4

I'm interested if anyone knows exactly how effective/safe/protected PHP's bcompiler is against reverse engineering. The introduction page makes a bold claim:

In terms of code protection, it is safe to say that it would be impossible to recreate the exact source code that it was built from, and without the accompanying source code comments. It would effectively be useless to use the bcompiler bytecodes to recreate and modify a class.

Perhaps the key word is "exact" -- how true is their claim if you remove it?

PS - Please, no lectures about compilation/obfuscation versus licensing. :)

Improve this question
3
  • What kind of answer are you expecting to get? Commented Apr 17, 2012 at 23:20
  • The identifiers and comments should definitely be gone or changed. Commented Apr 17, 2012 at 23:20
  • 2
    you are better off trying to offer SAAS. Commented Apr 17, 2012 at 23:28

2 Answers 2

Reset to default
9

It is just as safe as compiling C++ to ASM. It CAN be reverse engineered or understood by careful reading and logic, and can be edited to, for example, add 10 coins instead of 5 very easily. However, it takes a long time to understand even a short piece of the byte code, and the original source code could only be re-written by hand. The variables names and such would be unrecoverable in most cases.

In other words, PHP is the pizza recipe, the bytecode is the hot fresh pizza. You COULD find out the original recipe but it would take very long, be very difficult, and you would not know that the chef nicknamed pepperoni "Roni".

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Note, however, that while the bytecode is compiled, it is not encrypted. Any strings or other constants are visible in the compiled file, and can be edited with little difficulty.
That was what I meant when I said a "5" could easily be turned into a "10".
Does that mean that any compiler that changes PHP into bytecode is going to be just as "safe" (what you describe is appropriate/satisfactory for me) as any other?
Not very well. Most of the effects of a source code obfuscator (e.g, changed variable names, unnecessary hex escaping, removed whitespace/comments) are lost when compiling anyway; more complex runtime obfuscators generally have a significant performance impact.
Very hard. Only those very experienced in ASM or equivalent bytecode experience could decipher them, especially complex algorithms. They are harder to read/write by a huge factor than PHP. In fact, even the constants are much harder to change as it's not so obvious what that constant does, but an entire algorithm would be close to impossible to decipher.
|
1

Bcompiler is now decompiled, see the link (registration is required)!

However check the archived version.

The files are called: ModeBIphp53Updated2.rar, ModeBIphp52ts.rar and MMcache+EA.rar.

Improve this answer

2 Comments

this should be a comment not an answer
Now its webarchived :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.