[LisaH]

Hello to all you Javascript Pros!

I have obtained the code to set the homepage and favorites of a webpage for anyone that simply loads the webpage containing
the following code (not complete as posted below, just the code found above the <html> tag and the header).

I will be happy to email you the rest of the code if you can help me crack this and understand the encryption scheme.

Thanks,

Lisa


<SCRIPT LANGUAGE="JavaScript"><!--
function dw(skey,msg) {document.write(codeIt(skey,msg));}var key = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!\"\ \|#$%&\'()*+,-.\/:;<=>?@[\\]^_\t\`{}~\n";function codeIt (mC, eS) {var wTG, mcH = mC.length / 2, nS = "", dv;for (var x = 0; x < eS.length; x++) {wTG = mC.indexOf(eS.charAt(x));if (wTG > mcH) {dv = wTG - mcH; nS = nS + mC.charAt(48 - dv);}else {dv = mcH - wTG;nS = nS + mC.charAt(48 + dv);}}return nS;}//--></SCRIPT><html>
<head>

[szarecor]

I really don't approve of scripts that meddle with users' homepage and favorites settings, but I took a look at your script because I love a challenge.

What the code you included does is this:
It takes two strings: one user defined and the string "key" defined by the author.

Then it steps through the first string and compares it to the second looking for a character match: "wTG = mC.indexOf(eS.charAt(x));"

When a character is matched, it is replaced with another character from the second string. This happens here:

dv = wTG - mcH;
nS = nS + mC.charAt(48 - dv);

As a result:

"dw(key,"A");" returns "["
"dw(key,"[");" returns "A"

Manipulating the number 48 in the above code and comparing results will help you understand what's going on.

That's all that happens in the code you included.

Hope this was a help.

[sLiPkNoT rUlEz]

BE WARNED:

• These scripts are *definetely* more likely to drive your visitors away
• These scripts will make your site disgustingly unprofessional. If you hand a potential employer an application for a web design job with the URL of a site that implements those kinds of scripts, you might as well kiss the job goodbye, as your employer probably will not want to use malicious scripting on their site(s).
• They will NOT work in a newer version of IE w/ security patches
• Handing the code out is also not a good idea, as it is malicious and holds amazing potential to do even more damage.
• Would YOU enjoy having your homepage changed by every site you visit? Please don't contribute to it.

I decoded it fine, but the decoded script is plain evil. WSH, FSO, and a security hack that involves an applet. Very mean stuff.

[LisaH]

szarecor,

I really appreciate your reply.

From what you indicated, there are 2 strings
and I would assume this this would be the
first string right?

0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!\

But what is the second string?

Would it be this:

|#$%&\'()*+,-.\/:;<=>?@[\\]^_\t\`{}~

And if so, I don't understand how 48 relates. Is this the number
of keys on the keyboard with characters that correspond
to numbers? I was looking at my computer keyboard and counted 47 keys with letters or characters
starting with the ~ and ending with the ?
so is the space key the 48th key?

Sorry I am such a novice but just trying to learn.

Thanks,

Lisa

[szarecor]

Lisa:

the first string is:

var key = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!\"\ \|#$%&\'()*+,-.\/:;<=>?@[\\]^_\t\`{}~\n";

the second string is defined by you. For example, try this:

dw(key,"hello world!");

It should return a string "runnkWckhnvY".
For kicks, you can unencode:

dw(key,"runnkWckhnvY");

should return the string "hello world!"

As for 48, it comes into play because it's approximately half of the length of the string "key". This is important because all the encoding does is replace a character with the character the same distance(number of characters) from the center of the "key" string. To observe this in action, try:

dw(key,"m");
This returns "m" because the char "m" happens to be the middle of string "key".

Likewise, if you try a character with a "distance" of 1 from the middle, either "l" or "n", the function will return the other char with a "distance" of 1: "n" or "l".

I hope this was helpful. If you play with the function dw() and observe the return values, it should help you understand what's going on.

[LisaH]

I really appreciate your help.

That clears it up and now I understand!

Take care!

Thanks,

Lisa