Summary and Analysis of 7 Methods for JavaScript Encryption and Decryption_Hacker Nature

This article introduces a total of seven JavaScript encryption methods:

When making web pages (actually web Trojans haha), the most annoying thing is that the JavaScript code that I have worked hard to write and run on the client IE is often used. It really makes me feel a little uncomfortable when others copy easily. You have to know that it is quite tiring to write something by yourself... ^*^

But we should also clearly realize that because of javascript code It is explained and implemented in IE. It is impossible to maintain absolute confidentiality. What we have to do is to increase the difficulty of copying as much as possible so that he can retreat (hopefully~!~). I will combine it below Based on my own practice over the past few years and my personal research experience, I will discuss with you the encryption and decryption technology of JavaScript code in web pages.

Take the following encrypted javascript code as an example:




1: The simplest encryption and decryption

Everyone is familiar with the javascript function escape() You must be familiar with unescape() (many web pages use them for encryption). They are encoding and decoding strings respectively. For example, the example code is encrypted with the escape() function and becomes the following format:

alert(" %u9ED1%u5BA2%u9632%u7EBF");

How? Do you still understand? Of course, the ASCII character "alert" is not encrypted. If you like, we can write some javascript code to re-encrypt it as follows:

alert("%u9ED1%u5BA2%u9632%u7EBF");

Haha! how? This time it is completely encrypted!

Of course, the encrypted code cannot be run directly. Fortunately, eval(codeString) is available. The function of this function is to check the javascript code and execute it. The required codeString parameter is a character containing a valid javascript code. String value, plus the decoding unescape() above, the encrypted result is as follows:



Isn’t it very simple? Don't be happy, decryption is just as simple, and the decryption code is left to others (unescape())! Haha

2: The wonderful use of the escape character ""

You may not be familiar with the escape character "", but JavaScript provides some special characters such as: n (line break), r (Enter), ' (single quote), etc. You should be familiar with them, right? In fact, "" can also be followed by octal or hexadecimal numbers. For example, the character "a" can be expressed as: "141" or "x61" (note that it is the lowercase character "x"). As for double-byte characters such as Chinese characters "Black" can only be expressed in hexadecimal as "u9ED1" (note the lowercase character "u"), where the character "u" represents a double-byte character. According to this principle, the example code can be expressed as:

The octal escape string is as follows:




The hexadecimal escape string is as follows:




There is no decoding function this time, because JavaScript will convert itself when executed. The decoding is also very simple as follows:




A dialog box will pop up to tell you the decrypted result!

Three: Use the script encoder Script Encoder produced by Microsoft for encoding

I won’t introduce much about the use of the tool! I directly used javascript to call the control Scripting.Encoder to complete the encoding! The code is as follows:

';
var Encode=Senc.EncodeScriptFile(".htm",code,0,"");
alert(Encode);



The encoded result is as follows:




It’s ugly enough to understand, right? But the corresponding decryption tools have already been released, and there are even decryption web pages! Because there are too many codes to decrypt the web page, I won’t say more! Let me introduce to you my original decryption code, as follows:




How about it? Simple enough, right? The principle is: IE will decode the encoded code before running it. If we first put the encrypted code into a custom function such as decode() above, and then call toString() on the custom function decode method, the result will be the decoded code!

If you think that the LANGUAGE attribute of the code encoded in this way is JScript.Encode, which is easy for people to see through, then there is also an almost unknown method execScript() of the window object, whose original form is: <script> <BR>alert("《我爱一起》"); <BR></script><script> <BR>var code=unescape("%61%6C%65%72%74%28%22%u9ED1%u5BA2%u9632%u7EBF%22%29%3B"); <BR>eval(code) <BR></script> window.execScript( sExpression, sLanguage ) <script> <BR>eval("1411541451621645042u9ED1u5BA2u9632u7EBF425173") <BR></script><script> <BR>eval("x61x6Cx65x72x74x28x22u9ED1u5BA2u9632u7EBFx22x29x3B") <BR></script> Parameters: <script> <BR>alert("x61x6Cx65x72x74x28x22u9ED1u5BA2u9632u7EBFx22x29x3B") <BR></script><script> <BR>var Senc=new ActiveXObject("Scripting.Encoder"); <BR>var code='<SCRIPT LANGUAGE="javascript">rnalert("《我爱一起》");rn</script>sExpression: Required. String. The code to be executed. <script>#@~^FgAAAA==@#@&lsDD`J黑客防线r#p@#@&FgMAAA==^#~@</script><script> <BR>function decode() <BR>alert(decode.toString()); <BR></script>sLanguage　: Required. String. Specifies the language of the code being executed.默认值为 Microsoft JScript

使用时，前面的"window"可以省略不写！

　　利用它我们可以很好的运行编码后的javascript代码，如下：

<script> <BR>execScript("#@~^FgAAAA==@#@&lsDD`J我爱一起r#p@#@&FgMAAA==^#~@","JScript.Encode") <BR></script>

　　你可以利用方法二对其中的""号内的字符串再进行编码，使得"JScript.Encode"以及编码特征码"#@~^"不出现，效果会更好！

　　四：任意添加NUL空字符（十六进制00H）

　　一次偶然的实验，使我发现在HTML网页中任意位置添加任意个数的"空字符"，IE照样会正常显示其中的内容，并正常执行其中的javascript 代码，而添加的"空字符"我们在用一般的编辑器查看时，会显示形如空格或黑块，使得原码很难看懂，如用记事本查看则"空字符"会变成"空格"，利用这个原理加密结果如下：（其中显示的"空格"代表"空字符"）

 
a l er t (" 我 爱 一 起") ; 


　　如何？是不是显得乱七八糟的？如果不知道方法的人很难想到要去掉里面的"空字符"（00H）的！

　　五：无用内容混乱以及换行空格TAB大法

　　在javascript代码中我们可以加入大量的无用字符串或数字，以及无用代码和注释内容等等，使真正的有用代码埋没在其中，并把有用的代码中能加入换行、空格、TAB的地方加入大量换行、空格、TAB，并可以把正常的字符串用""来进行换行，这样就会使得代码难以看懂！如我加密后的形式如下：

<script> <BR>"xajgxsadffgds";1234567890 <BR>625623216;var $=0;alert//@$%%&*()(&(^%^ <BR>//cctv function// <BR>(//hhsaasajx xc <BR>/* <BR>asjgdsgu*/ <BR>"我爱一起"//ashjgfgf <BR>/* <BR>@#%$^&%$96667r45fggbhytjty <BR>*/ <BR>//window <BR>) <BR>;"#@$#%@#432hu";212351436 <BR></script>

　　至少如果我看到这样的代码是不会有心思去分析它的，你哪？

　　六：自写解密函数法

　　这个方法和一、二差不多，只不过是自己写个函数对代码进行解密，很多VBS病毒使用这种方法对自身进行加密，来防止特征码扫描！下面是我写的一个简单的加密解密函数，加密代码如下（详细参照文件"加密.htm"）：

<script> <BR>function compile(code) <BR>{ <BR>var c=String.fromCharCode(code.charCodeAt(0)+code.length); <BR>for(var i=1;i<code.length;i++) <BR>alert(escape(c)); <BR>} <BR>compile('alert("《我爱一起》");') <BR></script>

　　运行得到加密结果为：

o%CD%D1%D7%E6%9CJ%u9EF3%uFA73%uF1D4%u14F1%u7EE1Kd

　　相应的加密后解密的代码如下：

<script> <BR>function uncompile(code) <BR>{ <BR>code=unescape(code); <BR>var c=String.fromCharCode(code.charCodeAt(0)-code.length); <BR>for(var i=1;i<code.length;i++) <BR>return c; <BR>} <BR>eval(uncompile("o%CD%D1%D7%E6%9CJ%u9EF3%uFA73%uF1D4%u14F1%u7EE1Kd")); <BR></script>

　　七：错误的利用

　　利用try{}catch(e){}结构对代码进行测试解密，虽然这个想法很好（呵呵，夸夸自己），因为实用性不大，我仅给个例子

<script> <BR>var a='alert("《我爱一起》");'; <BR>var c=""; <BR>for(var i=0;i<a.length;i++) <BR>alert(c); <BR>//上面的是加密代码，当然如果真正使用这个方法时，不会把加密写上的 <BR>//现在变量c就是加密后的代码 <BR>//下面的函数t()先假设初始密码为０，解密执行， <BR>//遇到错误则把密码加１，然后接着解密执行，直到正确运行 <BR>var d=c; //保存加密后的代码 <BR>var b=0; //假定初始密码为0 <BR>t(); <BR>function t()catch(e){ <BR>c=""; <BR>for(var i=0;i<d.length;i++) <BR>b+=1; <BR>t(); <BR>//setTimeout("t()",0); <BR>} <BR>} <BR></script>