Person Threatening to Decode and Null My Script!

Well I am talking to someone on msn and they threatened to decode and Nullify my script. He said he is sending his "friend" my script to get it decoded and then he will null it. But my script is encoded in IonCube v6.5 in PHP5 so I am not so sure they can really decode it. The only thing is scripts such as WHMCS and x10 media's scripts have been posted on warez forums decoded and they all used Ioncube. If he really does decode and null my script and post it on warez forums what should I do? My Script is a licensing script and if its decoded and nulled I would possibly loose all my business and have hours of work to mean nothing.

 

well that person is not very nice, but does that mean the script will not work after its nulled?

 

No, It will still work and I will continue developing it even if it gets nulled. But by people using it illegally I will loose sales and have to be bothered hunting them done and complaining to their hosts.

 

Just worth mentioning that it's impossible to properly null WHMCS and actually use it.

 

It may be but my script isn't as complicated as WHMCS so if he does decode it I may be in trouble

 

Most people that use nulled scripts wouldn't have paid for it anyway. If anything its free publicity as more versions of your interface get out there for other potential clients to see, ones who would pay. If I were you I'd just relax.

 

I'll try to relax but I put a lot of work into my script and don't want people getting to use it free.

- Chris

 

and it will probaly decrease your sales a little but it wont kill them. There are a lot of people that want the benefits of a registred legit version like full support, instant access to updates and all other things that are needed if you run a serious business. It also gives them peace of mind.

You could demand all your customers to tell you what domains they use it on and regularly search google to find illegal installations. When you find someone using an illegal version of your software just report them to the webhost they are using and their accounts will most likely be shut down You should also report any website you find distributing copies of your script to the webhost they are using.

/Rob

 

I feel its an empty threat......

 

My script is a licensing script so I record the domain the script is licensed and the script is locked to that domain name. Now the only problem is if they decode it they could remove the "NXLicenser" text on the login page and change the design so I would have no way of knowing it is my script.

- Chris

 

This is worth restating.

Most of the users of nulled scripts would not have paid for them. Also, they are putting themselves at risk if they use the script on any decent website as you could find them and check to make sure they have a license to use your script on their site.

If you beef up your customer service, updates or support for paying customers you are building in a strong incentive for people to actually pay for your script, even if they initially use the nulled copy.

 

So did I at first but If its true....I don't know what I will do

 

That is true but im just tossing out ideas... depends on how carefull they are. Try inserting a sneaky innocent iframe that you obfuscate before encrypting/protecting so they cant do a quick search for call home functions after having nulled it (Make them work for it and having to check every line of your code 5 times to be sure). Then check your weblogs regularly in case they missed it or where to lazy to tripple check.

Also make sure the iframe is not called if they run the script from localhost since most hackers probably check scripts for call home functions and probably cracks them on their local test environment just like we develop on our local test environment.

But as I said it is something we all have to live with... Personally I just consider it part of doing business online.

 

There is nothing much you can do about this except doing something sneaky to protect your script. Add some looping code or something to prove that it's yours or something.

 

Thanks, I will try that in my next version.

- Chris

 

Also think about scripts you have been assigned fixing up that some other programmer has coded and are so unstructured, badly named and hard to follow the logic in that its almost impossible to figure them out... It a kind of natural obfuscation that goes against everything we were taught in school but... something a hacker cant automatically crack with software and have to spend a lot of time working out.

You could also use many different obfuscation methods for you call home functions and maybe even use many different types of call home functions that are placed a little here and there to make it as hard as possible and increase the chance of them missing it.

 

In my opinion people who download nulled versions of scripts wouldn't purchase the script even if they couldn't download it.

 

Why he want to null your script?
Are you doing something bad against him at the first place?

 

No. He is one of those "warez lovers" that thinks scripts/software should all be free and that I am a capitalist he says because I sell scripts for money.

- Chris

 

don't worry about it; nulled scripts are usually done by scriptkiddies and usually they don't work or don't completely work.
there is no way to protect from it if you sell a script. but you can use the tools they use and code your software so it gives back very weird code or even throw errors.

Use an obfuscator before encoding like this; http://www.110mb.com/forum/empty-t34712.0.html

It'll be possible to decompile and nullify but it might have serious bugs because of the decompiling (like whmcs) and people have no support. So any serious clients won't do it that way and as people already said; people copying it won't buy anyway.