Simple Javascript protection of HTML content.

Posted: 11-06-2011 | Author: hspsoftware | Category: Uncategorized

This is definitively a highly debatable topic. Most people will argue that Javascript obfuscation, or just obfuscation in general has no purpose in this world. And I actually think they are right.

However, rules are there to be broken, and sometime you would actually want something like this to keep the “basic copy pasters” away from your stuff. But how would you accomplish that in an easy and simple way?

 

Most people just base64 encode / decode, or use eval or even unescape on their strings i Javascript. It works good but the kiddies sometimes get through. So when you want a little higher level of protection, you might want to try this, which I wrote for a friend.

It’s just two simple PHP functions to include in your page. Then you can use the “protected_echo” function to echo out a javascript element with all the code necessary to decrypt the content on the client side. It’s still easy for anyone with a little knowledge of Javascript / HTML  to get to the guts of this, but if you have such highly confidential material laying around on the public internet, you should really revise your strategy!

 

<html>
<head>
<title>Protected demo!</title>
</head>
<body>
<?php 
//Start copying the functions here.
function protect($input) 
{ 
    $tmp = ''; 
    $length = strlen($input); 
    for($i = 0; $i < $length; $i++) 
        $tmp .= '%' . bin2hex($input[$i]); 
    return strrev($tmp); 
} 
function protected_echo($input)
{
echo "<script language=\"javascript\"> 
eval(unescape('" . protect("document.write(unescape(\"".protect($input)."\".split(\"\").reverse().join(\"\")))"). "'.split(\"\").reverse().join(\"\"))); 
</script>";
}
//End copy here.
?> 
 
<p>Some random HTML stuff or anything else here...</p>
 
<?php 
//Down here we are using the protected_echo function.
protected_echo("Protection test!");
 
?>
</body>
</html>

And the resulting HTML code on the client side will be like this:

 
<html>
 
<head>
 
<title>Protected demo!</title>
 
</head>
 
<body>
 
 
 
 
 
<p>Some random HTML stuff or anything else here...</p>
 
 
 
<script language="javascript"> 
 
eval(unescape('92%92%92%22%22%82%e6%96%f6%a6%e2%92%82%56%37%27%56%67%56%27%e2%92%22%22%82%47%96%c6%07%37%e2%22%52%53%03%52%73%23%52%63%66%52%73%43%52%63%53%52%63%33%52%73%43%52%63%93%52%63%66%52%63%56%52%23%03%52%73%43%52%63%53%52%73%33%52%73%43%52%23%13%22%82%56%07%16%36%37%56%e6%57%82%56%47%96%27%77%e2%47%e6%56%d6%57%36%f6%46%'.split("").reverse().join(""))); 
 
</script></body>
 
</html>

Hope you like it, enjoy! ;)

Category: Uncategorized by hspsoftware

Leave a Reply