Encryption | decryption
Source of information: The Hacker line of defense
This article presents a total of seven methods:
One: The simplest encryption and decryption
Second: The magical meaning of the escape character "\"
III: Encode (self-create simple decoding) using the Scripting Encoder script encoder produced by Microsoft
Four: Arbitrarily add nul null characters (hex 00H) (self-created)
Five: Useless content confusion and newline space tab DAFA
VI: Self-write decryption function method
Vii. use of mistakes (self-creation)
In the Web page (in fact, is the Web Trojan hehe), the most annoying is their own hard to write the client IE run the JavaScript code is often easily copied by others, really let their hearts a little taste, to know that they write something also very tired ... ^*^
But we should also be aware that because JavaScript code is interpreted in IE, to be absolutely confidential is impossible, we have to do is to maximize the difficulty of copying copy, let him quit (hopefully ~!~), the following I combined their own practice over the years, and personal research experience, Let's explore the encryption and decryption techniques for JavaScript code in Web pages.
For example, encrypt the following JavaScript code:
<script language= "JavaScript" >
Alert ("The Hacker Line of Defense");
</SCRIPT>
One: The simplest encryption and decryption
For JavaScript functions Escape () and unescape () must be more understanding (many Web pages encrypted with them), respectively, encoding and decoding strings, such as example code with the Escape () function after encryption into the following format:
alert%28%22%u9ed1%u5ba2%u9632%u7ebf%22%29%3b
How is it? You know what you're looking for? Of course, the ASCII character "alert" is not encrypted, and if so, we can write some JavaScript code to encrypt it as follows:
%61%6c%65%72%74%28%22%u9ed1%u5ba2%u9632%u7ebf%22%29%3b
Oh! How is it? This time it's completely encrypted!
Of course, this encrypted code is not directly run, fortunately there are eval (codestring) available, the function is to check the JavaScript code and execute, the required codestring parameter is a string value containing valid JavaScript code, Plus the above decoding unescape (), the result of the encryption is as follows:
<script language= "JavaScript" >
var code=unescape ("%61%6c%65%72%74%28%22%u9ed1%u5ba2%u9632%u7ebf%22%29%3b");
Eval (code)
</SCRIPT>
Is it simple? Do not be happy, decryption is also the same simple, decryption code are put to others (Unescape ())! Oh
Second: The magical meaning of the escape character "\"
You may not be familiar with the escape character "\", but there are some special characters Furu for javascript: \ n (line break), \ r (enter), \ ' (single quotes) should be understood? In fact, "\" can also be followed by octal or hexadecimal digits, such as the character "a" can be expressed as: "\141" or "\x61" (note that the lowercase character "x"), as for double-byte characters Furu kanji "Black" can only be represented as "\u9ed1" (note that the lowercase character "u"), where the character "U" denotes a double-byte character, the example code can be expressed as:
The octal escape string is as follows:
<script language= "JavaScript" >
Eval ("\141\154\145\162\164\50\42\u9ed1\u5ba2\u9632\u7ebf\42\51\73")
</SCRIPT>
The hexadecimal escape string is as follows:
<script language= "JavaScript" >
Eval ("\x61\x6c\x65\x72\x74\x28\x22\u9ed1\u5ba2\u9632\u7ebf\x22\x29\x3b")
</SCRIPT>
This time there is no decoding function, because JavaScript executes itself, and the same decoding is simple as follows:
<script language= "JavaScript" >
Alert ("\x61\x6c\x65\x72\x74\x28\x22\u9ed1\u5ba2\u9632\u7ebf\x22\x29\x3b")
</SCRIPT>
Will pop up a dialog box to tell you the results of the decryption!
Third: Encode using script Encoder scripts encoder from Microsoft
The use of tools is not much introduction! I am using JavaScript directly to invoke control Scripting.encoder complete encoding! The code is as follows:
<script language= "JavaScript" >
var senc=new activexobject ("Scripting.encoder");
var code= ' <script language= "JavaScript" >\r\nalert ("Hacker Line of Defense");\r\n<\/script> ';
var encode=senc.encodescriptfile (". htm", code,0, "");
alert (Encode);
</SCRIPT>
The following results are encoded:
<script language= "Jscript.encode" >#@~^FGAAAA==@#@&LSDD ' J Hacker Defense line r#p@#@&fgmaaa==^#~@</script>
Ugly enough, you know? But the corresponding decryption tool has already come out, and even the decryption page has! Because of its decryption page code too much, I don't say pull! To introduce my original decryption code, as follows:
<script language= "Jscript.encode" >
function decode () {
#@~^fgaaaa==@#@&lsdd ' J Hacker Defense r#p@#@&fgmaaa==^#~@
}
Alert (decode.tostring ());
</SCRIPT>
How? Easy enough, huh? It is the principle is: After the code is run before IE will decode it first, if we first put the encrypted code into a custom function such as the above Decode (), and then the custom function decode call ToString () method, will be decoded code!
If you think that code language property is Jscript.encode, it's easy to see, then there's a method of almost unknown window object execscript (), whose prototype is:
Window.execscript (Sexpression, slanguage)
Parameters:
Sexpression: required option. String. The code to be executed.
Slanguage: required option. String. Specifies the language of the executed code. The default value is Microsoft JScript
When used, the front of the "window" can be omitted not to write!
With it we can run the coded JavaScript code well, as follows:
<script language= "JavaScript" >
Execscript ("#@~^fgaaaa==@#@&lsdd ' J Hacker Defense r#p@#@&fgmaaa==^#~@", "Jscript.encode")
</SCRIPT>
You can use the method two pair of "" "inside the string to encode again, make" Jscript.encode "and Code signature" #@~^ "does not appear, the effect will be better!
Four: Arbitrarily add nul null characters (hex 00H)
An accidental experiment led me to find any number of "null characters" added anywhere in an HTML Web page, IE will normally display the content, and the normal execution of the JavaScript code, and added "empty characters" we use the general editor to view, will show the shape such as space or black block, Make the original code difficult to understand, such as the use of Notepad to view the "empty character" will become "space", using this principle to encrypt the result is as follows: (which shows the "space" represents "null character")
<s c RI p t L ANG U A G E = "J a V a S C R I p T" >
A l ER t ("Hacker Line of Defense");
</SC R I P t>
How is it? Does it seem to be a mess? If people do not know the method is difficult to think of to remove the inside of the "empty character" (00H)!
Five: Useless content confusion and newline space tab DAFA
In JavaScript code we can add a lot of useless strings or numbers, and useless code and annotation content, etc., so that the real useful code buried in it, and the useful code can add line, space, tab place to add a lot of line, space, tab, and can be a normal string with "\ "To wrap, which makes the code difficult to read!" As I encrypt the following form:
<script language= "JavaScript" >
"Xajgxsadffgds"; 1234567890
625623216;var $=0;alert//@$%%&* () (& ^%^
CCTV function//
(//HHSAASAJX XC
/*
asjgdsgu*/
Black
\
Guest
Line of defense "//ASHJGFGF
/*
@#%$^&%$96667r45fggbhytjty
*/
Window
)
;" #@$#%@ #432hu "; 212351436
</SCRIPT>
At least if I see this code, I don't have the heart to analyze it.
VI: Self-write decryption function method
This method is similar to one or two, just write a function to decrypt the code, many VBS viruses use this method to encrypt themselves, to prevent signature scanning! Here's a simple cryptographic decryption function I wrote,
Encrypt the code as follows (detailed reference file "encrypted. htm"):
<script language= "JavaScript" >
function compile (code)
{
var c=string.fromcharcode (code.charcodeat (0) +code.length);
for (Var i=1;i<code.length;i++) {
C+=string.fromcharcode (Code.charcodeat (i) +code.charcodeat (i-1));
}
Alert (Escape (c));
}
Compile (' Alert ("The Hacker Line of Defense");
</SCRIPT>
Run to get the encryption result:
O%cd%d1%d7%e6%9cj%u9ef3%ufa73%uf1d4%u14f1%u7ee1kd
The following code is decrypted after the corresponding encryption:
<script language= "JavaScript" >
function Uncompile (code)
{
Code=unescape (code);
var c=string.fromcharcode (code.charcodeat (0)-code.length);
for (Var i=1;i<code.length;i++) {
C+=string.fromcharcode (Code.charcodeat (i)-c.charcodeat (i-1));
}
return C;
}
Eval (uncompile ("O%CD%D1%D7%E6%9CJ%U9EF3%UFA73%UF1D4%U14F1%U7EE1KD"));
</SCRIPT>
Vii. use of the wrong
Using Try{}catch (e) {} structure to test and decrypt the code, although the idea is very good (hehe, Kua), because the practicality is not big, I just give an example
<script language= "JavaScript" >
var a= ' alert ("Hacker line of Defense");
var c= "";
for (Var i=0;i<a.length;i++) {
C+=string.fromcharcode (A.charcodeat (i) ^61);}
alert (c);
The above is the encryption code, of course, if the real use of this method, will not write encryption on the
Now the variable c is the encrypted code.
The following function T () First assumes that the initial password is 0 and decrypts the execution,
If you encounter an error, add the password by 1, and then decrypt it until it runs correctly.
var d=c; Save the encrypted code
var b=0; Assuming the initial password is 0
T ();
function T () {
Try{eval (c);} catch (e) {
C= "";
for (Var i=0;i<d.length;i++) {
C+=string.fromcharcode (D.charcodeat (i) ^b);}
B+=1;
T ();
SetTimeout ("t ()", 0);
}
}
</SCRIPT>