Sorry about that!
As far as I know, it currently requires PHP 4.3.x
I wasn’t aware that file_get_contents wasn’t available in 4.1.x
And here is a list of (current) limitations on freelock :
No breaking in and out of PHP (I know, it’s a pain in the ***, but I am working on a parser for that purpose, that will split the code into a few variables, etc)
Only works on scripts that start with <?php and end with ?>
can’t think of the others right now…
But here is what I am working on :
FreeLock PHP extension (dynamically loadable or can be compiled right into PHP)
Support for scripts that break in and out of PHP
Encoding of segments (to allow people to customize PARTS of the script)
This is kind of slow going, as I am pretty busy these days. But I won’t give up until I have made a VERY usable (and documented!!!) script encoder.
Thanks all for your interest!
Please, send me as much feedback as you can. I want you to like FreeLock!
I’ve got to agree with this. Build a program to encrypt Microsoft scripts, much more fitting. Personally, I like to open source world and contributing to it.
well, after two sleepness nights I finally made some progress on the embedded PHP functionality. It works nicely. Uses regular expressions that eliminate the need for that str_replace of the PHP tags.
Maybe, but most hosts have atleast v4.3.3 installed, so I doubt
that your clients will face any problems there. If a host has anything
lower than v4.3.3, I for one wouldn’t host with them, there are plenty
of them offering v4.3.3, so why would I go with one which give me
outdated software?
you know guys this really doesn’t protect your source code at all. Its super simple to print it out again. Just takes a 1 liner.
The only way to really protect your source is to use a byte code encoder like zend encoder. And if you are really serious about protecting your code… its not expensive… a small business package which comes with zend IDE, performance suite, and encoder costs like 200 bucks. I bought it and it was definitly worth the money.
Ah, but the zend encoder can be cracked as well (and as far as the whole
encoding thing, I realize that there is no way to be really secure using a PHP include, as the PHP include is just gzipped/base64’d 20+ times.
That is why I am writing a PHP extension module (dynamically loadable, of course) to address these issues. People can then customize their encryption methods.
Actually zend encoder cannot be cracked…sorta Since it is converted into bytecode, php doesn’t need to interpret and compile it. PHP directly runs that code. You will never be able to reverse engineer the code to the way it was first written…ever… its simply not possible. It is possible to product some code that would work the same but it would be highly cryptic and unreadable. You wouldn’t be able to feed it directly into php… you would have to be able to interpret php’s high level constructs.
Your method can easily be reverse engineered to produce the original source code without any advanced programming knowlege. It can be done directly with a 1 line php statement. It may deter noob php programmers but isn’t suitable for the professional world because:
Easily reverse engineered. No way to truly protect it using your method.
Increases runtime significantly. Probably over 100% in most cases. Zend optimizer actually speeds execution up over 7 times
It is a cool experiment in php but you should warn users that it can be bypassed and professional solutions should utilize zend encoder.
The php module could help but not if you use the same method as you are doing now. You would have to convert it to some type of proprietary binary format. Problem is, your project is open source… so that makes it easier to reverse engineer.
The only way to make it hard to reverse engineer is to bypass the php interpreter and feed it bytcode directly.
Cool experiment… just put a notice on the site that it can be reverse engineered and shouldn’t be used in a professional environment
heh… thats not true at all. Zend encoder encodes php into bytecode before you publish to the web. Optimizer runs the bytecode that is already encoded. You will usually see a small increase in speed (30-40%) using only zend encoder/optimizer. Zend Performance Suite (which i also have) gives me an average of 10 - 20X increase in speed.
The biggest time is the actual compiling/interpretation of the php into byte code. (Roughly half of the execution time) Zend optimizer doesn’t need to compile the encoded byte code. This is how you get the speed increase.
Performance suite will cache frequently used php code so there is no interpretation step either… it can also cache output and a whole lot of other stuff… thats where you get the HUGE increase in speed.
granted it might be slower if your php files are not encoded and can’t be optimized by zend optimizer… then you would get the overhead but none of the benefits… but if you encode your php files then it will always be faster… or at least never slower
Take a look at CodeLock, it’s commercial, easily reversed and doesn’t have that message anywhere telling it’s customers that it can be easily reversed.
They do hovever point out that reverse engineering the code is illegal and include ainfo to that effect.
