Announcement

Collapse
No announcement yet.

Why don't vBulletin zend their php scripts?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Well possibly its basically a binary version of the script, so you could possibly make a patch.
    Scott MacVicar

    My Blog | Twitter

    Comment


    • #17
      I don't get how you'd be able to make unreadable source code if the source code is needed for the product to work... what exactly does Zend do? Excuse my ignorance on the subject

      MGM out

      Comment


      • #18
        It sort of turns the php scripts into an exe file, for this example anyway. You can run them, they work, but you dont understand and cant see exactly how it works.

        Comment


        • #19
          interesting... but doesnt the browser call on things like showthread.php?t=1 .... how would that work with an exe?

          MGM out

          Comment


          • #20
            Open up a EXE file with your fave editor, you see lots of useless stuff. You really cant change it, or see how the program is doing it. Same idea, Zend "compiles" a version of the php files that its encoder can understand, but humans cannot.

            Comment


            • #21
              Originally posted by Zachery
              Open up a EXE file with your fave editor, you see lots of useless stuff. You really cant change it, or see how the program is doing it. Same idea, Zend "compiles" a version of the php files that its encoder can understand, but humans cannot.
              It's actually better than that. Not only does it encode the scripts it obfuscates them too.
              http://forums.cpfc.org/

              Comment


              • #22
                Originally posted by Dave#
                It's actually better than that. Not only does it encode the scripts it obfuscates them too.
                For anyone else wondering:

                http://dictionary.reference.com/search?q=obfuscate

                ob·fus·cate
                To make so confused or opaque as to be difficult to perceive or understand: “A great effort was made... to obscure or obfuscate the truth” (Robert Conquest).
                Best Regards
                Colin Frei

                Please don't contact me per PM.

                Comment


                • #23
                  Originally posted by MetalGearMaster
                  interesting... but doesnt the browser call on things like showthread.php?t=1 .... how would that work with an exe?

                  MGM out
                  Because showthread.php could still be there, just encoded, or they could all be in one file.
                  I wrote ImpEx.

                  Blog | Me

                  Comment


                  • #24
                    I'm curious if someone could add checks into the engine to output what was called when a function was used?
                    Scott MacVicar

                    My Blog | Twitter

                    Comment


                    • #25
                      Originally posted by Scott MacVicar
                      I'm curious if someone could add checks into the engine to output what was called when a function was used?
                      Before or after it was encoded ? you thinking of how to break it ?
                      I wrote ImpEx.

                      Blog | Me

                      Comment


                      • #26
                        If you are determined you can go and edit the PHP engine then recompile it, so that it will ignore a function e.g. check_license_status(), although if you are doing that, you probably have enough skill to have a good enough job, and thus purchase it.

                        Comment


                        • #27
                          Well thats what I was wondering about.

                          How much of the engine does it use after encoding? Could I take the compiled versions and hack the Zend Engine to expose the function names and what they're accessing?

                          I know we wouldn't be able to get the original code as this is done by a bison parser that turns the plain text php into something machine parseable and this is step is skipped out with Zend Encoded files.
                          Scott MacVicar

                          My Blog | Twitter

                          Comment


                          • #28
                            Originally posted by Scott MacVicar
                            Well thats what I was wondering about.

                            How much of the engine does it use after encoding? Could I take the compiled versions and hack the Zend Engine to expose the function names and what they're accessing?

                            I know we wouldn't be able to get the original code as this is done by a bison parser that turns the plain text php into something machine parseable and this is step is skipped out with Zend Encoded files.

                            There was a good post on WHT about encoding PHP: http://www.webhostingtalk.com/showth...08#post2494123

                            Comment


                            • #29
                              Originally posted by Scott MacVicar
                              Well thats what I was wondering about.

                              How much of the engine does it use after encoding? Could I take the compiled versions and hack the Zend Engine to expose the function names and what they're accessing?

                              I know we wouldn't be able to get the original code as this is done by a bison parser that turns the plain text php into something machine parseable and this is step is skipped out with Zend Encoded files.
                              With the ioncube engine certainly, the function names are still stored plainly somewhere (see below method).

                              If you want to hackishly find out if Zend keeps the function names plain you can do this:

                              1) find & install a Zend encoded script with multiple files
                              2) replace a library file such as a functions.php with a blank file
                              3) run the script

                              if you get an error such as function not found function_format_time() or something, it shows it keeps function names plaintext.

                              Comment


                              • #30
                                No it doesn't it encodes the PHP to bytecode. Bytecode, is a state between code and fully compiled machine language.

                                The PHP engine works by taking your code and compiling it into Bytecode before processing. This is often referred to "Just In Time Compiling". It is how .NET and Java work as well. When you use an encoder such as Zend Encoder or IonCube, it compiles the PHP to Bytecode and stores it as files. The loaders then take this code and feed it into the engine bypassing the original compiling step at runtime. You still need the PHP engine installed on the server to run encoded scripts. When an error such as a illegal function (i.e. Function not found), the engine interprets the bytecode and extrapolates the function name for output. The encoders do not store the function names in plain text.
                                Translations provided by Google.

                                Wayne Luke
                                The Rabid Badger - a vBulletin Cloud customization and demonstration site.
                                vBulletin 5 Documentation - Updated every Friday. Report issues here.
                                vBulletin 5 API - Full / Mobile
                                I am not currently available for vB Messenger Chats.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X