Code encryption/Decryption Protection

Text code protection is a headache. As you learn more about it, more protection methods mean more vulnerabilities.
Let's talk about my experience. If you have better methods, please contact QQ: 17789897.

[-Method for retrieving the original code-]

1: Right-click to view the original file
2: View-original file
3: file-Save
4: IE Cache
5: code extraction is also supported.
Tutorial code:
<SCRIPT>
Function add ()
{
Var ress = document. forms [0]. it315zhangxx. value
Window. location = "view-source:" + ress;
}
</SCRIPT>

<P> In the webpage source code viewer, enter the URL address for viewing the webpage source code:
<P>
<FORM> <INPUT name = it315zhangxx size = 56 value = http: //> </FORM>
<FORM> <BR> <INPUT onclick = add () type = button value = view webpage source code> </FORM>

 

[-About protection-]

 

First, use code to disable some IE operations.

: Save as prohibited
<NOSCRIPT> <iframe src = *. html> </IFRAME> </NOSCRIPT>

: Cancel selection, prevent copying and pasting, and prevent copying>
<BODY onselectstart = "return false" oncut = "return false;" onpaste = "return false" onmouseover = "window. status =; return true "oncopy =" return false; "bgColor = # ffffff leftMargin = 0 topMargin = 0>

: Right-click prohibited>
<SCRIPT language = javascript>
<! --
 
If (window. Event)
Document. captureEvents (Event. MOUSEUP );
 
Function nocontextmenu ()
{
Event. cancelBubble = true
Event. returnValue = false;
 
Return false;
}
 
Function norightclick (e)
{
If (window. Event)
{
If (e. which = 2 | e. which = 3)
Return false;
}
Else
If (event. button = 2 | event. button = 3)
{
Event. cancelBubble = true
Event. returnValue = false;
Return false;
}
 
}
 
Document. oncontextmenu = nocontextmenu; // for IE5 +
Document. onmousedown = norightclick; // for all others
// -->
</SCRIPT>
: Fixed Status Bar
<Body bgcolor = "# fef4d9" onmouseover = "self. status = custom data; return true">

: Disable the use of HTML tags in pages for caching, as shown below:
<HEAD>
<META http-equiv = Pragma content = no-cache>
<META http-equiv = Cache-Control content = no-cache>
<META http-equiv = Expires content = 0>

-Using the above code, you can disable the following methods-
1: Right-click to view the original file
3: file-Save
4: IE Cache

-It is difficult to use the Code itself to prohibit the following methods. I am confused about the method to prevent the original code from being called out-
2: View-original file
5: code extraction is also supported.

URL spoofing (real addresses can be hidden)
Tutorial code:

<Meta http-equiv = "refresh" content = "0; url = http: // dongxie. Tomorrow is a new day after all @ www.hack.net/index.htm">

Pay attention to the url = http: // dongxie in the Code. Tomorrow is a new day after all @ www.hack.net/index.htm"
@ Symbol in front of the [http: // dongxie. Tomorrow after all is a new day] Is cheated in IE after the effect can also be http://www.163.com
Not to mention the actual connection address www.hack.net/index.htm.

URL Obfuscation
<Meta http-equiv = "refresh" content = "0; url = http: // . @@@.htm">
What is .htm? What is the actual address?
How can I access it? Is there a. htm? If I want to do it, I will create an HTM without a name.
Quickly create a xxx.htm file and upload it to the QQ network hard drive dual-excited file name to delete XXX.

In this way, even if the original code is obtained, it is difficult to see the real address.
Column 1: http: // . is another new day @.htm
Column 2: http://www.163.com/@.htm
It's hard to see what the real address is.

[Disable IE-View-original file in JS]
It is also a confusing method, but you can definitely disable the above method to call the original file.
JS
Tutorial JS Code
Var oPopup = window. createPopup ();
Var popTop = 50;
Function popmsg (msgstr ){
Var winstr = "<table style =" border: 1 solid #000000 "width =" 241 "height =" 172 "border =" 0 "cellpadding =" 0 "cellspacing =" 0 "> ";
Winstr + = "<tr> <td height =" 150 "> </td> <td align =" center "> <table width =" 90% "height =" 110 "border = "0" cellpadding = "0" cellspacing = "0"> ";
Winstr + = "<tr> <td valign =" top "style =" font-size: 12px; color: # F00000; face: tahoma ">" + msgstr + "</td> </tr> </table> ";
OPopup.doc ument. body. innerHTML = winstr;
Popshow ();
}
Function popshow (){
Window. status = popTop;
If (popTop & gt; 1720 ){
ClearTimeout (mytime );
OPopup. hide ();
Return;
} Else if (popTop> 1520 & popTop <1720 ){
OPopup. show (screen. width-250, screen. height, 241,1720-popTop );
} Else if (popTop> 1500 & popTop <1520 ){
OPopup. show (screen. width-250, screen. height + (popTop-1720), 241,172 );
} Else if (popTop <180 ){
OPopup. show (screen. width-250, screen. height, 241, popTop );
} Else if (popTop <220 ){
OPopup. show (screen. width-250, screen. height-popTop, 241,172 );
}
PopTop ++ = 10000;
Var mytime = setTimeout ("popshow ();", 1 );
}
Popmsg ("");

Save as 17789897.js

HTM calls JS Code
<SCRIPT language = javascript
Src = "17789897.js"> </SCRIPT>
Some write friends may be familiar with it, but I want to tell you that his current role is to prohibit the same [IE-View-original file]
Difference in this Code
PopTop ++ = 10000;
Var mytime = setTimeout ("popshow ();", 1 );
Have you seen it? The speed is 10000.
No, I know what it means.

Call the JS Code of the above JS AND HTM
You can add it to the webpage to disable [IE-View-original file].
This is what I know about protection.

[-About encryption-]
I suggest using composite encryption for important code
There are basically the following methods:
JS Code
Escape Encryption
8-digit escape string
Hexadecimal escape string
The 10-digit HTML encoding is as follows:
Hexadecimal HTML encoding:
<Script>
<! --
Document. write (unescape ("encrypted code "));
// -->
</Script>
I won't give it because of the huge code and JS files.
You can search for baidu.com

[-About cracking-]
The so-called magic height, a high degree, and then complex encryption, in a lot of confusion, still use IE to decode
Give everyone a super skill
In the address bar or press Ctrl + O and enter:

Javascript: s‑document.doc umentElement. outerHTML; document. write (<body> </body>); document. body. innerText = s;

The source code comes out. No matter how complicated the encryption is, the html code that can be parsed by the browser must be restored, and documentElement. outerHTML is the final result.

Okay.

Dongxie