Decode - decode any given text or uploaded file using most common ASCII to binary decoding algorithms. EXE headers - analyze portable executable files (.exe,.dll,.drv,.sys,.etc) online and view basic header information and images / icons embedded into file. The Leading PHP Encode and PHP Obfuscation Solution. Increasing conversion rate from evaluation to licensed product. Preventing other people from changing your code (all files are rendered as un-editable and external changes will corrupt the code) protecting the files against external tampering.
Hello.We have a problem to resolve urgently. Our developer abandoned our project, and he recomended us to purchase IONcube encoder in order to protect our code. We done that, and he used IONcube to encrypt some files of our software. Now the developer disappeared, and refused to give us our own files in decrypted form. Now we have, on our server, our software where we cannot follow to develope and neither to do bugfix, because some important files are encrypted.
IONcube is installed on our server, and the software at moment works as the developer leaved it.
We searched around our server if he leaved some of them decrypted, but we not found nothing. Now we got a new developer to follow the bugfix and complete the project, but he cannot work until the necessary files will be decrypted. Also, the previous developer done the registration on IONcube support website, and now we have no mode to contact them, because our customer ID is on hand of old developer.
![Files Files](/uploads/1/2/5/8/125849524/608287905.jpg)
Thanks in advance.
I'm a php developer and currently searching for software to protect php code. I know there exist obfuscators and encoders (and both).. but it seems that it's possible to 'decrypt' code encoded with some software.
So my question is.. if it is possible to decrypt source code produced by major software companies (zend, ioncube, sourceguardian).. why that produts are still on market?
Why these software continues to sell if anyone can (pay to) decrypt everything in seconds?
Btw, i asked this on ioncube forum and my message was.. deleted.
regards.
user1221679user1221679
closed as not constructive by Jim Lewis, Marcel Korpel, Jonathan Kuhn, likeitlikeit, Jens EratMay 22 '13 at 0:11
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. If this question can be reworded to fit the rules in the help center, please edit the question.
1 Answer
The answer simply reduces to: because there are dumbasses stupid enough to believe that PHP can be 'securely encoded', the same way there are people stupid enough to believe that requiring a serial code for an application automatically makes it secure.
ionCube relies on a pretty simplistic implementation - XOR from start to finish, which is hardly a 'security measure'. It runs as a VM - and is vulnerable to all VM side-channel attacks in addition to flat-out reverse engineering (one presentation here: https://media.blackhat.com/ad-12/Saher/bh-ad-12-stealing-from-thieves-Saher-slides.pdf ). Will ionCube say so? No. Why? Because it dissuades the large majority of script kiddies.
I am not familiar with sourceguardian, but Zend is built in the same fashion, albeit a bit more secure and harder to beat than ionCube. However, whilst they're not trivial, they're not impossible to beat, either.
The following is taken from the Zend Guard page:
Encoding is a process where the PHP source code is converted to an intermediate machine readable format. This format is hard for humans to read and convert back to source code. As a result it protects your code from casual browsing. This means that if people obtain access to your site's code they will not be able to use that for unintended purposes.
In other words, if your user is not casually browsing, this will not hold up. I don't know about you, but I do not know a single non-dev who casually browses source code without the purpose of understanding it, and often, breaking it.
The same thing is true of every single DRM method around. However, they're still on the market. Why? Because, whilst they are not perfect, they're good enough to dissuade the large majority of people.
The law and final word of this is: if you build it, expect it to be broken and plan for it.
Sébastien RenauldSébastien Renauld