Continued: Don't Buy Zend Guard !!! See www.zendecode.com or

General discussion on Zend Guard / Optimizer
Post Reply
infomorph
Posts: 1
Joined: Tue Apr 14, 2009 10:37 pm
Location: USA
Contact:

Continued: Don't Buy Zend Guard !!! See www.zendecode.com or

Post by infomorph » Tue Apr 14, 2009 10:59 pm

I am looking to purchase Zend Guard and the idea of someone breaking my license with dezender has concerned me.
I went to a few links posted on the old forum and downloaded two different copies of the zend decoder.
From what I see it doesn't work.

I use:
php -f myfile.php

It creates a myfile.de.php in the same directory.
That file only has empty functions and static data, no logic.

If I use /detail then it gives me a bunch of NOP codes with a few variable names.

If this is the extent of the decryption, then I'm happy with Zend Guard.

Can anyone verify this before I make the purchase?
I don't want to spend the money if Zend is not going to do the job.

User avatar
kentatzend
Posts: 1778
Joined: Thu Dec 11, 2008 1:08 pm

Re: Continued: Don't Buy Zend Guard !!! See www.zendecode.com or

Post by kentatzend » Wed Apr 15, 2009 4:32 pm

Zend Guard provides some of the best technology available to protect applications from reverse engineering but Zend has never claimed that Zend Guard is impervious to reverse engineering. Given enough time and a determined hacker, any obfuscation technology can be broken. This has been true since the first hacker decompiled binary machine code.

The first level of protection is encoding. During encoding the PHP source code is converted to a binary format that is used at runtime by the PHP engine in conjunction with Zend Optimizer. Only the encoded files are deployed and your original source code remains secured which prevents your application from being read by the casual observer. Unfortunately technologies do exist that will allow encoded files to be decoded. Due to the open source nature of PHP there is virtually no way to prevent a person from hacking at the PHP engine code to intercept the bytecode after it has been decoded for execution.

The second level of protection is obfuscation. During obfuscation the encoded files are further processed to obscure the names of classes, methods, variables and other items in the code. Obfuscation of names cannot be automatically reversed without a key that only exists on your system. However, it is still possible from someone willing to spend enough time to figure out what is going. It's a lot harder with variable names like XsddR2245as and class names like wwEgg33k55jsc but it is not impossible.

So while Zend Guard can make the job of someone wanting to steal your code/IP harder, ultimately your protection has to be provided by your end user license agreement (EULA) and whatever remedies it provides for you and your customers in the event of a legal dispute.


Kent Mitchell
Director, Product Management

Post Reply