[How To Decode Php Files That Encoded By Zend Encoder Software
Christal Rasband
I am trying to run php files on localhost, the php files are encoded with zend, which I am actually not sure why and what purpose does it have. I get the message that to run the files you should download Zend optimizer.
You cannot run the code without a decoder but the decoders are usually free and installation instructions are provided with the decoder. However, the provider of the php files may have included a license key because they expect you pay a license fee. When you don't have a license key you won't be able to run the encoded files. You cannot make any changes to a file because the integrity of the encoded files is verified at runtime. You don't have to make any changes to your existing php files, unless they are encoded with another provider. You can run encoded and plain php files side by side.
If your php files have been encoded with Zend Guard you will need a decoder from Zend. For PHP up to version 5.2.x you will need "Zend Optimizer" and for 5.3.x "Zend Guard Loader". Both decoders are available for free by Zend and just a single module file you need to have on your server and include the path in your php configuration file (usually php.ini).
Encoding source files is usually done to protect the intellectual property of the code, i.e. nobody can just copy/paste (steal) parts of it. In many cases these applications are also sold and require a license key. In that case somewhere in the php files is the license key hidden and the proper key required to actually run the application. There is maybe also a performance boost because the code is basically pre-compiled.
Yes you can.But there are some conditions.If PHP < 5.3 then you need to zend guard for decode and zend optimizer for encode.If PHP >= 5.3 then you need to zend guard for decode and zend guard loader for encode.Only zend optimizer is free and you can download all of them in zend formal website.There are 2 versions for download.a zip version and a standalone installation version.
I know I am using the correct php, because on the site it says, that the requirement is php 5.2.1 OR NEWER. Xampp 1.7.1 has php 5.2.9 and zend optimizer 3.3.3 shipped with it, as you can see on this screenshot, that I took from phpinfo.
Zend Optimizer is the predecessor of Zend Guard Loader. The last version of Zend Optimizer was made to support php 5.2. Php 5.3, and higher versions, do NOT support zend optimizer anymore, and you should install Zend Guard Loader. Xampp v 1.7.1 is the last version to support Zend Optimizer (v3.3.3) as it has php 5.2.9. On the other hand, Xampp v 1.7.2 is using php 5.3.0 and, you guessed it, it does not come with zend opzimiter.
First I tried with Xampp v. 1.7.1, because it had Zend optimizer 3.3.3, with php 5.2 prepacked. I tried to run it, but it produced the error that is written in the title above. So from the error above, you can not really know, what kind of zend loader you need. After intensive googling I came to realize, that I need Zend Guard Loader, in order to test the cms with different versions. So, I decided to try to install php nts. There's a step by step tutorial on how to install a different php version on xampp.I downloaded php 5.5 nts from this PHP archive and followed the tutorial, I mentioned before. I also backed up the php folder, that was already installed, just in case.. you know. Copied the new php folder inside the xampp folder and changed the name to just 'php', so that xampp interprets it correctly. There was also some other stuff I did in the apache folder (I added FastCGI mod_fcgid module and configured the httpd-xampp.conf file) as in the tutorial mentioned. Then, after setting up the php and testing it with phpinfo, I downloaded zend guard loader 7.0.0 for php 5.5 from here: zend guard loader.I started xampp and it showed the same error but a little different:
This is progress because it tells me that it needs Zend Guard Loader that has Zend Encoder ID 4. It's showing 6, because I had installed Zend Guard Loader 7.0.0 for php 5.5, which has Zend Encoder ID 6. There is a table that shows what php supports which zend guard loader and encoder ID (be aware that in the table Zend Encoder ID 4 requires Zend Guard version 5.5 and NOT version 6). From here on it was simple. The CMS wanted zend guard loader 5.5, that supports zend encoder ID 4 and uses php 5.3. I downloaded php 5.3, downloaded zend guard loader 5.5 and that made it work!
I know a little about Zend Optimizer, but never considered it for source protection as I know in the end the bytecode will need to be decoded for the interpreter, and was sure people easily decode optimized files using some software.
Now I need to decode some files and I can't find anything but some 'paid services'. We have the ownership of the code and are locked out now for any changes and debugging. How can I decode our files back?
If obfuscation is not on, then there is a possibility that you may be able to get a professional to get the code back, less comments and formatting by means of hacking the code engine. If obfuscation is on, then it's easier to rewrite it to be honest.
Yesterday I received a couple of files encoded with an unknown encoder for me, it didnt require any php modification or extension install, so I tough that it would be easy to break it, because at some point the code must be evaluated, so after I opened the zip file, I noticed a folder called scopbin, that contained only 1 php file named 911006.php, the two encoded files were including this file so I assumed that this is were the decryption logic had to be.
I was exhausted by a long working day, and when I got this files and saw that they were encrypted I placed them in my laptop for later analysis. This analysis was done the next day, I didnt research the encoding process, or did anything that give me some pointers, I just started playing around with the code to see how far I could get.
this function receives the name of the executing file (test.php in my case), read its content in an array, then glues all lines to create a 1 line string, without any new lines, then this result is passed to the following function:
You can prevent external code tampering by using obfuscation in Zend Server. It converts tags and names in code files into cryptic names. As a result, external parties will not be able to easily understand your code, yet your applications will run successfully.
You worked hard to develop your code. Now you need to protect it. Zend Guard's powerful encoding and obfuscation technologies prevent reverse engineering, copyright infringement, and unauthorized modification of your code.
Encoding is a process where the PHP source code is converted to an intermediate machine readable format, just like PHP encryption. This format is hard for humans to read and convert back to source code. As a result it protects your code from casual browsing. This means that if people obtain access to your site's code they will not be able to use that for unintended purposes.
Obfuscation is a process where the code is intentionally made very hard to read as source code or as reverse engineered code. This obfuscation is designed to manage risks that stem from unauthorized access to source code. These risks include loss of intellectual property, ease of probing for application vulnerabilities and loss of revenue that can result when applications are reverse engineered, modified to circumvent licensing and then recompiled. Although reverse engineering always existed in computer software, it is especially important for in computing environments such as PHP which take advantage of dynamic processing of language elements rather than code which has been compiled into machine language before being deployed.
Zend Guard's licensing capabilities allow Independent Software Vendors to create a variety of licensing policies for their commercial PHP applications. The product supports most commonly used licensing models such as concurrent users, time limited, segment of network, or server specific licensing. These capabilities allow vendors to maximize their revenue by preventing unauthorized use.
Compiles and converts the plain-text PHP scripts into a platform-independent binary format known as a 'Zend Intermediate Code' file. These encoded binary files can then be distributed instead of the plain text PHP protecting your hard programming efforts. Benefits of using this PHP encrypt process:
The license file, deployed along with the encoded PHP, is validated at runtime. Licenses can be easily modified or renewed, without the need to deploy new software. Vendors can pick-and-choose from a variety of flexible licensing models:
ionCube: Actually never cracked, though Russian hackers did try (and gave up) in a 3rd party competition that we endorsed. Highly secure. Uses optimised bytecodes, algorithms hidden with obfuscation technques in the Loader, closed source decoder and execution engine, custom bytecodes etc.
Zend: Never substantially cracked. Highly secure, also uses optimised bytecodes and closed source execution engine. Loader (Zend Optimiser) not obfuscated, and encoding techniques more easily exposed (contrast running strings on the ZO and ionCube binaries), but not necessarily a weakness and may not ultimately help a hacker.
Not true, I have personally seen code encrypted by ioncube decoded, it is very possible but takes HUGE amounts of time and mathmatical knowledge. I knew the creator of the original sourceguardian decrypter but I am interested to know who the Russian hackers in your competition?
795a8134c1