SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Nov 2007
    Location
    Thane-Vashi, Mumbai, India
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Has anyone used "TrueBug PHP Obfuscator & Encoder"? Any reviews?

    URL: http://www.truebug.com

    Th reason I am attracted to this is because its priced below 100 USD whereas its counterparts like SourceGuardian(250 USD) and IonCube(380 USD) seem much expensive.

    It claims to use byte-code technique as used by SourceGuardian and IonCube.

    TrueBug PHP Obfuscator & Encoder is for PHP application developers use to protect their source codes from modification, the Obfuscate functional will replace class, function, and variable names in PHP source codes with md5-hashes, making source code harder to understand and reverse engineering. The Software also includes simple PHP Encoder engine to encode through the source code by using byte-code technique, and no loader is required to install on the server machine.
    Has anybody used it? Anything to say about this? Is it worth the risk?
    Web developer: PHP-MySQL, JavaScript? http://www.w3hobbyist.com

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    It does not appear to using actual byte-code. In fact it is easily cracked.
    If you want real protection, then try IonCube.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Member
    Join Date
    Nov 2007
    Location
    Thane-Vashi, Mumbai, India
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Logic. That was the first useful reply I received about my question on any forum.
    Web developer: PHP-MySQL, JavaScript? http://www.w3hobbyist.com

  4. #4
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    If you wanted to know, this is the function used to decrypt the code: (cleaned up of course)
    PHP Code:
    <?php

    if ( !function_exists'truebug_decrypt' ) )  {
        function 
    truebug_decrypt($process_string) {

            
    $process_string base64_decode($process_string);
            
    $truebug_decrypt 0;
            
    $int_one 0;
            
    $int_two 0;
            
    $string_ord = (ord($process_string[1]) << 8) + ord($process_string[2]);
            
    $int_three 0;
            
    $int_16 16;
            
    $blank_string "";
            
    $string_length strlen($process_string);
            
    $current_file file_get_contents__FILE__ );

            
    preg_match'/(print|sprint|echo)/'$current_file$matches );
            
            for ( 
    $i 3$i $string_length; ) {

                if ( 
    count$matches ) ) exit;
                
                if ( 
    $int_16 == ) {
                    
    $string_ord  = ( ord$process_string$i++ ] ) << );
                    
    $string_ord += ord$process_string$i++ ] );
                    
    $int_16 16;
                }
                
                if ( 
    $string_ord 0x8000 ) {
                    
    $truebug_decrypt  = ( ord$process_string$i++ ] ) << );
                    
    $truebug_decrypt += ( ord$process_string$i ] ) >> );
                    
                    if ( 
    $truebug_decrypt ) {
                        
    $int_one = ( ord$process_string$i++ ] ) & 0x0F ) + 3;
                        
                        for ( 
    $int_two 0$int_two $int_one$int_two++ )
                            
    $blank_string$int_three $int_two ] = $blank_string$int_three $truebug_decrypt $int_two ];
                        
                        
    $int_three += $int_one;
                    } else {
                        
    $int_one  = ( ord$process_string$i++ ] ) << );
                        
    $int_one += ord$process_string$i++ ] ) + 16;
                        
                        for ( 
    $int_two 0$int_two $int_one$blank_string$int_three $int_two++ ] = $process_string$i ] );
                        
                        
    $i++;
                        
    $int_three += $int_one;
                    }
                } else
                    
    $blank_string$int_three++ ] = $process_string$i++ ]; 
                
                
    $string_ord <<= 1;
                
    $int_16--;

                if ( 
    $i == $string_length ) {
                    
    $current_file implode''$blank_string );
                    
    $current_file '?>' $current_file '<?';
                    return 
    $current_file;
                }
            }
        }
    }
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  5. #5
    SitePoint Member
    Join Date
    Nov 2007
    Location
    Thane-Vashi, Mumbai, India
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OMG! Is it so weak!
    Thanks Logic

    BTW I hope ionCube protection isnt so weak!
    Web developer: PHP-MySQL, JavaScript? http://www.w3hobbyist.com

  6. #6
    Use The Cloud
    Join Date
    Jan 2006
    Location
    Boise, ID
    Posts
    556
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That program is a complete PoS.

    Decode their "byte-code technique" by changing the eval at the bottom of the encoded file to ECHO.

    I guess their "protection" for that may fool a 3rd grader:

    PHP Code:
    preg_match'/(print|sprint|echo)/'$current_file$matches );
    if ( 
    count$matches ) ) exit; 
    Brad Hanson, Web Applications & Scalability Specialist
    ► Is your website outgrowing its current hosting solution?
    ► PM me for a FREE scalability consult!
    ► USA Based: Available by Phone, Skype, AIM, and E-mail.

  7. #7
    Guru in training bronze trophy SoulScratch's Avatar
    Join Date
    Apr 2006
    Location
    Maryland
    Posts
    1,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What purpose do programs such as this serve? Are you on a shared server or using a revisioning file system where other people could take a peek at the code? It could always be reverse engineered.
    Cross browser css bugs

    Dan Schulz you will be missed

  8. #8
    SitePoint Member
    Join Date
    Nov 2007
    Location
    Thane-Vashi, Mumbai, India
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SoulScratch View Post
    What purpose do programs such as this serve? Are you on a shared server or using a revisioning file system where other people could take a peek at the code? It could always be reverse engineered.
    Actually I am looking for a licensing system of my PHP-MySQL application. I don't want theft of source code.
    Web developer: PHP-MySQL, JavaScript? http://www.w3hobbyist.com


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •