"This Version of ionCube was not vulnerable to a possible decryption"
Does he just mean "this version doesn't have a readily available dissassembler yet"? Even if they chose the path of compiling to native code, if you own the box, it can't be that hard to get the code.
I wish he'd gone down this route further. It looks like there's code at the top of the file that "decrypts" (decodes?) the contents of the PHP file. I'd be curious why he felt this wasn't worth reversing.
I'm also curious if there's a way to dump 'disassembled' PHP after it's been loaded into the PHP processor. If it's going through eval() at the end, then shouldn't the plain-text source be available in a string somewhere?
I believe these obfuscators work by forcing you to install a binary-only .so zend extension in php.ini, which intercepts these encoded files. The files themselves should decode to already-halfway-parsed PHP opcodes or so, which is probably injected into the PHP/Zend virtual machine.
Figuring out the encoding scheme is probably a lot of boring disassembly work, which in the end just lets you decode a bunch of PHP opcodes which themselves would take a lot of work to make sense of.
Does he just mean "this version doesn't have a readily available dissassembler yet"? Even if they chose the path of compiling to native code, if you own the box, it can't be that hard to get the code.