Anyone ever used PHP LockIte to encode their PHP files?

http://www.phplockit.com/

I was looking for a cheap way to do it, and this program is only $30, it looks like it does a pretty good job, but I'm not sure how easy it would be to decode. Please let me know ASAP. Thanks!

Anyone ever used PHP LockIte to encode their PHP files?

http://www.phplockit.com/

I was looking for a cheap way to do it, and this program is only $30, it looks like it does a pretty good job, but I'm not sure how easy it would be to decode. Please let me know ASAP. Thanks!



Well to give you an idea, it only took me around 2 minutes to have the original code that was encoded.

Zend Encoder and Ion Encoder are going to be your best bets as far as protection and even then you cannot protect your software 100%.

-Mat

Any of the cheap encoders are generally insecure. You really need to spend quite a bit of money to get something reasonably secure, and even then, there is a chance it can be reversed back to source. At the moment both Zend and ionCube encoded files are/were vulnerable to being decoded, but both companies are working on new releases (either released or near release) that include better protection and obfuscation.

www.ioncube.com (both the software encoder & the online encoder)
www.zend.com
www.sourceguardian.com

Those are 3 good bets, and you might also want to look at phpshield.com which is from the same people as SourceGuardian (But lacks the more advanced features) at a lower price of only $99.

Really? 2 minutes is fast... Did you do the obfuscation and everything? Did you try binding it to a domain name and IP as well?

Can I pay someone to IonCube / Zend / SourceGuardian encode my script WITHOUT having to purchase the several hundred dollar decoder?

Really? 2 minutes is fast... Did you do the obfuscation and everything? Did you try binding it to a domain name and IP as well?

Can I pay someone to IonCube / Zend / SourceGuardian encode my script WITHOUT having to purchase the several hundred dollar decoder?

I believe IonCube has this online encoder where you only pay for as much as you want to encode.

I signed up for the online encoder and encoded my script. How would I use IonCube's online encoder to bind my script(s) to a certain IP and/or domain name?

Really? 2 minutes is fast... Did you do the obfuscation and everything? Did you try binding it to a domain name and IP as well?

Can I pay someone to IonCube / Zend / SourceGuardian encode my script WITHOUT having to purchase the several hundred dollar decoder?



I encoded a simple script:

<?php
//Just a comment
phpInfo();
?>


I enabled all options including IP/domain limiting. Since the code was not executed, the limitations were not effective. Basicly all their script does is take your code, strip comments, rename certain varibles and functions with more obscure names. Then base 64 encodes everything a couple times. During decoding it just evals the base 64 decoded code.

As others have said it depends on how well you really want it encoded. The less you pay obviously the less it is going to be encoded.

-Jim

I signed up for the online encoder and encoded my script. How would I use IonCube's online encoder to bind my script(s) to a certain IP and/or domain name?
I don't believe the ionCube online encoder supports that. Only their Pro and Cerberus versions do from memory :)

Can someone try to decode the attached file. I encoded it using PHP LockIt. If you can decode it, please do not post the code, instead email or PM it to me please. Thanks!

Try it yourself:

http://diary.rozsnyo.com/2005/06/27/PHP-LockIt.pdf

Seems like if you want to be encoding your PHP scripts you're going to be paying a premium which makes perfect sense anyways.

I was looking for a cheap way to do it, and this program is only $30, it looks like it does a pretty good job

You need to consider how much your application is worth to you. By purchasing a cheap solution, you will be sacrificing the security of your program. There seems to be a trend of new developers who are not willing to spend money on the better encoders without giving thought to where they will be in a few months. If your product is popular and you have encoded with an inferior encoder then it is likely that it will be cracked easily. If you spend more money now on a decent encoder then you will make you money back quickly and your source code will be more secure.

did anyone heard of dezender? created by a chinese

Olate, this is that one part... The part where you look like an jerk. I *NEVER* said I wasn't willing to spend the money to encode it, I was merely asking if this encoder was worth the $30 or not. Now that I have found how easy it is to DEcode, I will not be using it. I was simply, like any other person, trying to save some money. I have found out it isn't, so I am prepared to pay the $200+ to purchase a program that can do this.

I *NEVER* said I wasn't willing to spend the money to encode it

Indeed, and I wasn't suggesting that you weren't willing to purchase the better encoders, merely pointing out that many new developers do not seem to consider the quality of the cheaper options or the long term consequences of poor source code security. However, in saying "I was looking for a cheap way to do it" whether or not you meant it, you did imply that you preferred to save money than invest in a more expensive (and usually better) solution.

Returning to the original question, I think tickedon sums it up well in his first post by pointing out the top 3 encoding solutions available. ionCube is my personal choice because of the good GUI, excellent support and the features within the encoder itself, but each of them offer trial versions so you can easily pick which one you prefer.

So... Applying what you are saying to the scenario of purchasing a new car: When I go to buy a car, I should just go buy a new car from Dealer #2 for $30,199 and not even consider purchasing that same exact car from Dealer #2 who can get it for me for only $24,999 or Dealer #3 who can get it to me for $27,599? Would that mean that because that second or third dealer is selling me the same car ~$5,000 cheaper, it isnt as good of a car? That is my point, just because it is 'cheaper' does not mean it is worse. In the 'big 3' you refer to, I have had several people tell me IonCube is better than Zend.

Zend: $900+

IonCube Installed Version: $200+

IonCube Online Version: $1+ Per Script

Olate: I cant help but notice your signature. I visited that website, what exactly is the iono? That is a licensing program? Can you lease both 'iono' and 'ioncube' to me on a monthly basis?

While David could have possibly been a bit more 'tactful' in how he put forward his point, his point is a valid one. Since I started selling products specifically aimed for developers over 3 years ago, it's always been the case of people looking to cut corners and save money - you point them to ionCube/Zend/SourceGuardian, they point to CodeLock/LockIT/<insert other cheap insecure product here>. I'm not saying you're doing that, but, it might help to understand where he's coming from :)

In terms of whether Zend or ionCube is better, both are very good solutions and both have their own set of pro's and con's.

Zend for instance is a great solution as in my experience distributions of zend encoded scripts tend to be smaller, and will run instantly on a server where the Zend optimiser is installed. The issue is that not all servers have Zend Optimiser installed and so the user would then need to contact their host/server admin to get this done. The price is also quite a bit higher than other solutions available.

In terms of ionCube, distributions tend to be larger (so longer download and upload times), but, with the benefit of 'run time loading' where if the ionCube loader isn't installed on the server, the 'run time loading' can still handle the encoded files in the background. another downside is that the run time loading results in slower execution than compared to ionCube loaders being installed in the php.ini.

So what's the solution? Get both :) Offering Zend and ionCube gives you the best of both world - smaller archives for those with Zend Optimiser Installed, and ionCube for run time loading (to prevent "how do I installed Zend..." questions).

So... Applying what you are saying to the scenario of purchasing a new car:
This is different because in that case, you are buying exactly the same product. If you can get it cheaper elsewhere then why not!! But only when it is exactly the same product :) In the case of encoders, then this isn't the same - you are paying more for the likes of ionCube or Zend because they use more advanced security methods.

That is my point, just because it is 'cheaper' does not mean it is worse.
Definitely not. In many cases you are right. There are excellent examples of software (or anything else) where free versions are better than the paid, or more expensive versions. But just in this isolated case of encoders, you should find that if you pay $30 for one, and $200 for another, the more expensive one will protect your source code better.

In the 'big 3' you refer to, I have had several people tell me IonCube is better than Zend.
Yes, and I would agree. It is at this point that my arguement fails because I believe ionCube to be far superior in comparison to Zend Encoder, despite the Zend product being more expensive.

Olate: I cant help but notice your signature. I visited that website, what exactly is the iono? That is a licensing program? Can you lease both 'iono' and 'ioncube' to me on a monthly basis?
Yes, iono is a licensing/distribution system which can work in conjunction with ionCube (or Zend, SG, etc) encoders. Although we offer the iono + ionCube bundles and leased iono licenses, the ionCube encoder is not available to lease.

So what's the solution? Get both :) Offering Zend and ionCube gives you the best of both world - smaller archives for those with Zend Optimiser Installed, and ionCube for run time loading (to prevent "how do I installed Zend..." questions).

Yeah, I agree. We recently purchased the Zend encoder to provide a customer with a zend encoded version since we originally only offered ionCube versions. It is good to be able to offer both. In a recent survey, we found that around 50% of customers preferred to use the Zend encoded product and 50% preferred to use the ionCube encoded version, despite there being no difference in functionality (as far as the encoded version the customer sees is concerned).

why not just code it in Java or ASP.net? no encoder to buy since both created bytecode/MSIL.

my two cents.

PHP is a much better solution in my opinion because it is more widely adopted as a server side language on a huge number of hosts. Plus ASP.NET is Windows specific unless you go down the route of Mono or the Chillisoft ASP stuff. Although I was under the impression that ASP and JSP was just like PHP as far as viewable source was concerned. At least ASP was when I was coding in it!

PHP is a much better solution in my opinion because it is more widely adopted as a server side language on a huge number of hosts. Plus ASP.NET is Windows specific unless you go down the route of Mono or the Chillisoft ASP stuff. Although I was under the impression that ASP and JSP was just like PHP as far as viewable source was concerned. At least ASP was when I was coding in it!

LAMP is adapted for "share webhosting" it is nowhere near as "widely adopted" by enterprise. otherwise companies like IBM, Oracle, Sun, BEA, Jboss will not sell for enterprise.

ASP.net also have very strong hold on companies and is going up pretty good as in share webhosting.

LAMP is widely adopted on share webhost. please do not confused it with what companies are running. JSP and ASP.net is good as php if not better since both come with framework while php lock of it.

Can someone try to decode the attached file. I encoded it using PHP LockIt. If you can decode it, please do not post the code, instead email or PM it to me please. Thanks!
You should secure the code, because as it is now, it is rather dangerous to run.

otherwise companies like IBM, Oracle, Sun, BEA, Jboss will not sell for enterprise.

You might want to read up on what companies like IBM are doing with LAMP solutions.. your ignorance is showing!

ASP.net also have very strong hold on companies

Not because it is better.. because it comes with windows and is already available.

LAMP is widely adopted on share webhost. please do not confused it with what companies are running.

How many times must we hash this out. There are PLENTY, I repeat PLENTY of large scale projects using php and/or mysql. There are many 'companies' both small and large that make extensive use of it.

How does your post in any way address his concerns about phplockit?

You might want to read up on what companies like IBM are doing with LAMP solutions.. your ignorance is showing!


lol. ok, since you tell me to look up IBM and LAMP. i google it and check this out

http://www.zdnet.com.au/news/software/0,2000061733,39193420,00.htm

"According to Daniel Sabbah, general manager of IBM's Rational division, LAMP -- the popular Web development stack -- works well for basic applications but lacks the ability to scale. "

http://www.google.com/search?hl=en&q=IBM+%2B+LAMP

J2EE and .Net scale - that is real and tested. the fact speak for itself. both J2EE and .Net own the enterprise market and it's not because ASP.net came with Windows. you can keep telling yourself that.

companies don't use it because it came with windows. they use .Net because guess what, it's better!

"why not just code it in Java or ASP.net? no encoder to buy since both created bytecode/MSIL.

my two cents."

did you read my post? which part of my two cents that you don't get?