i was checking if it is possible to actually encrypt html code or not. I found a place where they encrypt the HTML code in Javascript. I wonder how does it work or in what format can anyone please tell me ??
Actual code
<!DOCTYPE html> <html> <body> <p>This is going to be encrypted.</p> </body> </html>
The encrypted HTML CODE
<html> <head> </head> <body> <script type="text/javascript"> <!-- eval(unescape('%66%75%6e%63%74%69%6f%6e%20%69%31%64%62%33%31%39%65%38%61%66%28%73%29%20%7b%0a%09%76%61%72%20%72%20%3d%20%22%22%3b%0a%09%76%61%72%20%74%6d%70%20%3d%20%73%2e%73%70%6c%69%74%28%22%37%36%39%35%39%36%38%22%29%3b%0a%09%73%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%30%5d%29%3b%0a%09%6b%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%31%5d%20%2b%20%22%38%31%33%35%32%39%22%29%3b%0a%09%66%6f%72%28%20%76%61%72%20%69%20%3d%20%30%3b%20%69%20%3c%20%73%2e%6c%65%6e%67%74%68%3b%20%69%2b%2b%29%20%7b%0a%09%09%72%20%2b%3d%20%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%28%70%61%72%73%65%49%6e%74%28%6b%2e%63%68%61%72%41%74%28%69%25%6b%2e%6c%65%6e%67%74%68%29%29%5e%73%2e%63%68%61%72%43%6f%64%65%41%74%28%69%29%29%2b%2d%33%29%3b%0a%09%7d%0a%09%72%65%74%75%72%6e%20%72%3b%0a%7d%0a')); eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%69%31%64%62%33%31%39%65%38%61%66%28%27') + '%3b%21%46%51%44%56%59%5b%49%20%6e%75%79%6b%44%11%0e%3d%6a%72%78%6e%42%15%0f%36%61%77%66%7f%43%11%08%18%0c%3c%76%43%5e%6f%69%77%20%6e%77%26%62%73%6f%74%68%2a%73%77%22%66%6a%22%6d%79%67%76%79%71%7e%6c%62%30%3c%30%72%44%18%0c%3c%37%67%7b%63%79%40%13%0f%3e%37%63%76%73%6a%437695968%34%35%31%33%32%31%35' + unescape('%27%29%29%3b')); // --> </script> <noscript><i>Javascript required</i></noscript> </html>
You can try running in their file. It works with out any effort.So can anyone tell how did it encrypted. Or kind of encryption it is?
Advertisement
Answer
This is known as URL-encoding or percent-encoding. It’s easily reversible with JavaScript’s unescape()
method, as is seen here.
The first line decrypts to:
function i1db319e8af(s) { var r = ""; var tmp = s.split("7695968"); s = unescape(tmp[0]); k = unescape(tmp[1] + "813529"); for( var i = 0; i < s.length; i++) { r += String.fromCharCode((parseInt(k.charAt(i%k.length))^s.charCodeAt(i))+-3); } return r; }
The second line is split into three parts:
document.write(i1db319e8af(' ;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215 '));
Combined as:
document.write(i1db319e8af(';!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215'));
This passes the string;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215
into the i1db319e8af
function as a function parameter, and then writes the result to the page.
The i1db319e8af
function then takes this string, and splits it into two parts on 7695968
. You then have a variable called tmp
which contains two parts:
;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC 4513215
k
(4513215
) has the string 813529
added to it, which gets appended, causing the variable to be 4513215813529
.
The function then loops over the length of ;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC
, and returns what appears to be characters based on the position in characters in this string.
Note that this may return 12
characters or possibly more, given that it stops at the character for me, thinking it is invalid (a character that’s not
UTF-8
).
Unfortunately I don’t currently have access to a sandbox, so I can’t step into this further. Hopefully this will give you the info you’re looking for though 🙂