数秒内ioncube解密 [英] ioncube decryption in seconds

问题描述

我是php开发人员，目前正在搜索保护php代码的软件.我知道存在混淆器和编码器(以及两者)..但是似乎可以解密"使用某些软件编码的代码.

I'm a php developer and currently searching for software to protect php code. I know there exist obfuscators and encoders (and both).. but it seems that it's possible to "decrypt" code encoded with some software.

所以我的问题是..是否可以解密主要软件公司(zend，ioncube，sourceguardian)生产的源代码..为什么这些产品仍在市场上?

So my question is.. if it is possible to decrypt source code produced by major software companies (zend, ioncube, sourceguardian).. why that produts are still on market?

如果任何人都可以在几秒钟内(支付)解密所有内容，为什么这些软件继续销售?

Why these software continues to sell if anyone can (pay to) decrypt everything in seconds?

顺便说一句，我在ioncube论坛上问了这个，我的消息被删除了.

Btw, i asked this on ioncube forum and my message was.. deleted.

致谢.

推荐答案

答案简单地归结为:因为有愚蠢的笨蛋足以相信PHP可以被安全地编码"，就像有些人愚蠢的足以相信PHP一样.只需为应用程序输入序列号即可自动确保其安全性.

The answer simply reduces to: because there are dumbasses stupid enough to believe that PHP can be "securely encoded", the same way there are people stupid enough to believe that requiring a serial code for an application automatically makes it secure.

ionCube依赖于一个非常简单的实现-从头到尾进行XOR，这几乎不是安全措施".它作为虚拟机运行-除全面的反向工程外，还容易受到所有虚拟机侧信道攻击(此处为一个演示文稿:

ionCube relies on a pretty simplistic implementation - XOR from start to finish, which is hardly a "security measure". It runs as a VM - and is vulnerable to all VM side-channel attacks in addition to flat-out reverse engineering (one presentation here: https://media.blackhat.com/ad-12/Saher/bh-ad-12-stealing-from-thieves-Saher-slides.pdf ). Will ionCube say so? No. Why? Because it dissuades the large majority of script kiddies.

我对Sourceguardian并不熟悉，但是Zend是用相同的方式构建的，尽管它比ionCube更加安全，而且更难被击败.但是，尽管它们并非微不足道，但也并非没有可能.

I am not familiar with sourceguardian, but Zend is built in the same fashion, albeit a bit more secure and harder to beat than ionCube. However, whilst they're not trivial, they're not impossible to beat, either.

以下内容摘自Zend Guard页面:

The following is taken from the Zend Guard page:

编码是将PHP源代码转换为中间计算机可读格式的过程.这种格式对于人类来说很难阅读并转换回源代码.因此，它可以保护您的代码免于偶然浏览.这意味着，如果人们获得了对您网站代码的访问权，他们将无法将其用于非预期目的.

Encoding is a process where the PHP source code is converted to an intermediate machine readable format. This format is hard for humans to read and convert back to source code. As a result it protects your code from casual browsing. This means that if people obtain access to your site's code they will not be able to use that for unintended purposes.

换句话说，如果您的用户没有随意浏览，则此操作不会停止.我不了解您，但我不认识一个非开发人员，他们随意浏览源代码，却没有理解源代码的目的，并且经常破坏源代码.

In other words, if your user is not casually browsing, this will not hold up. I don't know about you, but I do not know a single non-dev who casually browses source code without the purpose of understanding it, and often, breaking it.

周围的每一个DRM方法都是一样的.但是，它们仍在市场上.为什么?因为尽管它们并不完美，但它们足以使大多数人信服.

The same thing is true of every single DRM method around. However, they're still on the market. Why? Because, whilst they are not perfect, they're good enough to dissuade the large majority of people.

此法则和最终解释是:如果您建造它，请期待它被打破并为此计划 .

The law and final word of this is: if you build it, expect it to be broken and plan for it.

这篇关于数秒内ioncube解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！