Why don't vBulletin zend their php scripts?

**Scott MacVicar** · Mon 27 Sep '04, 4:08am

Well possibly its basically a binary version of the script, so you could possibly make a patch.

**MGM** · Mon 27 Sep '04, 6:17am

I don't get how you'd be able to make unreadable source code if the source code is needed for the product to work... what exactly does Zend do? Excuse my ignorance on the subject

MGM out

**Zachery** · Mon 27 Sep '04, 6:20am

It sort of turns the php scripts into an exe file, for this example anyway. You can run them, they work, but you dont understand and cant see exactly how it works.

**MGM** · Mon 27 Sep '04, 7:45am

interesting... but doesnt the browser call on things like showthread.php?t=1 .... how would that work with an exe?

MGM out

**Zachery** · Mon 27 Sep '04, 7:47am

Open up a EXE file with your fave editor, you see lots of useless stuff. You really cant change it, or see how the program is doing it. Same idea, Zend "compiles" a version of the php files that its encoder can understand, but humans cannot.

**Dave#** · Mon 27 Sep '04, 7:56am

Originally posted by Zachery

Open up a EXE file with your fave editor, you see lots of useless stuff. You really cant change it, or see how the program is doing it. Same idea, Zend "compiles" a version of the php files that its encoder can understand, but humans cannot.

It's actually better than that. Not only does it encode the scripts it obfuscates them too.

**Colin F** · Mon 27 Sep '04, 8:18am

Originally posted by Dave#

It's actually better than that. Not only does it encode the scripts it obfuscates them too.

For anyone else wondering:

Dictionary.com | Meanings & Definitions of English Words

http://dictionary.reference.com/search?q=obfuscate

The world's leading online dictionary: English definitions, synonyms, word origins, example sentences, word games, and more. A trusted authority for 25+ years!

ob·fus·cate
To make so confused or opaque as to be difficult to perceive or understand: “A great effort was made... to obscure or obfuscate the truth” (Robert Conquest).

**Jerry** · Mon 27 Sep '04, 8:26am

Originally posted by MetalGearMaster

interesting... but doesnt the browser call on things like showthread.php?t=1 .... how would that work with an exe?

MGM out

Because showthread.php could still be there, just encoded, or they could all be in one file.

**Scott MacVicar** · Mon 27 Sep '04, 8:38am

I'm curious if someone could add checks into the engine to output what was called when a function was used?

**Jerry** · Mon 27 Sep '04, 9:40am

Originally posted by Scott MacVicar

I'm curious if someone could add checks into the engine to output what was called when a function was used?

Before or after it was encoded ? you thinking of how to break it ?

**Tom|HT** · Mon 27 Sep '04, 9:45am

If you are determined you can go and edit the PHP engine then recompile it, so that it will ignore a function e.g. check_license_status(), although if you are doing that, you probably have enough skill to have a good enough job, and thus purchase it.

**Scott MacVicar** · Mon 27 Sep '04, 9:52am

Well thats what I was wondering about.

How much of the engine does it use after encoding? Could I take the compiled versions and hack the Zend Engine to expose the function names and what they're accessing?

I know we wouldn't be able to get the original code as this is done by a bison parser that turns the plain text php into something machine parseable and this is step is skipped out with Zend Encoded files.

**The Prohacker** · Mon 27 Sep '04, 10:12am

Originally posted by Scott MacVicar

Well thats what I was wondering about.

How much of the engine does it use after encoding? Could I take the compiled versions and hack the Zend Engine to expose the function names and what they're accessing?

I know we wouldn't be able to get the original code as this is done by a bison parser that turns the plain text php into something machine parseable and this is step is skipped out with Zend Encoded files.

There was a good post on WHT about encoding PHP: http://www.webhostingtalk.com/showth...08#post2494123

**Tom|HT** · Mon 27 Sep '04, 10:22am

Originally posted by Scott MacVicar

Well thats what I was wondering about.

How much of the engine does it use after encoding? Could I take the compiled versions and hack the Zend Engine to expose the function names and what they're accessing?

I know we wouldn't be able to get the original code as this is done by a bison parser that turns the plain text php into something machine parseable and this is step is skipped out with Zend Encoded files.

With the ioncube engine certainly, the function names are still stored plainly somewhere (see below method).

If you want to hackishly find out if Zend keeps the function names plain you can do this:

1) find & install a Zend encoded script with multiple files
2) replace a library file such as a functions.php with a blank file
3) run the script

if you get an error such as function not found function_format_time() or something, it shows it keeps function names plaintext.

**Wayne Luke** · Mon 27 Sep '04, 10:49am

No it doesn't it encodes the PHP to bytecode. Bytecode, is a state between code and fully compiled machine language.

The PHP engine works by taking your code and compiling it into Bytecode before processing. This is often referred to "Just In Time Compiling". It is how .NET and Java work as well. When you use an encoder such as Zend Encoder or IonCube, it compiles the PHP to Bytecode and stores it as files. The loaders then take this code and feed it into the engine bypassing the original compiling step at runtime. You still need the PHP engine installed on the server to run encoded scripts. When an error such as a illegal function (i.e. Function not found), the engine interprets the bytecode and extrapolates the function name for output. The encoders do not store the function names in plain text.

Why don't vBulletin zend their php scripts?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment