close source php application?

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
nincha
Forum Contributor
Posts: 191
Joined: Fri Mar 28, 2003 12:30 pm
Location: CA, USA

close source php application?

Post by nincha »

I have built an application that i would like to make close source, any one have any ideas or links on how to do this? I dont even have the slightest idea how to prevent people from taking my code or editing it.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: close source php application?

Post by Christopher »

Ask Hockey? ;)
(#10850)
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: close source php application?

Post by alex.barylski »

Haha... :P

A few techniques:

1) Use one of those byte code obfuscators (ie: ionCube) - apparently easily reverse engineered.
2) Write a custom code obfuscator. Pull everything into a single script and expand all functions, etc...
3) Compile into binary code (RoadSend) - you'd have to *really* dedicated to reverse engineer this.

Lastly, you could simply keep your application hosted...which is the route I finally settled on after a few weeks of struggle with option #2.

Option #3 is promising but you have to code your application in such a way that it's capable of being compiled.

Cheers :)
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: close source php application?

Post by Mordred »

I do it with a custom obfuscator and all code in a single file, plus a couple of copy-protection tricks.

Hockey, there is a mixed solution I have thought about, but not yet tried and not sure of how viable it is. The app in question is an intranet app, so it might not be suitable for public web sites (but in that case just hosting it yourself would work fine). The idea is to install a virtual appliance in the client's intranet - on booting it starts a web server with your app installed. The client has a mechanism for making database backups, so he is in control of the data. The source (still obfuscated / encoded or whatever) lies on the appliance, and the question here is how well can you deny access to the appliance FS.

I'm not well-versed in GNU/Linux or virtual appliances, but I imagine it is possible to have an installation with no users bar root, so an attacker should have to either exploit the OS remotely (good luck with nothing but a web server running) or access the hard-disk emulation files on the host OS. If both options are hard enough things to do, thus we have an additional layer of protection between the attacker and the source code.

Anyone with experience in these matters?
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: close source php application?

Post by Benjamin »

This is something that interests me as well. Maybe the 3 of us can get together and create our own methods. I have software that I need to keep protected as well. I currently use ioncube but I'm in the dark as to what someone can see when they do an opcode dump. I think ioncube is better than zend, but neither of them are rock solid.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: close source php application?

Post by Mordred »

IonCube is paid, right?

I've downloaded several ready-made virtual appliances for VMWare, but haven't found time to play with them yet.

----
The strength of a copy protection should not (and cannot) be infinite - just enough that the cost of reversing the protection would be comparable to the cost of development. Thus, any simple layer we can add will help immensely, as generally users are not smart and experienced enough to reverse engineer protection schemes, and a specialist in the area will cost them.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: close source php application?

Post by Benjamin »

Yeah ioncube is a purchased product.
Post Reply