Is there any good cheap or free encoders available? I am going to start by just using a base64 encode with a string deflate and inflate to try and crop it down a bit. but any decent php developer will easily be able to decode that. I dont have the money to spend a lot of money on buying one of the major ones ans was wondering if anyone has any ideas on how I would best encode 1 API page of my script. Dan
My biggest problem with encoders is the fact that any decent ones require server side extensions loaded. Now, that's all well and good for if you're running the script yourself on a host that you selected, but when selling a product (hey, why else would you want to encode?) you don't want to have the problems of your clients not being able to run it because *their* host isn't as accommodating... Instead, I rely on obfuscators. Yes, I know this doesn't do everything the encoders do but I have libraries of PHP code that do the rest of the important stuff for me (eg. licence management). I know this isn't perfectly safe, but for what I consider the problems of making sure your clients' hosts support your chosen encoder, I think it's a good trade off. Anyway... I played around with a fair amount of the obfuscators out there and ended up settling on a program call PHPCodeBuster from http://www.phpclasses.org/browse/package/2610.html . Unlike a lot of obfuscators out there that try and parse your PHP for you, PCB uses the actual PHP tokeniser to do most of the work. That is to say, it passes your files in to PHP which returns the file in arrays of data about how PHP itself would interpret that file. Needless to say, it's a lot quicker, easier and more accurate than the "see if we can reimplement the PHP parser ourselves" approach. I've changed the PCB code itself quite significantly so that instead of it being an all or nothing approach, you can use settings to say, for example, "don't obfuscate any function that matches 'db_*'". These settings can apply to functions, classes, variables and constants. The beauty of this is that if you are including a library of code, you can basically choose to obfuscate your code without the need to obfuscate the entire library you're using. Also, with the changes that I made, it's one of very few (if any?) obfuscators that I know of that let you obfuscate constants. I've submitted my changes back to the original developer for including all of these changes in the main branch but it will take a while for it all to get merged. If anyone is interested in it, let me know: I plan on uploading it to my website eventually, but if there's interest in it I can make some time soon to do it...
I own a copy of the zend encoder and license generator. If you want for a small fee ill encode your code and send to u. Zend is one of the best I think personally and since maximum servers support it, its my choice.
in the end I just used a base64 and deflated string and then obsfucated the code, it isnt impossible to break but I worte the code and wouldn't want to even start decoding.
hey, how did you obfuscate the code? can you please tell me? im also looking for an ioncube encoder..
Well if you're looking for a free php encoder you may want to try: www.freephpencoder.com It's not as secure as bytecode encoding, but it gets the job done, and it utilizes Zen's engine partially. Would be a cool tool to checkout.
Does it work for the latest Zend versions? Would suck if such decoders exist. They're charging us over 900 USD to 'protect' our stuff
Yes, theres a free decoder out to decode every version of Zend Guard. The $900 is complete waste of money. - Chris