SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Enthusiast azuranz's Avatar
    Join Date
    Sep 2005
    Location
    Bermuda Triangle
    Posts
    98
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question encoding your own code?

    hey I'm wondering if anyone's ever encoded their own code.

    I'm just a smalltime dev so it really isn't worth it for me to spend the money on an encoder when I'm not doing enough volume to earn it back.

    So I just want to encode my code with the below:

    simple license key generation based on a website address

    then (i assume i place this in my code) a check to see if current address script is a match to the license key, if not a match(being run elsewhere) exit.

    hints tips links to get started? I'm intermediate at PHP but I've never tried encoding so yeah

    base64_decode?
    azuranz
    Confucius says... man who fight with wife all day, get no piece at night

  2. #2
    SitePoint Evangelist dmsuperman's Avatar
    Join Date
    Feb 2005
    Location
    A box
    Posts
    516
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Best way is to include various checks within the code to ensure that other checks are there and other checks have other checks upon other checks, then obfuscate it using something like base64. What I mean above is make it so they have to go around and around in circles to find where the source of the unlocking module is at to unlock it.
    <(^.^<) \(^.^\) (^.^) (/^.^)/ (>^.^)>
    Core 2 Duo E8400 clocked @ 3.375GHz, 2x2GB 800MHz DDR2 RAM
    5x SATA drives totalling 2.5TB, 7900GS KO, 6600GT

  3. #3
    SitePoint Enthusiast fLUx1337's Avatar
    Join Date
    Jul 2007
    Posts
    76
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeh, with the mass of files you include with most projects, it will be easy to hide checks.

    Personally I have never created anything I would sell, or even release, so I have never had to do this, but as long as you make it really hard for the user to crack, you will be fine...

    Just look at vBulletin, they must use commercial encoders - and every new release, its cracked. So you can only make it hard for people...

  4. #4
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    724
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    http://phplockit.com/

    Cheap enough, also offers domain or ip lockdown

    hth

  5. #5
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Do not use something like PHP Lockit.
    Here is how easy it is to decrypt it:
    PHP Code:
    function decrypt_phplockit ($s) {
        
    $from 'TnPE5s1kL6j4QdcebGK7VBgXW+a2Sr0IfRqNiFxvzDw893UYOuJypmHlCM/tZAho=';
        
    $to   'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';

        
    $s strtr($s$from$to);
        
    $s base64_decode($s);

        return 
    $s;

    Took me less then a minute to get that.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  6. #6
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    724
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey,

    everything is crackable I guess?

    But if you are just hiding it and locking to domain for the client u sold script to they more than likely wouldnt bother trying to crack it anyway

  7. #7
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    To me cracking it or the lack of protection it offers is not the problem.

    Its the overhead the huge performance hit something like this adds to the server.
    Every page request PHP interprets the file it then runs into the decrypting system which goes though decrypts then forces PHP to reinterpret. not one, not twice, but three times.

    Huge performance hit.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  8. #8
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Using something like Zend encoder the PHP is pre compiled into bitecode and thus not requiring to be interpreted again.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  9. #9
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    724
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey,

    Zend is all good if you are encoding lots of code to generate the income for the cost of zend, but how bout the average coder that does few jobs for people and dont want their code to be poached and given away?

  10. #10
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    The "average coder" shouldn't really worry about it.
    In my mind they are over analyzing a problem that really isn't a problem.

    Commercial PHP applications like vBulletin or IPB are paid scripts but there source code is not encrypted.

    Yes they are stolen but those who steal it get no support or updates to the latest security patches.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  11. #11
    SitePoint Enthusiast azuranz's Avatar
    Join Date
    Sep 2005
    Location
    Bermuda Triangle
    Posts
    98
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sure but as I & another guy said earlier, there are some projects where the nature of code you've developed is relatively important and the people you are giving it to or who may have access to it, COULD then use it for their own gains which would be damaging.

    as also said, I can't monetarilly justify the purchase of something like Zend etc as I'm not doing that volume / value to cover it! Small Odds jobs but with code that is important to me!

    Is it best just to try googling for encode php tutorial & base 64.

    BTW: the code file I'm trying to encode at the moment should have no problem with performance. It's only 5kb


    PS: that said, how do you handle the possibility of someone decoding a base64 once they have the right key and just reading it?
    azuranz
    Confucius says... man who fight with wife all day, get no piece at night

  12. #12
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    What makes it so important I'm very curious, is it something new never done before?

    But you know if you don't trust your clients either get new clients.
    Because if you don't trust them it doesn't look very well to the clients.
    You may in fact lose business like that. Word of mouth is key.

    And honestly if you don't think it is wroth investing in Zend encoder then the code you are trying to protect cannot be that important.
    Invest is a key word here.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  13. #13
    SitePoint Addict CVPer's Avatar
    Join Date
    Sep 2007
    Location
    Vancouver, BC, Canada
    Posts
    233
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i have never done this before. but is that possible to compile your core programs into a module and sell it?
    * @location Vancouver, BC, Canada
    * @name Steve
    * @job PHP/MySQL, Drupal, WordPress Developer

  14. #14
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    With PHP? no not really in terms like that.
    PHP wasn't designed and isn't designed for a replacement to destop programming. As such it lacks a lot of feature that those languages have.

    But thats okay you don't need them on the web.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  15. #15
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    Do not use something like PHP Lockit.
    Here is how easy it is to decrypt it:
    PHP Code:
    function decrypt_phplockit ($s) {
        
    $from 'TnPE5s1kL6j4QdcebGK7VBgXW+a2Sr0IfRqNiFxvzDw893UYOuJypmHlCM/tZAho=';
        
    $to   'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';

        
    $s strtr($s$from$to);
        
    $s base64_decode($s);

        return 
    $s;

    Took me less then a minute to get that.
    Can you show me how to use this function?
    I'm getting the following errors:
    Missing argument 1 for decrypt_phplockit()
    Undefined variable: s
    my mobile portal
    ghiris.ro

  16. #16
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    you need to put what you want to decode in the function:
    PHP Code:
    <?
    $pagecontents 
    file_get_contents("encryptedfile.php");
    echo 
    $decrypt_phplockit($pagecontents);
    ?>
    I had this dilemma with a load of classes I created. It actually gained me more money by using it by myself to deliver sites quicker to clients, then getting more refferals. If I had tried to sell the source, it could mean that my direct compeditors could use MY code to beat me to the clients.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •