My Ioncube Encoded Script was Decoded

Portal Home > Knowledgebase > Articles Database > My Ioncube Encoded Script was Decoded

Posted by Unlimited Hoster, 08-28-2008, 12:10 PM
Well I have used Ioncube PHP Encoder on my scripts since last December and never had my scripts decoded/pirated until now. I talked to this guy on msn who claimed he decoded my PHP Licensing system and then he sent me my functions file decoded which was encoded in the latest version of Ioncube in PHP5! When I told Ioncube about this in a support ticket at their site they claimed its not their fault and and they would not refund my money. I only wanted a refund because if people can decode my script then their product is useless to me and a waste of money. What should I do now? Should I use another encoder such as SourceGuardian 7.0?
Posted by Jamie Edwards, 08-28-2008, 12:18 PM
I am afraid that this is always the case with all encoders; not too long after a new encoder is released, the decoders ('crackers') are successful in decoding it. However, how easy the code is to read after it has been decoded varies from encoder to encoder. For example, some encoders will obfuscate the code for you ('mess it around' so that it still works but is very hard to read once decoded), some will compile the PHP code down to the engine opcodes (which is what Zend Engine actually executes after PHP code has been interpreted). I believe that Zend Optimizer (encoder) does this. From what I understand, PHP code will execute faster when encoded with Zend Optimizer because the PHP code has already been interpreted and just needs to be executed directly (do not quote me on this, though - I may be wrong or out-of-date). These varying degrees of obfuscation make it harder to decipher and alter a PHP application, but does not make it impossible for someone with time. Good luck
Posted by Unlimited Hoster, 08-28-2008, 12:34 PM
Well Ioncube has been pretty good its been 2-3 years since they released v6.5 and it has been cracked just now. But after looking around for a while I have yet to see SourceGuardian be cracked. But what should I do if this person releases my script on warez boards/torrent sites? I know i will loose all my sales and i barely have any to start with
Posted by Jamie Edwards, 08-28-2008, 12:45 PM
I am afraid that software piracy is a fact of life; you need to balance time between continuing to sell your software and combat piracy (finding the distributing sites, issuing DMCA notices to their hosts, keeping your encoder up to date and so on).
Posted by Unlimited Hoster, 08-28-2008, 01:14 PM
That sucks. It took me a 1+ months of hard work to code my script and its all going to waste because of some loser who has nothing better to do then pirate others work
Posted by ST-Aristotles, 08-30-2008, 06:50 AM
well, if the the idiot used his own msn account, sue him.
Posted by plumsauce, 08-30-2008, 07:27 AM
People pirate Microsoft products all the time. They haven't gone out of business. There are people who want the official version with the official support. You can always add feature, improve the product and then use a better protection product. That way they can pirate the inferior version, spread the word, and jump your sales up. Anyways, a month is a drop in the bucket for writing software. For some projects it takes that long just to sketch out the raw skeleton. And the final ray of hope is that while the guy claimed he could do it, and apparently proved it to your satisfaction, he did not necessarily do it with the intent of spreading it around. He may just have done it as a challenge.
Posted by Jamie Edwards, 08-30-2008, 11:34 AM
Indeed, and in the case of Microsoft they have benefited from Microsoft in a sense. More people getting 'tied into' the products and the Microsoft way (Windows, Office) and so on, the better. The more people absorbed and self-trained into one system, the better. The figures used by software companies and the record industry when they announce how much money they have lost to piracy are skewed, and do not paint the true picture. The figures they come up with assume that every pirate would go out and buy a copy if they couldn't pirate the media - which is wrong. People have pirated music collections spanning gigabytes; there is no way they would buy all of that collection if their source of pirate media disappeared. The majority would just go without, or would find a free or cheaper alternative. So to an extent in this sense, this is where Microsoft would prefer people (typically young or students) to pirate their software (or buy it for very little) rather than not use it at all, or use an alternative. Last edited by P-nut; 08-30-2008 at 12:06 PM.
Posted by amex, 09-01-2008, 10:45 AM
Hence: The Ultimate Steal
Posted by aradapilot, 09-02-2008, 12:55 PM
Yes, because they won't even make that $60 if someone discovers a free competitor like openoffice. Or worse for them, if someone does not buy windows, pirating windows is still better for microsoft than say, buying Mac OS, as the second option sends money to a direct competitor.
Posted by Czaries, 09-02-2008, 07:33 PM
So your script was decoded... so what? Don't worry about it. Ioncube is widely regarded as the most secure encryption method, but of course nothing can ever be 100% secure. Don't let this bother you. Your PHP code isn't so golden and cherished that it absolutely cannot get out to anyone. Just protect it the best you can, and don't worry about the people who do try to decode it. It's not worth shortening your life stressing over things you can't control. Just accept the fact that nothing you ever do will be 100% secure, and move on. It happens.
Posted by jt2377, 09-03-2008, 12:37 AM
That's like saying why steal Lexus when you can get a Ford focus for free. There is a reason why people steal Windows/Office and 100% of the time it is because Linux/OpenOffice isn't up to par as desktop/office suite compare to Windows for them. Why use some software that doesn't work well. when they can grab a priated copy of software that work for them.
Posted by wizzer, 09-03-2008, 02:01 AM
Not really. It's because they just don't enough know about OpenOffice, which does what 99% of people will ever need.
Posted by Xeentech, 09-03-2008, 08:07 AM
I for one (and a lot of people I've talked to about it) prefer OO.o over Office. For me it's the fact that it's F/OSS and extendible via Java, but for others, including people that couldn't care less if they pirate, they prefer the OO.o GUI. This is especially true now Microsoft have brought out that ribbon based GUI layout. Personally I like the ribbon GUI and it's good to see MS doing something a little outside their comfort zone of MS Office 97-esk GUIs. Now they just need to make Windows Mobile "finger friendly"
Posted by phpa, 09-03-2008, 09:00 AM
Exactly. Particularly if a purchase is business related, people who are quite happy to pay for a product if they like it and who see value in both the product and associated resources aren't then likely to waste time and money trying to find a hacked copy that 1) may not be up to date, 2) has no official support, 3) has no route to upgrades or bug fixes plus any other product benefits, 4) may contain trojans, 5) carries the risk of exposure as a criminal from within (e.g. other (ex)employees) or by external detection. In contrast, people looking for hacked copies tend to have no intention of purchasing hence their motivation in the first place to look for stolen code. Another concern that people may have with regards to code being stolen is that the code may then be used in someone else's product. Although it could happen, it can be hard in practice to shoehorn someone else's code into an existing codebase as there would often be many mismatches of design to make this infeasible. If obfuscation has been used to change names of some elements then this can further complicate any such integration effort. Stealing code also creates a risk of discovery, perhaps by similar methods used to steal code in the first place, and in general is foolhardy. In an example from recent times and as part of the Sony rootkit scandal, reverse engineering of compiled C or C++ code allegedly showed fairly easily and convincingly that the company "First4Internet" had incorporated stolen LGPL code without providing the source and correct license acknowledgements. If one first takes stolen code and then puts in time not just to understand it but then to change it in an attempt to hide that it was stolen, not only could that introduce bugs, but it would take time and cost money. Copying and adapting a non-protected idea is likely to be more successful overall rather than actually stealing the implementation from someone else. Last edited by phpa; 09-03-2008 at 09:06 AM.
Posted by shellcrash, 09-10-2008, 04:54 PM
I hate it when people pirate my code, but what can you do. I think it's best to have a app that needs a lot of support, that way, people will need to buy a licence to get the support.