[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.javascript

JavaScript Packer + Password Protection

0ntariokingston

4/9/2015 10:52:00 PM

http://www.scriptcompress.com/scr... is a tool I made to kind of encrypt text (similar to ROT13 but only uses characters uses in your password) and JavaScript scripts. The pass word is never included in the script so it cannot be hacked or even unpacked!

When a script is run, a prompt will request a password.

I will be making it so the password field can be a domain name, so script will make sure it is on right site before it can run.

Please give comments about how to make this too better.

Hateful Trolls need not reply!
3 Answers

0ntariokingston

4/10/2015 5:22:00 AM

0

On Thursday, April 9, 2015 at 6:52:34 PM UTC-4, MASTER TROLL BAIT wrote:
> http://www.scriptcompress.com/scr... is a tool I made to kind of encrypt text (similar to ROT13 but only uses characters uses in your password) and JavaScript scripts. The pass word is never included in the script so it cannot be hacked or even unpacked!
>
> When a script is run, a prompt will request a password.
>
> I will be making it so the password field can be a domain name, so script will make sure it is on right site before it can run.
>
> Please give comments about how to make this too better.
>
> Hateful Trolls need not reply!

Now you can use the full page URL as password, but the password prompt has been replaced by a check of the pages web address and it is used for the password, so now the JavaScript will only run from that exact URL or the page will fail! You can also use the subdomain (like www) and/or domain (like site.com) so the script will run throughout your website.

Andreas Bergmaier

4/13/2015 10:47:00 PM

0

MASTER TROLL BAIT schrieb:
> On Thursday, April 9, 2015 at 6:52:34 PM UTC-4, MASTER TROLL BAIT wrote:
>> [?]
>>
>> The pass word is never included in the script so it cannot be hacked
or even unpacked!
>
> Now you can use the full page URL as password, but the password prompt has been replaced by a check of the pages web address and it is used for the password, so now the JavaScript will only run from that exact URL or the page will fail!

You're contradicting yourself here. The password might not be included
in the script code itself, but it is an intrinsic property of the
resource you are trying to protect. Everybody who accesses your script
does know your domain.

And yes, it can be trivially unpacked. Just open the console on that
page that uses the script, paste the script there and replace
`this[__]($$)` (in the end) by `console.log($$)`. Hit enter and the
"decrypted" code is printed.

Bergi

0ntariokingston

5/19/2015 1:36:00 AM

0

http://www.scriptcompress.com/scr... has a few different ways to protect your code and make it harder to see code. Please show actual samples if any issues.