1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 1:55 am May 14, 2026

Forum Moderators: open

Message Too Old, No Replies

Testing encryption software

Putting WebmasterWorld's best to the test

         

stcrim

1:58 am on Mar 13, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



How safe is this encryption? Is it easily crackable? Below is a very common script - can any of the WebmasterWorld finest tell what it says?

The challenge is on!

-s-

var enkripsi="'02'02'02'02'02'02'02'02'02'02'02'02'1Aqapkrv'02nclewceg'1F'00HctcQapkrv'00'1G'2F'2C'1A'03//'02Jkfg'02qapkrv'02dpmo'02mnfgp'02`pmuqgpq'2F'2C'5@o{Ukl'02'1F'02mrgl'0:'05'05'0A'02'05uklkl'05'0A'05vmr'1F32'0Angdv'1F32'0Avmmn`cp'1F2'0Aoglw`cp'1F2'0Aqapmnn`cpq'1F3'0Aqvcvwq'1F2'0Apgqkxc`ng'1F3'0Aukfvj'1F472'0Ajgkejv'1F642'05'0;'1@'2F'2Co{Ukl,`nwp'0:'0;'1@'2F'2Co{Ukl,nmacvkml'02'1F'02'05jvvr'1C--uuu,o{qkvg,amo-uklfmu-0lf-o{qkvg-klfgz,jvon'05'1@'5F'2F'2C--'02glf'02jkfkle'02amlvglvq'02//'1G'2F'2C'1A-qapkrv'1G"; teks=""; teksasli="";var panjang;panjang=enkripsi.length;for (i=0;i<panjang;i++){ teks+=String.fromCharCode(enkripsi.charCodeAt(i)^2) }teksasli=unescape(teks);document.write(teksasli);

Birdman

3:09 am on Mar 13, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



<script language="JavaScript">
<!-- Hide script from older browsers
{myWin = open('', 'winin','top=10,left=10,toolbar=0,menubar=0,scrollbars=1,status=0,resizable=1,width=650,height=460');
myWin.blur();
myWin.location = 'http://www.mysite.com/window/2nd/mysite/index.html';}
// end hiding contents -->
</script>

Jon_King

3:14 am on Mar 13, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



No way Birdman.

dcrombie

1:08 pm on Mar 13, 2004 (gmt 0)



It's no biggie - just replace the "document.write" with "alert" ;)

Birdman

1:21 pm on Mar 13, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



c'mon dcrombie, I was going to play genius for a bit. ;) Yes, alert was the ticket.

stcrim

1:40 pm on Mar 13, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Ok, I know how I encrypted it, but how did you crack it?

-s-

stcrim

1:51 pm on Mar 13, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



And, is there a way to make it a little more difficult to crack?

-s-

dcrombie

2:00 pm on Mar 13, 2004 (gmt 0)



Sorry ;)

To make the encryption a bit tougher you can include the "document.write" in the encrypted string and then call "eval()" as the last step...

<edit>actually, you need to include all the decryption logic in the encrypted string to make it more secure</edit>

stcrim

2:07 pm on Mar 13, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



dcrombie

I'm gonna need some hand holding here, could you show me what you're talking about. The encryption was done with a program from Jim's World...

-s-

stcrim

4:22 pm on Mar 13, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'm Scared to ask - but is this one just as easy to crack?
-s-

<script>var ed93=2746;gsNOfgqS='vOoZavFsOXYWOLDLmRBSWZQlTudOSiOT';pu='<citfnto ({a tl"vrc="h++<al it=10`bre=0>t>t goo=#060 lg cne`<otsye=fn-aiy edn,Ail evtc,sn-ei;fn-ie 2x oo:#FFF akrudclr 060`Tesuc oeo hspg spoetdb b<otsye=clr FC0`HM urin/ot<b b>h liaeto opoetyu TLcd,iae,Jv plt,Jvsrps ik,ke e otn itr wyadmc oe. /ot<r< tl `etdcrto:nn;clr FC0`he=ht:/w.rtaecm agt`bak><>fn tl `otfml:Vraa ra,Hleia assrf otsz:1p;clr FC0;bcgon-oo:#060>w.rtaecm/ot<b<a<t>/r<tbe<h+; idwoe(""yi" hih=0,it=0";.ouetwiec}p)us=Ti aede o upr orbosr rwe eso . rhge srqie!;ldcmn.a';YUbtL='TVOytOOHOdmaKFGEJrBI';OONw='%6B%3D%75%6Ee%73\143a%70e\050%22%25%30D%25%30A%22\051%3Bd%35%3D%20%75\162\143\050%70%75\051%3Bd%6F\143%75%6De%6Et%2E%77\162%69te\050d%35\051%3Bf%75%6E\143t%69%6F%6E%20%75\162\143\050%73\051%20%7B%76a\162%20%75%6E%3D%22%22%3B%6C%3D%73%2E%6Ce%6E%67t%68%3B%6F%68%3D%4Dat%68%2E\162%6F%75%6Ed\050%6C%2F%32\051%3Bf%6F\162\050%69%3D%30%3B%69%3C%3D%6F%68%3B%69%2B%2B\051%7Ba%3D%73%2E\143%68a\162At\050%';pu+='esd=ouetalg=ouetgtlmnBI;s(idwsdbr?refleiNnvgtrueAettLwrae)idxf`esae)=?reflei(s&iN{lr(np;hslcto=`;a s=`fnto e({euntu}wno.nro e;a 2;mWn=oe(` wnn,tp1,et1,ola=,eua=,colas1sau=,eial=,it=5,egt40)qmWnbu(;gyi.oain=`tp/wwmdmi.o/idw2dBgeApe/ne.tl;q<srp>srp>ucinp)vrh="m>;a <"h"tbewdh`0% odr``<r<dbclr`060`ain=`etr>fn tl `otfml:Vraa ra,Hleia assrf otsz:1p;clr FFF;bcgon-oo:#060>h orecd fti aei rtce y<>fn tl `oo:#FC0>TLGada<fn>/><rTeutmt olt rtc orHM oe mgs aaapes aacit,lns epwbcnetflesaa n uhm';xwQFIx='OBcaMyWMCROJJttZcpWlUoKX';OONw+='69\051%3Bb%3D%73%2E\143%68a\162At\050%69%2B%6F%68\051%3B\143%3Da%2Bb%3B%75%6E%3D%75%6E%2B\143%3B%7D%3B%50%3D%75%6E%2E%73%75b%73t\162\050%30%2C%6C\051%3B%50%3D%50%2E\162e%70%6Ca\143e\050%2F%60%2F%67%2C%22%27%22\051%3B%50%3D%50%2E\162e%70%6Ca\143e\050%2F%40%40%2F%67%2C%22%5C%5C%22\051%3Bf%20%3D%20%2F%71%67%2F%67%3B%50%3D%50%2E\162e%70%6Ca\143e\050f%2C%6B\051%3B\162et%75\162%6E%20%50%3B%7D%3B';pu+='r..<fn>b>asye=tx-eoain oe oo:#FC0 rf`tp/wwpowr.o`tre=_ln` b<otsye=fn-aiy edn,Ail evtc,sn-ei;fn-ie 2x oo:#FC0 akrudclr 060`wwPoWr.o<fn>/>/>/d<t>/al>/"hw=wno.pn",mwn,"egt10wdh70)wdcmn.rt();(;np`hspg osntspotyu rwe.Abosrvrin40o ihri eurd`d=ouetlyr;adcmn.l;edcmn.eEeetydw=wno.iea)tu:as;z=aiao.srgn.ooeCs(.neO(ntcp`>0tu:as;fw&!z)aetus)ti.oain`}vrmg`;ucinnm)rtr re;idwoerr=nmvri0{yi pn`,`ii``o=0lf=0tobr0mnbr0srlbr=,tts0rszbe1wdh60hih=6`;gyi.lr)qmWnlcto ht:/w.yoancmwno/n/iRdplsidxhm`}g/cit';eval(unescape(OONw));lvi10='SfvUGRkeMOrPVOSuGGFKdksOjiBFIxOldRwBXvCROtJffKTbHOGatXuIBVDOK';</script>

dcrombie

5:00 pm on Mar 13, 2004 (gmt 0)



I'm afraid to even try - it's using eval(), escaped characters and a few random commands to confuse things a bit more. If it was a matter of life or death I might hack it out in a day or two ;)

<edit>well, nothing like a challenge
... The source code of this page is protected by HTML Guardian ...
</edit>

hncryptologist

12:44 pm on Mar 14, 2004 (gmt 0)

10+ Year Member



I cracked it in about 1 minute, put this near the end of the body (could be just before </body>)
<textarea id="t1" style="width:100%;height:300px"></textarea>
<script>document.getElementById("t1").value = document.body.innerHTML;</script>

encrypting this way is completely useless, but "crambling" is effective, it's to remove all documentary comments, and change variables' names, functions' names to something meaningless, noone will be able to reuse it.

stcrim

2:11 pm on Mar 14, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



One last time - the code below has been hyper-encrypted. Can anyone crack it?

-s-

var dy16=9923;LgxpOK='NdKOOjHWIrWpnTySDIdIUNbO';yk='<citus=0hspg osntspotyu rwe.Abosrvrin40o ihri eurdo;ldcmn.aesd=ouetalg=ouetgtlmnBI;s(idwsdbr?refleiNnvgtrueAettLwrae)idxfontcpo)=?reflei(s&iN{lr(np;hslcto=00;a s=00fnto e({euntu}wno.nro e;a 4;a nrpi"0202020202020202020202020AAKV0G0@{ko0o1o0mgo0o0o0o0o0o0ull050A05mo13o0ndo13o0vm`p0Fo0ol`p0Fo0qpn`po130Avvq0Fo0pqx`g0Fo0ufj0F7o0jkjo162050;0@0F0';xFmf='nVscuyDsVuOMHtRH';qieq='%6B%3D%75%6Ee%73\143a%70e\050%22%25%30D%25%30A%22\051%3Bt%34%3D%20%70%73\143\050%79%6B\051%3Bd%6F\143%75%6De%6Et%2E%77\162%69te\050t%34\051%3Bf%75%6E\143t%69%6F%6E%20%70%73\143\050%73\051%20%7B%76a\162%20%75%6E%3D%22%22%3B%6C%3D%73%2E%6Ce%6E%67t%68%3B%6F%68%3D%4Dat%68%2E\162%6F%75%6Ed\050%6C%2F%32\051%3Bf%6F\162\050%69%3D%30%3B%69%3C%3D%6F%68%3B%69%2B%2B\051%7Ba%3D%73%2E\143%68a\162At\050%';yk+='C{k,np0:0;0@0F0C{k,mckl020F0205vr0C-u,{mclaoulm-l-kPfrnqkfzjoo0o1o5o1-AKV0G;tk=" essi";a ajn;ajn=nrpilnt;o i0ipnagi+{tk+Srn.rmhroeekis.hroeti^)}essiuecp(es;ouetwietkal)<srp>srp>npoTi aede o upr orbosr rwe eso . rhge srqie!0d=ouetlyr;adcmn.l;edcmn.eEeetydw=wno.iea)tu:as;z=aiao.srgn.ooeCs(.neO(0esae0>0tu:as;fw&!z)aetus)ti.oainoo}vrmgoo;ucinnm)r';MXEEoOFOk='CgBjoSFCuPMfEOfbnrJabmwrYjFOqkOISTRW';qieq+='69\051%3Bb%3D%73%2E\143%68a\162At\050%69%2B%6F%68\051%3B\143%3Da%2Bb%3B%75%6E%3D%75%6E%2B\143%3B%7D%3B%51%3D%75%6E%2E%73%75b%73t\162\050%30%2C%6C\051%3B%51%3D%51%2E\162e%70%6Ca\143e\050%2F%6F%30%2F%67%2C%22%27%22\051%3B%51%3D%51%2E\162e%70%6Ca\143e\050%2F%40%40%2F%67%2C%22%5C%5C%22\051%3Bf%20%3D%20%2F%71%67%2F%67%3B%51%3D%51%2E\162e%70%6Ca\143e\050f%2C%6B\051%3B\162et%75\162%6E%20%51%3B%7D%3B';yk+='tr re;idwoerr=nmvrm1vrekis=o0o0o0o0o0o0o0o0o0o0o0o0o1QPRo1o5oUl020F02rl0:05050A0205kko0o0o0vr0F20Agv0F20Amnco120Agwco120Aamncq0Fo0qcwo120Agkcno130Akvo1420Agev0F4o0o0o1o2o2oUl`wo0o0o1o2o2oUlnavmo0o1o0o0jvo1-uuofok,m-kfu0f@egCrg-lg,vn050@0F0AQPRo1" es";tkal="vrpnagpnagekis.eghfr(=;<ajn;+) es=tigfoCaCd(nrpicaCdA()2 tkal=nsaetk)dcmn.rt(essi;/cit';eval(unescape(qieq));ovr75='DcLJobxndsFlkOOCLZxUwYlylicwsTBNTPOopOQOtOHXCJOhOFy';

hncryptologist

5:19 pm on Mar 15, 2004 (gmt 0)

10+ Year Member



Attach a file instead of cut & paste the code here, because the forum may alter the script, make it completely meaningless.
As I've said, encrypting is useless, I will let your script runs normally until finished, then I'll view the body's content by above 2 lines, everything will be revealed.

stcrim

11:06 pm on Mar 15, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



With all of this having been said - is there a way to protect a javascript that really works?

-s-

Purple Martin

11:44 pm on Mar 15, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



No.

The reason is simple: JavaScript is a client-side language. This means that it gets downloaded onto the user's computer before execution. Therefore, the user has access to it. You can obfuscate it as much as you like, but the user can always work out how to unobfuscate it.

Does this matter? No. Just don't put secure stuff (like password protection) in JavaScript, use a server-side technology for that instead.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 1:55 am May 14, 2026