7 methods of JavaScript encryption and decryption

Encryption | Decryption This article describes seven JavaScript encryption methods:

In the Web page (in fact, is the Web Trojan hehe), the most annoying is their own hard to write the client IE run the JavaScript code is often easily copied by others, really let their hearts a little taste, to know that they write something also very tired ... ^*^

But we should also be aware that because JavaScript code is interpreted in IE, to be absolutely confidential is impossible, we have to do is to maximize the difficulty of copying copy, let him quit (hopefully ~!~), the following I combined their own practice over the years, and personal research experience, Let's explore the encryption and decryption techniques for JavaScript code in Web pages.

For example, encrypt the following JavaScript code:

<script language= "JavaScript" >
Alert ("The Hacker Line of Defense");
</SCRIPT>

　　 One: The simplest encryption and decryption

For JavaScript functions Escape () and unescape () must be more understanding (many Web pages encrypted with them), respectively, encoding and decoding strings, such as example code with the Escape () function after encryption into the following format:

alert%28%22%u9ed1%u5ba2%u9632%u7ebf%22%29%3b

How is it? You know what you're looking for? Of course, the ASCII character "alert" is not encrypted, and if so, we can write some JavaScript code to encrypt it as follows:

%61%6c%65%72%74%28%22%u9ed1%u5ba2%u9632%u7ebf%22%29%3b

Oh! How is it? This time it's completely encrypted!

Of course, this encrypted code is not directly run, fortunately there are eval (codestring) available, the function is to check the JavaScript code and execute, the required codestring parameter is a string value containing valid JavaScript code, Plus the above decoding unescape (), the result of the encryption is as follows:

<script language= "JavaScript" >
var code=unescape ("%61%6c%65%72%74%28%22%u9ed1%u5ba2%u9632%u7ebf%22%29%3b");
Eval (code)
</SCRIPT>

Is it simple? Do not be happy, decryption is also the same simple, decryption code are put to others (Unescape ())! Oh

　　Second: The magical meaning of the escape character ""

You may not be familiar with the escape character "", but there are some special words for JavaScript Furu: N (newline), R (carriage), ' (single quotes), etc. should be understood? In fact, "" can also be followed by octal or hexadecimal digits, such as the character "a" can be expressed as: "141" or "x61" (note that the lowercase character "x"), as for the double-byte character Furu kanji "Black" can only be expressed in hexadecimal as "u9ed1" (note that the lowercase character "U"), where the characters "U" The representation is a double-byte character, and according to this principle example code can be expressed as:

The octal escape string is as follows:

<script language= "JavaScript" >
Eval ("1411541451621645042u9ed1u5ba2u9632u7ebf425173")
</SCRIPT>

The hexadecimal escape string is as follows:

<script language= "JavaScript" >
Eval ("x61x6cx65x72x74x28x22u9ed1u5ba2u9632u7ebfx22x29x3b")
</SCRIPT>

This time there is no decoding function, because JavaScript executes itself, and the same decoding is simple as follows:

<script language= "JavaScript" >
Alert ("x61x6cx65x72x74x28x22u9ed1u5ba2u9632u7ebfx22x29x3b")
</SCRIPT>

Will pop up a dialog box to tell you the results of the decryption!

　　Third: Encode using script Encoder scripts encoder from Microsoft

The use of tools is not much introduction! I am using JavaScript directly to invoke control Scripting.encoder complete encoding! The code is as follows:

<script language= "JavaScript" >
var senc=new activexobject ("Scripting.encoder");
var code= ' <script language= "JavaScript" >rnalert ("Hacker Line of Defense");rn</script> ';
var encode=senc.encodescriptfile (". htm", code,0, "");
alert (Encode);
</SCRIPT>

The following results are encoded:

<script language= "Jscript.encode" >#@~^FGAAAA==@#@&LSDD ' J Hacker Defense line r#p@#@&fgmaaa==^#~@</script>

Ugly enough, you know? But the corresponding decryption tool has already come out, and even the decryption page has! Because of its decryption page code too much, I don't say pull! To introduce my original decryption code, as follows:

<script language= "Jscript.encode" >
function decode ()
Alert (decode.tostring ());
</SCRIPT>

How? Easy enough, huh? It is the principle is: After the code is run before IE will decode it first, if we first put the encrypted code into a custom function such as the above Decode (), and then the custom function decode call ToString () method, will be decoded code!

If you think that code language property is Jscript.encode, it's easy to see, then there's a method of almost unknown window object execscript (), whose prototype is:

Window.execscript (Sexpression, slanguage)

Parameters:

Sexpression: required option. String. The code to be executed.

Slanguage:  required option. String. Specifies the language of the executed code. The default value is Microsoft JScript

When used, the front of the "window" can be omitted not to write!

With it we can run the coded JavaScript code well, as follows:

<script language= "JavaScript" >
Execscript ("#@~^fgaaaa==@#@&lsdd ' J Hacker Defense r#p@#@&fgmaaa==^#~@", "Jscript.encode")
</SCRIPT>

You can use the method two pair of "" "inside the string to encode again, make" Jscript.encode "and Code signature" #@~^ "does not appear, the effect will be better!

[1] [2] Next page