Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-13-2015, 00:56
CryptXor CryptXor is offline
Friend
 
Join Date: Oct 2015
Posts: 68
Rept. Given: 0
Rept. Rcvd 24 Times in 12 Posts
Thanks Given: 34
Thanks Rcvd at 131 Times in 39 Posts
CryptXor Reputation: 24
[C++] ionCube 7 Decoder

Please keep this on exetools ONLY. NON-PROFIT USE ONLY....

Attached is the archive containing the bulk of the last "proper" ioncube decoder which was leaked out into the public domain. The below is the same source-code that dezender.net uses.
The code is from the public build of the decoder and not the private build.
The archive which I have attached is also not 100% complete and missing many of the sub-classes to prevent it from ending up on the WWW.

With all of that said. If you beleive that you are able to create a new decoder and would like the full source-code then shoot me a PM and I would be happy to share my research on PHP decoding with you. I don't have the time anymore so I will probably opensource my last decoder build at some stage.

Archive password:
Code:
exetools
Attached Files
File Type: rar zend_dump.rar (47.1 KB, 71 views)
Reply With Quote
The Following 3 Users Gave Reputation+1 to CryptXor For This Useful Post:
chessgod101 (10-13-2015), uranus64 (10-13-2015), Zipdecode (10-13-2015)
The Following 16 Users Say Thank You to CryptXor For This Useful Post:
BAHEK (10-13-2015), cachito (10-15-2015), duseng (11-06-2021), Fyyre (02-22-2022), kielsalva18 (09-30-2023), niculaita (10-13-2015), serseri_1453 (11-16-2015), sh3dow (10-21-2021), Succubus (10-19-2021), Syoma (10-13-2015), tahaghafuri (10-11-2023), Ura (03-19-2022), uranus64 (10-13-2015), YuqseLx (07-22-2016), Zipdecode (10-13-2015)
  #2  
Old 10-13-2015, 06:22
Ember Ember is offline
Friend
 
Join Date: Feb 2009
Posts: 84
Rept. Given: 68
Rept. Rcvd 25 Times in 15 Posts
Thanks Given: 36
Thanks Rcvd at 78 Times in 33 Posts
Ember Reputation: 25
This was posted publicly back in 2012, and may/may not have anything to do with OP's post as I (obviously) cannot download attachments. Judging by OP's post history, this seems to be the full package that was leaked that contains the whole qinvent.com Dezender source

dezender.c is in work\php\Zend\dezender folder
Code:
Download: hxxps://yadi.sk/d/GNkaucI4To2pk
Password: sy5sgwv4ms2fpvmHt7Rvcrc2am1Eu8fOIUUkgcmzJXTE3HYhf3vDZI68dhWSTXAekBpZ06XLTZqTY4Qs1zql09wXp5SYYrCz00qA

Last edited by Ember; 10-13-2015 at 06:29.
Reply With Quote
The Following 3 Users Say Thank You to Ember For This Useful Post:
Fyyre (02-22-2022), niculaita (10-14-2015), sh3dow (10-21-2021)
  #3  
Old 10-13-2015, 13:56
CryptXor CryptXor is offline
Friend
 
Join Date: Oct 2015
Posts: 68
Rept. Given: 0
Rept. Rcvd 24 Times in 12 Posts
Thanks Given: 34
Thanks Rcvd at 131 Times in 39 Posts
CryptXor Reputation: 24
Quote:
Originally Posted by Ember View Post
This was posted publicly back in 2012, and may/may not have anything to do with OP's post as I (obviously) cannot download attachments. Judging by OP's post history, this seems to be the full package that was leaked that contains the whole qinvent.com Dezender source

dezender.c is in work\php\Zend\dezender folder
Code:
Download: hxxps://yadi.sk/d/GNkaucI4To2pk
Password: sy5sgwv4ms2fpvmHt7Rvcrc2am1Eu8fOIUUkgcmzJXTE3HYhf3vDZI68dhWSTXAekBpZ06XLTZqTY4Qs1zql09wXp5SYYrCz00qA
Nope. Totally different package

Incidently that decoder is not for ionCube, but for ZendGuard
Reply With Quote
  #4  
Old 10-20-2021, 08:42
Succubus Succubus is offline
Friend
 
Join Date: Oct 2021
Location: Japan
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 12 Times in 4 Posts
Succubus Reputation: 1
I'm also wanna start studying this now. I just cracked the Ioncube Encoder last week. I can send a proof via discord or dm honestly I don't know how dm works here, I think both should be friends first. But now all I can think is I wanna learn how to decode Ioncube. My first attempt is to load my DLL inside the entry to php7ts.dll xD then use the VLD source just the part where it dumps opcode array.. to dump the bytecode and reconstruct it since I only need to pass the op_array. I can just hook the zend_execute and get the op_array.. after getting a hand of it xD I notice it only works on plain PHP. well, I'm back to zero again. the reason I go with the hook path is that I don't want to compile and compile each xD PHP source since they exported some of its functions, I can just do something about it instead.

can you give something a hint on how it's done?

Last edited by Succubus; 10-20-2021 at 09:04.
Reply With Quote
The Following 2 Users Say Thank You to Succubus For This Useful Post:
niculaita (10-21-2021), sh3dow (10-21-2021)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ioncube 7 Decode Bunshee General Discussion 21 06-05-2018 17:27


All times are GMT +8. The time now is 16:54.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )