SiteExperts.com Logo Home | Community | Developer's Paradise | Jobs
User Groups | Site Tools | Site Information | Search

Inside Technique : Hiding HTML/SCRIPT... I think it IS possible! : The Code

Here is the all code in its entirety. Most of it is pretty straight forward, but some parts may not make sense. Don't worry I'll cover those later.

The "real code" (unencoded and formatted)

/* If you are seeing this, you've won. Yay! */

var x = document.body.appendChild(document.createElement('div'));

x.addBehavior('#default#download');

x.startDownload(wtf.src,function(){});

wtf.src='';

x.removeNode(true);

//document.scripts[3].removeNode(true); *

alert('OK, you know the drill. Look for the source of this alert.');

* This wasn't in the actual code, but should have been :(

The fake code (unencoded and formatted)

function ultimateProtectedScript()

{

      eval(SuperDuperTopSecretDecodingFunction("%157%195%150%177...[a lot more]"));

}

Private/Real.js (Final Encoded form)

/*hppage status="protected"*/

eval(unescape("%66%75%6E%63%74%69%6F%6E%20%68%70%5F%64%31%30%28%73%29%7B%72%65%74%75%72%6E%20%73%7D"));
eval(hp_d10(unescape("%64%6F%63%75%6D... [a lot more]")));

Private/Fake.js (Final Encoded form)

/*hppage status="protected"*/

eval(unescape("%66%75%6E%63%74%69%6F%6E%20%68%70%5F%64%31%30%28%73%29%7B%72%65%74%75%72%6E%20%73%7D"));
eval(hp_d10(unescape("%64%6F%63%75%6D...[a lot more]")));

Global.asa

<script runat="server" language="jscript">

      function Session_OnStart()

      {

            var xml = Server.CreateObject("MSXML2.FreeThreadedDomDocument.5.0");

            xml.loadXML("<?xml version='1.0'?><root/>");

            Session.Contents("passes") = xml;

      }

     

      function Session_OnEnd()

      {

            Session.Contents("passes") = null;

      }

     

      function Application_OnStart()

      {

            Application.Contents("baseURL") = "http://hideit.siteexperts.com/";

      }

</script>

jsiis.inc

<%

// Just some IIS Helper functions that make working in JScript easier

function jsIISCollection(itm)

{

      if(itm.Count == 0)

      {

            return null;

      }

      else if (itm.Count == 1)

      {

            return String(itm.Item(1));

      }

      else

      {

            var a = new Array(itm.Count);

            for(var i=0;i<a.length;i++)

                  a[i] = String(itm.Item(i+1));

           

            return a;

      }

}

function QueryString(key)

{

      return jsIISCollection(Request.QueryString.Item(key));

}

function Form(key)

{

      return jsIISCollection(Request.Form.Item(key));

}

function ServerVariables(key)

{

      return jsIISCollection(Request.ServerVariables.Item(key));

}

function HttpHeader(key)

{

      return jsIISCollection(Request.ServerVariables.Item("HTTP_" + key));

}

function IE6()

{

      var ua = HttpHeader("User-Agent");

      return ua.indexOf("MSIE 6") >= 0;

}

Hide.asp (default document)

<%@ Language="JScript" %>

<%

      function GUID()

      {

            var TypeLib= Server.CreateObject("Scriptlet.TypeLib");

            var guid    = String(TypeLib.GUID).replace(/[\{\}\-}]/g,"");

            TypeLib           = null;

            return guid;

      }

           

      function RandomNumber()

      {

            return parseInt(Math.random()*100000,10);

      }

     

      var passes  = Session.Contents("passes");

      var pass    = passes.createElement("pass");

     

      var timeout = new Date();

      timeout.setSeconds(timeout.getSeconds()+1);

     

      var guid = GUID();

      pass.setAttribute("guid",     guid);

      pass.setAttribute("timeout",timeout.valueOf());

     

      passes.documentElement.appendChild(pass);

     

      var ran = RandomNumber();

%>

<htmlxmlns:qxf53e="urn:p<%=ran%>">

      < head >

            <style>body{font:normal 9pt Verdana;}</style>

      </ head >

      < body id ="bod">

            The hidden script is now in the form of an alert. If you did not get the alert, try frefreshing the page.

            < script >

                  var HashEncode = 0x <%=guid%>;

                  var EncodeHash = 0;

                  for(var i=0;i<String(HashEncode).length;i++)

                        EncodeHash += HashEncode%7;              

            </ script >

            < script >

                  bod.attachEvent("oncontextmenu",function(e){alert("This is just here to annoy you. \r\n\r\n\r\nI wonder how the 133t h4xor script kiddies protect their Scripts from Apple Users?");e.returnValue=false;});

                  try{if(document.namespaces[0].urn=="urn:p<%=ran%>")document.write("<scrip" + "t id= 'wtf'src='hidden.asp?pass=<%=guid%>'></scr" + "ipt>");}catch(ex){alert("Sorry, IE6 Only");}               

            </ script >

      </ body >

</html>

hidden.asp

<%@Language="JScript"%><!--#include file="jsiis.inc"--><%

     

      function OutputCode(fileName)

      {

            var fso = Server.CreateObject("Scripting.FileSystemObject");

            var f   = fso.OpenTextFile(Server.MapPath("./") + "\\Private\\" + fileName);

            Response.Write(f.ReadAll());

            f.Close();

            fso = f = null;

      }

     

      function Main()

      {

            Response.ContentType = "application/x-javascript";

           

            // Change this depending on where it's going to end up

            var hiddenUrl = Application.Contents("baseURL");

           

            // My thinking on this is to taunt them for such an obvious tactic

            // of typing in just "hidden.asp"

            // let them work a little to get the fake code

            var guid = QueryString("pass");

            if(guid == null || guid.length != 32)

            {

                  Response.Write("//Uh, no. You didn't really expect that to work, did you? ");

                  return;

            }

     

            var passes  = Session.Contents("passes");

            var pass    = passes.selectSingleNode("//pass[@guid='" + guid + "']");       

           

            if(pass == null)

            {

                  //Response.Write("//Pass not found in XML. guid=" + guid + "\r\n/*");

                  //Response.Write(passes.xml + "*/");

                  OutputCode("Fake.js");

                  return;

            }

           

            var now           = new Date().valueOf();

            var timeout= parseInt(pass.getAttribute("timeout"),10);

           

            passes.documentElement.removeChild(pass);

           

            if(timeout <= now)

            {

                  //Response.Write("//Timed out. now: " + now + " timeout: " + timeout);

                  OutputCode("Fake.js");

                  return;

            }

           

            if(!IE6())

            {

                  //Response.Write("//NO IE6 " + HttpHeader("User-Agent") + "\r\n");

                  OutputCode("Fake.js");

                  return;

            }

           

            var referer = HttpHeader("Referer");

            if(   referer != "http://localhost/hide"       ||

referer != "http://localhost/hide/"       ||

referer != "http://localhost/hide/hide.asp" )

            {

                  //Response.Write("//incorrect referer " + HttpHeader("Referer") + " != " + hiddenUrl + "\r\n");

                  OutputCode("Fake.js");

                  return;

            }

                       

            // If they made it this far send the real code

            OutputCode("Real.js");

      }

     

      Main();

%>

Index Next -> (The Mechanics)