By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,968 Members | 1,588 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,968 IT Pros & Developers. It's quick & easy.

PHP Encoders

P: n/a
Hi there !

I am curretly looking for suitbale solutions for encoding PHP scripts
after developing a couple of comercial applications in PHP.

Has anybody made any experience with several encoders like IONCUBE,
SOURCEGUARDIAN, ZEND, etc... so far?

I just tested an evaluation copy of IONCUBE's php encoder which worked
pretty fine. Runtime decoding is really fast and easy to implement.
Has anybody some deeper insight into this issue?

Thanks
Jerry

Jul 17 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a

"Jerry" <ea*********@lycos.com> wrote in message
news:ct********************************@4ax.com...
Hi there !

I am curretly looking for suitbale solutions for encoding PHP scripts
after developing a couple of comercial applications in PHP.

Has anybody made any experience with several encoders like IONCUBE,
SOURCEGUARDIAN, ZEND, etc... so far?
You might consider
http://www.semdesigns.com/Products/O...bfuscator.html
I just tested an evaluation copy of IONCUBE's php encoder which worked
pretty fine. Runtime decoding is really fast and easy to implement.
Has anybody some deeper insight into this issue?


Ours doesn't have any runtime decoder at all; no need to change
the target server at all. But folks might rightfully accuse us of being
biased since we
are a vendor. So I'll otherwise stay mum on the topic, and let
the community have its say.

-- IDB

Jul 17 '05 #2

P: n/a
Hi Ira:

Many thanks for your tip. In fact I already came across your website
once. Please feel free to comment as much as you like. I am thankful
for every little bit of info I could get. I will be frank with you:

I have always been a little bit reluctant to use obfuscators since the
source code does not actually disappear and it should not be too
difficult to find the correct patterns and algorythms to map and
restore the scrambled code. One could possibly write a good piece of
code that would do exactly that.

Instead the e.g. ioncube encoder really encodes the scripts and
requires only one file (the "runtime-loader") to be uploaded along
with the encrypted scripts onto the server to make the scripts
executable. Since the scripts run as a compiled application they are
even faster than unencrypted PHP scripts. So, this seems an
interesting alternative to me.
Costs: Your obfuscator costs US$150.00. The ioncube encoder starts at
US$199.00 Personally, I find it's worth the difference.

What is your take on that?
Thank you for your help and opinion.

Jerry

P.S. NO, I'm in no way affilated with ioncube. It's just the software
which I had a chance to test so far. :-)
On Tue, 18 Nov 2003 16:53:21 -0600, "Ira Baxter"
<id******@semdesigns.com> wrote:

"Jerry" <ea*********@lycos.com> wrote in message
news:ct********************************@4ax.com.. .
Hi there !

I am curretly looking for suitbale solutions for encoding PHP scripts
after developing a couple of comercial applications in PHP.

Has anybody made any experience with several encoders like IONCUBE,
SOURCEGUARDIAN, ZEND, etc... so far?


You might consider
http://www.semdesigns.com/Products/O...bfuscator.html
I just tested an evaluation copy of IONCUBE's php encoder which worked
pretty fine. Runtime decoding is really fast and easy to implement.
Has anybody some deeper insight into this issue?


Ours doesn't have any runtime decoder at all; no need to change
the target server at all. But folks might rightfully accuse us of being
biased since we
are a vendor. So I'll otherwise stay mum on the topic, and let
the community have its say.

-- IDB


Jul 17 '05 #3

P: n/a
Jerry wrote:
I have always been a little bit reluctant to use obfuscators since the
source code does not actually disappear and it should not be too
difficult to find the correct patterns and algorythms to map and
restore the scrambled code. One could possibly write a good piece of
code that would do exactly that.


Same here. In fact, the first step for this process would be to use
something like:
http://www.tote-taste.de/X-Project/beautify/

Allowing the code to be easier to read and in a consistent format,
making it easier to write a script for the rest.

--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

Jul 17 '05 #4

P: n/a
Jerry <ea*********@lycos.com> wrote in message news:<ct********************************@4ax.com>. ..
Hi there !

I am curretly looking for suitbale solutions for encoding PHP scripts
after developing a couple of comercial applications in PHP.

Has anybody made any experience with several encoders like IONCUBE,
SOURCEGUARDIAN, ZEND, etc... so far?


Did you try http://pobs.mywalhalla.net/ ?

---
"One who mix sports and patriotism is a barbarian"
Email: rrjanbiah-at-Y!com
Jul 17 '05 #5

P: n/a
"Jerry" <ea*********@lycos.com> wrote in message
news:t3********************************@4ax.com...
I have always been a little bit reluctant to use obfuscators since the
source code does not actually disappear and it should not be too
difficult to find the correct patterns and algorythms to map and
restore the scrambled code. One could possibly write a good piece of
code that would do exactly that.
I don't know what you mean by "restore the scrambled code" after
obfuscation. The comments are gone, so no tool or person
can restore them without essentially simply guessing.
The identifier names are meaningless, and restoring them
to something sensible means you pretty have much have
to understand what the code is doing in order to choose
a good name.

So I don't think you can write a "tool" to do this at all.
(Another poster observed that you *can* use a tool
to reformat obfuscated text so its block structure is visible.
Our tool also can format and so can be used for that purpose too,
but the real value in the obfsucation is the removal of comments
and scrambling of names).

If you have a really small applicaiton, obfuscation won't "hide"
it very well. If you have a really big application, in our opinion,
the number of names that have to regenerated becomes pretty
daunting for would-be reverse-engineer.
Instead the e.g. ioncube encoder really encodes the scripts and
requires only one file (the "runtime-loader") to be uploaded along
with the encrypted scripts onto the server to make the scripts
executable. Since the scripts run as a compiled application they are
even faster than unencrypted PHP scripts. So, this seems an
interesting alternative to me.
"Encoding" the script doesn't prevent reverse engineering.
It just raises the effort level required to decode it.
(I'll cheerfully admit it raises it somewhat higher than
obfuscated source.)

Ultimately, if somebody wants to reverse engineer your code,
they can. So the real question is, what's enough protection?
Most people don't use a bank vault locks on their front door.
Deadbolts are good enough for the majority.
Costs: Your obfuscator costs US$150.00. The ioncube encoder starts at
US$199.00 Personally, I find it's worth the difference.
OK. Everybody makes their choice.

We chose to provide source obfuscation because while
you may have a customer for your PHP source code,
you can't always tell your customer what he must run on his server.
Of course, if your customer *wants* to run with a PHP compiler,
he can do that with obfuscated source, too, but now
it is his choice, not yours.
What is your take on that?
Thank you for your help and opinion.

Jerry

--
Ira D. Baxter, Ph.D., CTO 512-250-1018
Semantic Designs, Inc. www.semdesigns.com
Jul 17 '05 #6

P: n/a

"Justin Koivisto" <sp**@koivi.com> wrote in message
news:m5*****************@news7.onvoy.net...
Jerry wrote:
I have always been a little bit reluctant to use obfuscators since the
source code does not actually disappear and it should not be too
difficult to find the correct patterns and algorythms to map and
restore the scrambled code. One could possibly write a good piece of
code that would do exactly that.


Same here. In fact, the first step for this process would be to use
something like:
http://www.tote-taste.de/X-Project/beautify/

Allowing the code to be easier to read and in a consistent format,
making it easier to write a script for the rest.


X-Project/beautify explicitly claims it doesn't work on
all code. If you used it on obfuscated code, and it damaged
it, you'd have a heck of time understanding the result.

If you insist on this, you could use:
http://www.semdesigns.com/Products/F...Formatter.html
This does work for all PHP constructs, by virtue of being
a full PHP parser.

Having made the code nicely indented, however, you still have to guess
at whatever comments were lost, and you still have to reinvent meaningful
names for all the variables and functions. For tiny programs, you
can probably do this. For a program with several hundred variables
(how big are yours?) this is actually an immense amount of work.

And you can't "automate" the reconstruction of the comments or
the variable names. So this doesn't strike me as a great
deal of help. YMMV.

--
Ira D. Baxter, Ph.D., CTO 512-250-1018
Semantic Designs, Inc. www.semdesigns.com
Jul 17 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.