nb_es004.html : Javascript encryption techniques

'; document.writeln(my_chunk); } } // -->

	<a target="_top" href="http://ad.doubleclick.net/jump/fc.us468/member/tech;abr=!ie;s1=m;s3=tech;pos=1;tag=i;sz=468x60;mtile=1;ord=2001?"><img src="http://ad.doubleclick.net/ad/fc.us468/member/tech;abr=!ie;s1=m;s3=tech;pos=1;tag=i;sz=468x60;mtile=1;ord=2001?" border=0 height="60" width="468"></a>

<A HREF="http://ad.doubleclick.net/jump/fc.us88/member/tech;abr=!ie;s1=m;s3=tech;pos=2;tag=i;sz=88x31;mtile=2; ord=3100?"><IMG SRC="http://ad.doubleclick.net/ad/fc.us88/member/tech;abr=!ie;s1=m;s3=tech;pos=2;tag=i;sz=88x31;mtile=2; ord=3100?" height=31 width=88 border=0></A>

<A HREF="http://ad.doubleclick.net/jump/fc.us88/member/tech;abr=!ie;s1=m;s3=tech;pos=3;tag=i;sz=88x31;mtile=3; ord=3101?"><IMG SRC="http://ad.doubleclick.net/ad/fc.us88/member/tech;abr=!ie;s1=m;s3=tech;pos=3;tag=i;sz=88x31;mtile=3; ord=3101?" height=31 width=88 border=0></A>

--> nb_es004.html : Javascript encryption techniques


javascript encryption methods : RC4	Hyper Java-script

Author : Laurent (the wizard) 02/11/1999

To speak in +Fravia's words :
I'm saddened that so few care to share their javascript-knowledge. Fortunately Laurent has sent a nice reversing essay. To your pens, you lazy scoundrels! There's so much to do and so little that is done...
Regards --- The Seeker

This page was originally based on one of Fravia's javascript page, where he used a Vigenere encryption. I have slightly modify it in order to implement another encryption method, RC4. I have also added an 'online encryptor/decryptor' you'll find somewhere below.
This technique of encryption is probably harder to reverse than the original vigenere one, but also offer another advantage in the way that the same code can be used to both crypt and decrypt.
For example, to make this page, I first used as ciphertext the string 'Choose another ...', then I applied the desired key to it in order to obtain a new ciphertext which, when decrypted with the same key, will return the original ciphertext.... I think this is called a symetrical technique, but I'm not sure of it.
Of course, I am not the author of RC4. I just used it once before in order to make a little javascript challenge for Sandman's site and just adapted it for Fravia's page and now for The Seeker's one. RC4 source code is available somewhere on the web. I could find it, so you probably can too :)

~ begin encrypted document ~ ~ end encrypted document ~

Your page may begin with an unencrypted header, followed by a section of script which contains five main elements:
1) a decryption function definition (try to follow the code); 2) a string -as long as you fancy- of encrypted text ("ciphertext"); 3) a few lines of code that prompt the user for a key; 4) a call to the decryption function using the ciphertext and key as parameters; 5) a write statement that outputs the string returned by the decryption function
The document ends with an unencrypted footer. However, you will not see the unencrypted text unless you enter the correct password. The "View Source" command won't help much, either, because the password is not contained in the source and the text is scrambled. Of course, you can encrypt your documents with nearly any encryption technique, as long as you are able to write the JavaScript code that decrypts it. To get you started, here is the basic scripting pattern you should use in JavaScript-decoded Web documents:

<script>

// Copy the ciphertext into a string variable:
text = "jdiownvuizsponmwe";

// Obtain a password from the user:
password = get_password ();

// Use the password to unscramble the text.
text = decode (text, password);

// Display the result in the document:
document . write (text);

</script>

With a correct password (used as key) decoded text will be written to the browser window. Otherwise, the output will look like garbage. If you are going to encrypt many pages of your site, you could store the decryption function in a separate JavaScript file that you can load automatically with each page by setting the src property of the <script> tag.

On-Line RC4 encrytor/decryptor
another way to use this encryption
Type your original (or crypted) text in the top window and the key you want to use. Press 'encode' button and you get the (de)crypted text in the lower window.
Can't find the correct key for the above encrypted text ? Well, just click on Sample and you'll get the correct key to decode it. Try it !
If you want to cut and paste the result back in the original window, simply click on the Invert button.
Click on one of the Preview button to see the result of your encryption in a separate window. Usefull in the case you embeed some tags in your text and want to see how it look like. As a side effect, it also allow you to quickly test the result of a tag :-)

This page is copyleft for your own experiment. Please send me any interesting stuff you may have done with it. All comments and critics are welcome too. Thanks.

choose your way out:

Fravia's (frozen) homepage

The Seeker's homepage

The javascript workshop

What's new

original :
Your key :
Result :