tags:

views:

148

answers:

5
+2  Q: 

What does this PHP do? Is it an encoder/decoder?

I don't know php at all; this is more of a question of curiosity.

Following the php function below in the text file are a few thousand characters of text, such as

xnEFstUhSNWGSx5zTq4X/AUw/rtism+klrBETWg0xE1uwb49rnRxrgrgY5EEp3Y0uvTcvLqhUFOP
4n7LDLQpQ9UACTyuUjGBKmUScQCYLCP08u06t0K3nWTNiM7Q6bQMk/iZBE+UK1ywbVC1Lzr9OOEK

Does this php function encode the random-looking text into php? Can the encryption scheme be figured out from this?

EDIT: The client says he has full ownership and rights to the code, developed by someone else. How would it be decoded? Does it require a password?

<?php //003ac
if (!extension_loaded('ionCube Loader')) {
    $__oc = strtolower(substr(php_uname(), 0, 3));
    $__ln = 'ioncube_loader_' . $__oc . '_' . substr(phpversion(), 0, 3) . (($__oc == 'win') ? '.dll' : '.so');
    @dl($__ln);
    if (function_exists('_il_exec')) {
        return _il_exec();
    }
    $__ln   = '/ioncube/' . $__ln;
    $__oid  = $__id = realpath(ini_get('extension_dir'));
    $__here = dirname(__FILE__);
    if (strlen($__id) > 1 && $__id[1] == ':') {
        $__id   = str_replace('\\', '/', substr($__id, 2));
        $__here = str_replace('\\', '/', substr($__here, 2));
    }
    $__rd = str_repeat('/..', substr_count($__id, '/')) . $__here . '/';
    $__i  = strlen($__rd);
    while ($__i--) {
        if ($__rd[$__i] == '/') {
            $__lp = substr($__rd, 0, $__i) . $__ln;
            if (file_exists($__oid . $__lp)) {
                $__ln = $__lp;
                break;
            }
        }
    }
    @dl($__ln);
} else {
    die('The file ' . __FILE__ . " is corrupted.\n");
}
if (function_exists('_il_exec')) {
    return _il_exec();
}
echo ('Site error: the file <b>' . __FILE__ . '</b> requires the ionCube 
PHP Loader ' . basename($__ln) . '  to be installed by the site administrator.');
exit(199);
?>
+1  A: 

Yes, it's to encrypt / decript PHP source. You can see at the bottom it refers to ionCube products.

Tesserex  2010-10-07 19:00:42
+3  A: 

It's encrypted by ionCube. The ionCube extension will handle the decryption of the code. It's probably possible to decode it by yourself, but check your license agreement with the developer because it's not certain that it's legal to do so.

That part of the code will only check if the ionCube extension is installed on your server. It is not involved in the decryption of the file (I think, it's not easy to read obfuscated code :-)).

Emil Vikström  2010-10-07 19:01:28
Thanks for the input. The client says he has full ownership and rights to the code, developed by someone else. How would it be decoded? With a password and with the Ioncube decoder package?
songdogtech  2010-10-07 19:13:28
Try searching for an ionCobe decoder. I've heard of sites doing the equivalent for Zend Optimizer but don't know about ionCube. But don't count on getting anything useful out of it because they've probably obfuscated all variables and function names as well, even after you've decoded the string. Try get a hold of the original source code instead, or tell your client that the code is encrypted and can't be changed without doing it from scratch.
Emil Vikström  2010-10-07 19:59:29
+2  A: 

According to this site, it is an encoder. I guess it is for code obfuscation.

http://www.ioncube.com/

Caimen  2010-10-07 19:02:20
It's better than obfuscation because it can't be decoded easily, although some people out there claim to do it for a hefty fee! There's other features of course such as IP/domain limiting, licensing, time expiry, etc...
chigley  2010-10-07 19:15:41
Hefty fee? One Google search turned up $15 for one file, and $100 for 10 files... So yeah, it's not dirt cheap, but I wouldn't call that hefty either (unless you had a lot of files to decode)...
ircmaxell  2010-10-07 20:52:44
@ircmaxwell - things have clearly got easier then! When I first started using it, it was practically impossible to decode. Food for thought right there! :)
chigley  2010-10-08 06:15:22
+3  A: 

Here is the code formatted:

<?php
  //003ac
  if (!extension_loaded('ionCube Loader')) {
      $__oc = strtolower(substr(php_uname(), 0, 3));
      $__ln = 'ioncube_loader_' . $__oc . '_' . substr(phpversion(), 0, 3) . (($__oc == 'win') ? '.dll' : '.so');
      @dl($__ln);
      if (function_exists('_il_exec')) {
          return _il_exec();
      }
      $__ln = '/ioncube/' . $__ln;
      $__oid = $__id = realpath(ini_get('extension_dir'));
      $__here = dirname(__FILE__);
      if (strlen($__id) > 1 && $__id[1] == ':') {
          $__id = str_replace('\\', '/', substr($__id, 2));
          $__here = str_replace('\\', '/', substr($__here, 2));
      }
      $__rd = str_repeat('/..', substr_count($__id, '/')) . $__here . '/';
      $__i = strlen($__rd);
      while ($__i--) {
          if ($__rd[$__i] == '/') {
              $__lp = substr($__rd, 0, $__i) . $__ln;
              if (file_exists($__oid . $__lp)) {
                  $__ln = $__lp;
                  break;
              }
          }
      }
      @dl($__ln);
  } else {
      die('The file ' . __FILE__ . " is corrupted.\n");
  }
  if (function_exists('_il_exec')) {
      return _il_exec();
  }
  echo('Site error: the file <b>' . __FILE__ . '</b> requires the ionCube 
PHP Loader ' . basename($__ln) . '  to be installed by the site administrator.');
  exit(199);
?>

It looks like this checks for the ionCube Loader and decodes the encrypted php by various methods if the extension is found. Otherwise, it lets the admin know he/she needs to install the extension.

edit: looks like you formatted the text while I was answering.

Jud Stephenson  2010-10-07 19:03:04
I took the liberty to edit the question rather than posting an answer...
Mark  2010-10-07 19:06:45
Just doing you civic duty, haha.
Jud Stephenson  2010-10-07 19:08:40
+6  A: 

It's practically ioncube-encoded PHP, or obfuscated if you like. Ioncube is a non-free obfuscated bytecode execution engine and the ioncube loader is the library which handles the obfuscated code.

Worth to mention that the 'deobfuscator' is a free library and is loaded in most of the PHP installations I've seen.

methode  2010-10-07 19:04:09
+1 for non-free. ionCube themselves (as well as Zend Optimizer, another obfuscater which has nothing to do with performance) do say they are free, but they're only free as in "no cost", not free as in free software. Those products are advertising themselves as "free extensions" to push users to blame webhosting companies without those extensions.
Emil Vikström  2010-10-07 19:07:04
So many answers that are correct, but this one is the highest rated.
songdogtech  2010-10-17 17:47:00

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases