Seven types of encryption and decryption in HTML

Comments: 1: The simplest encryption and decryption 2: The Amazing use of the Escape Character "3: using the Script Encoder produced by Microsoft to encode (self-developed simple decoding) 4: arbitrary add NUL null characters (hexadecimal 00 H) (self-created) 5: useless content chaos and line feed space TAB Method 6: Self-write decryption 1: Simplest encryption and decryption
Ii. Amazing use of the Escape Character ""
3. Use the Script Encoder produced by Microsoft for encoding (simple decoding)
4. Add any NUL null characters (hexadecimal 00 H) (self-created)
5. Useless content and line feed space TAB Method
Vi. Self-write decryption Function Method
7. Misuse (self-developed)
During webpage creation (in fact, webpage Trojans), the most annoying thing is that the JAVASCRIPT code running on IE, a client that has worked hard, is often easily copied by others, it's a bit difficult for you to know that you're tired of writing something ...... ^ * ^ but we should also be aware that because JAVASCRIPT code is interpreted and executed in IE, it is impossible to keep it confidential, what we need to do is to increase the difficulty of the copy operator's copy as much as possible, so that he can leave it easily (hopefully ~! ~), Next, I will discuss the encryption and decryption technology of JAVASCRIPT code on the webpage based on my practice over the past few years and my personal research experience. The following JAVASCRIPT code is used as an example: <script language = "JavaScript">
Alert ("hacker line ");
</SCRIPT>
I. The simplest encryption and decryption: You must have a good understanding of the JAVASCRIPT Functions escape () and unescape () (many web page encryption uses them), which are encoding and decoding strings, for example, the example code is encrypted using the escape () function and then changed to the following format: alert ("% u9ED1 % u5BA2 % u9632 % u7EBF"); how? Do you still understand? Of course, the ASCII character "alert" is not encrypted. If you want to, you can write JAVASCRIPT code to re-encrypt it as follows: alert ("% u9ED1 % u5BA2 % u9632 % u7EBF"); haha! How? This time it is completely encrypted! Of course, the encrypted code cannot be run directly. Fortunately, eval (codeString) is available. This function is used to check and execute JavaScript code, the required codeString parameter is a string value that contains valid JavaScript code, and the preceding decoding unescape () is added. The encrypted result is as follows: <script language = "JavaScript">
Var code = unescape ("alert (" % u9ED1 % u5BA2 % u9632 % u7EBF ");");
Eval (code)
</SCRIPT> isn't it easy? Don't be happy. decryption is as simple as it is. The decryption code is put to others (unescape ())! Haha 2: the use of the Escape Character "" may be unfamiliar with the Escape Character "", but some special characters such as n (line feed) and r (carriage return) are provided for JavaScript) and '(single quotes) Should I know something about it? In fact, "" can be followed by octal or hexadecimal numbers. For example, the character "a" can be expressed: "141" or "x61" (note the lowercase character "x "), for double-byte characters such as the Chinese character "", it can only be expressed as "u9ED1" in hexadecimal notation (note that it is a lowercase character "u "), the character "u" indicates a dubyte character. According to this example, the code can be expressed as follows:
<Script language = "JavaScript">
Eval ("1411541451621610942u9ed1u5ba2u9632u7ebf424173 ")
</SCRIPT> The hexadecimal escape string is as follows:
<Script language = "JavaScript">
Eval ("x61x6Cx65x72x74x28x22u9ED1u5BA2u9632u7EBFx22x29x3B ")
</SCRIPT> the decoding function is unavailable this time, because JavaScript will be converted during execution. The decoding is also very simple as follows: <script language = "JavaScript">
Alert ("x61x6Cx65x72x74x28x22u9ED1u5BA2u9632u7EBFx22x29x3B ")
</SCRIPT> the decrypted result is displayed! Iii. Use the Script Encoder produced by Microsoft to use the encoding tool! I used JavaScript to call the Scripting. Encoder code of the control! The Code is as follows: <script language = "JavaScript">
Var Senc = new ActiveXObject ("Scripting. Encoder ");
Var code = '<script language = "JavaScript"> rnalert (""); rn </SCRIPT> ';
Var Encode = Senc. EncodeScriptFile (". htm", code, 0 ,"");
Alert (Encode );
</SCRIPT> the encoded result is as follows:
<Script language = "JScript. Encode"> #@~ ^ FgAAAA ==##@ & ls dd' J r # p #@ & FgMAAA == #~ @ </SCRIPT>
Ugly enough, right? However, the corresponding decryption tools have already been released, and even the decrypted webpages are available! I will not talk about it because it decrypts too much Web Page code! The original decryption code is as follows: <script language = "JScript. Encode">
Function decode ()
Alert (decode. toString ());
</SCRIPT> what is it like? Is it simple enough? The principle is that IE will first decode the encoded code before it runs. If we put the encrypted code into a user-defined function such as decode, call the toString () method for the decode of the custom function to obtain the decoded code! If you think the LANGUAGE attribute of the Code obtained through this encoding is JScript. encode, which is easy to recognize. There is also an almost unknown window object method execScript (). Its prototype is: window.exe cScript (sExpression, sLanguage) parameter:
SExpression: required. String ). Code to be executed.
SLanguage: required. String ). Specifies the language of the code to be executed. When the default value is Microsoft JScript, the previous "window" can be omitted without writing! Using this code, we can run the encoded JavaScript code as follows: <script language = "JavaScript">
ExecScript ("#@~ ^ FgAAAA ==##@ & ls dd' J r # p #@ & FgMAAA == #~ @ "," JScript. Encode ")
</SCRIPT> you can use method 2 to Encode the strings in "" To enable "JScript. Encode" and encoding pattern "#@~ ^ "No, the effect will be better! 4. Add any NUL null characters (hexadecimal 00 H) in an accidental experiment, so that I can add any number of "null characters" at any position on the HTML webpage ", IE will display the content normally and execute the JavaScript code normally. When we add the "null character, it is displayed as a space or a black block, making the original code difficult to understand. If you use NotePad to view it, the "Empty character" will become "space ", the encryption result is as follows: (the "space" displayed indicates "null character ") <s c ri p t l ang u a g e = "J a v a S c r I p t"> a l er t (" ");

</SC r I P T>
　　
How? Is it messy? If you do not know the method, it is difficult to remove the "null character" (00 H! 5. Useless content disorder and line feed space TAB methods in JAVASCRIPT code we can add a lot of useless strings or numbers, as well as useless code and comments, so that the real useful code is not buried in it, and add a lot of line breaks, spaces, and tabs to the areas where the useful code can be added, spaces, and tabs, you can use "" to wrap a normal string, which makes the code hard to understand! For example, the encrypted format is as follows: <script language = "JavaScript">
"Xajgxsadffgds"; 1234567890
625623216; var $ = 0; alert // @ $ % & * () (& (^ % ^
// Cctv function //
(// Hhsaasajx xc
/*
Asjgdsgu */
"Hacker
Defense Line "// ashjgfgf
/*
@ # % $ ^ & % $ 96667r45fggbhytjty
*/
// Window
)
; "# @ $ # % @ # 432hu"; 212351436
</SCRIPT> at least if I see such a code, I will not try to analyze it. Where are you? 6. Self-write decryption Function Method: This method is similar to the method of self-write decryption. It only writes a function to decrypt the code. Many VBS viruses use this method to encrypt themselves, to prevent pattern scanning! The following is a simple encryption and decryption function I wrote. the encryption code is as follows (see file "encryption .htm" for details "):
<Script language = "JavaScript">
Function compile (code)
{
Var c = String. fromCharCode (code. charCodeAt (0) code. length );
For (var I = 1; I <code. length; I ){
C = String. fromCharCode (code. charCodeAt (I) code. charCodeAt (I-1 ));
}
Alert (escape (c ));
}
Compile ('alert ("hacker line ");')
</SCRIPT> the encrypted result obtained by running the SCRIPT is: o %u9ef3% uFA73 % uF1D4 % u14F1 % u7EE1Kd. the decrypted code is as follows: <script language = "JavaScript">
Function uncompile (code)
{
Code = unescape (code );
Var c = String. fromCharCode (code. charCodeAt (0)-code. length );
For (var I = 1; I <code. length; I ){
C = String. fromCharCode (code. charCodeAt (I)-c. charCodeAt (I-1 ));
}
Return c;
}
Eval (uncompile ("o % u9EF3 % uFA73 % uF1D4 % u14F1 % u7EE1Kd "));
</SCRIPT> 7: Use the try {} catch (e) {} structure to test and decrypt the code. Although this idea is good (haha, boast of yourself ), because it is not practical, I will only give an example <SCRIPT LANGUAGE = "JavaScript"> var a = 'alert (" ");';
Var c = "";
For (var I = 0; I <a. length; I ){
C = String. fromCharCode (. charCodeAt (I) ^ 61);} alert (c); // The above is the encryption code. Of course, if you actually use this method, the encryption will not be written
// The current variable c is the encrypted code // The following function t () First assumes that the initial password is 0 and the decryption is executed,
// If an error occurs, add the password to 1 and then decrypt it until var d = c is correctly run. // Save the encrypted code.
Var B = 0; // assume that the initial password is 0.
T (); function t () catch (e ){
C = "";
For (var I = 0; I <d. length; I ){
C = String. fromCharCode (d. charCodeAt (I) ^ B );}
B = 1;
T ();
// SetTimeout ("t ()", 0 );
}
}
</SCRIPT>