free alternatives to ioncube
Moderator: General Moderators
- Pyrite
- Forum Regular
- Posts: 769
- Joined: Tue Sep 23, 2003 11:07 pm
- Location: The Republic of Texas
- Contact:
free alternatives to ioncube
Are there any FREE alternatives to ioncube?
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Just to bring this thread up to date, encoding systems such as ionCube and Zend weren't broken per se, but people such as the Chinese "blue wind" produced a decompiler that given an opcode stream could have a go at recreating what source code could have been. They then used tricks to obtain opcodes at runtime for feeding into the decompiler. Whilst no system can ever give 100% protection as other industries have learned from the efforts of people like Jon "so sue me" Johansen, we combatted the current threat very effectively with the release of Encoder 6.5 back in January.timvw wrote:Afaik, Zend encoder isn't any safer than others... They know it's broken but continue to sell the product..
ionCube PHP Encoder 6.5 added features that keep the actual compiled code obfuscated even at runtime and so making it significantly harder to discover valid opcodes, as well as new user features for one-way user key based obfuscation of certain source elements, (function names and local variables). Additionally a new feature not found in other systems was added to support encryption of arbitrary files and not just PHP files, which is great for protecting template or XML files. In late April or early May, Zend responded by renaming their product and adding source element obfuscation simlar to ours, although not with a one way algorithm and without adding protection against opcode discovery.
We'd like to close source PHP, take the chance to improve it along the way and substantially improve security by doing this, but unfortunately the practical requirements of end users and the nature of target PHP systems restrict the extent to which security features can be added and there's no way for the general market that we could do this. So there's always a balancing act between security techniques and practicality, but we're committed to protecting as far as possible the IP of developers against those seeking to destroy PHP as a serious application language.