Login/Register
Decode a PHP encoded with 'zend guard'
Asked Answered
Solved phpencryptionzend-optimizerzend-guard
O

2

18

We have a website maintained by an old employee and it appears it's encoded by Zend Guard including all backups.

I know a little about Zend Optimizer, but never considered it for source protection as I know in the end the bytecode will need to be decoded for the interpreter, and was sure people easily decode optimized files using some software.

Now I need to decode some files and I can't find anything but some 'paid services'. We have the ownership of the code and are locked out now for any changes and debugging. How can I decode our files back?

Ostentation answered 28/11, 2010 at 17:24 Comment(2)
Most likely you just want to get your hands on some protected code. If it was really yours, you'd have a source too.Microwave
@Col. Shrapnel : Yes; it is a protected code, is ours, and is the only 'source' we have. The point is we didn't officially encode it, it's done by an old employee, maybe with a bad intention -keeping the code to himself-, so it's what we have as the source; the php files in the site directory.Ostentation
A
11

The entire point of the very expensive software tool Zend Guard is to encrypt code so that it can not be decoded. That is the point.

If obfuscation is not on, then there is a possibility that you may be able to get a professional to get the code back, less comments and formatting by means of hacking the code engine. If obfuscation is on, then it's easier to rewrite it to be honest.

Have a read of this article from the Zend site, I know it is a biased source but they are right: http://forums.zend.com/viewtopic.php?f=57&t=2242

Amias answered 28/11, 2010 at 17:31 Comment(3)
Thanks Orbling, good answer. Formatting and documentation is not a problem. So I'll try a paid service and if they can't, I'll consider the product as a reliable way to sell closed source PHP for future projects; we never entered that market because we thought it would be easy to decode. The funny thing is when I was researching methods to hide ms-sql code and PHP code, I got a lot of replies from people like "you don't need to, license agreements are there to protect you", "that's evil, why do you need to hide your code?", "you can't".. meh.. =)Ostentation
@SuperDuck The company I was at previously had a policy of always encrypting the central core libraries of PHP websites we developed. The company had major libraries, mainly developed by myself, that provided APIs for all manner of backend functionality - this was deemed company intellectual property and was only licensed to clients for use with the website we developed for them. If they did not host with us directly, then that low-level API section of the code was encrypted and bound to domain. The rest of the site superstructure left unencrypted so changes could be made.Amias
@SuperDuck We thought that a fair compromise for bespoke work, as no individual client could have ever afforded the cost of the entire library development, that was an ongoing concern.Amias
A
14

Free tools all over the place can do this now:

http://www.showmycode.com/

Airt answered 29/12, 2010 at 13:40 Comment(2)
Aren't there dangers of using such tools, if at all they work?Allhallows
This website is not working anymore.Sleight
A
11

The entire point of the very expensive software tool Zend Guard is to encrypt code so that it can not be decoded. That is the point.

If obfuscation is not on, then there is a possibility that you may be able to get a professional to get the code back, less comments and formatting by means of hacking the code engine. If obfuscation is on, then it's easier to rewrite it to be honest.

Have a read of this article from the Zend site, I know it is a biased source but they are right: http://forums.zend.com/viewtopic.php?f=57&t=2242

Amias answered 28/11, 2010 at 17:31 Comment(3)
Thanks Orbling, good answer. Formatting and documentation is not a problem. So I'll try a paid service and if they can't, I'll consider the product as a reliable way to sell closed source PHP for future projects; we never entered that market because we thought it would be easy to decode. The funny thing is when I was researching methods to hide ms-sql code and PHP code, I got a lot of replies from people like "you don't need to, license agreements are there to protect you", "that's evil, why do you need to hide your code?", "you can't".. meh.. =)Ostentation
@SuperDuck The company I was at previously had a policy of always encrypting the central core libraries of PHP websites we developed. The company had major libraries, mainly developed by myself, that provided APIs for all manner of backend functionality - this was deemed company intellectual property and was only licensed to clients for use with the website we developed for them. If they did not host with us directly, then that low-level API section of the code was encrypted and bound to domain. The rest of the site superstructure left unencrypted so changes could be made.Amias
@SuperDuck We thought that a fair compromise for bespoke work, as no individual client could have ever afforded the cost of the entire library development, that was an ongoing concern.Amias

© 2022 - 2024 — McMap. All rights reserved.