Decoding html pages

Santander · Oct 23, 2008

how to decode HTML pages encoded like this:
http://www.long2consulting.com/seeinaction2008/Simplicity_Beach_table/index.htm
Is there script that will do this automatically and generate normal fully
readable HTML?

Santander

Bart Van der Donck · Oct 23, 2008

Santander said:
how to decode HTML pages encoded like this:
http://www.long2consulting.com/seeinaction2008/Simplicity_Beach_table/index.htm
Is there script that will do this automatically and generate normal fully
readable HTML?

It can be decrypted with relatively little effort. Line 5 is the
percent-encoding of (line-ends and intervals added):

<SCRIPT LANGUAGE="JavaScript">

</SCRIPT>

Info:
http://en.wikipedia.org/wiki/Percent-encoding

Function 'hp_d01' takes the square number of the character code when
it's below 128. For a decryption, this operation can be reversed by
taking the square root, eg. Math.sqrt(64).

Hope this helps,

Santander · Oct 23, 2008

well, I've decoded the very top part of script:

<SCRIPT LANGUAGE="JavaScript"></SCRIPT>

but it tells me nothing though. How to decode the rest part of page? any
automated tool/script availble?

Gregor Kofler · Oct 23, 2008

Santander meinte:

how to decode HTML pages encoded like this:
http://www.long2consulting.com/seeinaction2008/Simplicity_Beach_table/index.htm

Is there script that will do this automatically and generate normal
fully readable HTML?

LOL. Tells me something about both the authors of this page and you as
the upcoming hakk3r...

Just have a look at "generated source" with FF's web developer
extension, or inspect the page with Firebug.

Gregor

Gregor Kofler · Oct 23, 2008

Gregor Kofler meinte:

Santander meinte:

LOL. Tells me something about both the authors of this page and you as
the upcoming hakk3r...

Forget my above posting. Working with the mentioned tools without the
experience can lead to a complete loss of data and system crashes.
Seriously.

I do have an offer here: Get the full and completely disclosed template
for, say, 40 bucks? Perhaps you're interested in a few more templates?
Bulk discounts are negotiable...

Gregor

Santander · Oct 23, 2008

yes, I find this. But how to use this key? Just tried insert that script
into page header section and run, not help, strange.
any ideas? Automated tool encode/ decode?

S.
---------

Bart Van der Donck said:
Santander said:

how to decode HTML pages encoded like this:
http://www.long2consulting.com/seeinaction2008/Simplicity_Beach_table/index.htm
Is there script that will do this automatically and generate normal fully
readable HTML?

Click to expand...

It can be decrypted with relatively little effort. Line 5 is the
percent-encoding of (line-ends and intervals added):

<SCRIPT LANGUAGE="JavaScript">

</SCRIPT>

Info:
http://en.wikipedia.org/wiki/Percent-encoding

Function 'hp_d01' takes the square number of the character code when
it's below 128. For a decryption, this operation can be reversed by
taking the square root, eg. Math.sqrt(64).

Hope this helps,

Santander · Oct 23, 2008

any *positive* ideas? if not - no probs.. I already decode 1/2 and even
without your valuable help..

S.
------

Gregor Kofler · Oct 23, 2008

Santander meinte:

any *positive* ideas? if not - no probs.. I already decode 1/2 and even
without your valuable help..

Must be tough, since you've problems perhaps not with reading, but
definitely with *understanding*. Just have a look at the "generated
source" in FF's "web developer extension" (or a similiar tool, Firebug
and I suppose Opera Dragonfly works, too).

Since you are posting with Outlook Express, and are raiding a web site
offering templates for FrontPage and Expression Web, you've probably
never heard of alternatives to IE...

To be even mor constructive: here's the complete source. This time for
free [1]. Make sure to scroll to the bottom...

Gregor

[1]
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en"><head>


<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252"><script language="JavaScript"></script><script
language="JavaScript"></script><script
language="JavaScript"></script><script
language="JavaScript"></style>');if(navigator.appName.indexOf('Internet
Explorer')!=-1&&(navigator.userAgent.indexOf('MSIE')==-1||document.all.length==0))hp_ok=false;if(document.all)document.write('<link
rel=stylesheet type="text/css"
href="hp_null.css">');//--></script><style type="text/css"
media="print"></style>
<title>Home</title>

<meta name="description" content="website template">
<meta name="keywords" content="website, template, long2 consulting">
<meta name="owner" content="">
<meta name="copyright" content="">

<meta name="author" content="YourNameHere">
<meta name="rating" content="General">
<meta name="revisit-after" content="7 days">
<link rel="stylesheet" type="text/css" href="styles.css">
</head><body><noscript>To display this page you need a browser with
JavaScript support.</noscript><script language="JavaScript"></script>
<div id="wrapper">
<table>
<tbody><tr>
<td id="header1"><div class="headercontent">


Company Name

</div></td>
</tr>
<tr>
<td id="topnav">

<div class="topnavlinks">
<a href="index.htm">Home</a>
<a href="faqs.htm">FAQs</a>

<a href="store.htm">Our Store</a>
<a href="layout1.htm">Layout 1</a>
<a href="layout2.htm">Layout 2</a>
<a href="layout3.htm">Layout 3</a>
<a href="gettingstarted.htm">Getting Started</a>
</div>

</td>
</tr>
</tbody></table>
<table class="bodytable">
<tbody><tr>

<td id="body2"><div class="body2content">

<div class="menuheader1"><a href="#">Main Menu</a></div>
<div class="sidelinks">
<a href="index.htm">Home</a>

<a href="faqs.htm">FAQs</a>
<a href="services.htm">Services</a>
<a href="contactus.htm">Contact Us</a>
</div>

<div class="menuheader1"><a href="store">Our Store</a></div>
<div class="sidelinks">
<a href="product1.htm">Product 1</a>

</div>

<div class="menuheader1"><a href="#">Layouts</a></div>
<div class="sidelinks">
<a href="layout1.htm">Layout 1</a>
<a href="layout2.htm">Layout 2</a>
<a href="layout3.htm">Layout 3</a>
</div>

<div class="menuheader1"><a href="#">Template Info</a></div>

<div class="sidelinks">
<a href="gettingstarted.htm">Getting Started</a>
<a href="typography.htm">Typography</a>
</div>
</div>
</td>
<td id="body1"><div class="body1content">
<h2>This template features...</h2>
<ul>

<li>A <b>starter web template</b> to help you create
a new web site. You may easily add your own content
and more pages.</li>
<li><b>Designed for 1024 X 768.
Three layouts - 1, 2, and 3 columns.</b></li>
<li><b>Table-based layout</b> for easy use in
FrontPage 2002 and 2003. This template can also be
used with Expression Web.</li>
<li><b>Include pages</b> are used for company name,
navigation links, news, and copyright for your
editing convenience.</li>

<li>Tested in recent browsers: Internet Explorer 6,
Netscape 7+, Opera 9, and FireFox.</li>
<li><b>Validated</b> XHTML 1.0 strict, CSS. Priority 1 and 2
WCAG 1.0 and Section 508 accessible.</li>
</ul>
<h2>Cascading Style Sheets</h2>
<p>This template uses tables and CSS for the layout. Because the
FrontPage "design view" is not as sophisticated at displaying CSS
properly, the heading fonts will seem very large. This
can be frustrating if you are used to getting a good "preview"
of what your site looks like, but you'll find that it is almost
just as easy to keep previewing your site in a browser as you
make changes. You will still be able to edit your text and add
content as you normally would; after you save, go to File >
Preview in Browser to view your site in a browser and make sure
that it really looks as it should.</p>

<p>Also, occasionally FrontPage's Normal/Design view may "lose" the
formatting. When this happens, just press "F5" to refresh the view and
the styles will return.</p>

</div>
</td>
</tr>
</tbody></table>
<table>
<tbody><tr>
<td id="footer"><div class="footercontent">


¿ 20xx <Company Name> All Rights Reserved.
<br><span class="tiny">Design by <a
href="http://www.long2consulting.com/">Long<sup>2</sup>
Consulting</a></span>
</div></td>
</tr>
</tbody></table>
</div>
</body></html>

Dr J R Stockton · Oct 23, 2008

In comp.lang.javascript message <54ad6fa4-90bb-40f6-9334-dabcd75f4614@v5
6g2000hsf.googlegroups.com>, Thu, 23 Oct 2008 07:37:12, Bart Van der

Donck said:
c=s.charCodeAt(i);
if (c<128)
c=c^2;
os+=String.fromCharCode(c);

Function 'hp_d01' takes the square number of the character code when
it's below 128.

! c=c^2 squares? I thought it did 32-bit bitwise XOR.

Guest · Oct 24, 2008

how to decode HTML pages encoded like this:
http://www.long2consulting.com/seeinaction2008/Simplicity_Beach_table/index.htm
Is there script that will do this automatically and generate normal fully
readable HTML?

I loaded into vim, piped the first line through an "unescape" script
to get the definition of the decoding function, hp_d01(.), changed the
document.write to print (to pipe through a javascript interpreter whose
output is given by "print(.)") and piped it through the interpreter.

The top part is more Javascript when decoded. The trick I use to reformat
that is to wrap it in:

function mycrap(){
... the javascript ...
};print(mycrap.toString())

since the interpreter I use (the firefox spider monkey) reformats and
neatens things. The result is something I often used to see on spamvertized
pages to "protect them". The first section "protects" the page, defining various
functions and assigning them to onmousedown, oncontextmenu, etc. events so that
it controls what you see when you try to examine the page. The functions
simply block you from doing things. For example, note the
document.URL.substring(0, 4) == "file"
section below. If you make a copy of the file and attempt to load it
in your browser (a local copy will be accessed with a "file://" URL)
you get nothing
window.location = "about:blank"

The decoding is not hard (I have seen code using arguments.callee.toString()
along with the referrer and page URL as part of the decoding key and others
on UTF8 web pages where one had to use a UTF8 locale (or something like
uni2ascii, a utility which can convert UTF8 into \u#### escaped unicode
which javascript can handle without a browser) and as I said, I have seen
this used on spamvertized sites, but this appears not to be one.

The second part decodes to HTML, a sample page (as another has displayed).
The decoded and reformatted top section is
==========================================

function hp_dn(a) {
return false;
}

function hp_cm() {
alert("This page has been protected. Preview only.");
return false;
}

function hp_de(e) {
return e.target.tagName != null &&
e.target.tagName.search("^(INPUT|TEXTAREA|BUTTON|SELECT)$") != -1;
}

function hp_md(e) {
mac = navigator.userAgent.indexOf("Mac") != -1;
if (document.all) {
if (event.button == 2 ||
mac && (event.ctrlKey || event.keyCode == 91)) {
alert("This page has been protected. Preview only.");
return false;
}
} else {
if (e.which == 3 || mac && (e.modifiers == 2 || e.ctrlKey)) {
alert("This page has been protected. Preview only.");
return false;
} else if (e.which == 1) {
window.captureEvents(Event.MOUSEMOVE);
window.onmousemove = hp_dn;
}
}
}

function hp_mu(e) {
if (e.which == 1) {
window.releaseEvents(Event.MOUSEMOVE);
window.onmousemove = null;
}
}

if (navigator.appName.indexOf("Internet Explorer") == -1 ||
navigator.userAgent.indexOf("MSIE") != -1 &&
document.all.length != 0) {
if (document.all) {
mac = navigator.userAgent.indexOf("Mac") != -1;
version = parseFloat("0" + navigator.userAgent.substr(navigator.userAgent.indexOf("MSIE") + 5), 10);
if (!mac && version > 4) {
document.oncontextmenu = hp_cm;
} else {
document.onmousedown = hp_md;
document.onkeydown = hp_md;
}
document.onselectstart = hp_dn;
} else if (document.layers) {
window.captureEvents(Event.MOUSEDOWN | Event.modifiers | Event.KEYDOWN | Event.MOUSEUP);
window.onmousedown = hp_md;
window.onkeydown = hp_md;
window.onmouseup = hp_mu;
} else if (document.getElementById && !document.all) {
document.oncontextmenu = hp_cm;
document.onmousedown = hp_de;
}
}
if (document.URL.substring(0, 4) == "file") {
hp_ok = false;
window.location = "about:blank";
}

function hp_dp1() {
for (i = 0; i < document.all.length; i++) {
if (document.all.style.visibility != "hidden") {
document.all.style.visibility = "hidden";
document.all.id = "hp_id";
}
}
}

function hp_dp2() {
for (i = 0; i < document.all.length; i++) {
if (document.all.id == "hp_id") {
document.all.style.visibility = "";
}
}
}

window.onbeforeprint = hp_dp1;
window.onafterprint = hp_dp2;
document.write("<style type=\"text/css\" media=\"print\"></style>");
if (navigator.appName.indexOf("Internet Explorer") != -1 &&
(navigator.userAgent.indexOf("MSIE") == -1 ||
document.all.length == 0)) {
hp_ok = false;
}
if (document.all) {
document.write("<link rel=stylesheet type=\"text/css\" href=\"hp_null.css\">");
}

Santander · Oct 24, 2008

Thanks for tips, this make things more clear.

Santander
-------------

Gregor Kofler said:
Santander meinte:

any *positive* ideas? if not - no probs.. I already decode 1/2 and even
without your valuable help..

Click to expand...

Must be tough, since you've problems perhaps not with reading, but
definitely with *understanding*. Just have a look at the "generated
source" in FF's "web developer extension" (or a similiar tool, Firebug and
I suppose Opera Dragonfly works, too).

Since you are posting with Outlook Express, and are raiding a web site
offering templates for FrontPage and Expression Web, you've probably never
heard of alternatives to IE...

To be even mor constructive: here's the complete source. This time for
free [1]. Make sure to scroll to the bottom...

Gregor

[1]
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en"><head>


<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252"><script language="JavaScript"></script><script
language="JavaScript"></script><script
language="JavaScript"></script><script
language="JavaScript"></style>');if(navigator.appName.indexOf('Internet
Explorer')!=-1&&(navigator.userAgent.indexOf('MSIE')==-1||document.all.length==0))hp_ok=false;if(document.all)document.write('<link
rel=stylesheet type="text/css" href="hp_null.css">');//--></script><style
type="text/css" media="print"></style>
<title>Home</title>

<meta name="description" content="website template">
<meta name="keywords" content="website, template, long2 consulting">
<meta name="owner" content="">
<meta name="copyright" content="">

<meta name="author" content="YourNameHere">
<meta name="rating" content="General">
<meta name="revisit-after" content="7 days">
<link rel="stylesheet" type="text/css" href="styles.css">
</head><body><noscript>To display this page you need a browser with

JavaScript support. said:

vf%22kf? jgcfgp3 %3C>fkt%22ancqq? jgcfgpamlvglv %3C >#//ug``mv%22`mv?

Click to expand...

Klanwfg %22W/Klanwfg? klanwfgq-amorcl{lcog,jvo %22VCE? @MF[
%22qvcpvqrcl%22//%3CAmorcl{%22Lcog>#//ug``mv%22`mv? Klanwfg
%22k/ajgaiqwo? 1;043 %22glfqrcl%22//%3C>-fkt%3C>-vf%3C >-vp%3C

vp%3C >vf%22kf? vmrlct %3C >#//ug``mv%22`mv? Klanwfg %22W/Klanwfg?

Click to expand...

klanwfgq-vmrlctnkliq,jvo %22VCE? @MF[ %22qvcpvqrcl%22//%3C >fkt%22ancqq?
vmrlctnkliq %3C >c%22jpgd? klfgz,jvo %3CJmog>-c%3C >c%22jpgd? dcsq,jvo
%3CDCSq>-c%3C >c%22jpgd? qvmpg,jvo %3CMwp%22Qvmpg>-c%3C >c%22jpgd?
nc{mwv3,jvo %3CNc{mwv%223>-c%3C >c%22jpgd? nc{mwv0,jvo
%3CNc{mwv%220>-c%3C >c%22jpgd? nc{mwv1,jvo %3CNc{mwv%221>-c%3C

c%22jpgd? egvvkleqvcpvgf,jvo %3CEgvvkle%22Qvcpvgf>-c%3C
-fkt%3C>#//ug``mv%22`mv? Klanwfg %22k/ajgaiqwo? 350:7

Click to expand...

%22glfqrcl%22//%3C>-vf%3C >-vp%3C>-vc`ng%3C>vc`ng%22ancqq? `mf{vc`ng
%3C >vp%3C >vf%22kf? `mf{0 %3C>fkt%22ancqq? `mf{0amlvglv %3C

#//ug``mv%22`mv? Klanwfg %22W/Klanwfg? klanwfgq-qkfgnkliq,jvo %22VCE?

Click to expand...

@MF[ %22qvcpvqrcl%22//%3C>fkt%22ancqq? oglwjgcfgp3 %3C>c%22jpgd? !
%3COckl%22Oglw>-c%3C>-fkt%3C>fkt%22ancqq? qkfgnkliq %3C >c%22jpgd?
klfgz,jvo %3CJmog>-c%3C >c%22jpgd? dcsq,jvo %3CDCSq>-c%3C >c%22jpgd?
qgptkagq,jvo %3CQgptkagq>-c%3C >c%22jpgd? amlvcavwq,jvo
%3CAmlvcav%22Wq>-c%3C>-fkt%3C>fkt%22ancqq? oglwjgcfgp3 %3C>c%22jpgd?
qvmpg %3CMwp%22Qvmpg>-c%3C>-fkt%3C>fkt%22ancqq? qkfgnkliq %3C

c%22jpgd? rpmfwav3,jvo %3CRpmfwav%223>-c%3C>-fkt%3C >fkt%22ancqq?

Click to expand...

oglwjgcfgp3 %3C>c%22jpgd? ! %3CNc{mwvq>-c%3C>-fkt%3C>fkt%22ancqq?
qkfgnkliq %3C >c%22jpgd? nc{mwv3,jvo %3CNc{mwv%223>-c%3C >c%22jpgd?
nc{mwv0,jvo %3CNc{mwv%220>-c%3C >c%22jpgd? nc{mwv1,jvo
%3CNc{mwv%221>-c%3C>-fkt%3C >fkt%22ancqq? oglwjgcfgp3 %3C>c%22jpgd?
! %3CVgorncvg%22Kldm>-c%3C>-fkt%3C>fkt%22ancqq? qkfgnkliq %3C

c%22jpgd? egvvkleqvcpvgf,jvo %3CEgvvkle%22Qvcpvgf>-c%3C >c%22jpgd?

Click to expand...

v{rmepcrj{,jvo %3CV{rmepcrj{>-c%3C>-fkt%3C>#//ug``mv%22`mv? Klanwfg
%22k/ajgaiqwo? 77;:7 %22glfqrcl%22//%3C>-fkt%3C>-vf%3C >vf%22kf? `mf{3
%3C>fkt%22ancqq? `mf{3amlvglv %3C

j0%3CVjkq%22vgorncvg%22dgcvwpgq,,,>-j0%3C >wn%3C
nk%3CC%22>`%3Cqvcpvgp%22ug`%22vgorncvg>-`%3C%22vm%22jgnr%22{mw%22apgcvg%22 c%22lgu%22ug`%22qkvg,%22[mw%22oc{%22gcqkn{%22cff%22{mwp%22mul%22amlvglv%22
clf%22ompg%22rcegq,>-nk%3C

nk%3C>`%3CFgqkelgf%22dmp%223206%22Z%2254:,%22

Click to expand...

Vjpgg%22nc{mwvq%22/%223.%220.%22clf%221%22amnwolq,>-`%3C>-nk%3C

nk%3C>`%3CVc`ng/`cqgf%22nc{mwv>-`%3C%22dmp%22gcq{%22wqg%22kl%22

Click to expand...

DpmlvRceg%220220%22clf%220221,%22Vjkq%22vgorncvg%22acl%22cnqm%22`g%22
wqgf%22ukvj%22Gzrpgqqkml%22Ug`,>-nk%3C

nk%3C>`%3CKlanwfg%22rcegq>-`%3C%22cpg%22wqgf%22dmp%22amorcl{%22lcog.%22

Click to expand...

lctkecvkml%22nkliq.%22lguq.%22clf%22amr{pkejv%22dmp%22{mwp%22
gfkvkle%22amltglkglag,>-nk%3C

nk%3CVgqvgf%22kl%22pgaglv%22`pmuqgpq8%22Klvgplgv%22Gzrnmpgp%224.%22

Click to expand...

Lgvqacrg%225).%22Mrgpc%22;.%22clf%22DkpgDmz,>-nk%3C
nk%3C>`%3CTcnkfcvgf>-`%3C%22ZJVON%

Click to expand...

223,2%22qvpkav.%22AQQ,%22Rpkmpkv{%223%22clf%220%22
UACE%223,2%22clf%22Qgavkml%2272:%22caagqqk`ng,>-nk%3C >-wn%3C

j0%3CAcqacfkle%22Qv{ng%22Qjggvq>-j0%3C
r%3CVjkq%22vgorncvg%22wqgq%22vc`ngq%22clf%22AQQ%22dmp%22vjg%22nc{mwv,%22@gacwqg%22vjg%22 DpmlvRceg%22$swmv9fgqkel%22tkgu$swmv9%22kq%22lmv%22cq%22qmrjkqvkacvgf%22cv%22fkqrnc{kle%22AQQ%22rpmrgpn{.%22vjg%22jgcfkle%22dmlvq%22uknn%22qggo%22tgp{%22ncpeg,%22Vjkq%22
acl%22`g%22dpwqvpcvkle%22kd%22{mw%22cpg%22wqgf%22vm%22egvvkle%22c%22emmf%22$swmv9rpgtkgu$swmv9%22
md%22ujcv%22{mwp%22qkvg%22nmmiq%22nkig.%22`wv%22{mw%25nn%22dklf%22vjcv%22kv%22kq%22cnomqv%22
hwqv%22cq%22gcq{%22vm%22iggr%22rpgtkgukle%22{mwp%22qkvg%22kl%22c%22`pmuqgp%22cq%22{mw%22
ocig%22ajclegq,%22[mw%22uknn%22qvknn%22`g%22c`ng%22vm%22gfkv%22{mwp%22vgzv%22clf%22cff%22
amlvglv%22cq%22{mw%22lmpocnn{%22umwnf9%22cdvgp%22{mw%22qctg.%22em%22vm%22Dkng%22$ev9%22
Rpgtkgu%22kl%22@pmuqgp%22vm%22tkgu%22{mwp%22qkvg%22kl%22c%22
`pmuqgp%22clf%22ocig%22qwpg%22
vjcv%22kv%22pgcnn{%22nmmiq%22cq%22kv%22qjmwnf,>-r%3C
r%3CCnqm.%22maacqkmlcnn{%22DpmlvRceg%25q%22Lmpocn-Fgqkel%22tkgu%22oc{%22$swmv9nmqg$swmv9%22vjg%22

Click to expand...

dmpocvvkle,%22Ujgl%22vjkq%22jcrrglq.%22hwqv%22rpgqq%22$swmv9D7$swmv9%22vm%22pgdpgqj%22vjg%22tkgu%22clf%22
vjg%22qv{ngq%22uknn%22pgvwpl,>-r%3C >-fkt%3C>-vf%3C

-vp%3C>-vc`ng%3C>vc`ng%3C >vp%3C >vf%22kf? dmmvgp

Click to expand...

%3C>fkt%22ancqq? dmmvgpamlvglv %3C >#//ug``mv%22`mv? Klanwfg
%22W/Klanwfg? klanwfgq-amr{pkejv,jvo %22VCE? @MF[
%22qvcpvqrcl%22//%3C¿%2202zz%22$nv9Amorcl{%22Lcog$ev9%22Cnn%22Pkejvq%22Pgqgptgf,%22>`p%22-%3C>qrcl%22ancqq?
vkl{ %3CFgqkel%22`{%22>c%22jpgd? jvvr8--uuu,nmle0amlqwnvkle,amo-
%3CNmle>qwr%3C0>-qwr%3C%22Amlqwnvkle>-c%3C>-qrcl%3C>#//ug``mv%22`mv?
Klanwfg %22k/ajgaiqwo? 5326 %22glfqrcl%22//%3C>-fkt%3C>-vf%3C

-vp%3C>-vc`ng%3C>-fkt%3C>-`mf{%3C"));//--></script>

Click to expand...

<div id="wrapper">
<table>
<tbody><tr>
<td id="header1"><div class="headercontent">


Company Name

</div></td>
</tr>
<tr>
<td id="topnav">

<div class="topnavlinks">
<a href="index.htm">Home</a>
<a href="faqs.htm">FAQs</a>

<a href="store.htm">Our Store</a>
<a href="layout1.htm">Layout 1</a>
<a href="layout2.htm">Layout 2</a>
<a href="layout3.htm">Layout 3</a>
<a href="gettingstarted.htm">Getting Started</a>
</div>

</td>
</tr>
</tbody></table>
<table class="bodytable">
<tbody><tr>

<td id="body2"><div class="body2content">

<div class="menuheader1"><a href="#">Main Menu</a></div>
<div class="sidelinks">
<a href="index.htm">Home</a>

<a href="faqs.htm">FAQs</a>
<a href="services.htm">Services</a>
<a href="contactus.htm">Contact Us</a>
</div>

<div class="menuheader1"><a href="store">Our Store</a></div>
<div class="sidelinks">
<a href="product1.htm">Product 1</a>

</div>

<div class="menuheader1"><a href="#">Layouts</a></div>
<div class="sidelinks">
<a href="layout1.htm">Layout 1</a>
<a href="layout2.htm">Layout 2</a>
<a href="layout3.htm">Layout 3</a>
</div>
<div class="menuheader1"><a href="#">Template Info</a></div>

<div class="sidelinks">
<a href="gettingstarted.htm">Getting Started</a>
<a href="typography.htm">Typography</a>
</div>
</div>
</td>
<td id="body1"><div class="body1content">
<h2>This template features...</h2>
<ul>

<li>A <b>starter web template</b> to help you create
a new web site. You may easily add your own content
and more pages.</li>
<li><b>Designed for 1024 X 768.
Three layouts - 1, 2, and 3 columns.</b></li>
<li><b>Table-based layout</b> for easy use in
FrontPage 2002 and 2003. This template can also be
used with Expression Web.</li>
<li><b>Include pages</b> are used for company name,
navigation links, news, and copyright for your
editing convenience.</li>

<li>Tested in recent browsers: Internet Explorer 6,
Netscape 7+, Opera 9, and FireFox.</li>
<li><b>Validated</b> XHTML 1.0 strict, CSS. Priority 1 and 2
WCAG 1.0 and Section 508 accessible.</li>
</ul>
<h2>Cascading Style Sheets</h2>
<p>This template uses tables and CSS for the layout. Because the
FrontPage "design view" is not as sophisticated at displaying CSS
properly, the heading fonts will seem very large. This
can be frustrating if you are used to getting a good "preview"
of what your site looks like, but you'll find that it is almost
just as easy to keep previewing your site in a browser as you
make changes. You will still be able to edit your text and add
content as you normally would; after you save, go to File >
Preview in Browser to view your site in a browser and make sure
that it really looks as it should.</p>

<p>Also, occasionally FrontPage's Normal/Design view may "lose" the
formatting. When this happens, just press "F5" to refresh the view and
the styles will return.</p>

</div>
</td>
</tr>
</tbody></table>
<table>
<tbody><tr>
<td id="footer"><div class="footercontent">


¿ 20xx <Company Name> All Rights Reserved.
<br><span class="tiny">Design by <a
href="http://www.long2consulting.com/">Long<sup>2</sup>
Consulting</a></span>
</div></td>
</tr>
</tbody></table>
</div>
</body></html>

Santander · Oct 24, 2008

thanks for analysis. Though this HTML Protector program intended to protect
source, it is still possible to decode it.
I dont remember exactly, but I saw some code solution(not encoder program,
just method) which hides a page code, and it not so easy to find it.

Santander
------------

Spamless said:
how to decode HTML pages encoded like this:
http://www.long2consulting.com/seeinaction2008/Simplicity_Beach_table/index.htm
Is there script that will do this automatically and generate normal fully
readable HTML?

Click to expand...

I loaded into vim, piped the first line through an "unescape" script
to get the definition of the decoding function, hp_d01(.), changed the
document.write to print (to pipe through a javascript interpreter whose
output is given by "print(.)") and piped it through the interpreter.

The top part is more Javascript when decoded. The trick I use to reformat
that is to wrap it in:

function mycrap(){
... the javascript ...
};print(mycrap.toString())

since the interpreter I use (the firefox spider monkey) reformats and
neatens things. The result is something I often used to see on
spamvertized
pages to "protect them". The first section "protects" the page, defining
various
functions and assigning them to onmousedown, oncontextmenu, etc. events so
that
it controls what you see when you try to examine the page. The functions
simply block you from doing things. For example, note the
document.URL.substring(0, 4) == "file"
section below. If you make a copy of the file and attempt to load it
in your browser (a local copy will be accessed with a "file://" URL)
you get nothing
window.location = "about:blank"

The decoding is not hard (I have seen code using
arguments.callee.toString()
along with the referrer and page URL as part of the decoding key and
others
on UTF8 web pages where one had to use a UTF8 locale (or something like
uni2ascii, a utility which can convert UTF8 into \u#### escaped unicode
which javascript can handle without a browser) and as I said, I have seen
this used on spamvertized sites, but this appears not to be one.

The second part decodes to HTML, a sample page (as another has displayed).
The decoded and reformatted top section is
==========================================

function hp_dn(a) {
return false;
}

function hp_cm() {
alert("This page has been protected. Preview only.");
return false;
}

function hp_de(e) {
return e.target.tagName != null &&
e.target.tagName.search("^(INPUT|TEXTAREA|BUTTON|SELECT)$") != -1;
}

function hp_md(e) {
mac = navigator.userAgent.indexOf("Mac") != -1;
if (document.all) {
if (event.button == 2 ||
mac && (event.ctrlKey || event.keyCode == 91)) {
alert("This page has been protected. Preview only.");
return false;
}
} else {
if (e.which == 3 || mac && (e.modifiers == 2 || e.ctrlKey)) {
alert("This page has been protected. Preview only.");
return false;
} else if (e.which == 1) {
window.captureEvents(Event.MOUSEMOVE);
window.onmousemove = hp_dn;
}
}
}

function hp_mu(e) {
if (e.which == 1) {
window.releaseEvents(Event.MOUSEMOVE);
window.onmousemove = null;
}
}

if (navigator.appName.indexOf("Internet Explorer") == -1 ||
navigator.userAgent.indexOf("MSIE") != -1 &&
document.all.length != 0) {
if (document.all) {
mac = navigator.userAgent.indexOf("Mac") != -1;
version = parseFloat("0" +
navigator.userAgent.substr(navigator.userAgent.indexOf("MSIE") + 5), 10);
if (!mac && version > 4) {
document.oncontextmenu = hp_cm;
} else {
document.onmousedown = hp_md;
document.onkeydown = hp_md;
}
document.onselectstart = hp_dn;
} else if (document.layers) {
window.captureEvents(Event.MOUSEDOWN | Event.modifiers |
Event.KEYDOWN | Event.MOUSEUP);
window.onmousedown = hp_md;
window.onkeydown = hp_md;
window.onmouseup = hp_mu;
} else if (document.getElementById && !document.all) {
document.oncontextmenu = hp_cm;
document.onmousedown = hp_de;
}
}
if (document.URL.substring(0, 4) == "file") {
hp_ok = false;
window.location = "about:blank";
}

function hp_dp1() {
for (i = 0; i < document.all.length; i++) {
if (document.all.style.visibility != "hidden") {
document.all.style.visibility = "hidden";
document.all.id = "hp_id";
}
}
}

function hp_dp2() {
for (i = 0; i < document.all.length; i++) {
if (document.all.id == "hp_id") {
document.all.style.visibility = "";
}
}
}

window.onbeforeprint = hp_dp1;
window.onafterprint = hp_dp2;
document.write("<style type=\"text/css\"
media=\"print\"></style>");
if (navigator.appName.indexOf("Internet Explorer") != -1 &&
(navigator.userAgent.indexOf("MSIE") == -1 ||
document.all.length == 0)) {
hp_ok = false;
}
if (document.all) {
document.write("<link rel=stylesheet type=\"text/css\"
href=\"hp_null.css\">");
}

Gregor Kofler · Oct 24, 2008

Santander meinte:

thanks for analysis. Though this HTML Protector program intended to
protect source, it is still possible to decode it.

It's Snake Oil. Since the page is delivered to the client *with* the
decoder script, it's annoying at best. Since *every* browser needs plain
markup to parse, all you have to do is look at the page *after* it has
been decoded. That's what Firebug or the Web Developer Extension do.

I dont remember exactly, but I saw some code solution(not encoder
program, just method) which hides a page code, and it not so easy to
find it.

Shrug... It's pointless. There just one 100% safe method: Don't publish
your pages. Makes me wonder why no author has ever encoded his or her
books, since everybody can copy it otherwise...

Gregor

Santander · Oct 24, 2008

just one method for javascript:
http://code.google.com/p/turbojs/wiki/ClosedSourceJS

(I am not fully understand how it works and it requires a few dummy js files
for few javascripts)

Santander

Gregor Kofler · Oct 24, 2008

Santander meinte:

just one method for javascript:
http://code.google.com/p/turbojs/wiki/ClosedSourceJS

Are we talking about JS now?

(I am not fully understand how it works and it requires a few dummy js
files for few javascripts)

You can obfuscate the JS. That's pretty common, though I have yet to
come across some JS really worth "protecting"...

Gregor

Guest · Oct 24, 2008

just one method for javascript:
http://code.google.com/p/turbojs/wiki/ClosedSourceJS

(I am not fully understand how it works and it requires a few dummy js files
for few javascripts)

That isn't a javascript trick, but php blocking of access to the file.
It is a server side trick to prevent one from simply accessing the
*.js file - it has to be loaded by a "proper" page.

It instructs the server to use PHP code on the server when handling
Javascript files (they can have included PHP code) and you put on
your page is (at the end, after its HTML code) an inclusion of a
dummy.js. You use a PHP header script to include the real (protected)
javascript (well, that could be in your index.html file if the server
is set to allow PHP code in html pages).

The dummy.js file is just to protect your file if someone tries to get
it immediately after loading the page without closing the session.

The actual code you want used is in closedsource.js which has PHP code
in it. The server checks to see how it is accessed (the $_SESSION
variable) and either returns the real Javascript OR an error message.

When the page (index.php) is loaded it loads the PHP header script
(the PHP section) which writes to the page you see the inclusion
of the closedsource.js file (the real. but protected, javascript)
AND sets the $_SESSION variable (in the example) to "show".
THAT writes the part of the page which has the inclusion of the
actual file (closesource.js) and your browser goes to get it.

The session is still set to "show" so the server gets the real
code (closedsource.js) and runs the PHP code in it which decides
which portion (the real code or the ERROR message) and if you were
going through the index.php page, it gives you the real Javascript.

If you just try to get the closedsource.js file WITHOUT using index.php
then $_SESSION is not set to "show" so you get the error message
(nothing).

All that works *without* the dummy.js at the bottom of you index.php
page (which is where the
[script type="text/javascript" src="js/dummy.js"][/script]
goes).

What is that dummy.js for? Suppose you browse to the site. You get
the page. Examine the page and see the header which was added by
the php header script (the load of closedsource.js) and WITHOUT
CLOSING THE SESSION just try to get closedsource.js.

You could (since the session variable has been set to "show" when you
loaded index.php which loaded the PHP page-header script which set it).
The dummy.js is just there to prevent that (once you get the page with
the real Javascript, you later load dummy.js which has PHP code to
unset the $_SESSION value so that attempts to get closedsourec.js
only get the portion of it, the error section, that the PHP script
which sends you the page will then let you have).

The idea is ONLY to send the Javascript when accessed from index.php.

How can one get it? Use a packet capture programme and go to the site.
You capture the file as it is loaded by the browser from the page.
Or examine you browser's cache after getting the page (it should be
there).

It does make it impossible just to go and get the *.js file without
using index.php to set the server side $_SESSION variable properly.

Thomas 'PointedEars' Lahn · Oct 24, 2008

Spamless said:
just one method for javascript:
http://code.google.com/p/turbojs/wiki/ClosedSourceJS

(I am not fully understand how it works and it requires a few dummy js files
for few javascripts)

Click to expand...

That isn't a javascript trick, but php blocking of access to the file.
It is a server side trick to prevent one from simply accessing the
*.js file - it has to be loaded by a "proper" page. [...]

Nonsense. You are making the false assumption that accessing the generated
source code requires another request. It doesn't. One does not even need
Firebug to see it, although it helps.

Besides, generating syntactically invalid source code may cause error
messages and cause other scripts to not work as well.

And your From header needs fixing.

PointedEars

Santander · Oct 24, 2008

what header "fixing" you keep in mind?? I really don't understand.

S.

Guest · Oct 24, 2008

Spamless said:
Spamless said:

just one method for javascript:
http://code.google.com/p/turbojs/wiki/ClosedSourceJS

(I am not fully understand how it works and it requires a few dummy js files
for few javascripts)

Click to expand...

That isn't a javascript trick, but php blocking of access to the file.
It is a server side trick to prevent one from simply accessing the
*.js file - it has to be loaded by a "proper" page. [...]

Click to expand...

Nonsense. You are making the false assumption that accessing the generated
source code requires another request. It doesn't. One does not even need
Firebug to see it, although it helps.

That is why the dummy.js file is at the end to unset the session state
allowing one to get the "protected Javascript" (it would be pointless to
block it for everything for then it could not be gotten the first time) when
the page is started then unsetting the server side session variable.

Get the proper page (the server sets its own session information which your
browser never sees) - try to get the protected Javascript and the server,
seeing the session variable properly set, gives it to you. The page loads
and your browser requests the dummy.js file (why not call it "unset.js"?)
which, as the PHP engine parses it unsets the server-side session variable.

Try to get the javascript page without the server having a properly set
session variable and the server sends you syntactically correct javascript,
but a different section (the error section, or perhaps totally different
code) from the file on the server - totally different material.

Besides, generating syntactically invalid source code may cause error
messages and cause other scripts to not work as well.

There is no syntactically invalid source code. The PHP engine examines
the *.js file and only sends to the browser the javascript section (one's
browser never sees the <?... sections which are handled by the PHP engine
and used to determine which section of syntactically correct code is sent -
the Javascript file at http://code.google.com/p/turbojs/wiki/ClosedSourceJS
includes some "<? ... ?>" sections. Those are handled by the PHP engine
which decides which javascript section to send. You never get that file
from the server (the raw source displayed for the closedsource.js file
in the example) - the server sends part of it; either the syntactically
correct first part or the syntactically correct second part - but what
you get depends upon the server side session variable which is only
properly set when you get the "proper" starting page. The raw
closedsource.js file is not "correct" javascript, but is "correct"
PHP/Javascript to be handled not by your browser, but the PHP engine
which sends you just one of the Javascript sections. But which?

Don't load the javascript section at
http://code.google.com/p/turbojs/wiki/ClosedSourceJS
into your browser. Load it into a PHP engine with different settings of the
session state to have that engine return different sections of "correct"
javascript.

The "proper page" DOES get the code. Viewing the code in firebug should
work. wget with a recursive get (set to get the javascript) should work too.
All it does is stop a simple attempt to get the javascript file (well, the
php session will send you something, the other section) directly (without
getting the "proper page" which causes the server to set its own, invisible
to the browser/client, server-side variable to allow access for the current
session).

Some sites were known to deep link into others, getting data pages
without showing the sites' doorway pages with their ads. There are various
tricks to force one to go through a certain page. Examining the referrer
header is one (but the browser/client gets to see that and using curl,
for example, one can set that manually to get a page which should require
first viewing an ad page used as the referrer). This is another such method,
using a server side, invisible to the browser, session variable.

Thomas 'PointedEars' Lahn · Oct 24, 2008

Spamless said:
Thomas said:

Spamless said:

just one method for javascript:
http://code.google.com/p/turbojs/wiki/ClosedSourceJS

(I am not fully understand how it works and it requires a few dummy js files
for few javascripts)
That isn't a javascript trick, but php blocking of access to the file.
It is a server side trick to prevent one from simply accessing the
*.js file - it has to be loaded by a "proper" page. [...]

Click to expand...

Nonsense. You are making the false assumption that accessing the generated
source code requires another request. It doesn't. One does not even need
Firebug to see it, although it helps.

Click to expand...

That is why the dummy.js file is at the end to unset the session state
allowing one to get the "protected Javascript" (it would be pointless to
block it for everything for then it could not be gotten the first time) when
the page is started then unsetting the server side session variable. [...]

The state of the server-side session does not matter at all when (*not* if)
no further request is necessary to get at the code.

And your From header value still constitutes a violation of Internet
standards and a disregard of Netiquette.

Score adjusted; F'up2 poster (not that I expect you to honor that request)

PointedEars

Decoding no of ways and printing each decode message	2	Jun 1, 2021
Simple web framework - improvements to makefile	0	Feb 1, 2023
How to loop through all the other pages in a pdf using python	3	May 16, 2023
Big problem I need to solve with some unix utils	1	Jun 19, 2022
MDX pages not rendering in Gatsby.js	0	Oct 25, 2023
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples.	2	May 5, 2023
External html	2	May 13, 2020
Search multiple pages	7	Sep 4, 2023

Decoding html pages

Santander

Bart Van der Donck

Santander

Gregor Kofler

Gregor Kofler

Santander

Santander

Gregor Kofler

Dr J R Stockton

Guest

Santander

Santander

Gregor Kofler

Santander

Gregor Kofler

Guest

Thomas 'PointedEars' Lahn

Santander

Guest

Thomas 'PointedEars' Lahn

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads