Full Disclosure: Re: Ioncube Encoded PHP Files

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Ioncube Encoded PHP Files

From: Joachim Schipper <j.schipper () math uu nl>
Date: Wed, 21 Dec 2005 13:51:14 +0100

On Wed, Dec 21, 2005 at 10:57:37PM +1100, mz4ph0d () gmail com wrote:

Hi All,

Just wondering, can anyone here speak to the level of security
afforded by Ioncube encoded PHP files? Has anyone here broken the
encryption or otherwise gained access to initially Ioncube encoded
source files? Thanks!

Ioncube: <http://www.ioncube.com>


Pretty much any source code encoding scheme can be defeated, given
enough work. The point is in making sure that it is too much work to do
so.

Though I wonder what the point is - it's not likely to be all that hard
to run the code on another system. The main point seems to be to prevent
administrators from making local changes, and I must admit to not seeing
a problem with people who have bought the software doing that.

                Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Ioncube Encoded PHP Files mz4ph0d (Dec 21)
- Re: Ioncube Encoded PHP Files Joachim Schipper (Dec 21)
  - Re: Ioncube Encoded PHP Files mz4ph0d (Dec 21)
    - Re: Ioncube Encoded PHP Files Joachim Schipper (Dec 21)
  - Re: Ioncube Encoded PHP Files Valdis . Kletnieks (Dec 21)
    - Re: Ioncube Encoded PHP Files Joachim Schipper (Dec 22)
- Re: Ioncube Encoded PHP Files Stefan Esser (Dec 21)