I'm not familiar with the specific software you mention, but if it is anything like Mike Chen's "WebLockerPro" it's not worth the money.

I'm no "cracker" or even a javascript expert, I just know enough to get the job done, and within (literally) 5-10 minutes I had a function outlined to unlock the WebLocker home page and reveal the full source--client side scripting, image locations, the whole kit'n'kaboodle. Within another 5 minutes I had a demo page set up to unlock arbitrary WebLocker'd pages. (I should probably also mention that I haven't taken a thing from any of the pages I've unlocked; the point was to prevent others from throwing away $50 and to alert the page owners to the fact that their pages were not as safe as they thought they were).

With code obfuscation, it seems that the problem always comes back to this:

Whatever method of code obfuscation is being used, it has to be undone at load-time in order for the user to receive the content. Thus, in most cases, anyone with a halfway decent grasp of javascript simply has to unescape the escaped functions, use them to find the unlocking function, (possibly) find the unlock key, and from there it is just a matter of applying them, which is the easiest part.

For simple event capturing with no code obfuscation, it is even easier. For example, this will negate all of the protection in DrDoc's example on the page you cited; just enter it in the URL bar and presto-chango, everything will work again, just like on an 'unprotected' page.

javascript:(function() { try { window.releaseEvents(Event.MOUSEDOWN); window.onmousedown=""; window.onselectstart=""; document.onmousedown=""; document.onkeydown=""; document.oncontextmenu=""; document.onselectstart=""; } catch(e){} })();

In my experience the only way to truely make sure your source is safe is to load up the old FTP client, log on to your host's upload server, and then delete every file you see. Id est, not to put it online in the first place.

My two cents.

Shelumi`El
Jordan

S.D.G