| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43A9665C.3080906@hardened-php.net> Date: Wed Dec 21 14:28:00 2005 From: sesser at hardened-php.net (Stefan Esser) Subject: Ioncube Encoded PHP Files Hello, Ioncube encoded PHP files can be easily disassembled with tools like the Vulcan Logic PHP Bytecode Disassembler. Because there is no obfuscation at the bytecode level in Ioncube the disassembler results look very similiar to the bytecode disassembly of not encrypted files. Zend tools are not as weak at Ioncube but they can also be disassembled (if you know how to decrypt the opcode arrays in memory). Of course there is some work to get useable source code from this disassembly, but if you only want to store variables in a way that their content cannot be read then these protections are simply too weak, because you can read their values from the disassembly. Stefan Esser -- -------------------------------------------------------------------------- Stefan Esser sesser@....net Hardened-PHP Project http://www.hardened-php.net/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78 Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78 --------------------------------------------------------------------------
Powered by blists - more mailing lists