I'm a cakephp developer and i was thinking of branching out into selling licensed PHP software packages. I was wondering if there are any good encoding or obfuscating methods to use with php. Does anyone have any experience with licensing php software ?. Thank you in advance for any help.
All depends on the amount of money you are ready to spend. Ioncube is certainly best encoders for all but source-guardian is also considered good. Thanks
Yes it certainly slows down the script because it take some time to decode script by loaders. But that extra time will not be visible at all
Hello harry i'm still waiting for my script since 2 weeks now , you've got the money , what's happend ?????????
well, i sold a script encoded with ioncube for ~$10 and still it was cracked pretty quickly and complete source was all over on warez-forums...
ORLY? Nothing is uncrackable but ioncube is the best out of the bunch. Were you using an old 'cracked' version of ioncube instead of the current version 6?
you will need to use ioncube or zend guard for encoding and protecting your work. These are the best i have seen as encoders. i havent seen the encoders slow down php script. you wont even notice the difference.
I don't know about Encodings that require Zend Optimizer version 3, but anything earlier was easily and automatically decompiled with dezender. The less obscure encoders aren't as cracked often, but they also have pitfalls such as speed (which ioncube gets around because everything is converted to bytecodes)
Depends on the loaders, if you're using Zend or Ioncube, those loaders can be installed as apache/php modules which means the decoding takes very marginal time difference from native , as opposed to encoding methods that need to be self-decoded by yet another encoded php script.
Well, an alternative downfall of encoders (at least ioncube) is that they cannot use APC or other opcode caching mechanisms.. (to prevent people from being able to decode the bytecode to php). So this will indeed result in a big performance drop if you calculate that in.
Oddly can use memcache quite well (but normally thats because the php code chooses what to cache). I think however with Zend Optimizer you still can as the whole engine controls the encoding. *shrug* Course if you need that kind of scalability you're likely coding for yourself or a specific client and as a result may not encode most or all the project. I only encode kblinker cuz well... it helps keep licenses locked to one domain (ioncube doesn't have an automatic licensing but I know how to use the Loader API so that I can make it do so )
Well, memcache is an entirely different kind of app. It's not an opcode cache, just a data cache. I know apch also allows you to do that (apc_fetch, etc) but it's main purpose is still as an opcode cache. Anyway, an opcode cache can probably increase your site performance by 100% (depending on how badly it is coded ) so that's not something to scoff at. It's also going to be included as a standard in PHP6.
Well, I believe their online encoder was, until february of this year or so, an older version which was probably easier to crack. Anyway, about the APC discussion, it appears if you only have 1 file encrypted, all other files should still be cached so you'll still see those performance improvements. (If you use a front controller pattern as I do)
Ahh I did that for a while earlier in the year, the main thing I didn't like was that it was essentially the same thing as the 199$ encoder, no licensing, but more so that you could only encode to binary (the paid version allows choice of binary or ascii, with ascii being default, so you didn't have to require binary encoding for FTP uploads). But here's the thing bout the online version, regardless if it matches the version # of the paid one or not. There's no configuration beyond php 4, 5, short tags, and include loaders or not. As a result it uses a default passkey (in the paid encoder you use --passphrase yourpassphrasehere ), also in the paid version the encodings are done slightly different based on your encoder license. As a result that leaves the online encoder being the weakest link of the available options, because then the person doing the cracking could upload a script he knows the source for, pay 50 cents, get it down and reverse engineer it specifically on those grounds, once he figures it out then could do the same for any other encoded scripts run thru the online encoder, and as not many people have 200-300$ to throw around, theres a good chance that a number of scripts were encoded in this manner. Otherwise the cracker wouldn't have access to the same encoder with a custom license nor with the passphrase known. Also because of the nature of encoding with the stand alone encoder, someone couldn't couldn't make a license with their own copy even if they did own their own encoder license because the license generated wouldn't match the encoder signature on the encoded files produced by the other encoder copy.