Hi all,
Don't know how many out there actually use HTA's, but I do, and am
looking at protecting javascript code associated with one I look after.
This HTA runs of a network drive, not a webpage.
Basically I've read that it's possible to compile js files and the like
to a "Resource file", and then access it using a call to the res://
protocol.
The trouble is I can't find any information on where to get the
resource compiler from, and how to actually create this resource dll,
does anyone know how to do this, or where I can get a tutorial to step
me through this.
I basically want to protect my js code (at least superficially) from
prying users. Because of the code complexity (the generates html
pages), I've had no luck with obfuscation, and it tends to break the
code irreparably.
Thanks for any help
Mike 15 6084
runonthespot wrote: Hi all,
Don't know how many out there actually use HTA's, but I do, and am looking at protecting javascript code associated with one I look after.
This HTA runs of a network drive, not a webpage.
Basically I've read that it's possible to compile js files and the like to a "Resource file", and then access it using a call to the res:// protocol.
The trouble is I can't find any information on where to get the resource compiler from, and how to actually create this resource dll, does anyone know how to do this, or where I can get a tutorial to step me through this.
I basically want to protect my js code (at least superficially) from prying users. Because of the code complexity (the generates html pages), I've had no luck with obfuscation, and it tends to break the code irreparably.
Thanks for any help Mike
If the browser compatibility is not an issue, you may use Microsoft
Script Encoder. It's not some long-key enscription, but still times
better than any home made obfuscator.
<http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en>
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/seusingscriptencoder.asp>
Alas, I've tried it but get an incomprehensible
"Script encoding failed" when I attempt to encode my js files.
I flailed around the net a bit, but haven't been able to find any
resource that gives me enough information to work out what I should be
looking for in my js pages that would make it fail.
.... but thanks for the suggestion!
Any idea where I can find a guide as to why/where the encoder might
fail, so I could potentially fix it?
Regards,
Mike
> Alas, I've tried it but get an incomprehensible "Script encoding failed" when I attempt to encode my js files.
Strange, it works just fine for me. Check your syntacs again:
<html>
<head>
<title>Microsoft Encoder Test</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<script language="JScript.Encode" src="sourceEncoded.jse"></script>
</head>
<body bgcolor="#FFFFFF">
</body>
</html>
1) You must to use language declaration strictly this way:
language="JScript.Encode"
2) You have to manually assign .jse extention to ecoded file:
screnc plainScript.js encodedScript.jse
As sucky Google News seems do not allow attachments, I put all relevant
files here:
<http://www.geocities.com/schools_ring/EncodingTest.zip>
Google groups is a bit sucky, but at least I can access it from work
:-)
That worked fine, but the problem for me occurs in the encoding process
itself.
Using the Windows Source Encoder, and from the command line running the
code comes up with
"Encoding failed" when trying to create the jse file in the first
place. I can't seem to find anything on the net that explains the
limitations of the encoder.
Interestingly, I couldn't even compile the original source file you
provided ... I guess this is some kind of encoder failure on my box...
(Windows 2000, SP4)
"Scripting encoder object ("Scripting.Encoder") failed on
c:\test\sourcePlain.js"
Thoughts?
Thanks for the trouble you're going to!
Aha!
Bingo. I figured out after some trawling that it might be a version
issue, and installed Windows Scripting Host 5.1, which seems to have
fixed the encoder.
Installing 5.5 on top of that and it still works-- must have been
something in 5.1 forgotten in 5.5...
Thanks for your help!
runonthespot wrote: Google groups is a bit sucky, but at least I can access it from work :-)
That worked fine, but the problem for me occurs in the encoding process itself. Using the Windows Source Encoder, and from the command line running the code comes up with "Encoding failed" when trying to create the jse file in the first place. I can't seem to find anything on the net that explains the limitations of the encoder.
Interestingly, I couldn't even compile the original source file you provided ... I guess this is some kind of encoder failure on my box... (Windows 2000, SP4)
"Scripting encoder object ("Scripting.Encoder") failed on c:\test\sourcePlain.js"
Thoughts?
There is a number of "pseudo-screnc" programs in the Internet. Some
amateurs are hiding their home made obfuscators under the "loud name"
of the Microsoft product.
1) So first of all make sure thay you're using THAT screnc.exe. Go to
the address below and obtain a copy of the latest version. It's free
but requires a legal copy of Windows (runtime check will be done). I
hope it's not a problem? ;-)
Even if you are absolutely sure that you have THAT screnc, still
install the right copy from the scratch, please.
<http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en>
2) screnc is a DOC program, no Windows-interface is provide. To make
your future life easier, install it to some 8.3-compliant path.
c:\screnc would be a good choice.
3) Unpack my zip to c:\screnc and remove sourceEncoded.jse
4) Now run MS-DOS prompt and type:
cls<enter>
cd c:\screnc<enter>
screnc sourcePlain.js sourceEncoded.jse<enter>
sourceEncoded.jse should appear in your c:\screnc\ directory.
Tell me if it fails.
Thanks for the trouble you're going to!
No problem, I'm just charing what I already used for a while.
Plus *sometimes* I'm getting some sadistic plesure to talk about things
no one but IE can do :-)
Hi,
I too use HTA's a lot and use a resource DLL to store all my script
files and images.
To create a resource DLL you have to create a resource description
file. Then compile this file with a resource compiler which will give
you a .RES file. This file must be used in a linker to create a DLL
file. Check this website for the tools and more explanation. http://www.godevtool.com/
michael elias wrote: Hi,
I too use HTA's a lot and use a resource DLL to store all my script files and images.
To create a resource DLL you have to create a resource description file. Then compile this file with a resource compiler which will give you a .RES file. This file must be used in a linker to create a DLL file. Check this website for the tools and more explanation. http://www.godevtool.com/
And another bist of this kind (but this I never tried):
you may install the free Microsoft .NET Framework, it has JScript
compiler in it (jsc.exe) This way you can compile .js files into .exe
or .dll
But this is getting to much I guess...
>If the browser compatibility is not an issue, you may use Microsoft Script Encoder
A quick Google search will usually reveal lots of decoders on the
market, so it offers no protection.
Assuming you only want compatibility with IE, another alternative to
look at is a web-book compiler.
I use WebPacker from http://www.bersoft.com/webpacker/index.htm
It is paid for software but it does a good job - I am not on comission!
Hmnm thanks all.
I'll do some research on the resource compiler- at godev-- that looks
useful.
I'm not sure about JSC and .NET-- as unfortunately it's very
non-trivial to get the .NET runtimes installed in a corporate
environment.
Baconbutty, I guess rugged protection is not my issue-- I'm not running
from a browser nor using a webserver. I run this from a network
similar to an exe. The joy of HTA is the relative ease of development,
and being able to leverage a very complete presentation language (Well,
HTML isn't perfect, but it certainly is flexible enough for my needs).
The only issue with HTA's is that they are like html pages-- uncompiled
and readable to a user. I'm fairly confident that script encoding is
the answer here for me, but like the idea of resource compilation too,
dll's being like kryptonite to the average user...!
VK,
I have one last quick question about source encoder, now I've
thankfully solved the versioning issue--
How does one reference the functions in a script from outside of the
encoded bit?
Quite often I'd have something like
<script ... etc src="test.jse"></script>
<table>
<tr>
<td onclick = "xyz ()"> Where this function exists in test.jse
</td>
</tr>
</table>
But this now seems to fail?
One rough option would be to give td an id or other attribute and pick
up the click when it has bubbled up to the document.
e.f.
<td id=myTD></td>
document.onclick=function(eEvent)
{
var eClicked=(eEvent?)? eEvent.target: window.event.srcElement;
var sID=eClicked.id;
switch(sID)
{
case "myID":
xyz();
return;
break;
}
}
runonthespot wrote: VK, I have one last quick question about source encoder, now I've thankfully solved the versioning issue--
How does one reference the functions in a script from outside of the encoded bit?
Quite often I'd have something like
<script ... etc src="test.jse"></script> <table> <tr> <td onclick = "xyz ()"> Where this function exists in test.jse </td> </tr> </table>
But this now seems to fail?
Another specific of your installation?
<http://www.geocities.com/schools_ring/encodingTest2.zip>
Works just fine for me. Does it for you?
About the possibility to decode the encoded source: of course "caring
people" already provided decoders and you can get them from the
Internet.
There are not unbreakable codes. It's all the question of knowledge,
time and resources.
Still as I said it's times better than some escape()/no-space
obfuscator.
There is also another fine detail here: script encoded with Microsoft
screnc falls under the category of "compiled code".
So if anyone uses a decoder to reach your source code, it's called
"reverse engineering with intention to bypass license limitations".
The difference between this and simple use of a 3rd party .js file is
like between an armed robbery and a shop lifting. So in this case your
rights are much better protected. At least is some lawer places like
Bay Area or so :-)
.... um ... it works now :-)
Must have been some other unrelated coding problem. Yes-- the
difficulty to decompile (making it an explicit activity in this case)
is sufficient for my purposes.
It's actually a simple report generator, and frankly, would be easier
to circumvent by simply faking the report...
It's been fun too-- a versatile solution based on javascript generated
XSLT templates rendered in HTML-- it's provided a degree of flexibility
and extensibility that was perfect for its purpose.
Thanks for your help all. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: peter chan |
last post by:
java code protection- encrypted class
For encrypted class , if intercept point is added in the
classloader.defineClass() , all the class can be dumped,
a product -Jencoder can prevent it . Do...
|
by: Saso Zagoranski |
last post by:
Hi!
I have recently completed an application, written in C#.
When I opened one of the files with a hex editor I was amazed by the
lack
of protection for the assemblies.
My application uses SQL...
|
by: Paul Aspinall |
last post by:
Hi
Does anyone know if there are to be any improvements in Obfuscation / code
protection in .NET 2.0??
Will there be a better 'bundled' obfuscator??
I don't want to buy an obfuscator now,...
|
by: Boni |
last post by:
Dear all,
in order to protect my assembly component from decompilation I implemented
following schema:
I created mixed mode C++ project wich has managed cProxy class and unmanaged
cMemLoader....
|
by: guoqi zheng |
last post by:
I often write some .dll component for other people. Because of CLR, I often
find easily access to all source code of my .DLL file by using some kind of
reflector.
Is there an easy to protect my...
| |
by: Dutt |
last post by:
..NET Obfuscation using Dotfuscator for Source Code Protection...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| | |