Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
September 01, 2014, 10:40:26 AM

Pages: [1]   Go Down
  Print  
Author Topic: anyone ever use this, any concerns with obfuscation here  (Read 2540 times)
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« on: June 18, 2010, 06:11:07 AM »

hi i found this and it seems ok, especially when i only need to obfuscate 4 files and zend an ioncube are way out of my price range, have not yet attempted to execute the result  file as yet, just curious if anyone has used this or do you see any potental concerns with it... whats your first impression...  

http://www.codeeclipse.com
« Last Edit: June 18, 2010, 06:29:20 AM by durangod » Logged
MrPhil
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 5871



« Reply #1 on: June 18, 2010, 07:31:58 AM »

So you would be shipping only the obfuscated PHP code? Keep in mind that this code is still legitimate, runnable PHP. It's just made inconvenient for someone trying to read it and figure it out. It might deter casual pilfering (reuse) of your code, but won't stop anyone really determined to see what you're doing. I presume that the obfuscated code includes reading of the license key (discussed in another thread of yours -- please don't keep starting new threads on the same subject area), and that's what you're trying to protect. It probably will be too much of a bother for many people to read through and figure out your key system (to disable it, or generate new keys for pirated copies), but it won't stop all. Better than nothing, I suppose... If it costs you and your customers nothing, and requires no server installation, go ahead and try it. Just don't expect the same level of protection as genuine encryption, as in ionCube or Zend (and they're probably not 100% either -- if someone wanted to reverse engineer them, they could probably figure out how the encryption is done and break yours).
Logged

Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #2 on: June 18, 2010, 07:53:14 AM »

thanks phil sorry about that i was so excited when i found this that i forgot to just add it to the other post lol, my apologies... plus i guess i was thinking along the lines of if LP would have any issue with executing the result not necessarily the php itself but server side issues... is LP gonna choke on that lol 

i know i cant protect from everyone, just like anything else if they want it they will get it, where there is a will there is a way, and if a computer generated it i know a computer can reverse it...

i only need to do 4 files thats it, they can have the rest lol

my intention is to simply make it such of a hassle that most will just give up, just like any home crime if you make it harder most will move on...

i have not decided on using this online obfuscator or i just downloaded one thats works on windows....  my concern is that the online one might not be around forever.. and i have heard that some of the results are caught by virus software as viruses so i want to keep it simple and not use some options whichever i choose..
 
but overall here is my plan....    

rather than purchase a license number generator, i was considering just make it two leves of security and many will just give up,  

do the key as md5 and then obfuscate that.  

if i do it right and " correct me if im wrong"  i can have two levels of security. and most will just give up

 its easy, costs nothing, somewhat effective as a deterent,
 
« Last Edit: June 18, 2010, 08:03:48 AM by durangod » Logged
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #3 on: June 18, 2010, 09:22:50 AM »

oh well its mute point anyway  Crying or Very sad  neither one is smarty compatible. so ill keep looken and thinkin about it, rats...
Logged
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #4 on: June 18, 2010, 08:57:34 PM »

ok for those that need help with this i found the answer, lesson 101 do not waste your time with the free junk out there, trust me its junk...

go with the pro's  and for those of you that cant afford ionCube or Zend full version, here is the solution...

ionCube has a pay per page plan, its under the online encoder, you purchase credits for 10 cents each and you trust me i spent all day messing with the free encoders and obfuscators and they are junk, my site blew up every time.  

i download the free eval copy of ionCube to test it and first time went beautiful, site came up and its encoded, so go to the pro's on this one, they have made it affordable for all of us small guys...and gals...   

thanks
Logged
scanman20
Senior Moderator
▄ber Jedi
*****
Offline Offline

Posts: 1544



WWW
« Reply #5 on: June 19, 2010, 03:41:27 PM »

The problem then is that there are plenty of services out there that will unencrypt the ioncube files. Like http://unzend.com/. I'm in the same boat and have yet to find a reliable way to stop someone from stealing your code and sharing it. My only advice would be to charge a small amount for your script and then ask for a greater amount to support it.
Logged

Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #6 on: June 20, 2010, 12:13:21 PM »

well then if its that easy i will just have several challenges, first is ionCube, if they get past that then i will just confuse the hell out of them what does what and have it so that there are dummy files out there that after they crack them it will just simply give them a message that says
Quote
 i wonder how much time you spent cracking this dont you have better things to do, too bad this file doesnt do shit, better luck next time
Doh Roll

at least maybe it will deter the majority... thats all you can do lol
Logged
MrPhil
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 5871



« Reply #7 on: June 20, 2010, 02:55:54 PM »

Let's say you want to keep burglars out of your home. Would you go so far as to install welded steel walls, 15 ton doors, armed guards, a minefield, ...? Probably not. You put good quality locks on the doors, maybe monitoring by a security firm, maybe burglar bars in high crime areas. You can keep out the casual guys, teens looking for a thrill, and junkies looking for fix money (they'll go look for an easier target), but you won't stop a determined pro who really wants in (he knows you don't trust banks and keep your life savings in a bag in the master bedroom closet). Likewise, you can do some things to protect code from casual pilfering, but if someone really wants to take it, they'll work at it long enough to break any system you have. All you can do is make the effort costly enough that they won't think it worth it.

How about this: "watermark" your code with different variable names for each copy sold, and perhaps a slightly different text or comment in the resulting HTML? Unless the thief knows you're protecting your code this way, a simple googling of key phrases will show if there's more than one copy of a given marked piece of code, and you know who is pirating it (who had the first copy)! If you sell via digital downloads, or burn a CD-R for each customer, each copy can be thusly watermarked. High volume production, where you have a stamper made for CDs, would not work. I can't tell you what would stand up in court as evidence of piracy by whom, but at least you could find out who's doing it.
Logged

Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-
durangod
Galactic Royalty
*****
Offline Offline

Posts: 202


« Reply #8 on: June 20, 2010, 05:31:00 PM »

nice idea phil, ok now im moving my money out of my master bedroom closet and putting it in a box not a bag ... gee thanks for telling everyone lol  Razz    you have me noodling over this for sure...

by the way i checked on the unzend web site and you have to send them the file and they will tell you how much to decode it, i think thats fine if  are lagit but i dont think anyone who has malicious intent would do that...
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: