ionCube vs. SourceGuardian

What are cons/pros of ionCube vs. SourceGuardian? Isn’t SourceGuardian more secure?

Who said it was?

I’ve seen zend and ioncube loaders installed on servers with enough frequency to almost expect those loaders to be there without a user needing to request them to be installed by their hosting provider. SourceGuardian…not so much.

If you are using ionCube already, you may not go for SourceGuardian because it looks to be more secure to you.

If you are not using iconCube now, you may go for SourceGuardian, if it is easy and simple to use. and also secured.

All software application security providers looks to be good, it depends on the way you interpret, based on your needs and what is said by the software application security providers, on their sites.

I don’t know if SG is secure. But ionCube has nothing to do with protection and security. It is just a useless garbage thing. I did use ionCube license file but it was easily decoded to expose all license properties and the code was php5 OO with obfuscated settings and they were deocded. I am thinking to move away to SourceGuardian

Eh? I’m sorry but that is complete nonsense. If you actually encrypted with ionCube you would have not been able to “decode” it. You most certainly would not get the actual source code back. ionCube turns your code into bytecode, this is what PHP compiles source code to before execution, this strips away everything not essential.

But, my obfuscated code was decoded and the license file too.

I have a hard time believing that.
Here decode this:


<?php //00440
// IONCUBE ENCODER 6.5 EVALUATION
// THIS LICENSE MESSAGE IS ONLY ADDED BY THE EVALUATION ENCODER AND
// IS NOT PRESENT IN PRODUCTION ENCODED FILES

if(!extension_loaded('ionCube Loader')){$__oc=strtolower(substr(php_uname(),0,3));$__ln='ioncube_loader_'.$__oc.'_'.substr(phpversion(),0,3).(($__oc=='win')?'.dll':'.so');@dl($__ln);if(function_exists('_il_exec')){return _il_exec();}$__ln='/ioncube/'.$__ln;$__oid=$__id=realpath(ini_get('extension_dir'));$__here=dirname(__FILE__);if(strlen($__id)>1&&$__id[1]==':'){$__id=str_replace('\\\\','/',substr($__id,2));$__here=str_replace('\\\\','/',substr($__here,2));}$__rd=str_repeat('/..',substr_count($__id,'/')).$__here.'/';$__i=strlen($__rd);while($__i--){if($__rd[$__i]=='/'){$__lp=substr($__rd,0,$__i).$__ln;if(file_exists($__oid.$__lp)){$__ln=$__lp;break;}}}@dl($__ln);}else{die('The file '.__FILE__." is corrupted.\
");}if(function_exists('_il_exec')){return _il_exec();}echo('Site error: the file <b>'.__FILE__.'</b> requires the ionCube PHP Loader '.basename($__ln).' to be installed by the site administrator.');exit(199);
?>
4+oV57x59K1g4vvtDd+mOwCGZO90iVJ9RbdsjsxXDSkfrYbAU+FA378zzC33LgEWS2sK1+QeecCR
jbUWW2z140RK12GsTN+Thn4EpchIm5lrwmYHyjrdh1SCL9f2Q+jzFGOGo+tsu+wAGuw6biWb3hLZ
JnkMWgUiEYnRzVrmlISNSus1FjCbTICOyw8ri2xCu12ZB5oUPnYyhfSsP9zmteV9EhEwUfSl42Mp
8b/Ob2LDGa4metUWoeLNVMnILVC27H0XNFNJPd0DzfGp8F149dflteKAoV7Wl6E8lboI0gIYmT1K
yKJoGrnnioFZUuLjY9mqVaoMdFDUvmbR7FqXt2+U6YPN4TTf73jfd1gm6ZOGTqv2MiEvYZ/3zWSo
BONFoptD+2tTIv8wiCbl959q0qQJWR/E5OMOKYNSH0QlTW1+rtMO6setu5/dXcKVcaIW2WOu6Mq4
ClHfWbi1ZdUkALIYH8kVYpyqMbKLdvLKGU4eOqC4nPePDXE8swOGBIasTVSTgi8C5NF9p6Q6prs5
iHnerkBwyVTdpNoGDV5ERx6zwO6IepTjT3TXU+2PsDz2dCECgZKZpzFyUD2afDrvVcK9PEWhe4/m
LF44xZOtSuuLBE4+H4RFJchMzZkC/yFkFcRC/Vwe18qUhnynxn/t2rfw0H0v+MA6AkN4OmxNdCAc
Qc3UdEDhqH5lou+lDcEXmw7pHfSvSnHKd7jvC0ykKRy0ojGh8oGkJIAgFxJsU54I

I am not a hacker, I am an ethical person to not steal others’ work, I was saying my own work was hacked and decoded, for sure, you can post it on some warez forums and ask them to decode it for you and that is possible.

I find it highly unlikely. zend, ioncube, sourceguardian, and others would quickly go out of business if this were the case.

If you google, you will find some sites that offers paid decoding service and some warez forums for free service. I am not going to post any link here as I won’t ad this sort of dirty sites and I don’t know why some hosting companies allows such sites. I see most of these hosting companies are located in Turkey.

Hi there. This is Adrian from SourceGuardian. Hope you don’t mind me adding to the discussion. Basically, Zend, Ioncube and ourselves are good products and help coders to protect their work. Yes, there are companies out there who say they can decode but so far I’ve been unable to find one that can for ours. There are other encoders out there who use very weak protection systems and it is childs play to reverse the code. We do not pretend to be impregnable - and I think it will be the same for Zend and Ion Cube - but we offer an additional layer of protection to people. Like locking the doors or your house, installing an alarm or CCTV, these are all tools to prevent people from access and the same goes for encoding your files. We use SourceGuardian to protect our own code and it was borne out of a need to protect ourselves.

I’m more than happy to answer any questions you may have or to give my opinion (for what it’s worth!!).

All the best… Ade

Adrian,

I contacted you via your website but heard nothing from you or your staff. If you mind to answer people who contact your company, my questions is that what features SG have that ionCube does not have?

Hi there

I’ve replied directly to your email address with a screenshot of our helpdesk. Unfortunately it looks like our response to you was spam trapped. It does happen, which is infuriating and something that I need to look into to see if there is a way to improve receiving of our helpdesk responses. We do pride ourselves on our support, so apologies that you did not receive the response

For the benefit of everyone here, I would say that our products are fairly well matched. As we added new features in the past, these have also appeared in Ioncube and it would only be fair for me to say that we’ve gained inspiration from our competitors. So in terms of obvious features we have comparable products. The difference might be at the lower-level where our methods of encryption might differ. As I have said, we use SourceGuardian to encrypt our own products and so it is in our own interest to make the software as secure as we can.

Please contact me if you have any further questions regarding our software