoint Addict
    Join Date
    Jul 2001
    Location
    New Zealand
    Posts
    340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Heres the low down...

    SourceGuardian: Easily Cracked
    Codelock: Easily Cracked
    IonCube: Hard to crack but can and has been done
    Zend: Is possible, has not fully been cracked to the best of my knowledge

  17. #42
    Serial Site Creator ToddW's Avatar
    Join Date
    Feb 2004
    Posts
    791
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are worried, and want something made by people who KNOW PHP then go with Zend Encoder. If you go with the small business package you can get the whole Zend Encoder, Studio, Etc for $450, and then I believe $150/year to renew/update. This is what I will be using once I start developing more software I plan to sell.

    If you are worried about people taking your code and using it as their own then I see no reason to 'skimp' on a product to protect them. Using SG to protect your PHP is like using a sword against 50 guys with uzis... It may work for a little but eventualy your defenses will be taken down.

  18. #43
    SitePoint Enthusiast
    Join Date
    Apr 2004
    Location
    London
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by fullahimhard
    Heres the low down...

    SourceGuardian: Easily Cracked
    Codelock: Easily Cracked
    IonCube: Hard to crack but can and has been done
    Zend: Is possible, has not fully been cracked to the best of my knowledge
    This isn't entirely correct.

    Codelock: Yes, trivial to crack with a printf in compile_string()

    SourceGuardian: Was easy, may be harder with their "byte code" encoding.

    ionCube: Actually never cracked, though Russian hackers did try (and gave up) in a 3rd party competition that we endorsed. Highly secure. Uses optimised bytecodes, algorithms hidden with obfuscation technques in the Loader, closed source decoder and execution engine, custom bytecodes etc.

    Zend: Never substantially cracked. Highly secure, also uses optimised bytecodes and closed source execution engine. Loader (Zend Optimiser) not obfuscated, and encoding techniques more easily exposed (contrast running strings on the ZO and ionCube binaries), but not necessarily a weakness and may not ultimately help a hacker.

    Others: mostly source based techniques similar to codelock.

  19. #44
    SitePoint Addict
    Join Date
    Jul 2001
    Location
    New Zealand
    Posts
    340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ioncube
    ionCube: Actually never cracked, though Russian hackers did try (and gave up) in a 3rd party competition that we endorsed. Highly secure. Uses optimised bytecodes, algorithms hidden with obfuscation technques in the Loader, closed source decoder and execution engine, custom bytecodes etc.
    Not true, I have personally seen code encrypted by ioncube decoded, it is very possible but takes HUGE amounts of time and mathmatical knowledge. I knew the creator of the original sourceguardian decrypter but I am interested to know who the Russian hackers in your competition?

  20. #45
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,196
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Ive been using IonCube for almost a year now, and Ive had no problems with it at all. And there has not been any problems with costumers due to using that so far. So I would strongly recommend it.

    fullahimhard: I know a few people who have tried but never managed to fully decode a ioncode encrypded script. Would be nice with more information if you have some?
    Thanks

  21. #46
    SitePoint Enthusiast
    Join Date
    Apr 2004
    Location
    London
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by hstraf
    This is really the only complaint I've been able to find regarding ionCube. You have to make sure the customer uploads the php files in BINARY mode, and also unzip them without using the automatic newline thing.
    We just wanted to add that this actually hasn't been an issue for over a year now as we introduced an ASCII encoding mode into the Encoder directly to combat this issue. (The online Encoder does still generate binary files)

    When creating the Encoder, binary format files were the obvious choice. They look "impressive", messing up a Unix xterm if you "cat" them for example, and give good performance. However, what we didn't forsee was the problem with applications such as the WinZIP automatic CR/LF conversion feature, certain FTP programs that try to guess whether a file is ASCII or binary, and FTP clients such as Dreamweaver that only support ASCII transfers. This issue is typically only a problem between a Windows client and a Unix server, but of course, that was almost everyone. Something had to be done.

    Our ASCII file format was therefore introduced as a wrapper around the existing binary file format, being supported ahead of time by the release 2.4 Loader in Dec 2003 (to give a chance for penetration of the Loader), and appearing as the default file format in the March 2004 Encoder release. Whilst files could still get transformed by FTP or WinZIP, the data integrity is preserved as the modified line breaks aren't part of the data, and the transformation from ASCII format back to the underlying "original" binary format still works as it should. As there is an extra layer of encoding, ASCII encoded files perform slightly less well than if encoded with the binary format, but as the decoding routines are highly optimised (we spent a good day analysing and benchmarking just the handful of lines of code that do this in order to maximise performance), there's no downside from the ASCII format and a considerable upside for the end user.

    Hope this helps.

    ionCube

  22. #47
    SitePoint Enthusiast
    Join Date
    Apr 2004
    Location
    London
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by fullahimhard
    Not true, I have personally seen code encrypted by ioncube decoded, it is very possible but takes HUGE amounts of time and mathmatical knowledge. I knew the creator of the original sourceguardian decrypter but I am interested to know who the Russian hackers in your competition?
    We've no idea who they were. It wasn't our competition, but one run by a magazine site.

    With regards to your other comments, from what you say it sounds very much as though you may have been misled on this. Whilst a little mathematical knowledge never hurt anyone, and admittedly everything computational ultimately boils down just to maths, pure maths isn't the essence to decoding encoded files, and certainly not by a brute force approach as you suggest. Instead, a somewhat twisted mind could frankly be considered to be a prerequisite and more useful, coupled with some exceptional skill at machine code, knowledge of various problem domains, and puzzle solving in general. You are invited to contact us directly with more information if you have it though as we're always on the lookout for exceptional persons.

    With compiled code systems, it's also not clear what constitutes "seen code" decrypted. With a source based encoding system you know when you've reached your end goal, but when your target is binary data, knowing when you've reached the right binary data is often less clear. ionCube encoded files not only contain no source code, but also don't store compiled code in the same format that the standard execution engine uses, in favour of an obscure proprietary format. In other words, even if you understood the compiled code format, this isn't necessarily going to help because that isn't what's stored in the files. To give you a further insight into things, some data values such as time constants, e.g. 1109766410, and that to a smart observer could be spotted as being a likely candidate for a time_t value, are also not stored in their correct native format in even the unencoded data. In other words, the restored data does not restore a pure time_t value, but something else. Not knowing what the end result should be makes life much harder.

    There was, however, one case where someone not only claimed to have decoded files, but provided alleged evidence! All was not what it seemed though, and this was easily exposed as nonsense because the purported hacker had restored source code, including comments, to files that were byte for byte identical to the original source, and is impossible. What had happened in this case, and it should act as a warning, is that the source code owner was encoding source files on their public server, had had their server accessed, and the so called hacker was stealing their original source before encoding even took place. Not very impressive, but a wake up call that machines aren't necessarily as secure as we might think, and a good illustration of why users should consider encoding not only applications, but also websites themselves in order to reduce the potential damage in the event that a server is broken into.

    ionCube

  23. #48
    SitePoint Guru
    Join Date
    Jul 2004
    Location
    Netherlands
    Posts
    672
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But doesn't it suck when someone buys your script and want's to modify it for their needs ?
    Go visit my site :-D you know you want to ;-)
    www.mech7.net

  24. #49
    SitePoint Wizard DougBTX's Avatar
    Join Date
    Nov 2001
    Location
    Bath, UK
    Posts
    2,498
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by pixelsoul
    But doesn't it suck when someone buys your script and want's to modify it for their needs ?
    It should be OK if:

    1) When they buy it, they know what they are getting
    2) The software lets them do what they want to do; if not, they should be able to get a refund
    3) If the user wants an extra feature, they can pay the original writers to add the feature, OR, to purchace a licence to those sections of the source code they wish to extend, OR, if the software is quality, they should be able to just write a plugin

    That's how clasically commercial software works... if the person buying the software doesn't get their needs met, then they won't buy the software. If the software isn't bought by enough people, then the company will go out of buissness... so goes it.

    Douglas
    Hello World

  25. #50
    SitePoint Wizard REMIYA's Avatar
    Join Date
    May 2005
    Posts
    1,351
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    http://www.virtualpromote.com/tools/php-encrypt/

    It is interesting tool although after smashing 500 lines of OOP PHP 5 my code stopped working.

    But it deserves a test...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •