As an example, someone provided this link on the
PHP Obfuscator and I'm
just quoting what it says it does:

"POBS replaces user-defined (NOT predefined)
functions, constants and variables with a MD5 key
of 8 characters ... The first letter of the new
functionname is a "F", of a variable a "V" and of
a constant a "C".

The function with name MakeImageHtml is replaced
by Fee2c1bdc
The variable $ImgText is replaced by $V1d9d94a6
The constant USERDIR is replaced by C389a367e"

It also concatenate lines and remove comments and
indents and so yeah you could spend your time
hunting down the killswitch and the 10 other
backdoors I put in the prog but what do you end up
with?  A working app that no coder would even want
to maintain or touch.  And the good thing is the
longer the guy that stiffed you uses the app, the
more screwed they will be.

-----Original Message-----
From: Miguel Cruz [mailto:[EMAIL PROTECTED]]
Sent: May 13, 2002 10:13 PM
Subject: RE: [PHP] Genus who came up with "Self
Destruct Code" & "Copy
Pro tection"

Well, I promise you that I can re-activate any
solely PHP-based
remote killswitch in a matter of minutes - maybe
hours if the person was
really good. It's just too easy when you have the
source code for the

Likewise the only truly effective PHP encoder
would be one that created
confusion by scrambling all the variable names to
be names of my former
girlfriends. Anything else is just like working
with bad code from a
contractor or junior employee - run it through the
prettyprinter, open up
a Dr. Pepper, and "be the PHP interpreter" for a

Coming up with robust code protection is a very
very challenging task. You
spend a long time working out a scheme, then
someone figures it out, and
you have to start over again - everything
"protected" by your previous
scheme is now out in the open.

Much better to focus on the legal side of it. If
you really don't think
you're going to be able to police the use of your
code, to a degree that
piracy is going to cost you more than your time is
worth, you should be
looking for a new set of clients.


On Mon, 13 May 2002, SP wrote:
> Everyone is arguing that these encoders can be
> cracked.  Does anyone know of one, have you done
> it yourself?  How long did it take?  I mean I'm
> not going to leave my door unlocked cuz someone
> can pick it open.
> -----Original Message-----
> From: Miguel Cruz [mailto:[EMAIL PROTECTED]]
> Sent: May 13, 2002 3:29 PM
> To: Udo Giacomozzi
> Subject: Re: [PHP] Genus who came up with "Self
> Destruct Code" & "Copy
> Pro tection"
> On 13 May 2002, Udo Giacomozzi wrote:
> > If the whole thing is designed the right way.
> > A copy protection I like for example are
> dongles. Ok, they are not
> > applicable to PHP and aren't 100% secure
> [don't want to start a
> > discussion about this now]. But this system
> makes no problems for the
> > people that have the dongle.
> >
> > That was why first came up with this question.
> As a PHP beginner I wanted
> > to know if there are elegant ways to make a
> acceptable copy protection.
> >
> > There seem to be only 3 possibilities:
> > - zend encoder
> > - a code obfuscator like POBS
> > - encrypting the source code and then
> it in realtime
> All of these have weaknesses. And therefore the
> whole exercise is moot. It
> only takes one person with some free time to
> your protection
> scheme, and then the cat's out of the bag. Once
> has been broken, it
> will spread and then it won't matter how complex
> your scheme was.
> I really doubt there is any software out there
> that isn't being traded by
> high-school kids, even if they have no idea what
> it's for. The only
> exceptions would be something so arcane and
> obscure that nobody ever had
> an interest in cracking it.
> miguel
> --
> PHP General Mailing List (
> To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to