1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP Encryption

Discussion in 'PHP & Perl' started by catman08, Aug 5, 2008.

  1. catman08

    catman08 Junior Member

    Joined:
    Jan 11, 2008
    Messages:
    171
    Likes Received:
    109
    Occupation:
    IM
    Location:
    Europe
    Hi guys ...

    ... a quick question:
    Does anyone of you know of a (almost) very secure code encryption software that can be used for web applications.

    I know there is:
    -codelock
    -ioncube
    -zend

    2 years back i had purchased php-codelock for smaller projects ... but i do not know if its is crackable to easily.

    Does anyone have experience with this or can give a suggestion ... advice ... thoughts ... ideas ... opinion ... whatever... ?

    Big thanks in advance
    catman
    :)
     
  2. Gogeta

    Gogeta Power Member

    Joined:
    Jun 29, 2008
    Messages:
    524
    Likes Received:
    1,493
    Occupation:
    Internet Hustler
    • Thanks Thanks x 1
  3. catman08

    catman08 Junior Member

    Joined:
    Jan 11, 2008
    Messages:
    171
    Likes Received:
    109
    Occupation:
    IM
    Location:
    Europe
    thanks ... :)

    Do you use this software personally also?
     
  4. Gogeta

    Gogeta Power Member

    Joined:
    Jun 29, 2008
    Messages:
    524
    Likes Received:
    1,493
    Occupation:
    Internet Hustler
    Yeah It works great I use this and ioncube.
     
  5. malibu.r

    malibu.r Newbie

    Joined:
    Jun 16, 2008
    Messages:
    15
    Likes Received:
    2
    contact me, we do prv8 obuscation, very secure method.
    all of these encoders right now are docodable!
     
  6. MoneyMafia

    MoneyMafia Regular Member

    Joined:
    Dec 2, 2007
    Messages:
    290
    Likes Received:
    310
    Codelock and zend can be easily decoded and decoders are available for free (just check warez forums)
    I use IONCube ... First of all because is cheap ($180 /license) and secondly because the decoding groups ask around $8/file .. so if your script have 40-50 files every one that wants to decode it .end up with a pretty expensive bill so they better buy a script license:)
     
  7. dbrown

    dbrown Junior Member

    Joined:
    Dec 26, 2007
    Messages:
    104
    Likes Received:
    181
    Yea... I can crack Zend file easy. IONCube is safer and is recommended.

    Also if anyone needs zend files decrypted, just hit me up. Its free unless you got a ton of files.
     
  8. catman08

    catman08 Junior Member

    Joined:
    Jan 11, 2008
    Messages:
    171
    Likes Received:
    109
    Occupation:
    IM
    Location:
    Europe
    Hey guys ... i am sitting on the fence what to purchase - I actually like the source guardian more compared to ioncube ... but after i researched a little ... i figured out that everybody else is writing something different. Here is something i found on another forum (its from 2006 though):


    +++++++++++++++++++++++++
    Codelock: Yes, trivial to crack with a printf in compile_string()

    SourceGuardian: Was easy, may be harder with their "byte code" encoding.

    ionCube: Actually never cracked, though Russian hackers did try (and gave up) in a 3rd party competition that we endorsed. Highly secure. Uses optimized bytecodes, algorithms hidden with obfuscation techniques in the Loader, closed source decoder and execution engine, custom bytecodes etc.

    Zend: Never substantially cracked. Highly secure, also uses optimized bytecodes and closed source execution engine. Loader (Zend Optimiser) not obfuscated, and encoding techniques more easily exposed (contrast running strings on the ZO and ionCube binaries), but not necessarily a weakness and may not ultimately help a hacker.

    +++++++++++++++++++++++++++++++++++++++++++++++
    -> Zend is easy? They tell its extremely hard? anyway i do not care about zend ... to expensive anyway ... but what about the Sourceguardian ... i think the version that exists right now supports bytecode and obfuscation also!

    so it is as powerful as ioncube right?

    thanks again for all your help guys :)
    cheers
    catman
     
  9. dbrown

    dbrown Junior Member

    Joined:
    Dec 26, 2007
    Messages:
    104
    Likes Received:
    181
    He is right.. Goto elance and post a job asking to decrypt ioncube files. It can be done.

    NOW> I find it interesting that sourceguardian has added bytecode to their setup.

    At this point I think more research needs to be done on whether sg or ion is a "safer" choice.
     
  10. JohnDoe

    JohnDoe Junior Member

    Joined:
    Dec 28, 2007
    Messages:
    159
    Likes Received:
    21
    Most large warez groups or large warez php groups have access to ioncube decoders and no not pay the any moneyt o have there files decoded. Also one of the main decoders had his site hacked last year and the code was then shared around a few Russian groups.

    What ever you get will be able to keep a few people off your code if your code is any good sooner or later some one will decode it.

    If your code is going to be main stream both ioncube and Zend both need loaders so you will have to remember this as not all hosts have these installed and you might have to provide support together it up and running.
     
  11. MoneyMafia

    MoneyMafia Regular Member

    Joined:
    Dec 2, 2007
    Messages:
    290
    Likes Received:
    310
    Well a + for Ioncube related to loaders is that YOU can provide the loaders to your customer but with Zend ..the hoster need to install it
     
  12. JohnDoe

    JohnDoe Junior Member

    Joined:
    Dec 28, 2007
    Messages:
    159
    Likes Received:
    21
    I had a issue where I could not use the loaders providered by the Dev I had to install my own set my self and setup IIS to support them.
     
  13. ghostdog

    ghostdog Newbie

    Joined:
    Jun 2, 2011
    Messages:
    1
    Likes Received:
    0
    does anyone know anyone that would know how to decode ioncube ?
     
  14. catman08

    catman08 Junior Member

    Joined:
    Jan 11, 2008
    Messages:
    171
    Likes Received:
    109
    Occupation:
    IM
    Location:
    Europe
    i found a service via google that claimed to decode ioncube for 8 dollars a file.
    just do a google search for: "crack ioncube files" or "decode ioncube files".
     
  15. barigain

    barigain Junior Member

    Joined:
    Aug 23, 2012
    Messages:
    100
    Likes Received:
    12
    ionCube and Zend are fine for code protection, and even if some decompilation service produced usable code from an encoded file, this would typically do little if anything to diminish the benefits from encoding and license enforcement, and may even result in increased revenue in the longer term for the software provider.
    Data hiding, however, is entirely different. Keep in mind that PHP and all of the associated library wrappers, plus the libraries themselves, are opensource and therefore easily modified. Data sent into and returned from any PHP function can be easily exposed by simple changes to the PHP internals. Want to see the database password to MySQL? Just modify the mysql_connect() wrapper or the underlying MySQL library and log the details. Some encoding systems, for example ionCube, can encrypt non-PHP files and then decrypt at runtime via closed source routines in their runtime component, which may in some cases provide some benefits over the opensource PHP routines such as mcrypt.
    duskwuff is not entirely incorrect with the example cited as in some systems, ionCube for example, it is possible to protect files from being included by non-encoded files, or files encoded by a different copy of the Encoder through a mechanism called "include attack protection". None the less, storing sensitive data in variables, particularly globals is a poor approach, and it would be better to have such data returned by a function with a misleading name and that perhaps performs differently unless called in a particular way. e.g. a function called mytime() that does return the time unless called with a "magic" value.