CODEWITHSUNDEEP
javascriptjqueryhtmlencryptioncryptography
user7747472
user7747472

Reputation: 1952

Encrypt HTML Source code with JAVASCRIPT. How does it work?

i was checking if it is possible to actually encrypt html code or not. I found a place where they encrypt the HTML code in Javascript. I wonder how does it work or in what format can anyone please tell me ??

Actual code

<!DOCTYPE html>
<html>
<body>

<p>This is going to be encrypted.</p>
</body>
</html>

The encrypted HTML CODE

  <html>
<head>
</head>
<body>

<script type="text/javascript">
<!-- 
eval(unescape('%66%75%6e%63%74%69%6f%6e%20%69%31%64%62%33%31%39%65%38%61%66%28%73%29%20%7b%0a%09%76%61%72%20%72%20%3d%20%22%22%3b%0a%09%76%61%72%20%74%6d%70%20%3d%20%73%2e%73%70%6c%69%74%28%22%37%36%39%35%39%36%38%22%29%3b%0a%09%73%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%30%5d%29%3b%0a%09%6b%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%31%5d%20%2b%20%22%38%31%33%35%32%39%22%29%3b%0a%09%66%6f%72%28%20%76%61%72%20%69%20%3d%20%30%3b%20%69%20%3c%20%73%2e%6c%65%6e%67%74%68%3b%20%69%2b%2b%29%20%7b%0a%09%09%72%20%2b%3d%20%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%28%70%61%72%73%65%49%6e%74%28%6b%2e%63%68%61%72%41%74%28%69%25%6b%2e%6c%65%6e%67%74%68%29%29%5e%73%2e%63%68%61%72%43%6f%64%65%41%74%28%69%29%29%2b%2d%33%29%3b%0a%09%7d%0a%09%72%65%74%75%72%6e%20%72%3b%0a%7d%0a'));
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%69%31%64%62%33%31%39%65%38%61%66%28%27') + '%3b%21%46%51%44%56%59%5b%49%20%6e%75%79%6b%44%11%0e%3d%6a%72%78%6e%42%15%0f%36%61%77%66%7f%43%11%08%18%0c%3c%76%43%5e%6f%69%77%20%6e%77%26%62%73%6f%74%68%2a%73%77%22%66%6a%22%6d%79%67%76%79%71%7e%6c%62%30%3c%30%72%44%18%0c%3c%37%67%7b%63%79%40%13%0f%3e%37%63%76%73%6a%437695968%34%35%31%33%32%31%35' + unescape('%27%29%29%3b'));
// -->
</script>
<noscript><i>Javascript required</i></noscript>

</html>

You can try running in their file. It works with out any effort.So can anyone tell how did it encrypted. Or kind of encryption it is?

Upvotes: 0

Views: 14228

Answers (4)

Ahmad
Ahmad

Reputation: 1

script type='application/ld+json' class='yoast-schema-graph yoast-schema-graph--main'>{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://avormin.in/#website","url":"https://avormin.in/","name":"\u0909\u0924\u094d\u092a\u093e\u0926 \u0938\u092e\u0940\u0915\u094d\u0937\u093e","potentialAction":{"@type":"SearchAction","target":"https://avormin.in/?s={search_term_string}","query-input":"required name=search_term_string"}},{"@type":"ImageObject","@id":"https://avormin.in/arthrazex#primaryimage","url":"https://avormin.in/wp-content/uploads/2020/01/1-3.jpg","width":700,"height":300},{"@type":"WebPage","@id":"https://avormin.in/arthrazex#webpage","url":"https://avormin.in/arthrazex","inLanguage":"en-US","name":"Arthrazex \u091c\u094b\u0921\u093c\u094b\u0902 \u0915\u0947 \u0932\u093f\u090f: \u0938\u0942\u091c\u0928 \u0914\u0930 \u091c\u0932\u0928 \u0926\u0942\u0930 \u0915\u0930\u0924\u0940 \u0939\u0948. \u0938\u092e\u0940\u0915\u094d\u0937\u093e, \u092e\u0942\u0932\u094d\u092f, \u092f\u0939 \u0915\u0948\u0938\u0947 \u0915\u093e\u092e \u0915\u0930\u0924\u093e \u0939\u0948, \u0930\u091a\u0928\u093e, \u0915\u0939\u093e\u0902 \u0938\u0947 \u0916\u0930\u0940\u0926\u0947\u0902.","isPartOf":{"@id":"https://avormin.in/#website"},"primaryImageOfPage":{"@id":"https://avormin.in/arthrazex#primaryimage"},"datePublished":"2020-01-31T21:00:27+03:00","dateModified":"2020-01-31T21:00:27+03:00","author":{"@id":"https://avormin.in/#/schema/person/99c8a23bb122b30eb43f5f425a89e0af"},"description":"Arthrazex \u091c\u094b\u0921\u093c\u094b\u0902 \u0915\u0947 \u0932\u093f\u090f: \u0938\u0942\u091c\u0928 \u0914\u0930 \u091c\u0932\u0928 \u0926\u0942\u0930 \u0915\u0930\u0924\u0940 \u0939\u0948. \u0938\u092e\u0940\u0915\u094d\u0937\u093e, \u092e\u0942\u0932\u094d\u092f, \u092f\u0939 \u0915\u0948\u0938\u0947 \u0915\u093e\u092e \u0915\u0930\u0924\u093e \u0939\u0948, \u0930\u091a\u0928\u093e, \u0915\u0939\u093e\u0902 \u0938\u0947 \u0916\u0930\u0940\u0926\u0947\u0902."},{"@type":["Person"],"@id":"https://avormin.in/#/schema/person/99c8a23bb122b30eb43f5f425a89e0af","name":"author2","image":{"@type":"ImageObject","@id":"https://avormin.in/#authorlogo","url":"https://secure.gravatar.com/avatar/2696bbcbc2e8deeea6af0e36de8e159d?s=96&d=mm&r=g","caption":"author2"},"sameAs":[]}]}</script>

Upvotes: 0

Obsidian Age
Obsidian Age

Reputation: 42304

This is known as URL-encoding or percent-encoding. It's easily reversible with JavaScript's unescape() method, as is seen here.

The first line decrypts to:

function i1db319e8af(s) {
    var r = "";
    var tmp = s.split("7695968");
    s = unescape(tmp[0]);
    k = unescape(tmp[1] + "813529");
    for( var i = 0; i < s.length; i++) {
        r += String.fromCharCode((parseInt(k.charAt(i%k.length))^s.charCodeAt(i))+-3);
    }
    return r;
}

The second line is split into three parts:

document.write(i1db319e8af('

;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215

'));

Combined as:

document.write(i1db319e8af(';!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215'));

This passes the string;!FQDVY[I nuykD=jrxnB6awfC <vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD <7g{cy@>7cvsjC76959684513215 into the i1db319e8af function as a function parameter, and then writes the result to the page.

The i1db319e8af function then takes this string, and splits it into two parts on 7695968. You then have a variable called tmp which contains two parts:

;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC
4513215

k (4513215) has the string 813529 added to it, which gets appended, causing the variable to be 4513215813529.

The function then loops over the length of ;!FQDVY[I nuykD=jrxnB6awfC <vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD <7g{cy@>7cvsjC, and returns what appears to be characters based on the position in characters in this string.

Note that this may return 12 characters or possibly more, given that it stops at the character for me, thinking it is invalid (a character that's not UTF-8).

Unfortunately I don't currently have access to a sandbox, so I can't step into this further. Hopefully this will give you the info you're looking for though :)

Upvotes: 2

Taplar
Taplar

Reputation: 24965

Unescape operates upon hex character codes.

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/unescape

var myAwesomeHTMLString = "<p>Weeeee</p>";
var hexEncoded = '';

for (var i = 0; i < myAwesomeHTMLString.length; i++) {
  hexEncoded += '%'+ myAwesomeHTMLString.charCodeAt(i).toString(16);
}

console.log("'encoded': "+ hexEncoded);
console.log("'unencoded': "+ unescape(hexEncoded));

Upvotes: 2

S&#233;bastien
S&#233;bastien

Reputation: 12139

This would be very weak encryption as all that is required to decrypt is readily available in the browser, namely the unescape method.

Upvotes: 0

Related Questions