There is a fundamental flaw in PHP/Zend itself that makes the type of encoding done by SourceGuardian crackable.

Im not a l33t hacker by any stretch, but I came under a situation where a company hired me to fix someone elses code. The product was encoded with an encoder and the original developer/company vanished. In the code the moron put a "phone home" check that failed because his website was gone.

Let's talk about two things here. Ethics and Protecting our work.

On the first hand, protecting our work is an important aspect of what we do as programmers. If we cannot reasonably protect our work, we would not make any $$ for our long hours. But when we take that too far, and place external dependencies in our products that are sold to customers, the customers end up losing and in some cases this can be a huge loss if that dependency fails.

Ethically, one should not place outside dependencies on your product. You should not put "phone home" checks in your code. You cannot see the future. You may get hit by a bus or win the lottery, in either case you likely wont give a crap about your customers anymore... but you can be certain they care.

Anyway back to my story. So I had to decode this encoded stuff to remove the phone home to a dead server. If you studied how PHP itself works, and almost all interpreters are the same way, you would know that one must open the envelope to read the letter. PHP must parse the tree to deliver the content. Thus the tree MUST be available in source form at some point.

Thus, finding the right place in the PHP code to print out the source, and you've decoded it. That's what I had to do, and it turned out to be a one line addition

I dont know about other encoders, but encoders like this are easily bypassed.

Buyer beware

The probably only good one is Zend Encoder but its quite expensive. Others like already stated are easily cracked.

IonCube has proven difficult so far, but I didnt sign up for that compiler class 20 years ago like i should have