Decrypt Encrypted PHP

[Lee G. Veteran]

Is there away to decrypt (decode) encrypted PHP? :/

Thanks.

[joasjdoajsd]

If your talking about IonCube and Zend...the answer is a definate no!

[Axon]

Your only chance would be to brute force hack it, and unless you want to spend 20 years doing it, I wouldn't bother :p!

*opens up Digital Fortress by Dan Brown* :ninja:

-Ax

[Lee G. Veteran]

Ah. OK - thanks :)

[Lee G. Veteran]

I managed to find an uncompressed version of the source

[john smith 1924 Veteran]

How does IonCube and other PHP encryption programs work?

[GatorV]

They transform and optimize PHP Code into Byte Code, so they eliminate the overheard of PHP Parsing, Compiling and Executing, by just leaving files PHP can Execute, so it's almost impossible to transform bytecode to reading code again.

From Ion Cube page:

Before Encoding

Our technology first compiles your scripts to binary code. This binary format is the key to excellent security and runtime performance, and is already more secure than most alternative encoding solutions. Next, the code is optimised, reducing its size, and increasing runtime performance further.

Encoding

The compiled scripts are now turned into an ionCube Compiled Code Intermediate Format (CCIF). This proprietary format is efficient, and very different to the "known" PHP compiled format. The compiled code and other data is then protected with several layers of encoding and transformation, and turned into binary encoded files. An optional extra stage in the StandAlone Encoder transforms the binary encoded files into an ASCII representation, greatly simplifying installing between different operating systems where corruption of binary files can easily result. This important feature is one that is also missing from many competitors.

Runtime

The Loader that processes encoded files contains its own execution engine. This keeps the compiled code away from the OpenSource PHP engine, preventing any hacker from stepping through the compiled scripts when they run. Due to scripts being precompiled and the use of a highly optimised file format and Loader, runtime performance of scripts is typically accelerated when the Loader is preinstalled, and ionCube encoded files deliver performance that well exceeds the competition. See benchmarks.

Product Protection

Various techniques are used to deter or defeat attempts to understand how the Encoder and Loader work internally, either from the use of debuggers, static inspection of code or data, or tracing events at runtime. Use is also made both of non-standard and ionCube proprietary algorithms to enhance security. This is important because standard data manipulation algorithms can leave tell tale signatures in their data, giving clues to hackers about the algorithms used merely from looking at a seemingly random sequence of bytes. Whilst major competitor products make no attempt to hide these clues, a truly secure solution must tackle security at all levels, and every extra security barrier is well justified.

[Hankyone]

They transform and optimize PHP Code into Byte Code, so they eliminate the overheard of PHP Parsing, Compiling and Executing, by just leaving files PHP can Execute, so it's almost impossible to transform bytecode to reading code again.

From Ion Cube page:

585757631[/snapback]

pretty cool, didnt know it existed

[Lee G. Veteran]

Thanks for the information (Y) :happy:

[Renegade Division]

They transform and optimize PHP Code into Byte Code, so they eliminate the overheard of PHP Parsing, Compiling and Executing, by just leaving files PHP can Execute, so it's almost impossible to transform bytecode to reading code again.

Are you serious?

You cannot make a self-cryption program without compromising the security no matter how you write it.

"IMPOSSIBLE"

Bull ****, from last 20 years virus writers have been trying to write a virus which scrambles itself, but at the end they get descrambled by its over head code.

If such thing had been impossible or even 1/100th time as difficult as standard encrypted text, then you would have had viruses on computers which cannot be removed by any anti-virus software.

Although I am yet to see a code encoded by Zend, but as far as ioncube is considered its pathetic. They just compress the code using Gunzip. Even if you use DES encryption, gunzip function offers same protection in this case as DES.

[Kudos Veteran]

Are you serious?

You cannot make a self-cryption program without compromising the security no matter how you write it.

"IMPOSSIBLE"

Bull ****, from last 20 years virus writers have been trying to write a virus which scrambles itself, but at the end they get descrambled by its over head code.

If such thing had been impossible or even 1/100th time as difficult as standard encrypted text, then you would have had viruses on computers which cannot be removed by any anti-virus software.

Although I am yet to see a code encoded by Zend, but as far as ioncube is considered its pathetic. They just compress the code using Gunzip. Even if you use DES encryption, gunzip function offers same protection in this case as DES.

There's a huge difference between "IMPOSSIBLE" and what he actually said which was "almost impossible". I tend to agree that gatorv is over-stating how difficult it is to de-compile both zend and ioncube though (possibly not his intention judging by his wording).

[roosevelt]

There are some cases where I actually saw some encoded files being decoded and that includes Zend and IonCube as well. But the fact is decoding script is a complete waste of time and brute forcing is just pointless. Its better to code your own scripts rather than decoding existing ones just to add your own modifications.

[Echilon]

Unless the script your looking at costs more than $100, it's probably not worth your time even attempting to decode it, even if it's just obfuscated with some proprietary method.

[redFX]

There "were" decoders for both ioncube and zend encoder. The flaw was that certain "items" could be put into the open in memory while the script was running. Then you could use the "items" to decode the rest of the script. This required the hacker to modify the php source code but it was done.

Zend and ioncube have since updated their products to block the loop-hole. Maybe in the future someone will manage to crack it again. It took them years and years to crack the old implementation.

You do realize though that decoding an encoded PHP script is usually illegal (read the EULA).

[vincie]

What If I had a project from a previous employer that needed to be decoded and they refuse to do it because the client has decided to follow me instead of deal with them.

How would I decode the scripts then?

[the evn show]

You do realize though that decoding an encoded PHP script is usually illegal (read the EULA).

Maybe in your country but certainly not in all of them. The value and enforcability of an EULA varies from region to region and almost univerally they do not trump other rights.

[Trix.Neo]

What If I had a project from a previous employer that needed to be decoded and they refuse to do it because the client has decided to follow me instead of deal with them.

How would I decode the scripts then?

Depends on what sort of contract everyone signed but generally the copyright would be retained by your employer not you so in that case if your like in the EU or America your almost certainly breaching copyright laws.