Ioncube vs Zend Guard

kblessinggr · May 31, 2009

So just out of curiousity, can anyone explain to me why Zend Guard cost 600$ annually, yet seems to be more easily cracked, and yet Ioncube Encoder only cost 300$ one-time (with licensing ability) and yet seems to be much harder to crack than Zend.

Is there like some kind of special performance boost or seamlessness to the Zend method?

texic · Jun 1, 2009

I think the advantage is that Zend Guard works directly with Zend Optimizer.

Other than that it's more or a less just the fact that Zend is more well known. They assume people will look to them first for a solution when it comes to anything PHP.

The bottom line is, if someone wants your source bad enough, they will get it.

kblessinggr · Jun 1, 2009

texic said:
The bottom line is, if someone wants your source bad enough, they will get it.

True true, but I'd probably have to be charging a couple grands per license to make someone go thru the trouble of making their own hacked version of the zend optimizer or ioncube loader just to get it to decode on the fly.

In any case was looking at a couple others, such as the latest version of CodeLock... had that shit cracked in 10 seconds... pitiful especially considering they're charging nearly the same price as ioncube.

Webferret · Jun 1, 2009

I sent an ioncube encoded file to the chinky guy as a test, it came back 5 minutes later, totally unencrypted. Even the comments. Complete waste of fucking money. They KNOW this, yet still make out on that it's 'uncrackable'. Bullshitting bastards. Thieves, in fact.

kblessinggr · Jun 1, 2009

Webferret said:
I sent an ioncube encoded file to the chinky guy as a test, it came back 5 minutes later, totally unencrypted. Even the comments. Complete waste of fucking money. They KNOW this, yet still make out on that it's 'uncrackable'. Bullshitting bastards. Thieves, in fact.

Lemme ask you this though... how much do people have to pay to get ioncube de-coded, cuz I haven't found any free decoders like I did for older version of Zend and for CodeLock. Cuz I think I know the site you're talking about, but they look very scamish, charge like 200$ just to decode a script, and you're the only person I noticed having done a decoding when I did a search.

jhbalaji · Jun 1, 2009

kblessinggr said:
So just out of curiousity, can anyone explain to me why Zend Guard cost 600$ annually, yet seems to be more easily cracked, and yet Ioncube Encoder only cost 300$ one-time (with licensing ability) and yet seems to be much harder to crack than Zend.

Is there like some kind of special performance boost or seamlessness to the Zend method?

Everything made by humans are crackable mate....

Webferret · Jun 1, 2009

He did the sample for free. Can't remember what he wanted for real files, but it wasn't enough to make me go 'gosh, thats a barrier to entry'.

What really disappointed me about the ioncube guys (cos technically they obviously know their stuff) was that when I showed them proof their system was cracked, they immediately went from 'its probably a scam site' to 'oh yes, nothing is 100% secure'. They know their encoding is worthless, but deny it unless you give them proof, because.. thats all they have to sell.

kblessinggr · Jun 1, 2009

Webferret said:
He did the sample for free. Can't remember what he wanted for real files, but it wasn't enough to make me go 'gosh, thats a barrier to entry'.

What really disappointed me about the ioncube guys (cos technically they obviously know their stuff) was that when I showed them proof their system was cracked, they immediately went from 'its probably a scam site' to 'oh yes, nothing is 100% secure'. They know their encoding is worthless, but deny it unless you give them proof, because.. thats all they have to sell.

If it's the qinvent guy this was the per-file prices I saw:

1 file/15USD;
5 files/60USD;
10 files/100USD;
25 files/200USD;
more files: 8USD per file;

So basically, to decode kblinker for example, would cost you 200$ , not including the modified and encoded smarty template engine (though once the template was de-ioncubed you could just use the unmodified smarty template engine).

They don't have a garantee obviously, but I sent them a ticket with a link to the qinvent site, and asking them that while I understand they can't prevent every means of reverse engineering (hell thus far ioncube is the best out of all the bunch in regards to php encoders when you consider what you'd have to pay or go thru to get it decoded compared to zend, sourcegaurdian, codelock, etc, most of which have free stand alone programs to do it), but anywho asked them what could I probably do in the encoding process, such as throwing in my own passphrase or slight modification to throw off the mainstream automated decoding of the script...

... couple hours later I check on the ticket and I get:

No tickets were found for that email address.

Rage9 · Jun 1, 2009

No system is 100% secure. Never has been, never will be. Look at how many software developers try to encrypt their code. Shit can, will, and does get broken all the time.

PHP is no different. Never has been never will be.

The encryption helps curb, cracking / reverse engineering of an application. It also prevents the vast majority of users from jacking your code.

You'll never find a 100% secure, reverse proof system. Get a clue.

kblessinggr · Jun 1, 2009

Rage9 said:
You'll never find a 100% secure, reverse proof system. Get a clue.

I assume you're talking more to Webferret (as he's being extremely critical of the product as being a peice of shit cuz it got cracked like the rest, despite not as easily or cheaply as the rest) as I know that, and was mainly sending them a ticket as to 'possible' ways to curb the automated methods of decoding, since I assume thats what most would use if they do so on a regular basis. And just found it interesting how the support ticket just went *poof*.

Rage9 · Jun 1, 2009

kblessinggr said:
I assume you're talking more to Webferret (as he's being extremely critical of the product as being a peice of shit cuz it got cracked like the rest, despite not as easily or cheaply as the rest) as I know that, and was mainly sending them a ticket as to 'possible' ways to curb the automated methods of decoding, since I assume thats what most would use if they do so on a regular basis. And just found it interesting how the support ticket just went *poof*.

Your right it was aimed at Webferret.

As for your deal:
Do you blame them? Your asking THEM how to better protect your code.

I kinda see where your coming from, but it's not their problem. Another wasted ticket (from their viewpoint) IMHO.

Typically business are not going to go out of their way, spend their man power and money to help you like that.

They have a product, they're there to sell it, and support it. It'd be like if I went to a restaurant and asked them how I could take their burger and make a better burger than what they have. Yeah, they'll get right on it. That's how I see it.

Rage9 · Jun 1, 2009

And if you where wondering how to better protect your code use a php obfuscator.

They will typically:

Give long random names to variables.
Give long random names to function.
Strip comments.

At least then you stand the chance of some yahoo who gets your source going "is this PHP what's up with all these crazy variable names".

Not much else you can do.

kblessinggr · Jun 1, 2009

Rage9 said:
Your right it was aimed at Webferret.

As for your deal:
Do you blame them? Your asking THEM how to better protect your code.

I kinda see where your coming from, but it's not their problem. Another wasted ticket (from their viewpoint) IMHO.

Typically business are not going to go out of their way, spend their man power and money to help you like that.

They have a product, they're there to sell it, and support it. It'd be like if I went to a restaurant and asked them how I could take their burger and make a better burger than what they have. Yeah, they'll get right on it. That's how I see it.

A response would be warranted one way or another in my opinion, since they go out of their way to provide free patches and other freebie tools and such. And they have answered questions in the past pertaining to 'different' ways of doing things since the product has a number of settings you could use. So if there was a means, I would have expected some kind of a comment such as "look at such and such parameter in chapter 5 of the user manual".

So it didn't seem odd of me to ask , since I am not asking them to remake the program, but seeking advice as to pre-existing configurations and functionality they already provide in the product. Like for example would --binary be better than --ascii in this case? That kind of thing.

I expect any professional business to reply with a response, even if canned, otherwise it fuels the mind of the paranoid. And lord knows there's going to be plenty of paranoid freaks revolving around a product of that nature

.

My general feeling is that ioncube at the moment is the best possible detterant for PHP priacy. Primarily because those who would try to steal the script costing less than a thousand dollars, is 1) not going to bother to pay someone to decode it, especially if the price of the product itself is lower than the decoding fee. 2) Most people who would have the know-how to decode the script without a fully automated tool, is likely also able to easily write what I have to offer, and most who would need a few days to figure it out, don't really want to bother. and 3) In the last 3 or so years that I've searched for a pirated copy of zend or ioncube, I have only found automated solutions freely downloadible for zend, but not for ioncube.

So far as 'deterrents' go, ioncube seems to be the best at the moment, plus if nothing else offers a slight acceleration boost due to being in bytecode format .

kblessinggr · Jun 1, 2009

Rage9 said:
And if you where wondering how to better protect your code use a php obfuscator.

They will typically:

Give long random names to variables.

Give long random names to function.

Strip comments.

At least then you stand the chance of some yahoo who gets your source going "is this PHP what's up with all these crazy variable names".

Not much else you can do.

Basically you get that with ioncube on the stand alone version if you encode with the option "--obfuscate all" (basically gets it crazy looking like the javascript obfusication prior to the bytecode encoding) or one of the other three options for obfuscate. This is of course if you have already paid for the stand alone encoder. Otherwise the script I was using prior was PHP CryptZ from zorex.info (12$, cheap, some lil pitfalls in terms of distribution, but does what you mentioned as well, and can be annoying to some reverse engineers with the random level of zlib usage.)

erect · Jun 1, 2009

I've publicly distributed exactly 1 encrypted script in my lifetime and ended up going with a free solution that did a shoddy job.

My reasoning was simple .... anything is crackable. The only benefit to encoding is that it keeps the php noobs away from your code. That top 1% will be able to break anything you bring to the table ... but likely could have coded it themselves in a small amount of time.

Worrying about levels of encryption or paying hundreds for a solution that's simply not effective is a total waste of time and resources.

Rage9 · Jun 1, 2009

erect said:
I've publicly distributed exactly 1 encrypted script in my lifetime and ended up going with a free solution that did a shoddy job.

My reasoning was simple .... anything is crackable. The only benefit to encoding is that it keeps the php noobs away from your code. That top 1% will be able to break anything you bring to the table ... but likely could have coded it themselves in a small amount of time.

Worrying about levels of encryption or paying hundreds for a solution that's simply not effective is a total waste of time and resources.

I agree with you to a point. I think it's important to put at least some sort of protection between the end user and the code.

Although the amount of people that could do anything with your code for one, are very small, there are more people that could use it vs the people that are willing to jump through hoops getting it reverse engineered.

Although a coder worth half his beans will say "fuck it" anyways and just write it himself.

In the long run I feel the encryption pays for itself and then some.

Webferret · Jun 2, 2009

kblessinggr said:
I assume you're talking more to Webferret (as he's being extremely critical of the product as being a peice of shit cuz it got cracked like the rest, despite not as easily or cheaply as the rest) as I know that, and was mainly sending them a ticket as to 'possible' ways to curb the automated methods of decoding, since I assume thats what most would use if they do so on a regular basis. And just found it interesting how the support ticket just went *poof*.

as I keep saying, my main complaint is that it's cracked, obviously, BUT the sellers deny that (I have emails from them) UNTIL you show them proof then they're like ...'er what did u expect - anything can be cracked...'.

I'm not going to bother replying to this again - you fuckers obviously can't read simple english.

ayzo · Jun 2, 2009

As the others have said, nothing is secure but if you had to choose one so if nothing else you have an extra layer then ioncube would be your best bet. Still crackable, but by a lot less people. Everybody and their mother already has the ability to decrypt zend code (takes 3 minutes to find on google) by simply taking a php file and dragging it to a batch/exe file but this isn't the case with ioncube (yet).

Search

Search

Ioncube vs Zend Guard

kblessinggr

PedoBeard

texic

New member

kblessinggr

PedoBeard

Webferret

Banned

kblessinggr

PedoBeard

jhbalaji

.::King of Automation::.

Webferret

Banned

kblessinggr

PedoBeard

Rage9

Banned

kblessinggr

PedoBeard

Rage9

Banned

Rage9

Banned

kblessinggr

PedoBeard

kblessinggr

PedoBeard

erect

New member

Rage9

Banned

Webferret

Banned

ayzo

Like a boss