cancel
Showing results for 
Search instead for 
Did you mean: 

Web page code encryption

Marteknet
Grafter
Posts: 577
Registered: 13-10-2007

Web page code encryption

New stand alone version available that doesn't need to access www.martek-net.co.uk to decrypt generated files.

I have also changed encryption method so strings do not always encrypt to the same result. for example "<h1>Testing Encryption</h1>" may encrypt to "$l3~auAuW,D$T|byQQupT#^/S3^" in one part of the encrypted file and "£k4%ItfQ]Vj(TCvy[]uE],?/;-~" in another part of the same file. This of course will be entirely different in another file as no two files are encrypted using the same algorithm.

There is still a 14 day trail period on this I will be posting the full version very soon.

Link to new version http://cgi.martek-net.co.uk/php-bin/encripter/newencoder10.php
37 REPLIES
Marteknet
Grafter
Posts: 577
Registered: 13-10-2007

Web page code encryption

Want to make your HTML code & hard work difficult to read and rip off ?

make your HTML code look like this

^5N(77:g!YIaU)8tJU?x)8thfN@{M)8t^45e//O-!//HOK_9-KI~c_9yq#=*6e{[s,g
]pWRC;;//U~_93&6U)r:1uS&6MA[C;&6U)r:1uS&6MAokf&6U)r:1uS&6MpW];
t*7I{p;Wo,k(7rPmbupE[ETV^5N/pW];t*7I_t@2-D*7<|Rfi*7I_t@2-D*7<.pmu
yi)9P1uF&qG)9?j3*7I{p;Wo,k(7rPmbupE[ETV^5N/A7+4T*wK_tL24Bl6)Ytg
oQZS1--T.mo]Typ]#)9?/G3&6U)r:^=F(8>D-24TIuj[Emj*6eOX|Qu]i]WZ+4B/;
8_0{2-G*wH_0Vk7(8O}[Ayp.l8tR,niRRYm&6M/S^5eL+y:^5N;0_0RUyhpWX
D23=Y#,pQ[u[Q|_0~/j7*7I_tF&qG)9?Fe^5YOik]o,k(7rPCZtiQoQEX^5N/A=+
-}^=H(eJ+4Bl0)9Pa]du[#;_9-T.mo]TQTp,*7</D7&6U)r:1uS&6MA-+4TIuj[EC
F^4qU|.i]WZ+-!/k8(8O+-G*wH_0~G5&6UPolyp.l)8t{VvyoWpWRm&6MS-1
=R&qJ)rK^5N;8_0{srfi]|A+3=Y#,pQYWo[.(8>/j5*7I_t@2-D*7<S9^5YOik]RVh
&5wIZ#tiQoQEX1=V/l6)9P^=H(eJ+-!j3*7I{pdu[#;_9y}mbupEEp,*7</D924T*
wK_tS&6M/.pCWry*7I_tF&qG)9?/Cpgo(8O+-G*wH_0~/ju#D)9P^=H(eJ9yu
6=766

But still run ok in browsers.

Now updated to Encrypt Inline JavaScript on HTML pages

Try it out here http://cgi.martek-net.co.uk/php-bin/encripter/newencoder9.php this is still under development and as such has a 14 day test period on encrypted files, so back up your files. when development of this is finished the 14 day limit will be removed.

A working example of a page that contains both HTML & JavaScript that has been Encrypted using this system can be seen at http://www.martek-net.co.uk/testcrypt/testorg.html

Comments on this are very welcome.

[Moderators Note by csogilvie: Linebreaks added to stop the forums scrolling
N/A

Web page code encryption

Now thats very clever!! and it still runs in any browser and appears as a normal HTML Page??

Nice one! :-)
Ivan
Marteknet
Grafter
Posts: 577
Registered: 13-10-2007

Web page code encryption

Ta Ivan.

I guess you have tried it in all browsers then, that was my next step but finding time is a bit hard. so far I have tried IE and it seem to work fine.

But Netscape seems to have a problem with setAttribute in the version i am using. I will look in to it, but I have to update Netscape first to make sure I am writing for the most current version.

When its finished I will release it for full use.

Tested on the latest version of Netscape (8.0) and it seems to run ok, but Netscape version 7.2 doesn't work.

Development continues, the next stage is to make things execute from within users web sites and not have the need to access any files on martek-net.co.uk. The last stage of development will be a self-contained decryption system that doesn't have to access any external files at all.
N/A

Web page code encryption

Hi,
Tried the bottom link but it appeared to be broken. I assume you've removed it now?

I expect using PHP may be a little safer, the first example you gave using JavaScript allowed easy access to the source decription code on your website. A good approach might be to use public key encryption. If memory serves me correctly (it's been a while), it shouldn't really matter if people can see your code or not. Unless they can get the key, of course Wink

Don't worry, I've already deleted your source code.

All the best,
David.
Marteknet
Grafter
Posts: 577
Registered: 13-10-2007

Web page code encryption

Thanks for your comments But they don't really apply to what I use doing before the server crash.

It makes no difference now as I am thinking of scraping the lot. I was on the verge of posting the finished product with the encryption programme code itself encrypted, but force9 lost the lot and I have no backups.

I was at the stage where the generated code was all self contained with no links to my web space to get keys or decryption routines and was itself encoded. what you must have seen was a test vehicle to try and thrash out the methodology that the finished thing would have used. remember I have no code from the previous working version I backed up development versions on the server by renaming files as I uploaded each new version.

I had this working, it returned code I couldn't even decrypt myself without hours and hours of work. This is all gone now and I may not be able to replicate the code that the encryption generator was using as it was so complex and self modifying.
N/A

Web page code encryption

Hi,
Really sorry to hear that Sad Don't give up hope, though. It sounded a really interesting project. Although much scripting is now server side, I've felt that it would be useful to encrypt web page code to protect code, before.

Not to get your hopes up, but if F9 lost your data recently, they may have routine server back-up somewhere? May be worth asking at least?

Hope everything works out ok,
David.
Marteknet
Grafter
Posts: 577
Registered: 13-10-2007

Web page code encryption

Quote

Not to get your hopes up, but if F9 lost your data recently, they may have routine server back-up somewhere? May be worth asking at least?
David.


Hi Dave.

I tried that, and was told just like lots of other people that the backup was not made before the maintenance, so I asked when the last backup was made, but never even got a reply to that question. As far as I can tell Force9 have NEVER made any backups of their customers scripts that reside on the CGI server.

I have asked if backups are now being made but still I have no idea as Force9 didn't answer that question as well, Surprise, Surprise. Professional service or what ?
N/A

Web page code encryption

Hi

I can't see the details, but it looks like a project I did ages ago - have a look at http://www.kountdown.co.uk/~kountdown/shep

while the version I've got on the site has a fixed password, all the code was written.

It's a way of encrypting web pages on static web pages (ie non-php/cgi). Like martek's, it uses javascript to to decrypt pre-encrypted pages.

However my encryptor program was written in vb, with a dll which could be used by other programs, which is a bit different. It used a standard excryption algorithm - skipjack.


I never got any response - I found it hard to "advertise" the idea, and the solution as it was was probably a bit too complicated. I suspect it would put off all but the "techy" - who would prbably prefer to write their own.


Also the point of doing something like this has lessened, now it's easier to get a provider with php, where you can do your own user validation.
Marteknet
Grafter
Posts: 577
Registered: 13-10-2007

Web page code encryption

Hi Useyourhead.

Maybe its been done before but this is a little different there are no fixed keys and the decryption algorithm is unique for each and every file encrypted. It will be self-contained and the decryption code its self will be encrypted with no need for access any external files at all, no DLL's to download. I have managed to cobble together a working version and will be posting it within the next week or so.

While you are correct in saying that php has helped in this matter its not the answer for everyone, some people just code in html and don't want the hassle of learning php.

This is easy to use its got a GUI and is as simple as clicking a few buttons. the only drawback at the moment is the finished encrypted file has to be saved via cut and paste in Netscape. Users of IE just click a button to select a file, click another to encrypt it and lastly click yet another button to save the finished product. That's easy enough for most people I expect.

You will be able to see it working very soon as I have coded it and Alfa tested it just a few little things to sort out then it will be published with a 14 evaluation period.

Regards Peter.
N/A

Web page code encryption

Hi again

You're right - a user friendly, web based encryption tool would be far better than the complicated thing I came out with.

I didn't know php at the time I wrote shep (or have an isp who provided the facilities), or I might have done it myself. As it turned out I've since spotted a whopping big problem right in the middle of the idea, which limits it's usefulness even further.

I think, though, that you should make it clear to users that you're obfuscating, rather than encrypting the web page.

Obfuscation is not really a poor cousin to encryption - it makes your pages visible to everyone, but makes any code you want hidden harder to steal. Only people who understand the language can work it out - and usually it's quicker for them to just write it themselves!

As far as encryption is concerned, your problem (and, to be fair, I've only seen your demo page) is that whatever files you create, the web browser must be able to translate them. If the browser can translate them, then a human can too.

I can see, for instance, that your demo page had an expiry date of 22/04/05.

You might be able to encrypt javascript in a string, but you must also provide the code to decrypt the javascript, or else the browser can't do it.

To encrypt messages properly, some part of the process must be a secret. In real terms, that means either the algorithm or the key. Using client-side scripting means that the algorithm is public, which leaves you having to have a private key.

Or have I got the point of your tool wrong? Let me know. I know this post sounds a bit negative, but I'm actually interested and am trying to help you avoid the cul-de-sacs I ventured up while I was developing the shep.
Marteknet
Grafter
Posts: 577
Registered: 13-10-2007

Web page code encryption

Obfuscation that's nice word n. to darken; to confuse. that's about it but it really is encryption as well Cryptography n. Art of writing in secret characters; a cipher.

That just about sums it up the characters are secret, but the overall message content (the web page) is still available to the intended viewer. But the means of transmitting the message is unreadable, Yes that just about fits the bill nicely.

It seems you had not seen the last version that was on the server before it crashed it would have been clear to you that it was really a cipher, as even in the same file, the same characters would appear with a differ cipher index in it's place, for instance an "a" could appear as a "{" or an "3" or any other character for that matter. The cipher is unique to each file encrypted.

I think I will stick with the term encryption thank you.

you say "You might be able to encrypt JavaScript in a string, but you must also provide the code to decrypt the JavaScript, or else the browser can't do it. "

Its is possible to have the JavaScript code accessed clientside but not be displayed in the browser source code listing. I was doing that in the last version that was placed on the server as an example, the actual decryption code was NOT available to view or read and it's self was also encrypted.
N/A

Web page code encryption

I won't argue with you about the terminology - there are plenty of software vendors mixing up the terms. Whether this is to deliberately fool a naive buyer, or just to give a simplified description of the functionality, I leave to your judgement...

I'd be interested if you can provide a way to make the decryption code unavailable to view. A rejig of the "boot" code which is visible will allow an interested party to decode any script.

If you've found a way to completely hide your client-side javascript from the user, then that would be VERY commercial.

Have a look at http://jibbering.com/faq/obfuscate.html
it pretty much summarises what I understand about the whole thing.
Marteknet
Grafter
Posts: 577
Registered: 13-10-2007

Web page code encryption

There isn't any "boot" code in the new version. Its completely self contained. yes it still can be cracked but the hacker would take some time to do this. No encryption system is 100% watertight. A working Demo of code encrypted will available within a day or so.
N/A

Web page code encryption

Hello again,
I agree with useyourhead that if you make JavaScript available to the browser, the user is most likely going to be able to view it. Even if it isn't embedded into the webpage, the user's computer must still download it locally before running it. While encrypting it will help, it's not infallible. The best approach is probably to use a server and client public key.

But I guess, you're not trying to encrypt financial details etc., just preventing the opportunist. It's rather like protecting your car with a steering lock or a nuclear arsonal. Besides, if your approach becomes successful, there's alway future versions Wink

Incidentally, as far as usefulness was concerned, I went to bed thinking about this the other night after writing to you and thought of a good example. Sometimes, people want the address of media content embedded in webpages to remain hidden, for example film trailers, to stop people downloading and storing them locally, or embedding them directly in their own page. This would be a great tool for that!

All the best,
David.