WizShield.. (lol)

***NOP*** · 10-24-2013, 08:02 AM

SO got emailed about some awesome super duper new wordpress plugin protection system.

http://www.wizshield.com/launch-week/

I end up finding a plugin protected with it, the latest Page Expiration Robot.

Essentially, the "fully encrypted code" is:

Code:

$longassvariablehere = "base64-encoded-stuff-here";

// snipped a whole bunch of junk functions

// snipped an eval() that basically eval()s eval(gzdeflate(base64_decode($longassvariablehere)));

// snipped more junk functions

LOL, eval()..

After that you get the main protection.. and seriously, you can defeat it without having to grab the code being eval()'d.. well obviously if you know the wordpress option name being used.. Because it does THIS to check for non-activation:

Code:

if ( get_option( "page_expiration_robot__pro_vzcld_a"."ct"."iv"."a"."t"."i"."on" ) == "" || get_option( "page_expiration_robot__pro_vzcld_a"."ct"."iv"."a"."t"."i"."on" ) == "fedb2d84cafe20862cb4399751a8a7e3" )            { /* not activated */ }

So.. if you just get that option value.. you can basically put at the main plugin script, up the top after the first (wordpress required) comment

Code:

update_option("page_expiration_robot__pro_vzcld_a"."ct"."iv"."a"."t"."i"."on","LOLPWNED");

..or something. and hooray there goes wizshield, in the bin where it belongs..

Note to wizshield devs.. eval() is NOT a protection and neither is relying on hard coded wordpress options..

your "protection" needs to be much improved, you're selling this easy crackable "protection" that any half decent php coder can bypass..

***IceMans*** · (This post was last modified: 10-24-2013 08:28 AM by IceMans.)

Well I think after that they should be called WizFail :p but yeah so much for their "protection" lol.

EDIT: [Image: 0j7t.png]

Had to lol at that

***CharlieBrown*** · 10-24-2013, 04:33 PM

Wack0, are you back???

Thanks for the share on this, was kinda curious to see what had to be said here about this :)

Appreciate all your past (and hopefully future) efforts!!!

***m45741314574*** · 10-24-2013, 04:43 PM

lol, I bet they already knew about this and dont care

just another way to make a quick buck from a chumb

thanks for the share!

***Premier*** · 10-24-2013, 07:06 PM

LOL. Thanks for the share!

***chuapasa*** · 10-24-2013, 11:16 PM

No, way..only home delivery can somehow work

***mikeymike57*** · 10-24-2013, 11:52 PM

anyone make a video tutorial..??

***NOP*** · 10-25-2013, 01:06 AM

(10-24-2013 11:52 PM)mikeymike57 Wrote: anyone make a video tutorial..??

Hahaha.

No.

***fnetv1*** · 10-31-2013, 02:56 PM

You see?

This once again proves to me that in the name of profit developers and other businesses rarely operate on the customer's best interests. They develop a product that seems good enough for the naive people to purchase it but for any 9 year old semi "expert" able to crack/defeat it.

If they were creating a security software for THEIR OWN purposes to protect THEIR OWN work, then they would really put in a real effort into creating something that would seen impenetrable in their own eyes, but noooo, since a bunch of strangers that they can care less about will be using the "product" they will just create a product or a software as quickly as possible with very minimal debugging, and if they see that their "grand mother" can't crack it then they will call it a "product".

In the name of planned obsolescence, people have stopped creating quality products and software long time ago.

(10-24-2013 08:02 AM)NOP Wrote: SO got emailed about some awesome super duper new wordpress plugin protection system.

http://www.wizshield.com/launch-week/

I end up finding a plugin protected with it, the latest Page Expiration Robot.

Essentially, the "fully encrypted code" is:

Code:

$longassvariablehere = "base64-encoded-stuff-here"; // snipped a whole bunch of junk functions // snipped an eval() that basically eval()s eval(gzdeflate(base64_decode($longassvariablehere))); // snipped more junk functions

LOL, eval()..

After that you get the main protection.. and seriously, you can defeat it without having to grab the code being eval()'d.. well obviously if you know the wordpress option name being used.. Because it does THIS to check for non-activation:

Code:

if ( get_option( "page_expiration_robot__pro_vzcld_a"."ct"."iv"."a"."t"."i"."on" ) == "" || get_option( "page_expiration_robot__pro_vzcld_a"."ct"."iv"."a"."t"."i"."on" ) == "fedb2d84cafe20862cb4399751a8a7e3" ) { /* not activated */ }

So.. if you just get that option value.. you can basically put at the main plugin script, up the top after the first (wordpress required) comment

Code:

update_option("page_expiration_robot__pro_vzcld_a"."ct"."iv"."a"."t"."i"."on","LOLPWNED");

..or something. and hooray there goes wizshield, in the bin where it belongs..

Note to wizshield devs.. eval() is NOT a protection and neither is relying on hard coded wordpress options..

your "protection" needs to be much improved, you're selling this easy crackable "protection" that any half decent php coder can bypass..

***panacea*** · 10-31-2013, 05:06 PM

The will have pdf files license protected in 14 weeks… whatever that means...