0

i was checking if it is possible to actually encrypt html code or not. I found a place where they encrypt the HTML code in Javascript. I wonder how does it work or in what format can anyone please tell me ??

Actual code

<!DOCTYPE html>
<html>
<body>

<p>This is going to be encrypted.</p>
</body>
</html>

The encrypted HTML CODE

  <html>
<head>
</head>
<body>

<script type="text/javascript">
<!-- 
eval(unescape('%66%75%6e%63%74%69%6f%6e%20%69%31%64%62%33%31%39%65%38%61%66%28%73%29%20%7b%0a%09%76%61%72%20%72%20%3d%20%22%22%3b%0a%09%76%61%72%20%74%6d%70%20%3d%20%73%2e%73%70%6c%69%74%28%22%37%36%39%35%39%36%38%22%29%3b%0a%09%73%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%30%5d%29%3b%0a%09%6b%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%31%5d%20%2b%20%22%38%31%33%35%32%39%22%29%3b%0a%09%66%6f%72%28%20%76%61%72%20%69%20%3d%20%30%3b%20%69%20%3c%20%73%2e%6c%65%6e%67%74%68%3b%20%69%2b%2b%29%20%7b%0a%09%09%72%20%2b%3d%20%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%28%70%61%72%73%65%49%6e%74%28%6b%2e%63%68%61%72%41%74%28%69%25%6b%2e%6c%65%6e%67%74%68%29%29%5e%73%2e%63%68%61%72%43%6f%64%65%41%74%28%69%29%29%2b%2d%33%29%3b%0a%09%7d%0a%09%72%65%74%75%72%6e%20%72%3b%0a%7d%0a'));
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%69%31%64%62%33%31%39%65%38%61%66%28%27') + '%3b%21%46%51%44%56%59%5b%49%20%6e%75%79%6b%44%11%0e%3d%6a%72%78%6e%42%15%0f%36%61%77%66%7f%43%11%08%18%0c%3c%76%43%5e%6f%69%77%20%6e%77%26%62%73%6f%74%68%2a%73%77%22%66%6a%22%6d%79%67%76%79%71%7e%6c%62%30%3c%30%72%44%18%0c%3c%37%67%7b%63%79%40%13%0f%3e%37%63%76%73%6a%437695968%34%35%31%33%32%31%35' + unescape('%27%29%29%3b'));
// -->
</script>
<noscript><i>Javascript required</i></noscript>

</html>

You can try running in their file. It works with out any effort.So can anyone tell how did it encrypted. Or kind of encryption it is?

Improve this question
4
  • That looks like it's just hex encoding the characters. Ref: developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/… Commented Dec 21, 2017 at 19:21
  • 1
    Note that that is encoded not encrypted. Encoding isn't hard to get around Commented Dec 21, 2017 at 19:27
  • Out of curiosity, can you elaborate on why you feel the need to encode your html from your client? Commented Dec 21, 2017 at 19:27
  • 1
    Time to take a break and learn what encryption and encoding are and the difference between them. Commented Dec 21, 2017 at 19:52

4 Answers 4

Reset to default
2

This is known as URL-encoding or percent-encoding. It's easily reversible with JavaScript's unescape() method, as is seen here.

The first line decrypts to:

function i1db319e8af(s) {
    var r = "";
    var tmp = s.split("7695968");
    s = unescape(tmp[0]);
    k = unescape(tmp[1] + "813529");
    for( var i = 0; i < s.length; i++) {
        r += String.fromCharCode((parseInt(k.charAt(i%k.length))^s.charCodeAt(i))+-3);
    }
    return r;
}

The second line is split into three parts:

document.write(i1db319e8af('

;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215

'));

Combined as:

document.write(i1db319e8af(';!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215'));

This passes the string;!FQDVY[I nuykD=jrxnB6awfC <vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD <7g{cy@>7cvsjC76959684513215 into the i1db319e8af function as a function parameter, and then writes the result to the page.

The i1db319e8af function then takes this string, and splits it into two parts on 7695968. You then have a variable called tmp which contains two parts:

;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC
4513215

k (4513215) has the string 813529 added to it, which gets appended, causing the variable to be 4513215813529.

The function then loops over the length of ;!FQDVY[I nuykD=jrxnB6awfC <vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD <7g{cy@>7cvsjC, and returns what appears to be characters based on the position in characters in this string.

Note that this may return 12 characters or possibly more, given that it stops at the character for me, thinking it is invalid (a character that's not UTF-8).

Unfortunately I don't currently have access to a sandbox, so I can't step into this further. Hopefully this will give you the info you're looking for though :)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yes, this explain even though i still do not understand how this ;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC junk lookiing character becoming text. And what is 4513215 and 813529 these numbers. How these are generated
The string gets converted to characters with JavaScript's fromCharCode() method. The author would have worked out what the target string was, and what the required obfsucated string would be to get it. Those two numbers are both hard-coded into the source code itself; they're not generated at all. Well, it's possible that they're generated dynamically with something like PHP or C# on the back-end, though that would be unlikely, and they're certainly not generated in the JavaScript :)
2

Unescape operates upon hex character codes.

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/unescape

var myAwesomeHTMLString = "<p>Weeeee</p>";
var hexEncoded = '';

for (var i = 0; i < myAwesomeHTMLString.length; i++) {
  hexEncoded += '%'+ myAwesomeHTMLString.charCodeAt(i).toString(16);
}

console.log("'encoded': "+ hexEncoded);
console.log("'unencoded': "+ unescape(hexEncoded));

Improve this answer

2 Comments

That does not encode the character. But in that html code everything is encoded to something like ASCII or something i don't know
Hex, what you provided is hex code. As detailed by the unescape method I linked a doc to in the comments.
0

This would be very weak encryption as all that is required to decrypt is readily available in the browser, namely the unescape method.

Improve this answer

Comments

0 
script type='application/ld+json' class='yoast-schema-graph yoast-schema-graph--main'>{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://avormin.in/#website","url":"https://avormin.in/","name":"\u0909\u0924\u094d\u092a\u093e\u0926 \u0938\u092e\u0940\u0915\u094d\u0937\u093e","potentialAction":{"@type":"SearchAction","target":"https://avormin.in/?s={search_term_string}","query-input":"required name=search_term_string"}},{"@type":"ImageObject","@id":"https://avormin.in/arthrazex#primaryimage","url":"https://avormin.in/wp-content/uploads/2020/01/1-3.jpg","width":700,"height":300},{"@type":"WebPage","@id":"https://avormin.in/arthrazex#webpage","url":"https://avormin.in/arthrazex","inLanguage":"en-US","name":"Arthrazex \u091c\u094b\u0921\u093c\u094b\u0902 \u0915\u0947 \u0932\u093f\u090f: \u0938\u0942\u091c\u0928 \u0914\u0930 \u091c\u0932\u0928 \u0926\u0942\u0930 \u0915\u0930\u0924\u0940 \u0939\u0948. \u0938\u092e\u0940\u0915\u094d\u0937\u093e, \u092e\u0942\u0932\u094d\u092f, \u092f\u0939 \u0915\u0948\u0938\u0947 \u0915\u093e\u092e \u0915\u0930\u0924\u093e \u0939\u0948, \u0930\u091a\u0928\u093e, \u0915\u0939\u093e\u0902 \u0938\u0947 \u0916\u0930\u0940\u0926\u0947\u0902.","isPartOf":{"@id":"https://avormin.in/#website"},"primaryImageOfPage":{"@id":"https://avormin.in/arthrazex#primaryimage"},"datePublished":"2020-01-31T21:00:27+03:00","dateModified":"2020-01-31T21:00:27+03:00","author":{"@id":"https://avormin.in/#/schema/person/99c8a23bb122b30eb43f5f425a89e0af"},"description":"Arthrazex \u091c\u094b\u0921\u093c\u094b\u0902 \u0915\u0947 \u0932\u093f\u090f: \u0938\u0942\u091c\u0928 \u0914\u0930 \u091c\u0932\u0928 \u0926\u0942\u0930 \u0915\u0930\u0924\u0940 \u0939\u0948. \u0938\u092e\u0940\u0915\u094d\u0937\u093e, \u092e\u0942\u0932\u094d\u092f, \u092f\u0939 \u0915\u0948\u0938\u0947 \u0915\u093e\u092e \u0915\u0930\u0924\u093e \u0939\u0948, \u0930\u091a\u0928\u093e, \u0915\u0939\u093e\u0902 \u0938\u0947 \u0916\u0930\u0940\u0926\u0947\u0902."},{"@type":["Person"],"@id":"https://avormin.in/#/schema/person/99c8a23bb122b30eb43f5f425a89e0af","name":"author2","image":{"@type":"ImageObject","@id":"https://avormin.in/#authorlogo","url":"https://secure.gravatar.com/avatar/2696bbcbc2e8deeea6af0e36de8e159d?s=96&d=mm&r=g","caption":"author2"},"sameAs":[]}]}</script>
Improve this answer

2 Comments

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.