Likbez on IonCube
IonCube is a set of command line utilities that allow for the encoding, obfuscation and licensing of source code written in php.
IonCube functionality is very extensive so that you can write about it in one article. Under the cat, I will describe the main functionality of IonCube, which is necessary to protect the code from non-licensed use.
1. Source code coding is the process by which source code written in php becomes a set of machine instructions, the reading and decoding of which is as difficult as possible.
')
2. Obfuscation - bringing the source code of the program to a form that preserves its functionality, but complicates the analysis, understanding of the algorithms of work and modification.
3. A license is a special, private key-coded file that is required to run the coded source code.
1. IonCube Encoder - a set of binary files for different operating systems with which you can encode the source code, obfuscate it and generate licenses. Paid software, but you can download the trial version.
2. IonCube Loader - supplied as a .so or .dll library, required for decoding source code encoded with IonCube Encoder. Free software, you can download it here .
Depending on the PHP version under which the code was written, IonCube Encoder provides the following binary files for encoding and obfuscation: ioncube_encoder, ioncube_encoder5 or ioncube_encoder53
The command format is as follows:
Below I will list the main options necessary for encoding and obfuscation of code:
--replace-target - the option tells the encoder to completely replace the target directory or file, if it already exists, with the new directory or file. For example:
--copy @ <file_or_directory_name> —the option tells the encoder to copy the specified file or directory (and all its subdirectories) without encoding its contents. The @ sign indicates that the path to the copied file or directory must be searched for from the root of the directory being encoded. Those. if it was stated to copy the configs directory, then only the configs directory will be copied which lies in the root of the directory being encoded, and not for example in the example / configs subcategory. An example is the directory where the configuration files are located and which need not be encoded:
--ignore @ <file_or_directory_name> —the option tells the encoder to ignore the specified file or directory (and all its subdirectories), and they are not copied to the resulting directory.
--obfuscate <entities> - starts the process of obfuscation of the code, as objects to which obfuscation is applied can be: functions, linenos, locals or all. For example:
--obfuscation-key "some_unique_key" is a required parameter for obfuscation, which specifies a unique key, which makes the decoding process of the code almost impossible.
--with-license <path> - the option tells the encoder that the file should request a license file at startup. The path to the license file will be relative to the file requesting it, so it is better here to simply indicate the name of the license file, which IonCube Loader will search first in the same directory as the script that requested the license file, rather than finding it will go recursively up to root directory. Thus, the license file can be saved simply in the root directory where your application is installed. For example:
--passphrase <key> is the secret key with which files are encoded. Attention : the license file must be generated with the same secret key. Required parameter if the
Licenses are created using a binary make_license file. Command format for creating a license:
--passphrase <key> - this option sets the secret key used to generate a signature for the license. Attention : the key must match the key used to encode the source code.
--allowed-server [<domain names>] [@ [<IP addresses>]] [{<MAC address>}] - this option is used to limit the validity of a license by domain, IP or MAC address of the server for which it is intended.
Examples
1. Domain Restriction:
The "@" symbol at the end of the domain means that even though the domain is similar to the IP address, it should be considered as a domain.
Note : the
2. Restriction by IP address:
Notes:
1. When an encoded file is requested through a web server, the IP is checked against the IP that the web server sends.
2. When an encoded file is requested directly, for example, when dealing with php shell scripts, the IP is compared only with the primary IP address of the network interface.
3. You can not specify in the restriction IP address 127.0.0.1
3. MAC address restrictions. The MAC address must consist of 6 bytes and must be represented in hexadecimal, for example:
4. Combining restrictions. IonCube allows you to combine restrictions, for example:
--expire-in <period> - allows you to specify the period during which the license is valid from the moment of generation. Periods can be specified in the following values: seconds (s), minutes (m). hours (h) or days (d). For example:
--expire-on <yyyy-mm-dd> - allows you to specify the exact date until which the license is valid. For example:
1. Download IonCube Loader for your OS, it is distributed free of charge.
2. In the archive you will find two files with the extension .so or .dll for each version of php, one of them will have the postfix “ts”, which means that the “thread safety” functionality for this file is active.
3. In your php.ini list the path to the downloaded library. For example:
Please note that for a PHP version less than 5.3, you need to specify the zend_extension_ts directive if you want to use a library with “thread safety” functionality.
4. Restart the web server.
That's basically all you need to know to protect your code from non-licensed use. More information can be found on the official IonCube website.
IonCube functionality is very extensive so that you can write about it in one article. Under the cat, I will describe the main functionality of IonCube, which is necessary to protect the code from non-licensed use.
List of concepts
1. Source code coding is the process by which source code written in php becomes a set of machine instructions, the reading and decoding of which is as difficult as possible.
')
2. Obfuscation - bringing the source code of the program to a form that preserves its functionality, but complicates the analysis, understanding of the algorithms of work and modification.
3. A license is a special, private key-coded file that is required to run the coded source code.
Required software
1. IonCube Encoder - a set of binary files for different operating systems with which you can encode the source code, obfuscate it and generate licenses. Paid software, but you can download the trial version.
2. IonCube Loader - supplied as a .so or .dll library, required for decoding source code encoded with IonCube Encoder. Free software, you can download it here .
Source code coding and obfuscation
Depending on the PHP version under which the code was written, IonCube Encoder provides the following binary files for encoding and obfuscation: ioncube_encoder, ioncube_encoder5 or ioncube_encoder53
The command format is as follows:
./ioncube_encoder <source_file_or_folder> –o <target_file_or_folder> [options]Below I will list the main options necessary for encoding and obfuscation of code:
--replace-target - the option tells the encoder to completely replace the target directory or file, if it already exists, with the new directory or file. For example:
./ioncube_encoder unencrypted_folder –o encrypted_folder --replace-target--copy @ <file_or_directory_name> —the option tells the encoder to copy the specified file or directory (and all its subdirectories) without encoding its contents. The @ sign indicates that the path to the copied file or directory must be searched for from the root of the directory being encoded. Those. if it was stated to copy the configs directory, then only the configs directory will be copied which lies in the root of the directory being encoded, and not for example in the example / configs subcategory. An example is the directory where the configuration files are located and which need not be encoded:
./ioncube_encoder unencrypted_folder –o encrypted_folder --replace-target --copy @configs/--ignore @ <file_or_directory_name> —the option tells the encoder to ignore the specified file or directory (and all its subdirectories), and they are not copied to the resulting directory.
./ioncube_encoder unencrypted_folder –o encrypted_folder --replace-target --ignore @docs/--obfuscate <entities> - starts the process of obfuscation of the code, as objects to which obfuscation is applied can be: functions, linenos, locals or all. For example:
./ioncube_encoder unencrypted_folder –o encrypted_folder --replace-target --obfuscate all--obfuscation-key "some_unique_key" is a required parameter for obfuscation, which specifies a unique key, which makes the decoding process of the code almost impossible.
./ioncube_encoder unencrypted_folder –o encrypted_folder --replace-target --obfuscate all --obfuscation-key "It is unique key :)"--with-license <path> - the option tells the encoder that the file should request a license file at startup. The path to the license file will be relative to the file requesting it, so it is better here to simply indicate the name of the license file, which IonCube Loader will search first in the same directory as the script that requested the license file, rather than finding it will go recursively up to root directory. Thus, the license file can be saved simply in the root directory where your application is installed. For example:
./ioncube_encoder unencrypted_folder –o encrypted_folder --replace-target --with-license license.txt--passphrase <key> is the secret key with which files are encoded. Attention : the license file must be generated with the same secret key. Required parameter if the
--with-license parameter is used../ioncube_encoder unencrypted_folder –o encrypted_folder --replace-target --with-license license.txt --passphrase some_passphraseLicense creation
Licenses are created using a binary make_license file. Command format for creating a license:
./make_license –-passphrase <key> –o <output-path>--passphrase <key> - this option sets the secret key used to generate a signature for the license. Attention : the key must match the key used to encode the source code.
Server license limit
--allowed-server [<domain names>] [@ [<IP addresses>]] [{<MAC address>}] - this option is used to limit the validity of a license by domain, IP or MAC address of the server for which it is intended.
Examples
1. Domain Restriction:
--allowed-server www.foo.com
--allowed-server www.foo.com,www.bar.com
--allowed-server 1.2.3.4@The "@" symbol at the end of the domain means that even though the domain is similar to the IP address, it should be considered as a domain.
Note : the
$_SERVER['SERVER_NAME'] construct is used to determine the domain in IonCube Loader.2. Restriction by IP address:
--allowed-server 192.168.1.4
--allowed-server 192.168.1.4,192.168.1.20Notes:
1. When an encoded file is requested through a web server, the IP is checked against the IP that the web server sends.
2. When an encoded file is requested directly, for example, when dealing with php shell scripts, the IP is compared only with the primary IP address of the network interface.
3. You can not specify in the restriction IP address 127.0.0.1
3. MAC address restrictions. The MAC address must consist of 6 bytes and must be represented in hexadecimal, for example:
--allowed-server '{00:01:02:06:DA:5B}'4. Combining restrictions. IonCube allows you to combine restrictions, for example:
--allowed-server 'www.foo.com@192.168.1.1{00:02:08:02:e0:c8}'Time limit license
--expire-in <period> - allows you to specify the period during which the license is valid from the moment of generation. Periods can be specified in the following values: seconds (s), minutes (m). hours (h) or days (d). For example:
--expire-in 360s
--expire-in 20m
--expire-in 24h
--expire-in 365d--expire-on <yyyy-mm-dd> - allows you to specify the exact date until which the license is valid. For example:
--expire-on 2012-03-20Install IonCube Loader
1. Download IonCube Loader for your OS, it is distributed free of charge.
2. In the archive you will find two files with the extension .so or .dll for each version of php, one of them will have the postfix “ts”, which means that the “thread safety” functionality for this file is active.
3. In your php.ini list the path to the downloaded library. For example:
zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.3.so
zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.3_ts.so
zend_extension_ts = /usr/local/ioncube/ioncube_loader_lin_5.2.soPlease note that for a PHP version less than 5.3, you need to specify the zend_extension_ts directive if you want to use a library with “thread safety” functionality.
4. Restart the web server.
That's basically all you need to know to protect your code from non-licensed use. More information can be found on the official IonCube website.
Source: https://habr.com/ru/post/140159/
All Articles