During webpage creation (in fact, webpage Trojans), the most annoying thing is that the JAVASCRIPT code running on IE, a client that has worked hard, is often easily copied by others, it's a bit difficult for you to know that you're tired of writing something ...... ^ * ^
However, we should also be aware that because JAVASCRIPT code is interpreted and executed in IE, it is impossible to keep it confidential. What we need to do is to increase the difficulty of copying by the publisher as much as possible, let him know how to leave (hopefully ~! ~), Next, I will discuss the encryption and decryption technology of JAVASCRIPT code on the webpage based on my practice over the past few years and my personal research experience.
The following JAVASCRIPT code is encrypted as an example:
<Script language = "JavaScript">
Alert ("hacker line ");
</SCRIPT>
I. Simplest encryption and decryption
You must have a good understanding of the JAVASCRIPT Functions escape () and unescape () (many web pages use them for encryption), namely encoding and decoding strings. For example, the example code uses escape () the function is encrypted in the following format:
Alert % 28% 22% u9ED1 % u5BA2 % u9632 % u7EBF % 22% 29% 3B
How? Do you still understand? Of course, the ASCII character "alert" is not encrypted. If you want to, you can write JAVASCRIPT code to re-encrypt it as follows:
% 61% 6C % 65% 72% 74% 28% u9ED1 % u5BA2 % u9632 % u7EBF % 22% 3B
Haha! How? This time it is completely encrypted!
Of course, the encrypted code cannot be run directly. Fortunately, eval (codeString) is available. This function is used to check and execute JavaScript code, the required codeString parameter is a string value that contains valid JavaScript code, and the preceding decoding unescape () is added. The encrypted result is as follows:
<Script language = "JavaScript">
Var code = unescape ("% 61% 6C % 65% 72% 74% 28% 22% u9ED1 % u5BA2 % u9632 % u7EBF % 22% 3B ");
Eval (code)
</SCRIPT>
Is it easy? Don't be happy. decryption is as simple as it is. The decryption code is put to others (unescape ())! Haha
Ii. Amazing use of the Escape Character ""
You may not be familiar with the Escape Character "", but some special characters such as n (line feed), r (carriage return), and '(single quotes) are provided for JavaScript) should I know something about it? In fact, "" can be followed by octal or hexadecimal numbers. For example, the character "a" can be expressed: "141" or "x61" (note the lowercase character "x "), for double-byte characters such as the Chinese character "", it can only be expressed as "u9ED1" in hexadecimal notation (note that it is a lowercase character "u "), the character "u" indicates a dubyte character. According to this example, the code can be expressed:
The octal escape string is as follows:
<Script language = "JavaScript">
Eval ("1411541451621610942u9ed1u5ba2u9632u7ebf424173 ")
</SCRIPT>
The hexadecimal escape string is as follows:
<Script language = "JavaScript">
Eval ("x61x6Cx65x72x74x28x22u9ED1u5BA2u9632u7EBFx22x29x3B ")
</SCRIPT>
There is no decoding function this time, because JavaScript will convert itself during execution. The decoding is also very simple as follows:
<Script language = "JavaScript">
Alert ("x61x6Cx65x72x74x28x22u9ED1u5BA2u9632u7EBFx22x29x3B ")
</SCRIPT>
The displayed dialog box shows the decrypted result!
Iii. coding using the Script Encoder produced by Microsoft
The use of the tool is not described much! I used JavaScript to call the Scripting. Encoder code of the control! The Code is as follows:
<Script language = "JavaScript">
Var Senc = new ActiveXObject ("Scripting. Encoder ");
Var code = '<script language = "JavaScript"> rnalert (""); rn </SCRIPT> ';
Var Encode = Senc. EncodeScriptFile (". htm", code, 0 ,"");
Alert (Encode );
</SCRIPT>
The encoded result is as follows:
<Script language = "JScript. Encode"> #@~ ^ FgAAAA ==##@ & ls dd' J r # p #@ & FgMAAA == #~ @ </SCRIPT>
Ugly enough, right? However, the corresponding decryption tools have already been released, and even the decrypted webpages are available! I will not talk about it because it decrypts too much Web Page code! The original decryption code is as follows:
<Script language = "JScript. Encode">
Function decode ()
Alert (decode. toString ());
</SCRIPT>
What? Is it simple enough? The principle is that IE will first decode the encoded code before it runs. If we put the encrypted code into a user-defined function such as decode, call the toString () method for the decode of the custom function to obtain the decoded code!
If you think that the LANGUAGE attribute of the Code obtained through this encoding is JScript. Encode, which is easy to recognize, there is also an almost unknown method of window object execScript (). Its prototype is:
Window.exe cScript (sExpression, sLanguage)
Parameters:
SExpression: required. String ). Code to be executed.
SLanguage: required. String ). Specifies the language of the code to be executed. The default value is Microsoft JScript.
In use, the previous "window" can be omitted without writing!
Using this code, we can run the encoded JavaScript code as follows:
<Script language = "JavaScript">
ExecScript ("#@~ ^ FgAAAA ==##@ & ls dd' J r # p #@ & FgMAAA == #~ @ "," JScript. Encode ")
</SCRIPT>
You can use method 2 to Encode the strings in "" so that "JScript. Encode" and encoding signature code "#@~ ^ "No, the effect will be better!
4. Add any NUL null characters (hexadecimal 00 H)
In an accidental experiment, I found that when I add any number of "null characters" to any location on the HTML webpage, IE will normally display the content and execute the JavaScript code normally, when we use a General Editor to view the added "null character", it will display a space or Black Block, making the original code hard to understand, if you use NotePad to view the information, the "null character" will become "space". The encrypted result is as follows: (the "space" displayed indicates "null character ")
<S c ri p t l ang u a g e = "J a v a S c r I p t">
A l er t (" ");
</SC r I P T>
How? Is it messy? If you do not know the method, it is difficult to remove the "null character" (00 H!
V. Useless content and line feed space TAB ****
In JAVASCRIPT code, we can add a large number of useless strings or numbers, as well as useless code and comments, so that the real useful code is not buried in it, add a large number of line breaks, spaces, and tabs in the useful code, and use "" to wrap a normal string, this will make the code hard to understand! The encrypted form is as follows:
<Script language = "JavaScript">
"Xajgxsadffgds"; 1234567890
625623216; var $ = 0; alert // @ $ % & * () (& (^ % ^
// Cctv function //
(// Hhsaasajx xc
/*
Asjgdsgu */
"Black
Customer
Defense Line "// ashjgfgf
/*
@ # % $ ^ & % $ 96667r45fggbhytjty
*/
// Window
)
; "# @ $ # % @ # 432hu"; 212351436
</SCRIPT>
At least if I see such a code, I will not try to analyze it. Where are you?
Vi. Self-write decryption Function Method
This method is similar to the one in version 2. It only writes a function to decrypt the code. Many VBS viruses use this method to encrypt themselves to prevent scanning of signatures! The following is a simple encryption and decryption function I wrote,
The encryption code is as follows (For details, refer to the file "encryption .htm "):
<Script language = "JavaScript">
Function compile (code)
{
Var c = String. fromCharCode (code. charCodeAt (0) + code. length );
For (var I = 1; I <code. length; I ++ ){
C + = String. fromCharCode (code. charCodeAt (I) + code. charCodeAt (I-1 ));
}
Alert (escape (c ));
}
Compile ('alert ("hacker line ");')
</SCRIPT>
The encrypted result is: o % CD % D1 % D7 % E6 % 9CJ % u9EF3 % uFA73 % uF1D4 % u14F1 % u7EE1Kd.
The encrypted and decrypted code is as follows:
<Script language = "JavaScript">
Function uncompile (code)
{
Code = unescape (code );
Var c = String. fromCharCode (code. charCodeAt (0)-code. length );
For (var I = 1; I <code. length; I ++ ){
C + = String. fromCharCode (code. charCodeAt (I)-c. charCodeAt (I-1 ));
}
Return c;
}
Eval (uncompile ("o % CD % D1 % D7 % E6 % 9CJ % u9EF3 % uFA73 % uF1D4 % u14F1 % u7EE1Kd "));
</SCRIPT>
7. Misuse
Use the try {} catch (e) {} structure to test and decrypt the code. Although this idea is good (haha, boast of yourself), I only give an example because it is not practical.
<Script language = "JavaScript">
Var a = 'alert ("hacker line ");';
Var c = "";
For (var I = 0; I <a. length; I ++ ){
C ++ = String. fromCharCode (a. charCodeAt (I) ^ 61 );}
Alert (c );
// The above is the encryption code. Of course, if you actually use this method, the encryption will not be written
// Now the variable c is the encrypted code
// The following function t () First assumes that the initial password is 0 and is decrypted and executed,
// If an error occurs, add the password to 1 and then decrypt it until it runs correctly.
Var d = c; // Save the encrypted code
Var B = 0; // assume that the initial password is 0.
T ();
Function t () catch (e ){
C = "";
For (var I = 0; I <d. length; I ++ ){
C ++ = String. fromCharCode (d. charCodeAt (I) ^ B );}
B + = 1;
T ();
// SetTimeout ("t ()", 0 );
}
}
</SCRIPT>
From http://www.httpflash.com/blog/post/72.html thanks to the author: Wind