Decrypt the VKontakte page code. Encryption of HTML code
This article is an addition to the article about deobfuscation of scripts. Here we will consider the basic principles of encryption and packaging, weak points of protection, methods of manual removal, as well as universal tools for automatic removal of packers and hinged protection from JavaScript scripts. More and more lately source scripts is encrypted or packed. Yandex, DLE and other popular projects began to get involved in this, and beautiful stories about "taking care of users", "saving traffic" and other nonsense look very funny. Well, if someone has something to hide, then our task is to bring them to clean water.
Let's start with theory. Due to the peculiarities of JavaScript execution, all encryptors and packers, despite their diversity, have only two algorithm options: or as an option: The second method is most often used to protect the source html code of the page, as well as various Trojans to inject into the page malicious code, such as a hidden frame. Both algorithms can be combined, the "tricks" and the complexity of the decryptor can be any, only the principle itself remains unchanged.
In both cases, it turns out that the functions eval() and document.write() fully decrypted data is transmitted. How to intercept them? Try to replace eval() on the alert(), and in the MessageBox that opens, you will immediately see the decrypted text. Some browsers allow you to copy text from MessageBoxes, but it's better to use this semi-automatic decoder:
- < html >
- < head >< title >JavaScript Decoder
- < body >
- < script type = "text/javascript" >
- // Function for writing decryption results to the log
- function decoder(str)(
- document. getElementById("decoded"). value += str + "\n" ;
- < textarea id = "decoded" style = "width:900px; height:500px;" >
- < script type = "text/javascript" >
For example, let's take some script from Yandex, looking at the source code, we see something unhealthy:
Eval(function(p,a,c,k,e,r)(e=function(c)(return(c
"".replace(/^/,String))(while(c--)r=k[c]||e(c);k=)];e=function()(return"\w+"); c=1);while(c--)if(k[c])
p=p.replace(new RegExp("\b"+e(c)+"\b","g"),k[c]);return p)("$.1e
.18=8(j)(3 k=j["6-9"]||"#6-9";3 l=j["6-L"]||".uL";3 m=j ["6-L-17"]
||"";3 n=j["1d"]||0;$(5).2(".6-9").14("7");$(5).2(".6 -9").Z("7",8(
)(3 a=$(5).x();3 o=$(5).x();3 h=$(5).B("C");$(5).v("g -4");$(5).16(
$(k).q());3 t=$(o).2("15");3 c=$(o).2(".br");3 d=$(o).2 ("".b-12");
[the rest of the same nonsense cut off]
I must say right away that this script is processed by JavaScript Compressor, it is easy to recognize it by its signature - the characteristic name of the function at the beginning of the script. Copy the entire source text of the script, replace the first eval on the decoder, paste it into the decoder and save it as an html page. Open it in any browser and see that the unpacked script immediately appeared in the textarea. It's too early to rejoice, it removed all line breaks and code formatting. How to deal with this is written in the article about deobfuscation.
Second example. Here is the html page covered HTML program protector. This is a page that demonstrates the capabilities of the program, so all options are involved: blocking selection and copying of text, prohibiting the right mouse button, protecting pictures, hiding the status bar, encrypting html code, etc. We open the source code, we look. At the very top is the already familiar document.write and encrypted script. We run it through the decoder, we get the function of decrypting the main content:
Code (JavaScript) :
- hp_ok = true ;function hp_d01 (s )( ... cut ... o = ar . join ("" )+ os ; document . write (o )
We replace the last document.write in the function with decoder and insert all three remaining encrypted scripts after it:
- < script type = "text/javascript" >
- // Paste the encrypted script here, preliminarily
- // replace all calls to eval() and document.write() in it with decoder().
- hp_ok = true ;function hp_d01 (s )( .... o = ar . join ("" )+ os ; decoder (o );
- hp_d01(unescape(">QAPKRV%22NCLEWC ....
- hp_d01(unescape( ">QAPKRV%22NCLEWCEG? HctcQa ...
- hp_d01(unescape( ">`mf(%22`eamnmp? !DDDDDD %22v ...
For convenience, the scripts are not given in the article in full, but you must copy them in their entirety. We open the decoder in the browser and see the security scripts added by the program and the decrypted source text of the page. For convenience, you can decrypt only the third script, which contains the html code of the page. That's all protection. As you can see, nothing complicated. Similarly, other protections of html pages are removed.
Let's move from manual decryption to automatic. To remove protections of the first type, I slightly modified the Beautify Javascript script already known to you and compiled it into an exe file. It handles most of the JavaScript protections and wrappers I've seen with no problems.
Eval.JavaScript.Unpacker.1.1-PCL.rar (12,124 bytes)
For more complex cases, heavy artillery will have to be used. This free project, designed to investigate Trojans and other malicious code. Since all copyright protection programs are unambiguously malicious, Malzilla will help us in the fight against them. Download (today it is 1.2.0), unpack, run. Open the second Decoder tab, paste the code of the encrypted script into the top window, press the button run script.
In the folder eval_temp all results of execution of eval() functions are summed up, including intermediate ones. You can view them by clicking on the button. Show eval() results, the text will open in the lower window. It can be copied, pasted into the top window and immediately formatted with the click of a button format code. In addition to the decoder, Malzilla has many more tools and settings that allow you to easily remove any protection from JavaScript scripts.
You can also pay attention to another free tool for working with encrypted scripts - FreShow. There are fewer functions in it, but it is quite the place to be. From offsite you can download a demo video showing an example of working with the program.
As you can see, there is nothing difficult in removing protection from JavaScript scripts and from html pages. Do you still continue to defend your filthy "author rights"? Then we go to you!
1 voteGood day, dear readers of my blog. Sometimes you find some beautiful feature on the site and the question begins to torment how the creator achieved such an interesting effect.
It turns out the answer is pretty easy. And if you have some skills, you can collect a lot of such chips and create your own unique website in a short time.
Today we will talk about how to open the page code, certain element and learn how to use this skill to your advantage.
Basic knowledge about code
My site is for beginners and first I would like to briefly talk about sites and code in general.
To draw a picture, then cut it into small pieces, write code, thanks to which the browser will again collect all the elements into a single whole. Everything seems to be very complicated, doesn't it? Not at all, and it's not worth worrying about it.
That's how quality websites are built. If you want - get into this business and study, there is no desire - no one can force you.
I can only say one thing... there is nothing more pleasant than to see how incomprehensible words written by you are transformed into a single whole and come to life: links work, buttons move, pictures move, text crawls. I think I know how Victor Frankenstein felt.
When you begin to comprehend the secret language and see that everything is actually much simpler than it seemed initially, you cannot but believe in your own powers and capabilities of the brain. It is very cool.
How are websites made? Ideally, first. He's just painting a picture. For example, as shown in the figure below. So far, this is just an image, a photograph. No links work, when you click you do not go anywhere, the search is not carried out.
According to this drawing. Look at the screenshot below. You may think that this is a ridiculous and very complex set of characters. In fact, everything is not so difficult, there is a certain algorithm.
There are only about 150 tags and each of them is responsible for a specific action: link, transfer, bold, color, title, and so on. Understanding them is not so difficult if you have the desire and do not mind the time.
Thanks to the knowledge of these attributes, almost any problem can be solved. Here are just ways to achieve the goal, each developer finds his own.
Experienced creators immediately see how to achieve results, while others have to think, look for an answer in articles or in the source code of competitors. They simply take the necessary part on a third-party site and edit it for themselves. This significantly shortens the work process.
A little later, I will show you a specific example.
View code
So, let me first show you how to proceed if you need to learn someone else's html. Then we will take a closer look at all the other issues.
The best way
The method that I will describe first is a little complicated for beginners, but as an introduction, read on. Open the page and click on the right mouse button. Select "Save As..."
Save the entire web page. As you can see in the screenshot, I have already downloaded everything in advance. Here we have two folders.
Everything you need is here. Every element. If you understand this, you can quickly get everything you need. But, such a task is increasingly becoming impossible. Download is not carried out. What to do if it is forbidden to copy the page?
It's google chrome
As you may have noticed, I most often use Google Chrome and learn someone else's code in this browser as easy as shelling pears. As in principle and in any other. The scheme will not be similar, but identical. We open the page whose code we want to know, and click anywhere with the right mouse button. In the window that appears, click "View page code".
A sheet of code will open in a new window, which is quite difficult for a beginner to understand. But, do not be afraid ahead of time.
If you need to know the code of only one element, just hover over it with the mouse and right-click. We select another chrome function: "View element code".
For example, I might be interested in how the logo was made, using a picture or a programming language? After all, you can draw a square with css help. Many experts advise writing as much information as possible in code. And how do popular sites work?
Here is the information you need. Top html, bottom css. These are two languages. The first is responsible for the text component, and the second for the design. If there was no css, then you would have to prescribe the color, font size each time. For each page, it is very long. But if there was no html, then we would not have texts. Roughly explained, but in general, everything is so.
By the way, if you are interested in how it works here, you can see the link to the picture below. Here is your answer.
Mozilla Firefox
If you like to work in a muzzle, then everything will be exactly the same. Open the page and click on the right mouse button. "Page source code" if you want to see the entire code.
When you hover over an element, you can open its code.
Here the data is displayed at the bottom of the screen, but everything else is exactly the same.
Yandex browser
In the Yandex browser, everything is exactly the same as in the previous two options, open the page, right-click, see the page code.
We hover over the element if we want to find out exactly its code.
Everything is displayed here in the same way as in chrome.
Opera
And finally, Opera.
By the way, you may have noticed that it is not necessary to use the mouse. To open the code, there is a quick keyboard shortcut and for all browsers it is the same: CTRL+U.
For elements: Ctrl+Shift+C.
This is what the result looks like.
It will be interesting for beginners
Now see how it all works. You find a site and you really like some element. For example, this one. You already know how to open the element code.
Now copy it.
I use , I paste this code into a new html file, in the body tag (body in English).
Now let's see how it all looks in the browser.
Ready. In order for the text to be aligned at the edges and acquire a greenish color, you need to connect css to this document and copy one more code from the site from which we stole this one.
Now I won't do it. It takes more time: both mine and yours. I think that I will describe all the details in my future publications. Subscribe to the newsletter and be the first to know when an article appears.
If you can’t stand it, but you want to learn more about html and css right now, then I can traditionally recommend you free training courses.
Here are 33 lessons that will allow you to master html - "Free HTML Course" .
And here full information about css - "Free CSS Course (45 Video Lessons!)" .
Now you know a little more. I wish you success in your endeavors. See you soon!
The article will discuss the basic principles encryption and packaging, weak points of protection, manual removal methods, as well as universal tools for automatic removal of packers and hinged protection from scripts JavaScript.
Hidden text
Recently, more and more often the source code of scripts is encrypted or packaged. Yandex, DLE and other popular projects began to get involved in this, and beautiful stories about "taking care of users", "saving traffic" and other nonsense look very funny. Well, if someone has something to hide, then our task is to bring them to clean water.
Let's start with theory. Due to the peculiarities of JavaScript execution, all encryptors and packers, despite their diversity, have only two algorithm options:
Var encrypted="encrypted data";
decrypt(str) (
}
// Execute the decrypted script
eval(decrypt(encrypted));
or alternatively:
var encrypted="encrypted data";
decrypt(str) (
// decrypt or decompress function
}
// Display the decrypted data
document.write(decrypt(encrypted));
The second method is most often used to protect the source html code of the page, as well as various Trojans to inject malicious code into the page, such as a hidden frame. Both algorithms can be combined, the "tricks" and the complexity of the decryptor can be any, only the principle itself remains unchanged.
In both cases, it turns out that the functions eval() and document.write() fully decrypted data is transmitted. How to intercept them? Try to replace eval() on the alert(), and in the opened MessageBox"You will immediately see the decrypted text. Some browsers allow you to copy text from MessageBox"ov, but it's better to use this semi-automatic decoder:
For example, let's take some script from Yandex, looking at the source code, we see something unhealthy:
eval(function(p,a,c,k,e,r)(e=function(c)(return(c
"".replace(/^/,String))(while(c--)r=k[c]||e(c);k=)];e=function()(return"\w+"); c=1);while(c--)if(k[c])
p=p.replace(new RegExp("\b"+e(c)+"\b","g"),k[c]);return p)("$.1e
.18=8(j)(3 k=j["6-9"]||"#6-9";3 l=j["6-L"]||".uL";3 m=j ["6-L-17"]
||"";3 n=j["1d"]||0;$(5).2(".6-9").14("7");$(5).2(".6 -9").Z("7",8(
)(3 a=$(5).x();3 o=$(5).x();3 h=$(5).B("C");$(5).v("g -4");$(5).16(
$(k).q());3 t=$(o).2("15");3 c=$(o).2(".br");3 d=$(o).2 ("".b-12");
[the rest of the same nonsense cut off]
I must say right away that this script is processed by JavaScript Compressor, it is easy to recognize it by its signature - the characteristic name of the function at the beginning of the script. Copy the entire source text of the script, replace the first eval on the decoder, paste it into the decoder and save it as an html page.
We open it in any browser and see that the unpacked script immediately appeared in the textarea. It's too early to rejoice, it removed all line breaks and code formatting. How to deal with this is written in.
Second example. Here is an html page covered with HTML Protector. This is a page that demonstrates the capabilities of the program, so all options are involved: blocking selection and copying of text, prohibiting the right mouse button, protecting pictures, hiding the status bar, encrypting html code, etc. We open the source code, we look. At the very top is the already familiar document.write and encrypted script. We run it through the decoder, we get the function of decrypting the main content:
hp_ok=true;function hp_d01(s)( ...cut... o=ar.join("")+os;document.write(o)
We replace the last one in the function document.write on the decoder and paste after it all three remaining encrypted scripts:
For convenience, the scripts are not given in the article in full, but you must copy them in their entirety. We open the decoder in the browser and see the security scripts added by the program and the decrypted source text of the page. For convenience, you can decrypt only the third script, which contains the html code of the page. That's all protection. As you can see, nothing complicated. Similarly, other protections of html pages are removed.
Let's move from manual decryption to automatic. To remove protections of the first type, I slightly modified the Beautify Javascript script already known to you and compiled it into an exe file. It handles most of the JavaScript protections and wrappers I've seen with no problems.
Eval JavaScript Unpacker 1.1
Eval.JavaScript.Unpacker.1.1-PCL.zip(12,073 bytes)
For more complex cases, heavy artillery will have to be used. This is a free Malzilla project designed to investigate Trojans and other malicious code. Since all copyright protection programs are unambiguously malicious, Malzilla will help us in the fight against them. Downloading latest version (today it is 1.2.0), unpack, run. Open the second Decoder tab, paste the code of the encrypted script into the top window, press the button run script.
There are fewer functions in it, but it is quite the place to be. From offsite you can download a demo video showing an example of working with the program.
As you can see, there is nothing difficult in removing protection from JavaScript scripts and from html pages. Do you still continue to defend your filthy "author rights"? Then we go to you!
Beneath all the beautiful images, perfect typography, and wonderfully placed calls to action is your site's source code.
Every day, your browser turns this code into impressive pages for your visitors and customers.
Google and other search engines "read" this code to determine where your web pages should appear in their indexes for a given search query.
Therefore, it is very important for search engine optimization(SEO) has what is in the source code.
This quick guide will show you how to read your site's source code so you can be sure your SEO is correct and teach you how to check your SEO terms.
We'll also look at a few other situations where knowing how to view and examine major parts of the source code will help with other marketing research.
How to view source code.
The first step in checking your site's source code is to look at the actual source code. Any web browser makes this easy.
Below are the keyboard commands to view the source code of your web page for PC and Mac.
- Firefox - CTRL + U (Hold down the CTRL key and press the "U" key) Alternatively, you can go to the "Firefox" menu, then click "Web Developer" and then "Page Source".
- Internet Explorer- CTRL + U. Or click right click mouse and select "View Source".
- Chrome - CTRL + U. You can click on the image of a key with three horizontal lines in the upper right corner. Then click on "Tools" and select "View Source".
- Opera - CTRL + U. You can also right-click on a web page and select "View Page Source."
Mac
- Safari - Keyboard shortcut Option + Command + U. You can also right-click on a web page and select Show Page Source.
- Firefox - You can right-click and select "source" or you can navigate to the "Tools" menu, select "Web Developer", and click "Page Source." Keyboard shortcut Ctrl+U.
- Chrome - Go to "View" then click "developer" and then "View Source". You can also right-click and select View Page Source. Keyboard shortcut Option+Command+U.
Once you know how to view source code, you must know how to search it.
Generally, the same search features that you use in normal web browsing apply to source code searches as well.
Commands, CTRL + F (find) will help you quickly view the source code of important SEO elements.
Title tags.
The title tag is the most important element of SEO. This is the most important thing in the source code.
If you are going to take only one valuable thing from this article, pay attention to this:
You know, these are the results Google provides when you search for something.
All of these results come from the title tags of web pages. So if you don't have title tags in your source code, you might not show up on Google (or any other search engine).
Believe it or not, I have actually seen websites without title tags. Let's try to do a quick Google search for the term " Marketing Guides". What we see: 
You can see the first search result for the blog KISSmetrics chapter Marketing Guides.
If we follow the link of the first search result and view the source code of the page, we can see the tag in the title: 
The title tag is indicated by the opening tag: