Encoding a SC8 generated project with Ioncube or SourceGuardian

Hi 2 All

I must develop an intranet system and it looks like SC8 can be a good choice, but I must protect the source codes; Anyone have experience encoding it using Ioncube or SourceGuardian products?; Any advice will be really helpful.

Thx in adv.
Hugo

[QUOTE=Hugo;39321]Hi 2 All

I must develop an intranet system and it looks like SC8 can be a good choice, but I must protect the source codes; Anyone have experience encoding it using Ioncube or SourceGuardian products?; Any advice will be really helpful.

Thx in adv.
Hugo[/QUOTE]

I don’t have personal experience, but I have heard that the encoders from Zend and Nusphere seems to work well, so I expect -as the code is all php- that your products should work fine. But the taste is the proof of the pudding. I would simply try.

[QUOTE=Hugo;39321]Hi 2 All

I must develop an intranet system and it looks like SC8 can be a good choice, but I must protect the source codes; Anyone have experience encoding it using Ioncube or SourceGuardian products?; Any advice will be really helpful.

Thx in adv.
Hugo[/QUOTE]

I’ve done with Ioncube before and it worked IF AND ONLY IF some folders in _lib were excluded. I was paying for support then but I don’t recall getting too far getting to the root cause. Can’t remember the exact folders right now but you can experiment by first leaving all _lib sub folders open and progressively encrypting and retesting the app. Might be cumbersome but at least the core logic you want to protect is not in _lib.

_lib is the prod environment. Why you want to encode it?

Good question! :wink:

i use sourceguardian works fine, but should not be cript the dir _lib ,i have my server vps linux www.androidintheworld.it and install loader http://www.sourceguardian.com/loaders.html

Thx. 2 all for the answers. Reading about the subject in the net it looks that is possible to break the encryption protection, although the info seems 2-3 years backward; Anybody have information about the actual situation of it?; I was also thinking to put some of the bussines logic using C/C++ in an extension and load/call it from php (maybe like a COM object), it will not prevent the copy of the system, but it will be more difficult to modify it.

Hugo

zend encoder and sourguardian and so are tough to crack. In the end the generated code is tagged as crypted and is unencrypted by the php dll that has to be added in the deployment.
Since ‘compiled’ php is bytecode (what zend and ioncube do, after which they also encrypt it) you will not get the original code back. It is obfuscated, byte encoded and encrypted.
Even a C program can be reverse engineered, in fact that is a LOT easier then reversing encoded protected php.
Anyway one thing you can do is make a php extension, that avoids registering a com file upon installation.
Alternatively you could maybe use winbinder also…

One last question :slight_smile: ; Does sourceguardian supports obfuscation (mangled variable / functions names)? I’am reading their website but no full clear.

Thx for the info.