zended php-scripts decoding
Moderator: General Moderators
zended php-scripts decoding
Hi everyone.
We can decode php-scripts encoded by Zend Safe Guard. Do you interesting in this topic? It's not commercial offer. We only want to know interesting this for php-community or not.
We can decode php-scripts encoded by Zend Safe Guard. Do you interesting in this topic? It's not commercial offer. We only want to know interesting this for php-community or not.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Plus we've already had this discussion..EULA wrote:4. PROHIBITION ON REVERSE ENGINEERING, DECOMPILATION, AND DISASSEMBLY.
You may not reverse engineer, decompile, defeat license encryption mechanisms, or disassemble the Software Product or Software Product License except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
PHP scripts and (de)encoding...IMHO: *clears throat* 
High level - plaform independant byte codes are almost always "easy" (relatively speaking) to reverse engineer.
Windows applications are typically much more difficult to produce source code for (given only the binary) because the flexibility that Machine/Assembly language provides is much more complicated, although not impossible...
You would be very hard pressed to find a decompiler for Windows apps that actually generated readable source code, especially anything that resembled the original.
Unless of course you had the DEBUG version...in which case, I believe source is embedded in the binary itself.
PHP being a high level language and cross platform portability being a must...makes any kind of binary reverse engineering possible for even a moderately skilled programmer - with enough time on their hands.
So buddy...quit bragging about decompiling - besides it's unethical!!!
My second opinion on this matter...
I never understood why people would feel the need to protect PHP code...cause let's be honest...anything you see from your browser window can easily be reproduced anyways.
If you do invent some seriously wicked code in PHP...either:
1) Patent your source
2) Offer it as a hosted service only
All in all...I think this topic is really stupid...it's wrong on both sides of the law...
Just my 3 cents
High level - plaform independant byte codes are almost always "easy" (relatively speaking) to reverse engineer.
Windows applications are typically much more difficult to produce source code for (given only the binary) because the flexibility that Machine/Assembly language provides is much more complicated, although not impossible...
You would be very hard pressed to find a decompiler for Windows apps that actually generated readable source code, especially anything that resembled the original.
Unless of course you had the DEBUG version...in which case, I believe source is embedded in the binary itself.
PHP being a high level language and cross platform portability being a must...makes any kind of binary reverse engineering possible for even a moderately skilled programmer - with enough time on their hands.
So buddy...quit bragging about decompiling - besides it's unethical!!!
My second opinion on this matter...
I never understood why people would feel the need to protect PHP code...cause let's be honest...anything you see from your browser window can easily be reproduced anyways.
If you do invent some seriously wicked code in PHP...either:
1) Patent your source
2) Offer it as a hosted service only
All in all...I think this topic is really stupid...it's wrong on both sides of the law...
Just my 3 cents
Because in certain backwater legal communities (The United States) breaking encryption intentionally can in the right situations (and my personal, non-lawyer, non-binding opinion this is one) be interpreted as a violation of the DMCA.jasear wrote:and whats the reason? it was removed because they were advertising. If they pm me the link it wont be classed as advertising.
As such, we don't encourage people to solicit ways to break the law here. Just like you don't see people asking for WinXP CD-Keys.
I have heard that Zend is working on fix for this. As a side note, Zend Unlimited 1.1 used to have a re-encoder that allowed you to use multi pass encoding. Scripts using this don't work with PHP 5 even with ze1_compatibility_mode * ON * but they still work with PHP 4.1 to 4.2. and these scripts can not be decoded. I personal know this because I gave one of my scripts and asked (2) sites that are doing decoding to decode my example script and they could not! But anything encoded with Zend Encoder 2.0^ can be decoded. I hope Zend does something to fix this soon as it is very important to many developers! For now switch to ionCube if you really need the protection!
yj
yj
Stefan Esser, a notable in the php security world, explains in great detail why *no* encoder with a decoder will ever be completely secure: http://blog.php-security.org/archives/1 ... e-you.htmlyum-jelly wrote:...and these scripts can not be decoded. I personal know this...
For now switch to ionCube if you really need the protection!
In a nutshell, it has to decode it before it hits the php parser itself, so if you can sit between those two layers (and you can so far), then you can get the decoded version. It appears Ioncube is even *less* effective than zend's.
Encoders give trivial protection, and at a high price. Relying on legal contracts is much more effective.