lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200303200928.h2K9S6iP093621@mailserver2.hushmail.com>
Date: Thu, 20 Mar 2003 01:28:06 -0800
From: <rain_song@...hmail.com>
To: bugtraq@...urityfocus.com
Subject: ProtWare "HTML Guardian" has pathetic "encryption"

For $40 or $70, ProtWare's "HTML Guardian" (http://www.protware.com)
claims to "encrypt html code and javascripts, [making] it impossible
to reuse them."  Unfortunately, "HTML Guardian" does not do anything
more than to obfuscate the HTML source code.  There is no encryption.
 In fact, the JavaScript that "encrypts" that data is included in the
HTML code at the end (just translate the HTML hex to HTML ascii).

Basically how it works is this:

original = abcdefgh
encrypted = acegbdfh

They simply take every other letter, smash them together, then append
the leftovers all into one string.  $70 encryption, woohoo!!

Attached is a Perl script that re-assembles their "encrypted" code. 
The script takes a file as input, and in that file is a modified version
of the HTML source code.  In this file, just have the big JavaScript
variable included from the HTML source code (minus the single quote characters).
 An example of this "encrypted" HTML can be retrieved from ProtWare's
demo page at http://www.protware.com/e_demo.htm.

Download attachment "protpop.pl" of type "application/octet-stream" (861 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ