How do I code in JavaScript

Encrypt HTML: Protect source text with JavaScript

Everyone who develops himself knows the problem: Strangers steal the code that you have worked on for hours and pass it off as your own. This can be remedied by coding the source text.

techniques

There are several techniques for encrypting source text, ranging from very simple (and just as easy to decrypt) to very complicated. In the following some will be presented, whereby a distinction should be made between encryption of the JavaScript source text and encryption of the entire (HTML, CSS, JavaScript ...) source code. Depending on the situation, a variant is more suitable for one or the other. Generally speaking, however, all techniques work on the same principle: the code is stored in the file in encrypted form, is decrypted when the page is accessed and written into the document. If you look at the source text, only the original (encrypted) source text and not the (decrypted) code that is displayed.

restrictions

Since every encoding or decoding must ultimately produce a result that can be displayed by the browser, it is basically impossible to encrypt the code in such a way that nobody can crack it. Rather, it is usually easy for relatively experienced programmers to expose the code. However, it should be remembered that most code thieves will quickly lose the desire to copy just at the sight of seemingly confused scraps of writing.

The empty line variant

The simplest of all variants is to simply insert blank lines in front of the entire source text. If a code thief looks at the source code, he will be surprised with a blank page. Most of them overlook the scroll bars that hide the text below.

Prevention variant

This possibility is also a very simple matter. The whole thing is based on the fact that the thief is denied access to the source code. To do this, the following things must be done:
  • switch off right mouse button (context menu)
  • Hide the menu bar or make it unusable for the actual file
  • Preventing the CTRL key (short cuts)
The right mouse button is blocked with the following script:

<script language="JavaScript">
<!--
function DoFalse () {alert ('Not possible!'); return (false)}

if (document.layers)
{
document.captureEvents (Event.MOUSEDOWN);
document.onmousedown = DoFalse ();
}
//-->
</script>
...
<body onMouseDown="return DoFalse();"> 

The menu bar is best switched off or made harmless by either opening a new window that does not contain it (), or that the page can only be displayed within a frame:

if (self == top) {window.location.href = 'frameset.htm';};

The CTRL key can be switched off with the following script:

<script language="JavaScript">
<!--
function DoFalse (e)
{
if ((window.event && window.event.ctrlKey == true) ||
(e && e.modifiers == 2))
 {
alert ('Not possible!'); return false;
 }
}

if (document.layers)
{
document.captureEvents (Event.KEYPRESS);
document.onKeyPress = DoFalse;
}
//-->
</script>
...
<body onMouseDown="return DoFalse();" onKeyPress="return DoFalse();"> 



Please note that although it is quite easy to implement and certainly quite helpful to use this variant - this method is considered very unpopular in programming circles (most even hate it because it blocks access to other important functions) . You should therefore use this variant with caution.

Escape variant

A slightly better variant is to encrypt the special characters with the help of the method. This replaces all special characters (,,,, ...) of a string with their Unicode character strings. E.g. it becomes like this.

The source text is previously encrypted using this method and saved in a variable. Coding:

alterText = 'abcdefg';
newText = escape (oldText);



The output is integrated into the page as follows (without any further elements to be displayed). The code is decrypted again with the method. In the example, the variable contains the coded source text:

<script language="JavaScript">
<!--
var var = '.... source text ...';
document.open ();
document.write (unescape (various));
document.close ();
//-->
</script> 

Character list variant

Another variant is the encryption of all characters with the help of a character list. For this purpose, a string is created beforehand, which contains all characters in (any) order. in addition, the special characters (,,,,,,,,,, ...) and control characters (,,,,, ...) must be included. The principle is then as follows: The string to be coded or decoded is repeated from the beginning go through to the end. For each character, a search is made for the position at which it is contained in the character list. The position is increased by an entered or previously saved number and instead of the original character, the character is output that corresponds to the new (increased) position in the character list. In addition, the coding is added by the variant. This is absolutely necessary, otherwise errors can occur. Coding:

var list = '1234567890ß´`qwertzuiopü + # äölkjhgfds'ayxcvbnm' +
',.> - <* ~ _ :; | µ! "§ $% & / () =? QWERTZUIOPÜÄÖLKJHGFDS' +
'AYXCVBNM @ ntrbf';
var x = 122;
code function (s)
{
res = '';
for (i = 0; i  {
a = s.substr (i, 1);
b = liste.indexOf (a) + x;
while (b> liste.length) {b = b-liste.length;}
res + = list.substr (b, 1);
 }
return (escape (res));



Instead of increasing the number of digits, the output is simply subtracted. The previously coded source text is in turn integrated in a variable. a secret number is also requested. This determines the value by how many places a character should be subtracted:

<script language="JavaScript">
<!--
var shift = '.... source text ...';
var list = '1234567890ß´`qwertzuiopü + # äölkjhgfds'ayx' +
'cvbnm,.> - <* ~ _ :; | µ! "§ $% & / () =? QWERTZUIOPÜ' +
'ÄÖLKJHGFDSAYXCVBNM @ ntrbf';

decode function (s)
{
s = unescape (s);
x = prompt ('Please enter your PIN!'); // = 122
res = '';
for (i = 0; i  {
a = s.substr (i, 1);
b = liste.indexOf (a) -x;
while (b <0) {b = b + liste.length;}
res + = list.substr (b, 1);
 }
return (res);
}

document.open ();
document.write (decode (various));
document.close ();
//-->
</script> 



In addition to swapping the letters by simply adding or subtracting, there are a number of other options. Almost all mathematical or bitwise operators can be used here.

Base64 variant

One of the best-known methods for encryption and decryption is Base64. It is used, for example, for HTTP passwords. The basic principle is similar to the variant with the character list described above: With the help of a character set, the letters are rotated so that a new string is created. The advantage is that the resulting strings are usually shorter than the original (unencrypted). It is coded as follows:

var base64s = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcd' +
'efghijklmnopqrstuvwxyz0123456789 + /';

function encode (decStr)
{
var bits;
var dual;
var i = 0;
var encOut = '';
while (decStr.length> = i + 3)
 {
bits = (decStr.charCodeAt (i ++) & 0xff) << 16 |
(decStr.charCodeAt (i ++) & 0xff) << 8 |
decStr.charCodeAt (i ++) & 0xff;
encOut + = base64s.charAt ((bits & 0x00fc0000) >> 18) +
base64s.charAt ((bits & 0x0003f000) >> 12) +
base64s.charAt ((bits & 0x00000fc0) >> 6) +
base64s.charAt ((bits & 0x0000003f));
 }
if (decStr.length -i> 0 && decStr.length -i <3)
 {
dual = Boolean (decStr.length -i -1);
bits = ((decStr.charCodeAt (i ++) & 0xff) << 16) |
(dual? (decStr.charCodeAt (i) & 0xff) << 8: 0);
encOut + = base64s.charAt ((bits & 0x00fc0000) >> 18) +
base64s.charAt ((bits & 0x0003f000) >> 12) +
(dual? base64s.charAt ((bits & 0x00000fc0) >> 6): '=') +
 '=';
}
return (encOut);
}



The coded string should also be treated with. The decoding is done as follows:

var base64s = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabc' +
'defghijklmnopqrstuvwxyz0123456789 + /';

function decode (encStr)
{
var bits;
var decOut = '';
var i = 0;
for (; i  {
bits = (base64s.indexOf (encStr.charAt (i)) & 0xff) << 18 |
(base64s.indexOf (encStr.charAt (i +1)) & 0xff) << 12 |
(base64s.indexOf (encStr.charAt (i +2)) & 0xff) << 6 |
base64s.indexOf (encStr.charAt (i +3)) & 0xff;
decOut + = String.fromCharCode ((bits & 0xff0000) >> 16, (bits & 0xff00) >> 8, bits & 0xff);
 }
if (encStr.charCodeAt (i -2) == 61)
 {
return (decOut.substring (0, decOut.length -2));
 }
else if (encStr.charCodeAt (i -1) == 61)
 {
return (decOut.substring (0, decOut.length -1));
 }
else {return (decOut)};
}

Software variants

A very secure variant of encryption is the use of software that is specially designed for this. There are two products in particular:

Microsoft Windows Script Encoder

The Windows Script Encoder from Microsoft is a simple command line tool that encodes all script passages within a document. A mark () is placed in front of the text to be coded, then the encoder with the command line

called at MS-DOS level. The encoder then automatically encrypts the JavaScript source text and changes the language definition (from is). The (Microsoft Internet Explorer) browser then knows that it must first decode the source text in order to execute it.

Netscape Signing Tool

The Netscape Signing Tool is a kind of compilation of the source code. This makes the source text smaller, firstly, and secondly (which is what we're getting at) illegible. To use this, the text is exported to an external file that is compiled with the tool and converted into JAR format. The file is integrated within the document using the attribute of the element. The (Netscape Navigator) browser can then read these files and execute them normally.

The disadvantage of these software variants is that only the in-house browser of the respective software company can handle the technology.

Opportunities for improvement

There are a number of other options that can be used to further improve encryption and security against theft.
  • Encryption of the decryption function
  • Use of other (and more complicated) mathematical operators and more complex implementation of the characters
  • Linking several (different) coding methods with one another (encrypting encrypted, preventing source text, ...)

about us