ionCube Dynamic Keys Example Image

Last Updated – May 2024

Learn about ionCube’s most powerful feature, Dynamic Keys! In this article we will show you how to add a dynamic key based on a static value as well as the more advanced (and recommended!) non-static dynamic key!

If you don’t already know about external and dynamic keys in ionCube then it would be best to start with our summary article to learn about how each feature works. We also show you how to setup a simple external key here.

Dynamic Keys are more complex than External Keys as they require some programmatical changes to your code but that added complexity is worth it if you are looking to achieve the highest level of protection for your PHP code. A dynamic key is special since the key itself is not stored anywhere and is only computed at runtime making it extremely difficult to reverse engineer. You can also set an unlimited number of dynamic keys which means you have the option to add infinite layers of complexity when protecting your PHP.

 

How to setup a Dynamic Key based on a static value

Dynamic keys provide the strongest means available to protect the source code because the key does not exist in the encoded file at all and there is no direct link to the key. Instead the key is computed at runtime.

Suppose in your code you have a function you want to protect called myfunc. That can be protected by a simple key as follows:

<?php

// The $salt adds a global variable to the generation of the key – the myk function that generates the key depends on this global variable.
$salt = “part”;

require_once(“keygen.php”);

// $salt is modified here so the generation of the key by the myk function can only be successful if $salt has the correct value.
$salt = hash(“sha3-512″,”anotherstring”. $salt);

// @ioncube.dynamickey myk(“sha256”, “randomstr”) -> “cafa2806bc07a925bdab8327be054103b060de73352591789001c389333f1bd7” RANDOM

function myfunc() {
echo “Hello world”;
}
?>

In the above the “cafa2806bc07a925bdab8327be054103b060de73352591789001c389333f1bd7” will be used by the encoder to encrypt the byte code of myfunc. The “RANDOM” will mean a random cryptographically secure method will be used to encrypt.

When decoding, the Loader will only attempt to decode myfunc when myfunc is first called. The Loader knows nothing about the key string “a9cd650d5a0a11343de71fd354dc7d04147910cc117f63280720f8efba06b97d” but instead makes the function call myk(“sha256”, “randomstr”) which should obtain the key. (A key specifying function like myk can take string constants as arguments.) Whatever it gets as the result of that function call will be used to decrypt the byte code of myfunc. Since the Loader does not know what the key is supposed to be, or what the byte code of myfunc should look like, a crash could occur if the computed key does not match the key used to encrypt.

In keygen.php you would have something like:
<?php

function myk($hasher,$randstr)
{
global $salt;
return hash($hasher,$randstr . $salt);
}
?>

Even though that is a very simple example of a key, it is a powerful means of code protection. Be sure to devise your *own* dynamic key functions and not use this exact example!

The downsides are that setting up dynamic keys is labour intensive and, as true encryption is used, it will have an impact on performance. To reduce the impact of the second point you can use “BASIC” instead of “RANDOM” in the above example, which mangles the byte code rather than truly encrypts it.

 

Advanced Dynamic Keys (based on the state of the program)

Dynamic keys are stronger if they make use of the state of the program (such as global variables, external files etc) to obtain their results. That is the point of the $salt variable above. You should aim to use global state in a more sophisticated way and there is an example of how to do that below which requires additional files for this example. You will find generator_dynamic_keys.zip attached at the end of this article. That archive contains a slightly more advanced example of how to use dynamic keys where the state of the computation is used. In particular it uses generators assigned to global variables. As the key generated depends on the state of the generators the order in which the protected methods are called is important. The three files included in the zip are:

generator_dk.php – the definition of the dynamic key function. Note that the definitions depend on global variables whose final values are not available in that file.

protected_methods_class.php – a class whose two methods are protected by dynamic keys.

keys_from_generators.php – the file that should be run. This makes the first calls of the methods of the Prot_Methods class and those method calls are order dependent; if they were called in a different order then the dynamic keys calculated would be wrong and the program would fail.

 

You can download the file archive from the link below.

generator_dynamic_keys

 

Dynamic Keys are very powerful and with that power comes some added complexity so you may wish to contact us for support. We can be reached via support tickets for assistance here.

How to setup Dynamic Keys in ionCube Encoder
twitterlinkedinmail