Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
RAID
2015
Springer
2015
Springer
Security Analysis of PHP Bytecode Protection Mechanisms
Abstract. PHP is the most popular scripting language for web applications. Because no native solution to compile or protect PHP scripts exists, PHP applications are usually shipped as plain source code which is easily understood or copied by an adversary. In order to prevent such attacks, commercial products such as ionCube, Zend Guard, and Source Guardian promise a source code protection. In this paper, we analyze the inner working and security of these tools and propose a method to recover the source code by leveraging static and dynamic analysis techniques. We introduce a generic approach for decompilation of obfuscated bytecode and show that it is possible to automatically recover the original source code of protected software. As a result, we discovered previously unknown vulnerabilities and backdoors in 1 million lines of recovered source code of 10 protected applications.
Real-time Traffic| Added | 17 Apr 2016 |
| Updated | 17 Apr 2016 |
| Type | Journal |
| Year | 2015 |
| Where | RAID |
| Authors | Dario Weißer, Johannes Dahse, Thorsten Holz |
Comments (0)
Researcher Info
|
