Jump to content

Archived

This topic is now archived and is closed to further replies.

GLWalker

Encrypting the source code

Recommended Posts

I just recently was asked to install a couple contributions on an oscommerce site originally set up by another company. Well it turns out the other company encrypted every single page of the cart. And they left this notice on top of everypage:

<?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=2520;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0
cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X
2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDc0NCksJ1dmZ1pVbmsvQTMrcXc4Rk5SQ2x2YnpyOU
lqU0p0YUhlZHlFbXhoWDJzMG9HN1ZUMU02RGlZS0xjNXVPUXBQNEI9JywnQUJDREVGR0hJSktMTU5PUFF
SU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08w
ME8wME8wKTs=')));return;?>

Is this legal? I dont think it is as osCommerce falls under GNU opensource. And if not legal, what actions can be took to decrypt the code?


Follow the community build:

BS3 to osCommerce Responsive from the Get Go!

Check out the new construction:

Admin Gone to Total BS!

Share this post


Link to post
Share on other sites

If you "decode" that snippit, and alter a few things to make it "easier" to read, you wind up with this:

 

$file=__FILE__;
$line=__LINE__;
$110010000=2520;
$handle=fopen($file,'rb');
while(--$line)fgets($handle,1024);
fgets($handle,4096);
$decoded=(base64_decode(strtr(fread($handle,744),'WfgZUnk/A3+qw8FNRClvbzr9IjSJtaHedyEmxhX2s0oG7VT1M6DiYKLc5uOQpP4B=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));
eval($decoded);
return;


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

What they have done is not in any sense illegal or against GPL rules.

 

Provided that they are only encrypting the source code on their own website, which would be useful against hackers, then they've done nothing wrong.

 

If they encrypt the source code and sell it or distribute it in an encrypted form then that's another matter.

 

Vger

Share this post


Link to post
Share on other sites
What they have done is not in any sense illegal or against GPL rules.

 

Provided that they are only encrypting the source code on their own website, which would be useful against hackers, then they've done nothing wrong.

 

If they encrypt the source code and sell it or distribute it in an encrypted form then that's another matter.

 

Vger

Thanks Vger and Germ

 

So if they built the site for someone else for a fee and used it on a domain name other than their own, what would that fall as?


Follow the community build:

BS3 to osCommerce Responsive from the Get Go!

Check out the new construction:

Admin Gone to Total BS!

Share this post


Link to post
Share on other sites
So if they built the site for someone else for a fee and used it on a domain name other than their own, what would that fall as?
that would most likely be an issue as it is encoded (the encoding is a simple thing to reverse).

 

If someone built the site for you, I would suggest you contact them and demand the un -encoded files from them stating the GPL and explain you will contact the author of the project for further dealings....

 

the adding of the the text:

 

This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.

 

might be an issue depending if the file uses osCommerce code or not and if they do, then they need to maintain the copyrights of osC in place and in unaltered form.

 

cheers,

Peter M


Peter McGrath

-----------------------------

See my Profile (click here) for more information and to contact me for professional osCommerce support that includes SEO development, custom development and security implementation

Share this post


Link to post
Share on other sites
Thanks Peter. Were contacting the original designer to get it reversed

 

I'm just wondering who this "we" is that you are referring to. Surely you were just paid to add some contribs to this site, presumably by the same people who encrypted it, and your involvement ended when you got paid.

 

I'm not arguing the rights or wrongs of this particular case, but I will say one thing - if we employed you to work on a site and then you complained on an open Forum about something you didn't like then we'd class it as "biting the hand that feeds you" and you wouldn't get employed by us again.

 

You may not like that view - but if you want to do paid work for companies then you have to separate your personal feelings from business decisions.

 

Vger

Share this post


Link to post
Share on other sites
I'm just wondering who this "we" is that you are referring to. Surely you were just paid to add some contribs to this site, presumably by the same people who encrypted it, and your involvement ended when you got paid.

 

I'm not arguing the rights or wrongs of this particular case, but I will say one thing - if we employed you to work on a site and then you complained on an open Forum about something you didn't like then we'd class it as "biting the hand that feeds you" and you wouldn't get employed by us again.

 

You may not like that view - but if you want to do paid work for companies then you have to separate your personal feelings from business decisions.

 

Vger

 

Dont know how you would come up with that conclusion. Maybe you have been in that situation before. I for one have never touched this site before, nor have I ever worked with the company that did work to it.

When I say "we" I am refering to the site owner and I. "I" as under "my" suggestion, as I concluded from this forum.


Follow the community build:

BS3 to osCommerce Responsive from the Get Go!

Check out the new construction:

Admin Gone to Total BS!

Share this post


Link to post
Share on other sites

Ion Cube.

 

Vger

There are so many decoders for Base64.

 

Are there any other encryption methods for PHP source files?

Share this post


Link to post
Share on other sites

Both Ion Cube and Zend are PHP encoders that comes with a price. My question wasn't asking about encoding software. I was more interested in the encryption method.

 

Does anyone know what encryption methods Ion Cube and Zend use?

 

I looked around and found that MD5 and SHA1 are supported by PHP. Would it be practical to utilize either of those methods to encrypt PHP source code?

Share this post


Link to post
Share on other sites

Please disregard my question about MD5 and SHA1. After some research, I found that those were hash methods. I suppose it wouldn't be practical to use a hash method to encrypt PHP source code.

 

At the moment, I am looking into mcrypt which looks more promising... Any suggestion about mcrypt will be appreciated.

Share this post


Link to post
Share on other sites

×