SourceCop: Encrypt, NOT
If you are thinking that by using this software your code will be secure, continue reading.
To make a story short, I had in my hands a piece of code that I wanted to study more since I liked it. Not to my surprise, the code was all encrypted. Here is a little piece of it:
if(!functionexists(’findsysfolder’)){function findsysfolder($fld){$fld1=dirname($fld);$fld=$fld1.’/scopbin’;clearstatcache();if(!isdir($fld))return findsysfolder($fld1);else return $fld;}}require_once(findsysfolder(FILE).’/911006.php’);
Being a developer that sells scripts, I totally understand the reasons behind encrypting your code but when you do it, do it right.
After digging for less than a minute in the files, I realized that all the decryption functions where there, just written in an awful way, to make it seem all encrypted. Here’s an example:
function A4540acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){return $Xew6e79316561733d64abdf00f8e8ae48;}
You guessed it right. This function does nothing, there is no point of having it. The file has like 6 of those in the most stupid attempt to lure someone trying to decrypt the code.
Only one function in all that file is necessary and all it requires is to make it more readable, changing the silly function and parameters names to something better than a list of characters.
function y0666f0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){$x0b43c25ccf2340e23492d4d3141479dc='';$x71510c08e23d2083eda280afa650b045=0;$x16754c94f2e48aae0d6f34280507be58=strlen($x897356954c2cd3d41b221e3f24f99bba);$x7a86c157ee9713c34fbd7a1ee40f0c5a=hexdec('&H'.substr($x276e79316561733d64abdf00f8e8ae48,0,2));for($x1b90e1035d4d268e0d8b1377f3dc85a2=2;$x1b90e1035d4d268e0d8b1377f3dc85a2<strlen($x276e79316561733d64abdf00f8e8ae48);$x1b90e1035d4d268e0d8b1377f3dc85a2+=2){$xe594cc261a3b25a9c99ec79da9c91ba5=hexdec(trim(substr($x276e79316561733d64abdf00f8e8ae48, 2)));$x71510c08e23d2083eda280afa650b045="(($x71510c08e23d2083eda280afa650b045<$x16754c94f2e48aae0d6f34280507be58)?$x71510c08e23d2083eda280afa650b045" 1:1);$xab6389e47b1edcf1a5267d9cfb513ce5="$xe594cc261a3b25a9c99ec79da9c91ba5"><=$x7a86c157ee9713c34fbd7a1ee40f0c5a)$xab6389e47b1edcf1a5267d9cfb513ce5=255+$xab6389e47b1edcf1a5267d9cfb513ce5-$x7a86c157ee9713c34fbd7a1ee40f0c5a;else $xab6389e47b1edcf1a5267d9cfb513ce5=$xab6389e47b1edcf1a5267d9cfb513ce5-$x7a86c157ee9713c34fbd7a1ee40f0c5a;$x0b43c25ccf2340e23492d4d3141479dc=$x0b43c25ccf2340e23492d4d3141479dc.chr($xab6389e47b1edcf1a5267d9cfb513ce5);$x7a86c157ee9713c34fbd7a1ee40f0c5a=$xe594cc261a3b25a9c99ec79da9c91ba5;} return $x0b43c25ccf2340e23492d4d3141479dc;}</strlen($x276e79316561733d64abdf00f8e8ae48);$x1b90e1035d4d268e0d8b1377f3dc85a2+=2){$xe594cc261a3b25a9c99ec79da9c91ba5=hexdec(trim(substr($x276e79316561733d64abdf00f8e8ae48,>
10 minutes later, I had the full source code for each file I was interested in.
Bottom line is, if you want to protect your work, spend a bit more than $40 (price of SourceCop when writing this post), because those are a waste and you are better of not spending them then.
Trackbacks
Use this link to trackback from your own site.
but you can’t read the code right when it encrypted
allen: not when it’s encrypted, but like I say in my post, in less than 10 minutes, you can have all the files decrypted.
Simplifying the task is so.
function y0666f0acdeed38d4cd9084ade1739498($a,$b) { $z=”; $c=0; $d=strlen($a); $g=hexdec(’&H’.substr($b,0,2)); for($e=2;$e
Simplifying the task is so.
function y0666f0acdeed38d4cd9084ade1739498($a,$b) { $z=''; $c=0; $d=strlen($a); $g=hexdec('&H'.substr($b,0,2)); for($e=2;$e But as I can see the source or modify the key?I see…
[Being a developer that sells scripts, I totally understand the reasons behind encrypting your code but when you do it, do it right.]