♥GLWalker Posted February 18, 2008 Posted February 18, 2008 I just recently was asked to install a couple contributions on an oscommerce site originally set up by another company. Well it turns out the other company encrypted every single page of the cart. And they left this notice on top of everypage: <?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. $OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=2520;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0 cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X 2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDc0NCksJ1dmZ1pVbmsvQTMrcXc4Rk5SQ2x2YnpyOU lqU0p0YUhlZHlFbXhoWDJzMG9HN1ZUMU02RGlZS0xjNXVPUXBQNEI9JywnQUJDREVGR0hJSktMTU5PUFF SU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08w ME8wME8wKTs=')));return;?> Is this legal? I dont think it is as osCommerce falls under GNU opensource. And if not legal, what actions can be took to decrypt the code? Follow the community build: BS3 to osCommerce Responsive from the Get Go! Check out the new construction: Admin Gone to Total BS!
germ Posted February 18, 2008 Posted February 18, 2008 If you "decode" that snippit, and alter a few things to make it "easier" to read, you wind up with this: $file=__FILE__; $line=__LINE__; $110010000=2520; $handle=fopen($file,'rb'); while(--$line)fgets($handle,1024); fgets($handle,4096); $decoded=(base64_decode(strtr(fread($handle,744),'WfgZUnk/A3+qw8FNRClvbzr9IjSJtaHedyEmxhX2s0oG7VT1M6DiYKLc5uOQpP4B=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'))); eval($decoded); return; If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
♥Vger Posted February 19, 2008 Posted February 19, 2008 What they have done is not in any sense illegal or against GPL rules. Provided that they are only encrypting the source code on their own website, which would be useful against hackers, then they've done nothing wrong. If they encrypt the source code and sell it or distribute it in an encrypted form then that's another matter. Vger
♥GLWalker Posted February 19, 2008 Author Posted February 19, 2008 What they have done is not in any sense illegal or against GPL rules. Provided that they are only encrypting the source code on their own website, which would be useful against hackers, then they've done nothing wrong. If they encrypt the source code and sell it or distribute it in an encrypted form then that's another matter. Vger Thanks Vger and Germ So if they built the site for someone else for a fee and used it on a domain name other than their own, what would that fall as? Follow the community build: BS3 to osCommerce Responsive from the Get Go! Check out the new construction: Admin Gone to Total BS!
Zews Posted February 19, 2008 Posted February 19, 2008 I don't see how a base 64 encryption would stop anyone, specially a hacker.
cannuck1964 Posted February 20, 2008 Posted February 20, 2008 So if they built the site for someone else for a fee and used it on a domain name other than their own, what would that fall as?that would most likely be an issue as it is encoded (the encoding is a simple thing to reverse). If someone built the site for you, I would suggest you contact them and demand the un -encoded files from them stating the GPL and explain you will contact the author of the project for further dealings.... the adding of the the text: This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. might be an issue depending if the file uses osCommerce code or not and if they do, then they need to maintain the copyrights of osC in place and in unaltered form. cheers, Peter M Peter McGrath ----------------------------- See my Profile (click here) for more information and to contact me for professional osCommerce support that includes SEO development, custom development and security implementation
♥GLWalker Posted February 22, 2008 Author Posted February 22, 2008 Thanks Peter. Were contacting the original designer to get it reversed. Follow the community build: BS3 to osCommerce Responsive from the Get Go! Check out the new construction: Admin Gone to Total BS!
♥Vger Posted February 23, 2008 Posted February 23, 2008 Thanks Peter. Were contacting the original designer to get it reversed I'm just wondering who this "we" is that you are referring to. Surely you were just paid to add some contribs to this site, presumably by the same people who encrypted it, and your involvement ended when you got paid. I'm not arguing the rights or wrongs of this particular case, but I will say one thing - if we employed you to work on a site and then you complained on an open Forum about something you didn't like then we'd class it as "biting the hand that feeds you" and you wouldn't get employed by us again. You may not like that view - but if you want to do paid work for companies then you have to separate your personal feelings from business decisions. Vger
♥GLWalker Posted February 24, 2008 Author Posted February 24, 2008 I'm just wondering who this "we" is that you are referring to. Surely you were just paid to add some contribs to this site, presumably by the same people who encrypted it, and your involvement ended when you got paid. I'm not arguing the rights or wrongs of this particular case, but I will say one thing - if we employed you to work on a site and then you complained on an open Forum about something you didn't like then we'd class it as "biting the hand that feeds you" and you wouldn't get employed by us again. You may not like that view - but if you want to do paid work for companies then you have to separate your personal feelings from business decisions. Vger Dont know how you would come up with that conclusion. Maybe you have been in that situation before. I for one have never touched this site before, nor have I ever worked with the company that did work to it. When I say "we" I am refering to the site owner and I. "I" as under "my" suggestion, as I concluded from this forum. Follow the community build: BS3 to osCommerce Responsive from the Get Go! Check out the new construction: Admin Gone to Total BS!
dark_tyrant Posted July 26, 2008 Posted July 26, 2008 There are so many decoders for Base64. Are there any other encryption methods for PHP source files?
♥Vger Posted July 26, 2008 Posted July 26, 2008 Ion Cube. Vger There are so many decoders for Base64. Are there any other encryption methods for PHP source files?
dark_tyrant Posted July 26, 2008 Posted July 26, 2008 Both Ion Cube and Zend are PHP encoders that comes with a price. My question wasn't asking about encoding software. I was more interested in the encryption method. Does anyone know what encryption methods Ion Cube and Zend use? I looked around and found that MD5 and SHA1 are supported by PHP. Would it be practical to utilize either of those methods to encrypt PHP source code?
dark_tyrant Posted July 26, 2008 Posted July 26, 2008 Please disregard my question about MD5 and SHA1. After some research, I found that those were hash methods. I suppose it wouldn't be practical to use a hash method to encrypt PHP source code. At the moment, I am looking into mcrypt which looks more promising... Any suggestion about mcrypt will be appreciated.
dark_tyrant Posted July 27, 2008 Posted July 27, 2008 If you have a reply for me, please post it in my thread. Thanks. Encrpytion of configure.php
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.