how do i hide or encrypt a java script? - GoFuckYourself.com

mkx · 09-21-2005, 10:08 AM

I have a javascript and want to hide or encrypt the source of it. Whats the easist way to do this?

leenks · 09-21-2005, 10:27 AM

You don't.

u-Bob · 09-21-2005, 10:31 AM

javascript -> clientside.

you can only obfuscate it...

emthree · 09-21-2005, 10:32 AM

cheater!!!!!!!!!!1
You encrypt js w/ js..

mkx · 09-21-2005, 10:47 AM

im not cheating, i am hiding the script i paid $50 for from other's trying to steal it it

Thurbs · 09-21-2005, 10:48 AM

rewrite it into php and use config.inc to hide it =p

gornyhuy · 09-21-2005, 10:51 AM

you could also source it (script src=____) and then put htaccess restrictions on the src file so that the referrer has to come from your server.. That way they won't be able to read it inline and they wont be able to download the src file.

Coyote · 09-21-2005, 11:02 AM

Once upon a time, a long time ago, I ran accross a script that I wanted to view. When trying to 'copy' the script to a temporary location in order to view it, I instead got an error that I was not authorized. Even though the script appeared in the temporary internet directory I was unable to access it. I believe the server admin had apparently setup the htaccess to only allow the script from the host url.

At least on a winders box, you first have to copy the file from the temp inet dir to a location where you can view the content. That 'copy' attempt appears to retrieve the original file from the server, hence the htaccess solution. I don't know if this is correct because I never pursued it, nor tested it. But you rekindled my interest. I'd appreciate you lettin' me know if get it to work.

mkx · 09-21-2005, 11:16 AM

Quote:

Originally Posted by gornyhuy

you could also source it (script src=____) and then put htaccess restrictions on the src file so that the referrer has to come from your server.. That way they won't be able to read it inline and they wont be able to download the src file.

what htaccess commands should I put on it? i know what you mean about the server thing, can you post the code so I can add it to the .htaccess file?

mkx · 09-21-2005, 02:43 PM

bump 8

woj · 09-21-2005, 02:44 PM

you can't, anyone that's been on the internet for more than 2 days will be able to decrypt no matter what you do in 5 mins...

mkx · 09-21-2005, 04:35 PM

how about the htaccess command

Theo · 09-21-2005, 04:37 PM

Quote:

Originally Posted by woj

you can't, anyone that's been on the internet for more than 2 days will be able to decrypt no matter what you do in 5 mins...

wanna take a bet? lol

sleazybunny · 09-21-2005, 05:15 PM

whats the internet again ????

gambino · 09-21-2005, 05:53 PM

The definite answer is: there is no 100% safe method for encrypting or hiding your javascript or html code.
Why? These are scripting and markup languages which means that for any browser to understand, display and/or run them it MUST have the source, and if there is a way for the browser to get it, there sure is a way for a (experienced) user to get it!

However, this doesn't mean that you can't make code-stealing (much) more difficult:
1) You can use javascript to disable the right mouse button (easily disabled in some browsers)
2) You can use the .htaccess file to limit the referer (again, some browsers can fake the referer variable, or a simple php script will do the trick of fooling the server that the allowed referer was used)
3) You can encrypt your script using a javascript function, add the encrypted script along with a decryption function to your html, but have that function written 'escaped' and than just "eval(unescape(name_of_your_decrypting_function)); " -- If you want to see how this works look at the source of http://www.protware.com/e_demo.htm (Personally, I find this solution to take most time to 'break' especially is customized encryption script is used, but again a not so complex js will "decrypt" this in a snap)
...) can't think of any more right now

Using 1+2+3+... obviously is the best solution if you're willing to spend that much time on hiding the code. Besides, if you bought that code, there is probably hundreds of other sites where someone can find that code -- this is actually something the maker/owner of the code should worry about.

Regards

woj · 09-21-2005, 08:36 PM

Quote:

Originally Posted by Soul_Rebel

wanna take a bet? lol

I may have exagurated the 5 mins, but any javascript protection method can be cracked fairly quickly. Normally I would be willing to take a bet, but I don't really have time to mess around with it now.

09-21-2005, 10:08 AM	#1
mkx Confirmed User Industry Role: Join Date: Nov 2003 Location: Toronto Posts: 4,001	how do i hide or encrypt a java script? I have a javascript and want to hide or encrypt the source of it. Whats the easist way to do this?

09-21-2005, 10:32 AM	#4
emthree Dialer Kingpin Join Date: Jun 2003 Location: New York Posts: 10,816	cheater!!!!!!!!!!1 You encrypt js w/ js.. __________________ • Sell Patches & Pills •

09-21-2005, 10:51 AM	#7
gornyhuy Chafed. Join Date: May 2002 Location: Face Down in Pussy Posts: 18,041	you could also source it (script src=____) and then put htaccess restrictions on the src file so that the referrer has to come from your server.. That way they won't be able to read it inline and they wont be able to download the src file. __________________ icq:159548293

09-21-2005, 02:44 PM	#11
woj <&(©¿©)&> Industry Role: Join Date: Jul 2002 Location: Chicago Posts: 47,882	you can't, anyone that's been on the internet for more than 2 days will be able to decrypt no matter what you do in 5 mins... __________________ Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

09-21-2005, 10:27 AM	#2
leenks Registered User Join Date: Jun 2005 Posts: 17	You don't.

09-21-2005, 10:31 AM	#3
u-Bob there's no $$$ in porn Industry Role: Join Date: Jul 2005 Location: icq: 195./568.-230 (btw: not getting offline msgs) Posts: 33,063	javascript -> clientside. you can only obfuscate it...

09-21-2005, 10:47 AM	#5
mkx Confirmed User Industry Role: Join Date: Nov 2003 Location: Toronto Posts: 4,001	im not cheating, i am hiding the script i paid $50 for from other's trying to steal it it

09-21-2005, 10:48 AM	#6
Thurbs The Thrilla in Manila Join Date: Sep 2004 Location: Thurbs' Lagoon, Christmas Island Posts: 4,785	rewrite it into php and use config.inc to hide it =p

09-21-2005, 11:02 AM	#8
Coyote Drinker of Scotch Industry Role: Join Date: May 2003 Location: Texas Posts: 242	Once upon a time, a long time ago, I ran accross a script that I wanted to view. When trying to 'copy' the script to a temporary location in order to view it, I instead got an error that I was not authorized. Even though the script appeared in the temporary internet directory I was unable to access it. I believe the server admin had apparently setup the htaccess to only allow the script from the host url. At least on a winders box, you first have to copy the file from the temp inet dir to a location where you can view the content. That 'copy' attempt appears to retrieve the original file from the server, hence the htaccess solution. I don't know if this is correct because I never pursued it, nor tested it. But you rekindled my interest. I'd appreciate you lettin' me know if get it to work.

09-21-2005, 02:43 PM	#10
mkx Confirmed User Industry Role: Join Date: Nov 2003 Location: Toronto Posts: 4,001	bump 8

09-21-2005, 04:35 PM	#12
mkx Confirmed User Industry Role: Join Date: Nov 2003 Location: Toronto Posts: 4,001	how about the htaccess command

09-21-2005, 05:15 PM	#14
sleazybunny Confirmed User Join Date: Feb 2005 Location: uk Posts: 239	whats the internet again ????

09-21-2005, 05:53 PM	#15
gambino Confirmed User Industry Role: Join Date: Sep 2005 Posts: 2,326	The definite answer is: there is no 100% safe method for encrypting or hiding your javascript or html code. Why? These are scripting and markup languages which means that for any browser to understand, display and/or run them it MUST have the source, and if there is a way for the browser to get it, there sure is a way for a (experienced) user to get it! However, this doesn't mean that you can't make code-stealing (much) more difficult: 1) You can use javascript to disable the right mouse button (easily disabled in some browsers) 2) You can use the .htaccess file to limit the referer (again, some browsers can fake the referer variable, or a simple php script will do the trick of fooling the server that the allowed referer was used) 3) You can encrypt your script using a javascript function, add the encrypted script along with a decryption function to your html, but have that function written 'escaped' and than just "eval(unescape(name_of_your_decrypting_function)); " -- If you want to see how this works look at the source of http://www.protware.com/e_demo.htm (Personally, I find this solution to take most time to 'break' especially is customized encryption script is used, but again a not so complex js will "decrypt" this in a snap) ...) can't think of any more right now Using 1+2+3+... obviously is the best solution if you're willing to spend that much time on hiding the code. Besides, if you bought that code, there is probably hundreds of other sites where someone can find that code -- this is actually something the maker/owner of the code should worry about. Regards