Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-18-2004, 05:50
tbone
 
Posts: n/a
MS script decoder

I don't think I've ever seen this used for anything besides virus propagation, but there's a "feature" in IE that lets you encode your java script or vbscript so that someone casually browsing through your page source can't see what your scripts do. A while back I got an an amusing little malicious email that that tried to ues this trick to hide its real purpose, so I tracked down a few script decoders to see what it was really supposed to do (if I had been using Outlook + IE).

Anyway, to make a long story short
http://www.virtualconspiracy.com/
has a script decoder. But more importantly, he also wrote a detailed paper on how he reversed the encoding scheme without reversing the decoder built into IE. It's an interesting read on beginner crypto reversing that illustrates the thought process well, and also gives a good example of why "security through obscurity" is largely a stupid idea.

He also has a little Perl script that fetches and rips the latest dilbert cartoon as a GIF file from the official web page
Reply With Quote
  #2  
Old 09-19-2004, 23:11
thebobbby
 
Posts: n/a
IMHO, "security through obscurity" is not such a stupid idea... Granted, it does not secure things that much... But it helps to keep honest people on the right side of the fence...

If i bury my gold in a field, anybody can take it, but i may hope to find it later... If i just leave it on the ground, there is almost no chance...

Now, that said, i must agree with the writter of this article regarding this script encoder... But anyway, the worse danger is, as always with security, to think you are protected.... As long as people are aware of that, i would recommend obscurity....
Reply With Quote
  #3  
Old 10-08-2004, 11:09
dphant
 
Posts: n/a
you can use srcenc to encode source java code and then use escape to exchange the encoded code to double the obscurity.
like this
<script language="JavaScript" type="text/javascript">
<!--
a1=unescape('%76%61%72%20%66%66%3D%66%75%6E%63%74%69%6F%6E%28%73%29%7B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%73%29%29%7D%3B');
newin=open("","Identity","");
newin.document.write(a1);
//-->
</script>
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[C++] ionCube 7 Decoder CryptXor Source Code 3 10-20-2021 08:42


All times are GMT +8. The time now is 09:47.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )