Well I've never tried it but I've gone through some of the big open source apps out there trying to learn their techniques and I can tell you I hate going through my code let anyone someone else's.
-----Original Message----- From: Miguel Cruz [mailto:[EMAIL PROTECTED]] Sent: May 14, 2002 2:55 AM To: [EMAIL PROTECTED] Subject: RE: [PHP] Genus who came up with "Self Destruct Code" & "Copy Pro tection" Step 1: Run the files through a prettyprinter. That instantly restores the indentation and line breaks. Step 2: Open up in a text editor like TextPad that has multi-file search-and-replace and rename all the functions back from their garbled names as you determine what they do. Unless it was written to be confusing from the very beginning - in which case an awful lot of development time was wasted - it'll be very easy to do this. Just start from the functions with the greatest number of calls to PHP built-in functions and work outward from there. 1 minute or so per 25 lines of working code. Honestly, it's not a big deal. miguel On Mon, 13 May 2002, SP wrote: > As an example, someone provided this link on the > PHP Obfuscator http://pobs.mywalhalla.net and I'm > just quoting what it says it does: > > "POBS replaces user-defined (NOT predefined) > functions, constants and variables with a MD5 key > of 8 characters ... The first letter of the new > functionname is a "F", of a variable a "V" and of > a constant a "C". > > The function with name MakeImageHtml is replaced > by Fee2c1bdc > The variable $ImgText is replaced by $V1d9d94a6 > The constant USERDIR is replaced by C389a367e" > > It also concatenate lines and remove comments and > indents and so yeah you could spend your time > hunting down the killswitch and the 10 other > backdoors I put in the prog but what do you end up > with? A working app that no coder would even want > to maintain or touch. And the good thing is the > longer the guy that stiffed you uses the app, the > more screwed they will be. > > > > > -----Original Message----- > From: Miguel Cruz [mailto:[EMAIL PROTECTED]] > Sent: May 13, 2002 10:13 PM > To: [EMAIL PROTECTED] > Subject: RE: [PHP] Genus who came up with "Self > Destruct Code" & "Copy > Pro tection" > > > Well, I promise you that I can re-activate any > solely PHP-based > remote killswitch in a matter of minutes - maybe > hours if the person was > really good. It's just too easy when you have the > source code for the > interpreter. > > Likewise the only truly effective PHP encoder > would be one that created > confusion by scrambling all the variable names to > be names of my former > girlfriends. Anything else is just like working > with bad code from a > contractor or junior employee - run it through the > prettyprinter, open up > a Dr. Pepper, and "be the PHP interpreter" for a > while. > > Coming up with robust code protection is a very > very challenging task. You > spend a long time working out a scheme, then > someone figures it out, and > you have to start over again - everything > "protected" by your previous > scheme is now out in the open. > > Much better to focus on the legal side of it. If > you really don't think > you're going to be able to police the use of your > code, to a degree that > piracy is going to cost you more than your time is > worth, you should be > looking for a new set of clients. > > miguel > > > On Mon, 13 May 2002, SP wrote: > > Everyone is arguing that these encoders can be > > cracked. Does anyone know of one, have you done > > it yourself? How long did it take? I mean I'm > > not going to leave my door unlocked cuz someone > > can pick it open. > > > > -----Original Message----- > > From: Miguel Cruz [mailto:[EMAIL PROTECTED]] > > Sent: May 13, 2002 3:29 PM > > To: Udo Giacomozzi > > Cc: [EMAIL PROTECTED] > > Subject: Re: [PHP] Genus who came up with "Self > > Destruct Code" & "Copy > > Pro tection" > > > > > > On 13 May 2002, Udo Giacomozzi wrote: > > > If the whole thing is designed the right way. > > > A copy protection I like for example are > > dongles. Ok, they are not > > > applicable to PHP and aren't 100% secure > either > > [don't want to start a > > > discussion about this now]. But this system > > makes no problems for the > > > people that have the dongle. > > > > > > That was why first came up with this question. > > As a PHP beginner I wanted > > > to know if there are elegant ways to make a > > acceptable copy protection. > > > > > > There seem to be only 3 possibilities: > > > - zend encoder > > > - a code obfuscator like POBS > > > - encrypting the source code and then > decrypting > > it in realtime > > > > All of these have weaknesses. And therefore the > > whole exercise is moot. It > > only takes one person with some free time to > break > > your protection > > scheme, and then the cat's out of the bag. Once > it > > has been broken, it > > will spread and then it won't matter how complex > > your scheme was. > > > > I really doubt there is any software out there > > that isn't being traded by > > high-school kids, even if they have no idea what > > it's for. The only > > exceptions would be something so arcane and > > obscure that nobody ever had > > an interest in cracking it. > > > > miguel > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: > > http://www.php.net/unsub.php > > > > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: > http://www.php.net/unsub.php > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.361 / Virus Database: 199 - Release Date: 07/05/02 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.361 / Virus Database: 199 - Release Date: 07/05/02 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
