How To Decode Php Files That Encoded By Zend Encoder Circuit

DeZender is the software that specially used for to decompile/decode PHP files encoded by Zend Encoder/SafeGuard, ionCube, or SourceGuardian. It mainly use cryptanalysis, decompressing and decompiling technology to decode an encoded PHP file into readable, executable PHP source code. Mar 14, 2016  How to decode php files encoded with Zend Guard. The video shows two encoded php files that are decoded with a program. More info: Thank you for watching the video.

Active4 years, 9 months ago

I've developped a php script and I want to protect my files, so what do you think is the best choice for doing this.

  • ionCube starting from 199$
  • Zend Guard 800$

Is there any other cheaper tools or even free ?

abatishchev
72.1k70 gold badges269 silver badges404 bronze badges
Wassim AZIRARWassim AZIRAR
5,16134 gold badges111 silver badges160 bronze badges

closed as off-topic by Artjom B., Niels Castle, andrewsi, Shoe, nKnDec 10 '14 at 6:43

This question appears to be off-topic. The users who voted to close gave this specific reason:

  • 'Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.' – Artjom B., Niels Castle, andrewsi, Shoe, nKn
If this question can be reworded to fit the rules in the help center, please edit the question.

5 Answers

No amount of obfuscation will protect your files. If they are sufficiently popular, someone will decode them and distribute the versions that don't need IonCube or Zend to decode.

DRM won't stop piracy, but it will get in the way of your paying customers. You'll limit your potential customer base to those that can run the loaders to decrypt your software, which is a much smaller pool of people than all people with PHP web hosting. You'll also vastly increase your customer support load as you help people install the loaders and troubleshoot why your software won't run.

Most importantly, by creating this extra work and frustration for customers, and by preventing them from customizing their copies of the script, you'll lower their happiness with your product. That will result in less referrals, less positive reviews on blogs and social media, and in the end, less sales for you.

The best thing you can do to protect your files AND your sales is to not use DRM. Protect your business by offering incentives to be a legitimate customer, like technical support, free minor version upgrades, customer only discussion forums, etc. Not only will these make it desirable to purchase the script from you instead of download it from a pirate without those benefits, but it'll make your customers happier and more likely to spread the word, leading to more customers.

Dan GrossmanThatDan Grossman
45.6k9 gold badges95 silver badges94 bronze badges

for both zend and ioncube there are services that decode them, but these softwares latest versions are very expensive to decode like 125 euro for 25 files . this is more than the price of script itself .so you don't need to worry much about it and can easily use either zend or ioncube (I use ioncube).

@dan : I had a script that I was giving free support for life with a very low price and with a lot of features,guess what? somebody stole the code and they spread it all over the internet after that all my customers started calling me about it,kinda were upset that they paid,even though they were getting support... long story short ... trust me encoding your script and forcing people to certain hosts is way way better than your script being shared on internet for free by some dorks.and about not loading on their hosts,I have made a file that test either ioncube is installed on the server or not,and I give this file to them before they buy my script to test it on their server.

DannyDanny

you should encode a part of script, for example core controller can be encoded and leaving the view files this will allow your customers to make minor changes by themselves

duckduckgoduckduckgo
6791 gold badge13 silver badges26 bronze badges

  1. It should be possible to properly encode your php & js files, by having all the symbols converted to nonsense symbols, by removing all comments, and by changing filenames. I don't believe that the encryption software in this area is measured by it's cryptographical properties, but rather by it's deployment properties (i.e. 1-click deployment etc.)

  2. This is something that almost all serious internet companies do. Try 'View Source' in GMAIL, and tell me if something there is readable to you.

  3. @Dan: There are a lot of models to make money, the 'software-support' model is only one of them. For example, I would like to set up an internet company, and I don't like the thought that the hosting company can look and copy my source code.

Nir O.Nir O.
9281 gold badge13 silver badges23 bronze badges

How To Decode Php Files That Encoded By Zend Encoder Circuit Malfunction

bcompiler extension is what will help you to encode/decode php files for free, however you'll have to take care of protection/license limitations scheme yourself.

user1012851

Not the answer you're looking for? Browse other questions tagged phpencryptiondrmioncubezend-guard or ask your own question.

Permalink

All your code in one place

GitHub makes it easy to scale back on context switching. Read rendered documentation, see the history of any file, and collaborate with contributors on projects across GitHub.

How To Decode Php Files That Encoded By Zend Encoder Circuit Location

Sign up for free See pricing for teams and enterprises

How To Decode Php Files That Encoded By Zend Encoder Circuit Using 7447

Find file Copy path
Cannot retrieve contributors at this time

How To Decode Php Files That Encoded By Zend Encoder Circuit Diagram

<?php
/**
* @see https://github.com/zendframework/zend-json for the canonical source repository
* @copyright Copyright (c) 2005-2018 Zend Technologies USA Inc. (http://www.zend.com)
* @license https://github.com/zendframework/zend-json/blob/master/LICENSE.md New BSD License
*/
namespaceZendJson;
useIterator;
useIteratorAggregate;
useJsonSerializable;
useReflectionClass;
useZendJsonExceptionInvalidArgumentException;
useZendJsonExceptionRecursionException;
/**
* Encode PHP constructs to JSON.
*/
classEncoder
{
/**
* Whether or not to check for possible cycling.
*
* @var bool
*/
protected$cycleCheck;
/**
* Additional options used during encoding.
*
* @var array
*/
protected$options= [];
/**
* Array of visited objects; used to prevent cycling.
*
* @var array
*/
protected$visited= [];
/**
* @param bool $cycleCheck Whether or not to check for recursion when encoding.
* @param array $options Additional options used during encoding.
*/
protectedfunction__construct($cycleCheck=false, array$options= [])
{
$this->cycleCheck=$cycleCheck;
$this->options=$options;
}
/**
* Use the JSON encoding scheme for the value specified.
*
* @param mixed $value The value to be encoded.
* @param bool $cycleCheck Whether or not to check for possible object recursion when encoding.
* @param array $options Additional options used during encoding.
* @return string The encoded value.
*/
publicstaticfunctionencode($value, $cycleCheck=false, array$options= [])
{
$encoder=newstatic($cycleCheck, $options);
if ($valueinstanceofJsonSerializable) {
$value=$value->jsonSerialize();
}
return$encoder->encodeValue($value);
}
/**
* Encode a value to JSON.
*
* Recursive method which determines the type of value to be encoded
* and then dispatches to the appropriate method.
*
* $values are either
* - objects (returns from {@link encodeObject()})
* - arrays (returns from {@link encodeArray()})
* - scalars (returns from {@link encodeDatum()})
*
* @param $value mixed The value to be encoded.
* @return string Encoded value.
*/
protectedfunctionencodeValue(&$value)
{
if (is_object($value)) {
return$this->encodeObject($value);
}
if (is_array($value)) {
return$this->encodeArray($value);
}
return$this->encodeDatum($value);
}
/**
* Encode an object to JSON by encoding each of the public properties.
*
* A special property is added to the JSON object called '__className' that
* contains the classname of $value; this can be used by consumers of the
* resulting JSON to cast to the specific class.
*
* @param $value object
* @return string
* @throws RecursionException If recursive checks are enabled and the
* object has been serialized previously.
*/
protectedfunctionencodeObject(&$value)
{
if ($this->cycleCheck) {
if ($this->wasVisited($value)) {
if (!isset($this->options['silenceCyclicalExceptions'])
||$this->options['silenceCyclicalExceptions'] !true
) {
thrownewRecursionException(sprintf(
'Cycles not supported in JSON encoding; cycle introduced by class '%s'',
get_class($value)
));
}
return''* RECURSION ('.str_replace('', '', get_class($value)) .') *'';
}
$this->visited[] =$value;
}
$props='';
if (method_exists($value, 'toJson')) {
$props=','.preg_replace('/^{(.*)}$/', '1', $value->toJson());
} else {
if ($valueinstanceofIteratorAggregate) {
$propCollection=$value->getIterator();
} elseif ($valueinstanceofIterator) {
$propCollection=$value;
} else {
$propCollection=get_object_vars($value);
}
foreach ($propCollectionas$name=>$propValue) {
if (!isset($propValue)) {
continue;
}
$props.=','
.$this->encodeValue($name)
.':'
.$this->encodeValue($propValue);
}
}
$className=get_class($value);
return'{'__className':'
.$this->encodeString($className)
.$props.'}';
}
/**
* Determine if an object has been serialized already.
*
* @param mixed $value
* @return bool
*/
protectedfunctionwasVisited(&$value)
{
if (in_array($value, $this->visited, true)) {
returntrue;
}
returnfalse;
}
/**
* JSON encode an array value.
*
* Recursively encodes each value of an array and returns a JSON encoded
* array string.
*
* Arrays are defined as integer-indexed arrays starting at index 0, where
* the last index is (count($array) -1); any deviation from that is
* considered an associative array, and will be passed to
* {@link encodeAssociativeArray()}.
*
* @param $array array
* @return string
*/
protectedfunctionencodeArray($array)
{
// Check for associative array
if (!empty($array) && (array_keys($array) !range(0, count($array) -1))) {
// Associative array
return$this->encodeAssociativeArray($array);
}
// Indexed array
$tmpArray= [];
$result='[';
$length=count($array);
for ($i=0; $i<$length; $i++) {
$tmpArray[] =$this->encodeValue($array[$i]);
}
$result.=implode(',', $tmpArray);
$result.=']';
return$result;
}
/**
* Encode an associative array to JSON.
*
* JSON does not have a concept of associative arrays; as such, we encode
* them to objects.
*
* @param array $array Array to encode.
* @return string
*/
protectedfunctionencodeAssociativeArray($array)
{
$tmpArray= [];
$result='{';
foreach ($arrayas$key=>$value) {
$tmpArray[] =sprintf(
'%s:%s',
$this->encodeString((string) $key),
$this->encodeValue($value)
);
}
$result.=implode(',', $tmpArray);
$result.='}';
return$result;
}
/**
* JSON encode a scalar data type (string, number, boolean, null).
*
* If value type is not a string, number, boolean, or null, the string
* 'null' is returned.
*
* @param mixed $value
* @return string
*/
protectedfunctionencodeDatum($value)
{
if (is_int($value) ||is_float($value)) {
returnstr_replace(',', '.', (string) $value);
}
if (is_string($value)) {
return$this->encodeString($value);
}
if (is_bool($value)) {
return$value ? 'true' : 'false';
}
return'null';
}
/**
* JSON encode a string value by escaping characters as necessary.
*
* @param string $string
* @return string
*/
protectedfunctionencodeString($string)
{
// @codingStandardsIgnoreStart
// Escape these characters with a backslash or unicode escape:
// ' / n r t b f
$search= ['', 'n', 't', 'r', 'b', 'f', ''', ''', '&', '<', '>', '/'];
$replace= ['', 'n', 't', 'r', 'b', 'f', 'u0022', 'u0027', 'u0026', 'u003C', 'u003E', '/'];
$string=str_replace($search, $replace, $string);
// @codingStandardsIgnoreEnd
// Escape certain ASCII characters:
// 0x08 => b
// 0x0c => f
$string=str_replace([chr(0x08), chr(0x0C)], ['b', 'f'], $string);
$string=self::encodeUnicodeString($string);
return'''.$string.''';
}
/**
* Encode the constants associated with the ReflectionClass parameter.
*
* The encoding format is based on the class2 format.
*
* @param ReflectionClass $class
* @return string Encoded constant block in class2 format
*/
privatestaticfunctionencodeConstants(ReflectionClass$class)
{
$result='constants:{';
$constants=$class->getConstants();
if (empty($constants)) {
return$result.'}';
}
$tmpArray= [];
foreach ($constantsas$key=>$value) {
$tmpArray[] =sprintf('%s: %s', $key, self::encode($value));
}
$result.=implode(', ', $tmpArray);
return$result.'}';
}
/**
* Encode the public methods of the ReflectionClass in the class2 format
*
* @param ReflectionClass $class
* @return string Encoded method fragment.
*/
privatestaticfunctionencodeMethods(ReflectionClass$class)
{
$result='methods:{';
$started=false;
foreach ($class->getMethods() as$method) {
if (!$method->isPublic() ||!$method->isUserDefined()) {
continue;
}
if ($started) {
$result.=',';
}
$started=true;
$result.=sprintf('%s:function(', $method->getName());
if ('__construct'$method->getName()) {
$result.='){}';
continue;
}
$argsStarted=false;
$argNames='var argNames=[';
foreach ($method->getParameters() as$param) {
if ($argsStarted) {
$result.=',';
}
$result.=$param->getName();
if ($argsStarted) {
$argNames.=',';
}
$argNames.=sprintf(''%s'', $param->getName());
$argsStarted=true;
}
$argNames.='];';
$result.='){'
.$argNames
.'var result = ZAjaxEngine.invokeRemoteMethod('
.'this, ''
.$method->getName()
.'',argNames,arguments);'
.'return(result);}';
}
return$result.'}';
}
/**
* Encode the public properties of the ReflectionClass in the class2 format.
*
* @param ReflectionClass $class
* @return string Encode properties list
*
*/
privatestaticfunctionencodeVariables(ReflectionClass$class)
{
$propValues=get_class_vars($class->getName());
$result='variables:{';
$tmpArray= [];
foreach ($class->getProperties() as$prop) {
if (!$prop->isPublic()) {
continue;
}
$name=$prop->getName();
$tmpArray[] =sprintf('%s:%s', $name, self::encode($propValues[$name]));
}
$result.=implode(',', $tmpArray);
return$result.'}';
}
/**
* Encodes the given $className into the class2 model of encoding PHP classes into JavaScript class2 classes.
*
* NOTE: Currently only public methods and variables are proxied onto the
* client machine
*
* @param $className string The name of the class, the class must be
* instantiable using a null constructor.
* @param $package string Optional package name appended to JavaScript
* proxy class name.
* @return string The class2 (JavaScript) encoding of the class.
* @throws InvalidArgumentException
*/
publicstaticfunctionencodeClass($className, $package='')
{
$class=newReflectionClass($className);
if (!$class->isInstantiable()) {
thrownewInvalidArgumentException(sprintf(
''%s' must be instantiable',
$className
));
}
returnsprintf(
'Class.create('%s%s',{%s,%s,%s});',
$package,
$className,
self::encodeConstants($class),
self::encodeMethods($class),
self::encodeVariables($class)
);
}
/**
* Encode several classes at once.
*
* Returns JSON encoded classes, using {@link encodeClass()}.
*
* @param string[] $classNames
* @param string $package
* @return string
*/
publicstaticfunctionencodeClasses(array$classNames, $package='')
{
$result='';
foreach ($classNamesas$className) {
$result.=static::encodeClass($className, $package);
}
return$result;
}
/**
* Encode Unicode Characters to u0000 ASCII syntax.
*
* This algorithm was originally developed for the Solar Framework by Paul
* M. Jones.
*
* @link http://solarphp.com/
* @link https://github.com/solarphp/core/blob/master/Solar/Json.php
* @param string $value
* @return string
*/
publicstaticfunctionencodeUnicodeString($value)
{
$strlenVar=strlen($value);
$ascii='';
// Iterate over every character in the string, escaping with a slash or
// encoding to UTF-8 where necessary.
for ($i=0; $i<$strlenVar; $i++) {
$ordVarC=ord($value[$i]);
switch (true) {
case (($ordVarC>=0x20) && ($ordVarC<=0x7F)):
// characters U-00000000 - U-0000007F (same as ASCII)
$ascii.=$value[$i];
break;
case (($ordVarC&0xE0) 0xC0):
// characters U-00000080 - U-000007FF, mask 110XXXXX
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
$char=pack('C*', $ordVarC, ord($value[$i+1]));
$i+=1;
$utf16=self::utf82utf16($char);
$ascii.=sprintf('u%04s', bin2hex($utf16));
break;
case (($ordVarC&0xF0) 0xE0):
// characters U-00000800 - U-0000FFFF, mask 1110XXXX
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
$char=pack(
'C*',
$ordVarC,
ord($value[$i+1]),
ord($value[$i+2])
);
$i+=2;
$utf16=self::utf82utf16($char);
$ascii.=sprintf('u%04s', bin2hex($utf16));
break;
case (($ordVarC&0xF8) 0xF0):
// characters U-00010000 - U-001FFFFF, mask 11110XXX
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
$char=pack(
'C*',
$ordVarC,
ord($value[$i+1]),
ord($value[$i+2]),
ord($value[$i+3])
);
$i+=3;
$utf16=self::utf82utf16($char);
$ascii.=sprintf('u%04s', bin2hex($utf16));
break;
case (($ordVarC&0xFC) 0xF8):
// characters U-00200000 - U-03FFFFFF, mask 111110XX
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
$char=pack(
'C*',
$ordVarC,
ord($value[$i+1]),
ord($value[$i+2]),
ord($value[$i+3]),
ord($value[$i+4])
);
$i+=4;
$utf16=self::utf82utf16($char);
$ascii.=sprintf('u%04s', bin2hex($utf16));
break;
case (($ordVarC&0xFE) 0xFC):
// characters U-04000000 - U-7FFFFFFF, mask 1111110X
// see http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
$char=pack(
'C*',
$ordVarC,
ord($value[$i+1]),
ord($value[$i+2]),
ord($value[$i+3]),
ord($value[$i+4]),
ord($value[$i+5])
);
$i+=5;
$utf16=self::utf82utf16($char);
$ascii.=sprintf('u%04s', bin2hex($utf16));
break;
}
}
return$ascii;
}
/**
* Convert a string from one UTF-8 char to one UTF-16 char.
*
* Normally should be handled by mb_convert_encoding, but provides a slower
* PHP-only method for installations that lack the multibyte string
* extension.
*
* This method is from the Solar Framework by Paul M. Jones.
*
* @link http://solarphp.com
* @param string $utf8 UTF-8 character
* @return string UTF-16 character
*/
protectedstaticfunctionutf82utf16($utf8)
{
// Check for mb extension otherwise do by hand.
if (function_exists('mb_convert_encoding')) {
returnmb_convert_encoding($utf8, 'UTF-16', 'UTF-8');
}
switch (strlen($utf8)) {
case1:
// This case should never be reached, because we are in ASCII range;
// see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
return$utf8;
case2:
// Return a UTF-16 character from a 2-byte UTF-8 char;
// see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
returnchr(0x07& (ord($utf8{0}) >>2)) .chr((0xC0& (ord($utf8{0}) <<6)) | (0x3F&ord($utf8{1})));
case3:
// Return a UTF-16 character from a 3-byte UTF-8 char;
// see: http://www.cl.cam.ac.uk/~mgk25/unicode.html#utf-8
returnchr((0xF0& (ord($utf8{0}) <<4))
| (0x0F& (ord($utf8{1}) >>2))) .chr((0xC0& (ord($utf8{1}) <<6))
| (0x7F&ord($utf8{2})));
}
// ignoring UTF-32 for now, sorry
return'';
}
}
  • Copy lines
  • Copy permalink