Page 1/2 of JavaScript code decryption code

We should also be aware that JavaScript Code It is explained and executed in IE, and it is impossible to keep it confidential. What we need to do is to increase the difficulty of copying the copy object as much as possible, so that it is difficult for him to know (hopefully ~!~), Next, I will discuss the encryption and decryption technology of JavaScript code on the webpage based on my practice over the past few years and my personal research experience.

The following JavaScript code is encrypted as an example:
<Script language = "JavaScript">
Alert ("hacker line");
</SCRIPT>

I. Simplest encryption and decryption

You must have a good understanding of the JavaScript Functions escape () and Unescape () (many web pages use them for encryption), namely encoding and decoding strings. For example, the example code uses escape () the function is encrypted in the following format:
Alert % 28% 22% u9ed1 % u5ba2 % u9632 % u7ebf % 22% 29% 3B

How? Do you still understand? Of course, the ASCII character "alert" is not encrypted. If you want to, you can write JavaScript code to re-encrypt it as follows:
% 61% 6C % 65% 72% 74% 28% u9ed1 % u5ba2 % u9632 % u7ebf % 22% 3B

Haha! How? This time it is completely encrypted!

Of course, the encrypted code cannot be run directly. Fortunately, Eval (codestring) is available. This function is used to check and execute JavaScript code, the required codestring parameter is a string value that contains valid JavaScript code, and the preceding decoding Unescape () is added. The encrypted result is as follows:
<Script language = "JavaScript">
VaR code = Unescape ("% 61% 6C % 65% 72% 74% 28% 22% u9ed1 % u5ba2 % u9632 % u7ebf % 22% 3B ");
Eval (CODE)
</SCRIPT>

Is it easy? Don't be happy. decryption is as simple as it is. The decryption code is put to others (Unescape ())! Haha

Ii. Use the Escape Character "\"

You may not be familiar with the Escape Character "\", but some special characters such as \ n (line feed), \ r (Press ENTER), and \ '(single quotes) are provided for JavaScript) should I know something about it? In fact, "\" can be followed by octal or hexadecimal numbers. For example, the character "A" can be expressed: "1" or "\ x61" (note the lowercase character "X "), for double-byte characters such as Chinese characters "", it can only be expressed as "\ u9ed1" in hexadecimal notation (note that it is a lowercase character "U "), the character "U" indicates a dubyte character. According to this example, the code can be expressed:

The octal escape string is as follows:
<Script language = "JavaScript">
Eval ("14524 \ u9ed1 \ u5ba2 \ u9632 \ u7ebf ")
</SCRIPT>

The hexadecimal escape string is as follows:
<Script language = "JavaScript">
Eval ("\ x61 \ x6c \ X65 \ x72 \ x74 \ x28 \ x22 \ u9ed1 \ u5ba2 \ u9632 \ u7ebf \ x22 \ x29 \ x3b ")
</SCRIPT>

There is no decoding function this time, because JavaScript will convert itself during execution. The decoding is also very simple as follows:
<Script language = "JavaScript">
Alert ("\ x61 \ x6c \ X65 \ x72 \ x74 \ x28 \ x22 \ u9ed1 \ u5ba2 \ u9632 \ u7ebf \ x22 \ x29 \ x3b ")
</SCRIPT>

The displayed dialog box shows the decrypted result!

Iii. coding using the script encoder produced by Microsoft

The use of the tool is not described much! I used JavaScript to call the scripting. encoder code of the control! The Code is as follows:
<Script language = "JavaScript">
VaR SENC = new activexobject ("scripting. encoder ");
VaR code = '<script language = "JavaScript"> \ r \ nalert (""); \ r \ n <\/SCRIPT> ';
VaR encode = SENC. encodescriptfile (". htm", code, 0 ,"");
Alert (encode );
</SCRIPT>

The encoded result is as follows:
<Script language = "jscript. encode"> #@~ ^ Fgaaaa ==##@ & LS dd' J R # P #@ & fgmaaa == #~ @ </SCRIPT>

Ugly enough, right? However, the corresponding decryption tools have already been released, and even the decrypted webpages are available! I will not talk about it because it decrypts too much Web Page code! The original decryption code is as follows:
<Script language = "jscript. encode">
Function decode (){
#@~ ^ Fgaaaa ==##@ & LS dd' J R # P #@ & fgmaaa == #~ @
}
Alert (decode. tostring ());
</SCRIPT>

What? Is it simple enough? The principle is that IE will first decode the encoded code before it runs. If we put the encrypted code into a user-defined function such as decode, call the tostring () method for the decode of the custom function to obtain the decoded code!

If you think that the language attribute of the Code obtained through this encoding is JScript. encode, which is easy to recognize, there is also an almost unknown method of window object execScript (). Its prototype is:
Window.exe cscript (sexpression, slanguage)

Parameters:
Sexpression: required. String ). Code to be executed.
Slanguage: required. String ). Specifies the language of the code to be executed. The default value is Microsoft JScript.

In use, the previous "window" can be omitted without writing!

Using this code, we can run the encoded javascript code as follows:
<Script language = "JavaScript">
ExecScript ("#@~ ^ Fgaaaa ==##@ & LS dd' J R # P #@ & fgmaaa == #~ @ "," Jscript. encode ")
</SCRIPT>

You can use method 2 to encode the strings in "" so that "jscript. encode" and encoding signature code "#@~ ^ "No, the effect will be better!

4. Add any NUL null characters (hexadecimal 00 h)

In an accidental experiment, I found that when I add any number of "null characters" to any location on the HTML webpage, ie will normally display the content and execute the JavaScript code normally, when we use a General Editor to view the added "null character", it will display a space or Black Block, making the original code hard to understand, if you use NotePad to view the information, the "null character" will become "space". The encrypted result is as follows: (the "space" displayed indicates "null character ")
<S c ri p t l Ang u a g e = "j a v a s c r I p t">

A l er T (" ");

</SC r I p t>

How? Is it messy? If you do not know the method, it is difficult to remove the "null character" (00 h!