As an example, someone provided this link on the PHP Obfuscator http://pobs.mywalhalla.net and I'm just quoting what it says it does:
"POBS replaces user-defined (NOT predefined) functions, constants and variables with a MD5 key of 8 characters ... The first letter of the new functionname is a "F", of a variable a "V" and of a constant a "C". The function with name MakeImageHtml is replaced by Fee2c1bdc The variable $ImgText is replaced by $V1d9d94a6 The constant USERDIR is replaced by C389a367e" It also concatenate lines and remove comments and indents and so yeah you could spend your time hunting down the killswitch and the 10 other backdoors I put in the prog but what do you end up with? A working app that no coder would even want to maintain or touch. And the good thing is the longer the guy that stiffed you uses the app, the more screwed they will be. -----Original Message----- From: Miguel Cruz [mailto:[EMAIL PROTECTED]] Sent: May 13, 2002 10:13 PM To: [EMAIL PROTECTED] Subject: RE: [PHP] Genus who came up with "Self Destruct Code" & "Copy Pro tection" Well, I promise you that I can re-activate any solely PHP-based remote killswitch in a matter of minutes - maybe hours if the person was really good. It's just too easy when you have the source code for the interpreter. Likewise the only truly effective PHP encoder would be one that created confusion by scrambling all the variable names to be names of my former girlfriends. Anything else is just like working with bad code from a contractor or junior employee - run it through the prettyprinter, open up a Dr. Pepper, and "be the PHP interpreter" for a while. Coming up with robust code protection is a very very challenging task. You spend a long time working out a scheme, then someone figures it out, and you have to start over again - everything "protected" by your previous scheme is now out in the open. Much better to focus on the legal side of it. If you really don't think you're going to be able to police the use of your code, to a degree that piracy is going to cost you more than your time is worth, you should be looking for a new set of clients. miguel On Mon, 13 May 2002, SP wrote: > Everyone is arguing that these encoders can be > cracked. Does anyone know of one, have you done > it yourself? How long did it take? I mean I'm > not going to leave my door unlocked cuz someone > can pick it open. > > -----Original Message----- > From: Miguel Cruz [mailto:[EMAIL PROTECTED]] > Sent: May 13, 2002 3:29 PM > To: Udo Giacomozzi > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP] Genus who came up with "Self > Destruct Code" & "Copy > Pro tection" > > > On 13 May 2002, Udo Giacomozzi wrote: > > If the whole thing is designed the right way. > > A copy protection I like for example are > dongles. Ok, they are not > > applicable to PHP and aren't 100% secure either > [don't want to start a > > discussion about this now]. But this system > makes no problems for the > > people that have the dongle. > > > > That was why first came up with this question. > As a PHP beginner I wanted > > to know if there are elegant ways to make a > acceptable copy protection. > > > > There seem to be only 3 possibilities: > > - zend encoder > > - a code obfuscator like POBS > > - encrypting the source code and then decrypting > it in realtime > > All of these have weaknesses. And therefore the > whole exercise is moot. It > only takes one person with some free time to break > your protection > scheme, and then the cat's out of the bag. Once it > has been broken, it > will spread and then it won't matter how complex > your scheme was. > > I really doubt there is any software out there > that isn't being traded by > high-school kids, even if they have no idea what > it's for. The only > exceptions would be something so arcane and > obscure that nobody ever had > an interest in cracking it. > > miguel > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: > http://www.php.net/unsub.php > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
