Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I tried using mycrypt with key and base64 to encrypt and then decode the code, but the code is in a variable so when i output this using eval, i am always getting errors so could you point me in the right direction, I also looked at building my own php extension but i wouldn’t know how to output it into working php code.
I have got it to work, now I am going to convert it into an extension, I am just wondering can people decompile php extensions?
“can people decompile php extensions?”
Yes, it’s certainly possible to reverse engineer and/or decompile compiled C code back to pseudo-code or source, but with your approach no one is going to need to in order to expose the code that you believe that you are protecting as in reality it is merely hidden.
The eval() function that you are calling is part of the opensource PHP core, and the source code could be trivially exposed either by modifying the eval() module function or the function referenced by the zend_compile_string function pointer (typically this is the address of the compile_string function).
Systems such as Zend and ionCube operate on compiled code (which PHP always produces ready for execution), and it’s the bytecode that is encoded. Consequently there is no source code in encoded files to be restored at runtime. Additionally, a required component on the server may also contain a closed source execution engine rather than passing restored bytecode to the default bytecode execution engine in the PHP core, keeping bytecode more hidden and giving the opportunity to execute bytecode that does not conform to the usual PHP bytecode structure (hence needing more reverse engineering effort to understand it).