Analysis of ASP program encryption and decryption Methods

At present, there are three main encryption methods for ASP programs: script encoder (srcenc. EXE) encryption, component encryption, and self-compiled program encryption. Below we will introduce these three encryption methods ......
Today, websites built with ASP technology are everywhere. Because ASP scripts are interpreted and executed on the server (compilation is not allowed), the ASP code you have developed is easily copied and modified. How can you protect the ASP source code? This is a problem that every ASP Webmaster will encounter. There are many posts on solving such problems on the Internet. Let's talk about ASP program encryption methods.

1. How to encrypt ASP programs?

At present, there are three main encryption methods for ASP programs: script encoder (srcenc. EXE) encryption, component encryption, and self-compiled program encryption. Below we will introduce these three encryption methods.

1. Use Microsoft's Ms script encode for encryption

Microsoft provides the script encode (http://www.itgene.cn/itgene/download/download.aspID=232) for the MS script encode to encrypt ASP programs. This is a simple command line tool. Its execution file is srcenc. EXE and needs to be run in DOS. It only encrypts the script code embedded in the page, converts ASP code between webpages into unreadable garbled characters, and keeps other parts unchanged. You must use Internet Explorer 5.0 or a later version to view the encrypted program.

After srcenc is used for encryption, the encrypted part of the file will become read-only. If you modify the encrypted part (even if only one word is changed), the entire file will become unavailable. For VBScript, after encryption, the first line of the source file is displayed: <script language = "VBScript. and JScript (or Javascript) displays: <script language = "jscript. encode ">

(1) Encryption Method

Click Start/Program/attachment/command prompt and enter the following command in the MS-DOS command line to encrypt an ASP file:

Srcenc [Switches] <asp file name to be encrypted> <Encrypted File Name>

You can select the following five parameters for the [Switches] project:

[Switches] Meaning example

/S is optional. If this parameter is included in the command, no output is displayed on the screen during the encryption process. Screnc/s LaCl. SCT ulacl. SCT

Encrypts LaCl. SCT, the script Applet in the current directory. No information is displayed on the screen during encryption.

/F is optional. Specifies whether the output file overwrites the input file with the same name. Ignore, will not overwrite. Screnc/F LaCl. asp

Encrypt the file LaCl. asp and overwrite the original file with the same name as the encoded file

/XL is optional. Whether to add the @ language command to the top of the. asp file. Ignored.

/L deflanguage is optional. Specifies the default script language selected in script encoder encryption. Scripts that do not contain this language feature in the file will be ignored by the script encoder.

For HTML files, JScript is the built-in default script language; for ASP files, VBScript is the default script language; for files with the extension of. vbs or. JS, script encoder also has the ability to adapt. Screnc/L VBScript lacl.htm ulacl.htm

Encrypts the lacl.htm file and generates the output file ulacl.htm. Make sure that VBScript is used for script blocks that do not have a specified language attribute.

/E defextension is optional. Specifies the file extension of the file to be encrypted. By default, script encoder can recognize ASA, ASP, CDX, htm, HTML, JS, SCT, and vbs files. Screnc/e ASP 11/*. * F:/labxw-JM

Encrypt all. asp files in the 11 directory and put the encoded output files in the F:/labxw-JM directory.

(2) Operation example

For example, to encrypt the LaCl. asp file in the current directory and generate the encryption file ulacl. asp, enter the following command in DOS:

Screnc LaCl. asp ulacl. asp

Encrypt all. asp files in the current directory and put the encoded output files in F:/labxw. Run the following command:

Screnc *. asp F:/labxw

2. Use components to encrypt ASP

The above screnc-encrypted program can be decrypted (the decryption method is described below). If you want to completely protect your ASP code, you can develop ActiveX dll components for protection.

DLL files are compiled machine code. If there is no source project file, it cannot be decompiled. Therefore, component encryption is the safest and cannot be cracked. The following is an example of the operation process. For example, you need to protect the following ASP code:

The following is a reference clip:
Set rs = server. Createobject ("ADODB. recordset ")
SQL = "select * from GQ where xs = 1 order by date ASC"
Rs. Open SQL, Conn, 1, 1
If Rs. EOF and Rs. bof then
Response. Write "<a href = new0.asp? LBID = gqx> <% = gqx %> </a>"
Else
Response. Write ""
End if
Set rs = nothing
Conn. Close
Set conn = nothing

You can rewrite them into VB components and then call the components in the ASP file. The procedure is as follows:

(1) Create an ActiveX dll project of VB6

In the Properties window, name your library module and project file (for example, project name LaCl and module name disp). In the ASP file, the called object name will be lacl_disp.

Select references from the project menu in VB6, and select Microsoft ActiveX Data Objects 2.0 library.

(2) Compile the VB component

Next, rewrite <ASP code to be protected> to the VB component. The Code is as follows:

The following is a reference clip:
Public Function html_combo (disp_table as string) as string
Dim outstring as string
Dim conn as ADODB. Connection
Dim rst as ADODB. recordset
Dim sqlstring as string
Set conn = Createobject ("ADODB. Connection ")
Set rst = Createobject ("ADODB. recordset ")
Sqlstring = "select * from" & disp_table & "where xs = 1 order by date ASC"
'The above is the operation to open the database in VB. The table name and field name in the database can be modified as needed.
Conn. Open "DSN = sumnet"
RST. Open sqlstring, Conn, 3, 3
If RST. EOF and RST. bof then
Outstring = "this type of unit information is not available"
Else
RST. movefirst
Outstring = "<a href = new0.asp? LBID = "& request (" LBID ") &"> </a>"
End if
Html_combo = outstring
RST. Close
Conn. Close
End Function

After writing the preceding VB code, save the project and start compilation.

(3) generate the Installation File

Open the package deployment Wizard program attached to Visual Studio 6, select the created ActiveX project file LaCl, select package, select the script to be packed or use the default script, and select standard installation, select a storage directory for the generated Installation File and select single cab. all others are default. Click Next to automatically generate the installation file!

(4) install components on the IIS server

Run the installation file on the IIS server and install the component on the server.

(5) Call components on the webpage

Later, you can call this component in the ASP file to complete the original functions. Call the component you created on the webpage as follows:

The following is a reference clip:
<% @ Language = "VBScript" %>
<%
Set diaoyong = server. Createobject ("lacl_disp.disp ")
%>
<HTML>
<Body>
<% = Diaoyong.html _ combo ("GQ") %>
<Br>
</Body>
</Html>

As you can see, the content in the ASP file is only a component call (which is totally different from the previous one). Even if others get the file, they cannot edit or modify the source code, because the code is encapsulated in the VB component, the code in the component cannot be seen or decompiled by outsiders!

3. Write your own encryption program

Although the component encryption method cannot be cracked, you are required to be familiar with vbprogramming. You need to rewrite ASP code into a VB component, which requires a great deal of work. Therefore, we recommend that you program your own to protect ASP code, the basic idea is to write an encryption function base64encode and the decryption function base64decode. First, use the encryption function to process the <ASP code to be protected> and obtain the corresponding ciphertext Hu; then use execute (base64decode (HU) to replace <ASP code to be protected>.

For example, to protect the above ASP code, you can do this:

(1) Use Word to Process <ASP code to be protected>

Copy the <ASP code to be protected> to the word. In the word, replace all the paragraph marks (line breaks) in the Code with the Chinese character "water": click "edit"/replace, move the cursor to the "search content" column, click "advanced"/special characters, and select "section mark". move the cursor to the "Replace with" column, enter "water" and click "replace all ". In the same way, replace all single quotes in the Code with the Chinese character "add.

(2) write and run the encryption program

Compile an encryption program in FrontPage, which includes the initialization function initcodecs and base64encode (the Code is as follows). Copy the code after word processing and paste it in the p = "" sentence, finally, store the disk in the name of test1.asp. Enter http: // 127.0.0.1/test1.asp in IE to run the file locally. A large segment of garbled code (such as c2v0ihjzpxnlcnzlci5jcmvhd...) will be displayed on the screen ...), this is the ciphertext corresponding to ASP code to be protected!

The following is a reference clip:
Option explicit
Const base_64_map_init = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789 + /"
Dim newline
Dim base64encmap (63)
Dim base64decmap (127)
Dim indium, Hu, encode
Call initcodecs 'initialization
P = "<ASP code after word processing>" 'ASP code to be protected is processed in word, and then entered here
Hu = base64encode (indium) 'calls the base64encode function for encryption to obtain the ciphertext Hu
Response. Write (HU) 'display ciphertext
Public sub initcodecs () 'initialization function initcodecs
Newline = "<p>" & CHR (13) & CHR (10)
Dim Max, idx
Max = Len (base_64_map_init)
For idx = 0 to max-1
Base64encmap (idx) = mid (base_64_map_init, idx + 1, 1)
Next
For idx = 0 to max-1
Base64decmap (ASC (base64encmap (idx) = idx
Next
End sub
Public Function base64encode (plain) 'encryption function base64encode
If Len (plain) = 0 then
Base64encode = ""
Exit Function
End if
Dim ret, ndx, by3, First, Second, Third
By3 = (LEN (plain)/3) * 3
Ndx = 1
Do While ndx <= by3
First = ASC (mid (plain, ndx + 0, 1 ))
Second = ASC (mid (plain, ndx + 1, 1 ))
Third = ASC (mid (plain, ndx + 2, 1 ))
Ret = RET & base64encmap (first/4) and 63)
Ret = RET & base64encmap (first * 16) and 48) + (second/16) and 15 ))
Ret = RET & base64encmap (second * 4) and 60) + (third/64) and 3 ))
Ret = RET & base64encmap (third and 63)
Ndx = ndx + 3
Loop
If by3 <Len (plain) then
First = ASC (mid (plain, ndx + 0, 1 ))
Ret = RET & base64encmap (first/4) and 63)
If (LEN (plain) mod 3) = 2 then
Second = ASC (mid (plain, ndx + 1, 1 ))
Ret = RET & base64encmap (first * 16) and 48) + (second/16) and 15 ))
Ret = RET & base64encmap (second * 4) and 60 ))
Else
Ret = RET & base64encmap (first * 16) and 48)
Ret = RET '& "="
End if
Ret = RET '& "="
End if
Base64encode = RET
End Function

(3) rewrite the ASP file to be protected

Rewrite the original ASP file and add the unencode and base64decode functions to the file. The Code is as follows:

The following is a reference clip:
Dim Hu, hU2
'Copy the ciphertext of the ASP code to save it to the Hu variable.
Hu = "samples/bgjpzd0tjnjlcxvlc3qo12xiawqtksamiom + samples"
HU2 = base64decode (HU) 'restore the ASP code to be protected
Execute (unencode (hU2) 'restores single quotes, returns a carriage return, and executes the original code.
'Decryption function base64decode
Function base64decode (scrambled)
If Len (scrambled) = 0 then
Base64decode = ""
Exit Function
End if
Dim reallen
Reallen = Len (scrambled)
Do While mid (scrambled, reallen, 1) = "="
Reallen = reallen-1
Loop
Dim ret, ndx, by4, First, Second, Third, Fourth
Ret = ""
By4 = (reallen/4) * 4
Ndx = 1
Do While ndx <= by4
First = base64decmap (ASC (mid (scrambled, ndx + 0, 1 )))
Second = base64decmap (ASC (mid (scrambled, ndx + 1, 1 )))
Third = base64decmap (ASC (mid (scrambled, ndx + 2, 1 )))
Fourth = base64decmap (ASC (mid (scrambled, ndx + 3, 1 )))
Ret = RET & CHR (first * 4) and 255) + (second/16) and 3 ))
Ret = RET & CHR (second * 16) and 255) + (third/4) and 15 ))
Ret = RET & CHR (third * 64) and 255) + (fourth and 63 ))
Ndx = ndx + 4
Loop
If ndx <reallen then
First = base64decmap (ASC (mid (scrambled, ndx + 0, 1 )))
Second = base64decmap (ASC (mid (scrambled, ndx + 1, 1 )))
Ret = RET & CHR (first * 4) and 255) + (second/16) and 3 ))
If reallen mod 4 = 3 then
Third = base64decmap (ASC (mid (scrambled, ndx + 2, 1 )))
Ret = RET & CHR (second * 16) and 255) + (third/4) and 15 ))
End if
End if
Base64decode = RET
End Function
'The unencode function for restoring single quotes and line breaks
Function unencode (cc)
For I = 1 to Len (cc)
If mid (CC, I, 1) <> "water" then
If mid (CC, I, 1) = "plus" then
Temp = "& temp
Else
Temp = mid (CC, I, 1) + temp
End if
Else
Temp = newline & temp
End if
Next
Unencode = temp
End Function

Save the above Code as test2.asp.

(4) use srcenc to encrypt test2.asp

Use srcenc to encrypt test2.asp and then publish it to the server. In this way, even if someone else obtains the file and cracks the srcenc encryption, the original code cannot be seen, because the original code in test2.asp is ciphertext (Hu = "c2v0ihjzpxnlcnzlc ...), so ASP code is protected!

2. How to decrypt encrypted ASP programs?

How to decrypt encrypted ASP programs? First, we should tell you that ASP programs encrypted by component method cannot be decrypted, while screnc-encrypted programs can be decrypted by using the decryption software (zwdecode. EXE ).

Zwdecode. EXE (http://www.mydown.com/softdown/45/45183.html) can decrypt the ASP file encrypted by Ms script encode to restore the source code.

(1) Decryption Method

Click Start/Program/attachment/command prompt and enter the following command in the MS-DOS command line to restore the original code:

Zwdecode <encrypted ASP file name>

<Encrypted ASP file name> must be input. The file name can contain a directory path or a directory path. This is the output file name to be generated or contains path information.

(2) Example

For example, F:/22/LaCl. asp was previously screnc encrypted, and now to restore the source code, you can enter the following command in the MS-DOS:

Zwdecode F:/22/LaCl. asp D:/ulacl. asp

After the execution is complete, a ulacl. asp file will be generated on drive D. open the file and you will be able to see the source code!