Author Topic: Hide Javascript code?  (Read 2961 times)

0 Members and 1 Guest are viewing this topic.

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Hide Javascript code?
« on: September 28, 2009, 04:30:47 am »
Ok, I finally got some time to try out some more javascript/php stuff.

As I understand it there's no way of hiding the source code to a visitor? I have to convert the javascript to php and use AJAX if I want to update the page in real time?
Heckling is an art, and game hacking a science.

hoax-ravenheckler

  • Master Heckler
  • *****
  • Posts: 2429
  • Still the same old
    • View Profile
Re: Hide Javascript code?
« Reply #1 on: September 28, 2009, 12:59:37 pm »
You can make sure that you can't see the codde, however you will be able to see the results.

Thats all I remember for now.
Quote
There's never time to do things right, but there's always time to do it over.

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: Hide Javascript code?
« Reply #2 on: September 28, 2009, 04:32:42 pm »
Ok, I finally got some time to try out some more javascript/php stuff.

As I understand it there's no way of hiding the source code to a visitor? I have to convert the javascript to php and use AJAX if I want to update the page in real time?

frames...
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Hide Javascript code?
« Reply #3 on: September 28, 2009, 07:10:47 pm »
Ok, I finally got some time to try out some more javascript/php stuff.

As I understand it there's no way of hiding the source code to a visitor? I have to convert the javascript to php and use AJAX if I want to update the page in real time?

frames...
That is how peop hide things from puplic view and run code on websites...but you can view the code it's self by simply veiwing the webpages source code in your browser.

I will be back from Brazil near the end of the first week in October.

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: Hide Javascript code?
« Reply #4 on: September 28, 2009, 11:06:03 pm »
frame 1 is only displayed , whatevers in frame 2 - 10000 cant be displayed by view page source ;)

or better still make 2 frames and your code frame 1 pixel
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Hide Javascript code?
« Reply #5 on: September 28, 2009, 11:38:25 pm »
frame 1 is only displayed , whatevers in frame 2 - 10000 cant be displayed by view page source ;)

or better still make 2 frames and your code frame 1 pixel
1 X 1 or even 0 X 0...you might not see the frame but you can see that something is being hidden.

Hidden page code makes old folks like me nervous.
It took me 4 hours to remove crap some well know webpage (Gameburnworld) installed via IFrame a few months ago when that server was hacked.

(edit...typos)
« Last Edit: October 01, 2009, 06:30:11 pm by ZOldDude »

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: Hide Javascript code?
« Reply #6 on: September 29, 2009, 12:50:32 am »
im using frames as an example m8 there are other better ways but this will point him in the right direction.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Hide Javascript code?
« Reply #7 on: September 29, 2009, 07:20:08 pm »
Alright, I'll take a look at it.
Heckling is an art, and game hacking a science.

[TKC]Anothercheater

  • Heckler Apprentice
  • ****
  • Posts: 1349
    • View Profile
Re: Hide Javascript code?
« Reply #8 on: October 01, 2009, 12:48:15 pm »
Why should you hide code which is meant for the client browser?
The only thing you can do - which is the safest - is to use a Javascript Obfuscator.

Example of http://www.javascriptobfuscator.com :

Input (1211):
Code: [Select]
function inputInsert(input, aTag, eTag) {
  input.focus();
  /* IE */
  if(typeof document.selection != 'undefined') {
    var range = document.selection.createRange();
    var insText = range.text;
    range.text = aTag + insText + eTag;
    range = document.selection.createRange();
    if (insText.length == 0) {
      range.move('character', -eTag.length);
    } else {
      range.moveStart('character', aTag.length + insText.length + eTag.length);      
    }
    range.select();
    /* Gecko */
  } else if(typeof input.selectionStart != 'undefined') {
    var start = input.selectionStart;
    var end = input.selectionEnd;
    var insText = input.value.substring(start, end);
    input.value = input.value.substr(0, start) + aTag + insText + eTag + input.value.substr(end);
    var pos;
    if (insText.length == 0) {
      pos = start + aTag.length;
    } else {
      pos = start + aTag.length + insText.length + eTag.length;
    }
    input.selectionStart = pos;
    input.selectionEnd = pos;
   /* Misc */
  } else {
    var pos;
    var re = new RegExp('^[0-9]{0,3}$');
    while(!re.test(pos)) {
      pos = prompt("Einf?gen an Position (0.." + input.value.length + "):", "0");
    }
    if(pos > input.value.length) {
      pos = input.value.length;
    }
    var insText = prompt("Bitte geben Sie den zu formatierenden Text ein:");
    input.value = input.value.substr(0, pos) + aTag + insText + eTag + input.value.substr(pos);
  }
}

Output (1891):
Code: [Select]
var _0x69c5=["focus","selection","undefined","createRange","text","length","character","move","moveStart","select","selectionStart","selectionEnd","substring","value","substr","^[0-9]{0,3}$","Einf?gen an Position (0..","):","0","test","Bitte geben Sie den zu formatierenden Text ein:"];function inputInsert(_0xb3d9x2,_0xb3d9x3,_0xb3d9x4){_0xb3d9x2[_0x69c5[0]]();if( typeof document[_0x69c5[1]]!=_0x69c5[2]){var _0xb3d9x5=document[_0x69c5[1]][_0x69c5[3]]();var _0xb3d9x6=_0xb3d9x5[_0x69c5[4]];_0xb3d9x5[_0x69c5[4]]=_0xb3d9x3+_0xb3d9x6+_0xb3d9x4;_0xb3d9x5=document[_0x69c5[1]][_0x69c5[3]]();if(_0xb3d9x6[_0x69c5[5]]==0){_0xb3d9x5[_0x69c5[7]](_0x69c5[6],-_0xb3d9x4[_0x69c5[5]]);} else {_0xb3d9x5[_0x69c5[8]](_0x69c5[6],_0xb3d9x3[_0x69c5[5]]+_0xb3d9x6[_0x69c5[5]]+_0xb3d9x4[_0x69c5[5]]);} ;_0xb3d9x5[_0x69c5[9]]();} else {if( typeof _0xb3d9x2[_0x69c5[10]]!=_0x69c5[2]){var _0xb3d9x7=_0xb3d9x2[_0x69c5[10]];var _0xb3d9x8=_0xb3d9x2[_0x69c5[11]];var _0xb3d9x6=_0xb3d9x2[_0x69c5[13]][_0x69c5[12]](_0xb3d9x7,_0xb3d9x8);_0xb3d9x2[_0x69c5[13]]=_0xb3d9x2[_0x69c5[13]][_0x69c5[14]](0,_0xb3d9x7)+_0xb3d9x3+_0xb3d9x6+_0xb3d9x4+_0xb3d9x2[_0x69c5[13]][_0x69c5[14]](_0xb3d9x8);var _0xb3d9x9;if(_0xb3d9x6[_0x69c5[5]]==0){_0xb3d9x9=_0xb3d9x7+_0xb3d9x3[_0x69c5[5]];} else {_0xb3d9x9=_0xb3d9x7+_0xb3d9x3[_0x69c5[5]]+_0xb3d9x6[_0x69c5[5]]+_0xb3d9x4[_0x69c5[5]];} ;_0xb3d9x2[_0x69c5[10]]=_0xb3d9x9;_0xb3d9x2[_0x69c5[11]]=_0xb3d9x9;} else {var _0xb3d9x9;var _0xb3d9xa= new RegExp(_0x69c5[15]);while(!_0xb3d9xa[_0x69c5[19]](_0xb3d9x9)){_0xb3d9x9=prompt(_0x69c5[16]+_0xb3d9x2[_0x69c5[13]][_0x69c5[5]]+_0x69c5[17],_0x69c5[18]);} ;if(_0xb3d9x9>_0xb3d9x2[_0x69c5[13]][_0x69c5[5]]){_0xb3d9x9=_0xb3d9x2[_0x69c5[13]][_0x69c5[5]];} ;var _0xb3d9x6=prompt(_0x69c5[20]);_0xb3d9x2[_0x69c5[13]]=_0xb3d9x2[_0x69c5[13]][_0x69c5[14]](0,_0xb3d9x9)+_0xb3d9x3+_0xb3d9x6+_0xb3d9x4+_0xb3d9x2[_0x69c5[13]][_0x69c5[14]](_0xb3d9x9);} ;} ;} ;
« Last Edit: October 01, 2009, 12:53:33 pm by [TKC]Anothercheater »

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Hide Javascript code?
« Reply #9 on: October 01, 2009, 04:28:19 pm »
But that can be decrypted easily? It's just that it isn't readable at a first glance?

I'm making a calculator and I have some formulas that I want to hide. I could just rewrite them to PHP and use AJAX instead.




Heckling is an art, and game hacking a science.

[TKC]Anothercheater

  • Heckler Apprentice
  • ****
  • Posts: 1349
    • View Profile
Re: Hide Javascript code?
« Reply #10 on: October 01, 2009, 06:19:25 pm »
Of course you can do the calculations with php instead of javascript.
If its a simple function, its simple to understand the function.
If the function is huge or pretty complex then its also much harder to understand this obfuscated code and you cant recover the variable names.

Subsky

  • Insane Joker
  • ****
  • Posts: 504
  • Subskii
    • View Profile
Re: Hide Javascript code?
« Reply #11 on: October 07, 2009, 03:49:50 pm »
Mullah, if you need to hide code- make client side javascript code call into web server interfaces/functions.  Although ASP.NET is my specialty these days, you suggested calling into PHP and I strongly recommend you go with that (if it's possible).  End of story.

Anyone with half a brain (and Firebug) can catch you out- no matter what.  If it gets run on the client your code can be seen.

Based on the amount of shit code I've had to review- there are so many terrible Web 2.0 programmers around that most wouldn't need to use an obfuscator.  Needless to say, neither shit programmers or obfuscators are a solution.

By the sounds of it, you only need to call one function.  You know the entry points and provided you know the security issues related to php- you can guard against attacks.
« Last Edit: October 07, 2009, 04:16:00 pm by Subsky »

[TKC]cptnhankey

  • Online Villain
  • ***
  • Posts: 240
    • View Profile
    • Cptn Hankey
Re: Hide Javascript code?
« Reply #12 on: March 29, 2010, 04:39:20 pm »
use www.dot.tk and it hides all ur script,

RaXOR

  • Cheater Apprentice
  • *
  • Posts: 11
    • View Profile
Re: Hide Javascript code?
« Reply #13 on: March 30, 2010, 12:39:12 am »
The best way is to make load function with ajax, which would load snappets of crypted js, decrypt it end eval step by step and after release it..  u should to crypt this function via most stable algoritms and check referer from browser... another way is to load javascript from image, when user looks at link, he just will see an image, but uor script engine will eval script at the end of an image... wait a sec.. i'll look for crypt algoritms.. i had had them.. just need to search =)
« Last Edit: March 30, 2010, 12:48:13 am by RaXOR »

RaXOR

  • Cheater Apprentice
  • *
  • Posts: 11
    • View Profile
Re: Hide Javascript code?
« Reply #14 on: March 30, 2010, 01:10:36 am »
Full source code i don't include but i'll give step by step tutor of creating stable algoritm (filters nubs), uor function must load script (encrypted by any algorytm) and containig many rubbish from uour server step bu step... Here uor algorytm:
1) pack base64 class with this
2) pack uor function with this
3) packed function pack with base64 (there u can: http://www.motobit.com/util/base64-decoder-encoder.asp)
4) encoded base 64 class pack with Hex and escape algorytm, then u use this class just eval(unescape()) it
5) than use to call uor crypted function with base 64 eval( base64decode(it's functions name to decode base64)) and encrypt that with hex, escape... then u can call it.

Sorry for my english, and it's easy to make ajax call, if not, than say, i'll post...

Newbies have to broke thair brains before they decrypt and understand uor algoritm(include server side "step by step decrypted and executed")..
« Last Edit: March 30, 2010, 04:10:24 am by RaXOR »