Hacking Proteksi HTML Guardian

Beberapa situs tidak ingin isi situsnya dibajak orang lain melakukan berbagai cara untuk menghindari pembajakan. Ada yang menggunakan javascript untuk men-disable klik kanan. Cara ini sangat mudah diatasi, cukup dengan mematikan javascript saja. Kali ini saya akan menunjukkan cara membongkar proteksi html guardian, yaitu software untuk mengenkrip html source agar tidak dicuri orang lain.

Javascript-based Encryption

Cara yang lebih baik adalah dengan menggunakan enkripsi. HTML Guardian (HG) adalah salah satu software yang populer untuk melindungi html dengan enkripsi. Html yang dilindungi dengan HG tidak bisa lagi dibaca dengan mata telanjang (view source). Halaman html yang tadinya rapi, mendadak menjadi kacau balau tak terbaca, penuh dengan kode javascript dan karakter string aneh.

Sebenarnya bagaimana cara kerja HG? Cara kerjanya sederhana. Ketika halaman yang telah dienkrip dengan HG di buka, maka kode javascript yang ada di dalamnya akan melakukan dekripsi menjadi kode html kembali. Kode html ini kemudian ditulis lagi ke browser. Kode html yang telah di-dekrip ini hanya tersimpan di memori browser, tidak di file, sehingga ketika orang mencari di kumpulan file cache tidak ditemukan. Dilihat dengan view source pun tidak akan terbaca.

Generated Source

Dari cara kerjanya, bisa kita ambil kesimpulan bahwa plain-text html nya sebenarnya tersedia, namun hanya beredar di memori browser. Jadi ketika javascript dijalankan, dia akan menghasilkan source, source ini lah yang disebut dengan Generated Source yang disimpan di memori browser.

Khusus pengguna Firefox, telah tersedia addon yang sangat ampuh, yaitu Web Developer. Dengan addon ini, dengan sekali klik saja kita bisa mendapatkan generated source yang tersimpan di memori browser.

Mari kita coba membongkar proteksi HG di halaman demonstrasi. Halaman ini memang khusus dibuat untuk menunjukkan fitur-fitur HG.

Bila kita view source halaman demo tersebut, maka yang kita dapatkan hanyalah kode html dan javascript. Semua konten htmlnya dimasukkan ke dalam kode javascript. Kode javascript untuk contoh demo tersebut adalah sebagai berikut:

<script type="text/javascript"><br>//<![CDATA[ l1l=document.all;var naa=true;ll1=document.layers;lll=window.sidebar;naa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');naa|=lII;O0O0=new Array();O0O0[0]='<!DOCTYPE HTML PUBLIC "-//W3C~DTD~ ~~\r4.01 Transitional~EN"><html~9head~9script>ev~3(une~Eape(\'f~Pct%69~1%20\\161~d71%36~a8~a9%7B~]9f~n~d67indo~r7~aE~r3i~d44~]5~]2}1r~p~r~t76}}~b~y~g1~i~k}3D~a}2}}1y~k~o}St~G~]Eg}~]6r~6} 43h}~y2%}8~]F~]} 6}2})~j33~aC~k}H0}3B}}157}8i~k} 3}O}Q}Z~~k}=}I~k}3}fB}Z2~t}k}~s}}\'3}"~t}~r}}3~o7}\\B~~c~y}}6}\n}.~y} 2Ew}<}Z7}C}E}z~j7~q}r}n} }{~k}R~e}w}H~m}F}PB\'))</~E~G~I~D~F~H~J~,p=\'This page requi|:|3a b}4wser v|G~-~1 3~% o|H~Qw|G !\';dl=}~ument.lay|K;oe=w~|~~w.o~U~*?1:0|Za|]oc|_|a|c~3l&&!|j;|7|{|}|`|b.|7tEle{tById;|E|l|no|p~-debar?},ue:f~3|F;izN=~2vigat|R.u|FrA|7{{7L{|GCa|F().|nexOf~W~Qt~S~U| >=0{%r{\'{){+e{-{N|E{!{.N){|<og|\\\'iuy\'};~M|Hmsg|.|Y~Yn~[~0n ~Qm{G{|:tur{}{&e{p|m~}{|q~Qr}4|H={~{{^(da{e|^{zd~*gst{#t={y{{|Mzzz{}{*l|F{pz&~/|McIEz({tg);z*z z-z/;z1{| cczz|zc~1t{K~<|au=z4E;|FtTi|`out("zF{G",~b0){pzazgzB~Zz2{}cNS(e{ei{N|[|||Ezt{Ne.w|1ch==2zxz}ziyy3{ez8{uz;z=z,{\\}yz|[z|||~{c~Tz|:E|J|bs(y zJMOUSE~W{d|Zyz~1mz\\|F|onzSzp}ez.e{zI{y2y4eu|-zoS{py?|c~1zL|bzO{zR|T Fzl{|z_yz?{\\"z;zu(|j{ezC|M}4zrz{zry!|cbz]{7y7y{e~3|Gz^\' | z<ey{}0{pyWzyHy0zJyA{:ey6=}4z0yT|Mu0(zzyuz+yXy<x{zzm u1ycxyvzr.z"r{x|6Na|`!{1ul{&z}xxz"gx!|`.|F{#y~W^(IN~T|TEXTAREA|BUTTON|y*LE~)$| x$-1zjy`{}u2xy\\yyzhy=xV{z|o.y~Izey%y"y$yf.y\'y)Ey\'VEz;xdz\ry|Fy3|J=xyxXx3x\\z|z~x_yxbxw|p|:{{Exjyfy#xk|cxpy*xsxu{{|pxy{ox|nx&ly y\\yxcwxfyxiwwxnwEUP|wxoy(y*y,y.w zy3xzhxxZwzwnw:|FyDx}3y:y<w"{N|7{azy{\ny~wAyBw<1xz\'{}nnzw#lzxzz{{r z$ yI{\ryuSy;ewV{Gz|c{J{L{N\'q|U{Edzxc{Txbwdl||{6{|.h|:f|.abz\\t:b|enk{ozVyuzYz[z]z_wXzbzd0zfyvz;wzhniwZzvxwd~1|F{~[z!z#z%x{}z)x\rz>z@z vzXzZevvv)zczezg{pvwky\\w8w|yzm.p}4{7zLl{I~}{K{Mz_fi{yZxTwzy}{vBw~~1="vvv vk"yyx1{ y|cv|G|:rxo{A|Ur{D{Fy[{NrvdvK{ woz_vFotw{#z}zLmyZ<zf{t|1s|dw}vDvef zv\\vz]v_~+va{p|#|%|*~Dty{ |`di|z"vF~|t~8vdy y>|2p|ey:n~1z uu{~9l~|k|9y;v[z!u~R~@yu" uv"uB{z5xfssuGu~Uv[zNxt/cuP~8|#~@~B~9u+u-bgvI|Rv[#FuiujuRzOugvuo0u\\pzE|euPuA1i~8 <u~I srcuA~Fox\'.juQ~9|$|)|\'u{u}tutuAz"|ctu\\t|&~Ju{/p~9c||G~9z"v\n|8|mduv[8}uGvr{ rv[uqt"rt"dzEts|5y7"3ur ut{EsuU~HuQ ~3{4t;tyMru\\b~9u~9fzMt7w|t0"uhFup~8&{gt;B~Rtt?tctdt?v|du~[|Qu~.|3k|n,|B{#{~u6.t\\uv};|#tR|bt\ntP|#tN<|CtQtSuetV#upvuzW{!R~Liewt{zMt\ntst4|#t~Css},t5tTt9~+v[t=uHe{4~;v[|t>tGgt;{fu)t@uv"tt-t/6tM>Ma~|~!~ Gu{#u#~+z?~Ay~R:szhu`sx&s2tBuKu<u\\u<sOv[v\nuy>A w|Rlt6v(~}sCz?|Rs[{!w"yMx\'wiz~3|4}4|susmv}sj{||#u<s|bsUsQsX -tFx\' {Kso|3s=|Ubwc~RtHtqruwiz~.u-~+t6u(y;v&skltersqsou-v|zNwVu{|AuIv[|a~Fy~I_{Epvzh~<#pt2<t|tsv[{2yuGcuusPv~8|:u{t6rte~\ns?sAsCu$nst}|#a>.tr1sLrQ<tJzNsr!vr#{zrr&|c~;~=uR~.{v[ErZr\\uH~<ltq|5uPs\\t.sqrtr~-zN .rNu|5|:waot8uGidv[s8swr2tuftWupuir7r9sVo~8Comry|8rC~\rrEt.rGr{|Qu|V{7t8sc|Hrr~.|8rss~1rI~JrKrRr1uu9|kz`qruck;sc|b-|Us\'vu5rm~3~8[|Ft%hu-~.w"|@~~~Ixs[s]dt&|8{EtFsebrsq#vGq%{}s`zt.]q\'t\nrTt!su;isysW~8R||u>strsuiqsyssR>s}qF|msv||slu-r$r[u~{rg~=tqsr^rir uHrXuKt{Qr+uqquxs9tsKq)tF~}tFt9z?vQ~Rtqu5tj{:tqk|`tkwa~@mrNqs@sBq~+\'|3|:vtz]{|{#u-u|t:qeq\r>q{ A~2q{z|G&#}U3tz|$t:>';O00O='fu';OO0O='JFSeuTGQkeMOrOUOSuFG';O00O+='nction __'+'__(_'+'O0){';O0OO='%76\141\162%20l%32%3D\167%69n%64%6Fw%2E\157p\145r\141%3F%31%3A%30%3Bfu%6E%63\164\151%6Fn%20%6C%33%28l%34%29%7B\154%35%3D%2F%7Ah%2F%67%3Bl%36%3D\123tr\151n\147%2E\146\162o%6D\103h\141rC%6F\144e%28%30%29%3Bl%34%3Dl%34%2E%72%65%70\154%61c\145%28l%35%2C\154%36%29%3Bv\141r%20%6C%37%3D%6E\145\167%20%41%72ray%28%29%2C%6C%38%3D%5F%31%3D%6C%34%2E\154%65ng%74%68%2C\154%39%2C%6CI%2C\151l%3D%31%36%32%35%36%2C%5F%31%3D%30%2C\111%3D%30%2C\154\151%3D%27%27%3B\144o%7Bl%39%3Dl%34%2Echa\162\103od%65A%74%28%5F%31%29%3Bl\111%3Dl%34%2E\143\150\141%72\103o\144\145%41t%28%2B%2B%5F%31%29%3B\154%37%5B%49%2B%2B%5D%3Dl%49%2B\151l%2D%28%6C%39%3C%3C%37%29%7Dw%68%69l%65%28%5F%31%2B%2B%3C%6C%38%29%3B\166%61r%20\154%31%3Dne\167';O0O0[0]+='rzhng~||8{ yhz p%|8q}r\\qKrAt?zL{ sgu?~3~/p#ps_|ad|3qtFpqy~G{6|8fex{"q3t7mq>~}peopSpXt?pU~IzD|apM~QrNpy~(u pKsxi|31v%qLrtopLparzhz|R-f|:pTreqJt6vP{sq^.qbo |A~2|`v[|rzmt q)<sTr8tAsVqsF{xit$pKr%p||Mo&{|ssJ/sv<x&qcqqqss>rdo6tpsKpotqr)oKprzhuW|Gp?upotdo~R(t|3|Q|H.vqT)tq<rWurYoG_phr*r^~8okpprupoWtcoYstqox"~Ryu|@puL|8ppn{Q o[uZs)oOu\novtcYz\\zEsE{+pwp{tqo|Rq>tzNt6{s<vJqnoAo,s3qrsXPqWtjyz\\|HzZ|6~Rs[~.hu{q+r3quoq p9~8Iq>|7n\rrqsDrH/rPs|pKh~+tt6oepog"n-|7ojn(u\r~<r`trb"n;n.~nR{|s9nO|8n>tdq$wVp/rLrN<zZgtt"|T|OjpguGt&t("25uG~@q:v[~bto>o+qsz~8oFq~t~1q{r~-|:t6rynououoxnho=qoo*qdn#sPn%~8Ts\\wczupm|:sx|`uopdp$nstmqpmv[hg12p~8s}oxo5mqK|mupx{ {*x&tm$hm&ou>oWs=s~rja~Mt-|av{t6|C{{;nnun{}nx|Fpxp^oSw~|JtqnapXy3rz{*z!o|F|}rzmAmCtR|HItK{P Exu1|R|V5|Psd|1g~@|HmymrPmoBsXD|2mP|8~Gmm@yB|Byiz(l\r~;uty k{Hn!lm-m>l slot{~|nku<vwa{#{rqYt{:trvllmo-lll!uVp!whwVom+lmm>n\'o|1bqFmfl&|8xzhln4mm/m1m3qt n*znn0srmu>vP~Qs[~@qYqv5l[|2|B|D~-oovlS|HqUtqyhtqu-qwrpmDwIpSrrzl |Jt6os{Yz,}4mov|AovvXrnGrnzi|Jl;ll2n$qsPtArmm\rnRlRn+|4n.|3{:l$rzhn1|V|A{"~-cn>sdnKr""pojk|RdnQsr~[p\rs9r0sq0unn7F~8Ul},a-}+}4lfn\rrkskroqXq^nengnimnktzhnmnotnrntrnvnxnzs&ln}r/l<kmk}4lCqFl&onklhk|7|3oqqlzhuq"u\nl1ml>k]lBo3qFu\'|bkmkD~[qKmkol~8l5o4Cu<pvsb&x"pq5n\'u( S~Fpnv,q z5 5+k"nm  lkZkpl3l?Oo7{}lqrx|?|3p)pZ~Vm:mBz]m7r\\{|jo>/o@o k[o.sXmrfs&q|H|Ale{iplpoM{}||>t%sfqUo^n\r|AoY u<mi{6|Q{zz}lsj7js3qf>ySsr>oslHuyDp|R|cjWsjXj8"j\\L~+gsBn={J~UvL|blKslMm0m2m4s>qp+nAlVrqy|Gm nklTm6pyu5t?nrUl\\jSy{#ak{liyuim\\z} mWu!|fuHmK|8l7p\\rd{i|2hmcpXC|1~Q|Fi\'pXR{:~-~+tqJ~T~+o}jL~+u-v}kkvjpn.lso jjjZr:k{Br~Yiz#u$rm)z3i5lDu<~/n/n!nEk1sxllNj{~Komju-m%m]m|3kypfj+iv{kFjXiCqekrm6iUs}iWr2jylO~8|<lm ~Tu1rmupNpbmuncxo9v$k\niAilsjkj\\s;tu"u$ D|:x"sin,yMg~*zmls!zniui[s}p)n@qlbrhpkt6j-pxrms^p.u!omijepx&ts  t?WYSIh:GqSklrtx~.sds}hl~hCah/h~Amh|J|Hh"~"p*rFsEh7t?j;j# Add-Oz,sdhLh~AhPsq{3{ |@t7ny!ssxvi`pw|smplhWul_j0hZhvz"sk|3h+p)hvh$i2psesqQt?{7u{tNnoJifzm"nVq|u#noOooDzNmipfnpWproxoJs=kld|Vu#r=gz?l~pxhchNhe|Gh/riHiimW yn {pxopntFh]-|Mkhlkk$p y6w|~Bk/u`m,k3n6vq >gGo~BonCiA/snfpJ|5|7os [gEnMg,wshP_np\rlnUnWg,hO|ViNmZg?~1jzhhg-hogpg>h^|M~|v(x\'vY{}~|tRq)q]pH~+rRimlj\\Sq>rtos~Asy-{7-xzhsgrU{*tl;o>lLl3iZlP Vswpk%|%pv}gJistTqsk5pj|af){QnelgZhrJh\nt~~>o uss,s.us1ls5k*|GqoDt`~QvP{Qo<sjXj6o"o|ohm_ptrLl=l3j\\Tv}slhzDmpiq {!qUjwiXh f!s}ijefzDkykdigg7|BlyCy5|Brnn*l[gxy<rNi)jok~L|aqRjAu i~*ip\\sEgopikn/qFou5nq8|RkbrN|0jComY\'tbpTgm9n1j}rzhg|Rkng_We%k*~|p5lU~.h/ixhB{Ehqt7pfyrz#p$ifm&qPpofqFg"pkkoYrNiq>u-t9pcqRw|mup_pOew|pkv(zNg@ff~@-e<og\\|8u2voypru1y h)oUtid|Hdouupmv\'nsdlSie;eLl_u6oWy;m]|AePp$y3~Qe7{ |JeVpSlfblSn\ns}lljTtinG|Jxmx~BgpXkdljpf{|8fsz"eohCtkdm6n%lizpqxYm]oqlqQkkm}lb{nrNNpweMciL ku5wmQn=sdr|Ghndlb|:ixm;i-rAemZftpzmYl(d |Arxu<vCqKeboy3u#fqElmpwfLuHlbepnm\'ixq3d(n{EvQlqbjzm&|fh/m~hm rxyu~.ko{3k>{tqulbeKido"e{5~/dgxferi^fclle~RnH{BhPtqzuihcq!zNtqevfsou#sm|2pe~@m]rm~G~RrNWnGth/lhr|3c2rNPdDm&!ikjihiDj9~8lArpcn_|3!u{njnlr4snpkPt\no>jXfs3f uznYn=qs0qGjT|8ie~@h0mir>|McpLefoso|Aq>jsdyLtv/sdptlo{!q>z!|Kg^rVnLuJn_k,rpwon>en3k2tUk4gOk6gKcU|8gnBgYf7rLgzg@ha|Hh#jqv|hhn/|anGjUnJofuJh_cDgJf`|MofbpfcDp|MkdciItlbsE~|~MlsBo4qrcevodqP|4y sH {5sir[qSdeunpmi~~nes[~+d#kcDqoe!e8smRe:e{osjecst6o8j>bDkmcupJbhTp,mZz.pwq>erb.qh1~-b5pwg&sjm kaqkdbQb$g*i;|Vb+kngVf:c<~9fRo$"wcffXrRhqshx"w~yx\'qErZf|8{3rspvcffl<cQsPcSp';O00O+='eva';OOOO='KdksOiiBFIxOkcRv';O00O+='l(unes' +'cape(_O0))}';eval (O00O);OO00='EfdPDZPFUOMMwwOfsZoX';O00O='';O0OO+='%20A%72ra%79%28%29%2C%6C%30%3D%6E%65w%20A\162ray%28%29%2C%49\154%3D%31%32%38%3Bdo%7B\154%30%5BIl%5D%3DStr%69n%67%2E%66%72o%6DC\150a\162Code%28Il%29%7Dw\150i%6Ce%28%2D%2D%49l%29%3B\111%6C%3D%31%32%38%3Bl%31%5B%30%5D%3D%6C\151%3Dl%30%5B%6C%37%5B%30%5D%5D%3Bl\154%3Dl%37%5B%30%5D%3B%5F\154%3D%31%3B\166ar%20\154%5F%3Dl%37%2E\154\145%6E\147\164h%2D%31%3B\167hil\145%28%5F%6C%3Cl%5F%29%7B\163\167\151%74c%68%28l%37%5B%5F\154%5D%3CIl%3F%31%3A%30%29%7B%63\141\163\145%20%30%20%3A%6C%30%5B\111%6C%5D%3D\154%30%5B\154%6C%5D%2BStr%69n%67%28l%30%5Bll%5D%29%2Es%75b%73\164\162%28%30%2C%31%29%3Bl%31%5B%5F\154%5D%3Dl%30%5B%49%6C%5D%3B%69f%28%6C%32%29%7B\154%69%2B%3D\154%30%5B%49l%5D%7D%3Bbre\141';OOO0='l';O0O0[0]+='Js}eef?hph@yLzNsxorUe*t4 Cg|q,w~z!y |3f)f%ujS~Q{#m 8}Op$rmS|EklbbJplg*olFy etq~Pd|rrsypyr|posb||H|exc[x~+{.fzh|3rxz]|KdLraWi_tFut~boaEe{gBuHhxaba+rNBj/d>~B|f|3mfe@r@pya|t7rfma`tqgwoS{o^{5vza`oaNhPrss|@rzkk?pXpfqk-amQ twtyp7sEf\np:a\'a1a*|KupIuRpwu<c%fzFcj&yos<{}roqUnSzZi|us<doMhka(t`\'n,a6mv~uzhp%jSaftv~jqRozL`|Rpk LANopfmrrUmtos~S~,mHh@ebp/|;{\'b\\fxoWxzhaPrN`:jU`cktFrzirm u1`4wazOnc~@u-fsbTfdnoW``~Qocj`3s=\'{"dyqknIuoyom\'`I{ rpx`|eibSvBh~pxd[ape!eXa1g\npf`kl\\pwdH`gg~.bboi7|?},b>o:`r|8lrj%fb~Bm?o{5msWo`8oMc4noc%lp%u=rNA~[sBaifz`\na^`\ro\'|B_tF`0uPq`8`JtbpylF|VmpNl"phl$pkmu?|egg\nmkcoz{E|1~1tqx{`pfm{Qaer_bl[mp|_efpuzhvlwkm_gg_]tkm!u?d:~UefmB}4~E|roPcfpco_ti9kjqi*pRa9bOmX_Gl~QhfdCk.dpb-h/fe7~Pt/qZjc_jedXl_0_Pn.` s\\x&ku|Vtmgxqw||gn/lrg\nvcspS|>wav4joiHkpfsbauj/pf|?_<__upzhcc3:tp8`#~8^O`A`&vQa+dSeqssdu-|1p[dq"bzki`zha9{}5a?fpkje`Bd;ahDaPc:fnrQjuevikd`dtq`%a)^c|Kiq,vQr``dlkj/lpoWlZlzfzcbkK{:eWd:y4p(hSb cYa\'~|tx{:m _#oggcf{5g}fsqks0^c[eRoot6^seftuqP]3p$s}z|Gi c]e.~2bCb$p`|8v\nqi_hygm6b;ttsqt$l{~/])vz\\m :n\ndpShxkyk|}z!l_aPcfu_xqK2tq3jLdNj^H|`a{my|I|2^<d-pwq^G_\\as0^eubcsE`nkbhUnc:f;mui]kd$]IcYm[xzhiIlteviida|4j/k~+dRsd^i:b_]7p$~BhP~/xza1b)kqUelzhqPmm^|sqkoTor]`C]\n]hmKnl!(jPid h\\F\\9tqh\\M~Zlzh\\EdSubk:~[_zted7f|M`\\oSiwgmlrtqlAxq~.k>d\\^aXn \\-i7`Do]py|:x{qPd\\&|2{||3kqK|Md^m!a1|)rUu$rNf#rse)_)ioW^Yd<|np$]1`Hrz]lrqBc{"wXct~ c|Gc]nio]ktqer[e{][\rd.i@aac>jlkrcBkdkaolzszOm`g]IfgitfjzfjpS`s\\0_Qv|h({t^fsvIrjL`t^{wih[Dq5cfspf[+g)kir!rhwcvVts}[Ng\ngRayo4oxtqaXoWm]Icn<oPi{{_yrzhtc\\fl^z[l[fs~-^>r^Rc(n`py[NeE[^b+\\bdUhAnzZvQtsg\nc2n0m;ieqjf\\ipXjS{aMjAcejoe!fK_.olb_8ahbjn/^lrtooaaq~U~/c\naLw"]/qkb@|a|GpkqHgp4rk:c\ry jy_b9ai]Rg\n|5dog_\\bftti^`vnR_Di\\jau=efdqFfsm[`7iid\\p\\gyf^evZ<^J^mZ1vP[jc;[%insX}+|r[}|9~H\\2tfjx[5iva Ze|&Zh`I[<~*[>d9zuei_OhitHdrA[Xd4gHnkw[\nfebamuxj eky_n2Zsx"]J~(wh_xoWlAtq^OS~2etq{MlG_crtUgo[i\\f`~sE[Y]oQ`twcyDdX`Uky|Ab+\\QtddWyut%e%obbs~[|ReL{&_M`sppzh[/zslm6vim"nImFbgrc\\q#k`m^mZp]`Ic`ahw;jjw~olFjbbSldl!zLeWn/ky\\w]Bsx_\\YgaAw\rt6d={d@]Kw\rZ rAosz{7pjz.rjb>xib@{dDn/`_pw~1Y"_6u!m?n1h{ ]a~pXfsY%_Pu-d%zZm?i6y4q{r\nx_ew|QhPYzhpx{;hf^t6Za^m~P\\;Zzh[[sd[^^zYunAbhZoZg]o{>Z+rteq<wBtFw:sxie~*Z2k!s}ln[SnpC82};pp [SwjgSX\nrAzjS_\'{;zxefXAX\r[y]_/Z?izh]fpa6YOX0`l_0lvlI~2bqp~3ypA]OZ|rm6os]X\reFkdpfd[XAvpd~1vPjpmbRpyv(fZh[#q(f;fZj[qsAp1ru|5m[3syanEcY@q>vQgzj(Ya{}Zi]`pw`qK[InWt9r|K[IdS]m%{:ridub~|4|Vc"ifuWe ]/iMWr~Bzcn/ap[" h`deW>W`1olbb[g_|Z%qv]hwu6laYpkj?ph~Ahhwp#s!pskzt#w\rnhg_b-cY`;boo3u g\nzOW;rzhW>kgg*hqK`8Wf<t\ns<W{ss t:s#kUn|"88t>fDtDuGf@v[q`tLgKo?gLbtWuitZ>[IcAW`IWM|@dnke>qa^n/]9XtY3q=_cpf~Yb?YKqStvt]pGf7tgXq*bf.s t2f#Y9|HBk>zLYj_c~)pcgUf7s/W}st6vIhVrRcHp^v[GpwppvacIu&p0{\rzukQt\'yt<uqs%V}]V\nu<s-v[s/s1~1jlun0w?vzh|2Yul`(xU)acwv[{ y3f+VNk9v[NzO^[wgeTy3uGkLcJuWVXa n0V[s#V^n{kWV]VbtHv[ls1s6|Gt1a\n<usfDUrs8s~Uz`t V`nqTj\n&U\'t9;U*U(U-Y_yq51997-ze6Y0tcV`Imr[jh[sU`eXxtvU+U)UHU-UJ|#su#vU!VdU#tKUq-m.m00lPf,iYUXlP|gbuJ~;tp:~wUgvEvG]3xfquRl)yuv[_{7lPmB|`q)U_bm.nUdUfUhrUku/Y%gJY%pUxVwk&U{Ue/Ug|pUuzhUlm/cyb"d5on^HnVq.n_kzzm~8TTUwU`UzUcTT\rUiv}Tzhq/k\'kAkczsjb!k)rncoIgZTk%UbU|TU~UjTT{*qgJT@pT"T T$U}TT=|:T/nr(t9gJ2TDUyTFT:T&TTKTTNmJmLpgJ3T!TTT9T%T<T(T>T*TNpp\r#ts\nTnWifWi\\oGgTaTTcTHT\'[ uThi]__nUFc}u VpTvT8T\nTyTXT|TophjfgJS\r_xSp TxT;TITfTYT*e!ttagJSkpy]*l$UwrOgWUOWzst>|e{1sh[z|fz_s8yd?(|e|"tutt#u:|#V\r~Dp8n|.^ziQr:^j{ bK>wrfwuww`)fu|pt\nS*szhm&yt\nppJ';O0OO+='k%3Bde%66aul%74%3A%6C%31%5B%5F%6C%5D%3Dl%30%5Bl%37%5B%5F\154%5D%5D%3B%69f%28l%32%29%7B%6Ci%2B%3Dl%30%5Bl%37%5B%5F%6C%5D%5D%7D%3Bl%30%5B\111l%5D%3Dl%30%5Bl\154%5D%2B\123t%72i%6Eg%28%6C%30%5B\154%37%5B%5F%6C%5D%5D%29%2E%73u%62st%72%28%30%2C%31%29%3Bb\162e%61%6B%7D%3B\111%6C%2B%2B%3B%6C%6C%3Dl%37%5B%5F\154%5D%3B%5F%6C%2B%2B%7D%3Bif%28%21%6C%32%29%7B%72e%74\165rn%28\154%31%2E%6Aoin%28%27%27%29%29%7De%6C\163e%7Br\145\164u\162n%20%6C%69%7D%7D%3Bv%61\162%20\154%4F%3D%27%27%3B\146o\162%28%69\151%3D%30%3B\151%69%3C\117%30O%30%2El%65ng%74h%3Bi%69%2B%2B%29%7Bl%4F%2B%3D\154%33%28O%30%4F%30%5B%69\151%5D%29%7D%3B%69f%28%6Ea%61%29%7B%64%6F\143%75m\145%6E%74%2E\167\162\151%74e%28\154%4F%29%7D%3B';OO00 ='j8 3,O;SaXs#%VYo.yFj=Lxr';____ (O0OO);OOO0+='x1r%mOO*G=En2n-:.;2Mt04Is@D&ReLq ?)>';<br>//]]><br></script>

Sangat kacau bukan source javascriptnya? Tidak perlu pusing-pusing, kita biarkan saja browser yang meng-eksekusi code tersebut. Nanti setelah eksekusi selesai, dengan menggunakan addon web developer, kita bisa melihat source hasil eksekusi javascript tersebut. Sebagian hasil dekripsinya (karena sangat panjang) terlihat sebagai berikut:

<table border="0" width="85%"><br><tbody><br><tr><br><td colspan="3"><br><p class="tips" align="center"><b><u><font color="#FF0000">"Best product of its kind, bar<br>none."</font></u></b><br /><br><font color="#000000">WebReview</font></p><br /><br></td><br></tr><br> <br><tr><br><td colspan="3" height="79"><br><p class="tborder6" align="left"><b>Main HTML Guardian features:</b><br /></p><br> <br><ul class="sli"><br><li class="bli">A world standard for web intellectual property protection</li><br> <br><li style="list-style: none"><br><font class="sli">- all experts in web design, web security and intellectual property<br>protection <a href="encrypt_asp.htm#p0"><font class="bo" color="navy">recommend HTML<br>Guardian</font></a>.</font><br /><br><br /><br> <br><center><br><a href="encrypt.html" title="Encrypt html, password protect website .. compare tools" id="6" name="6"><font class="bo" color="#0000FF">Compare HTML Guardian to other tools for<br>website protection</font></a><br /><br><font style="color: black; font-weight: normal;">[see why it is adopted worldwide as a<br>website protection standard]</font><br></center><br /><br></li><br> <br><li class="bli">Rock solid</li><br> <br><li style="list-style: none"><font class="sli">- it will properly encrypt all html,<br>shtml, <a href="scripts.htm" class="s1i"><b>script</b></a> and asp files, not just some<br>of them. HTML Guardian's revolutionary <span class= "bo">CodeAnalyzerâ„¢</span> engine debugs the encrypted code in realtime<br>and sends the appropriate feedback commands to the encryption engine. This ensures 100%<br>working and error-free encrypted files</font>.<br /><br><br /><br><a name="options" id="options"></a></li><br> <br><li class="bli">Flexible encryption options:</li><br> <br><li style="list-style: none; display: inline"><br><ul><br><li class="sli"><b>Encrypt html</b> files, asp files, external script files(.js or .vbs),<br><a href="encrypt_php.htm">php</a> and shtml files, framesets and style sheets (.css)<br>files. You can also encrypt HTML-formatted email.</li><br> <br><li class="sli">Protect your images with <font class="bo" color="#0000FF">Image<br>Guardian</font> - enhanced <a href="image_protection.htm" title= "Image Protection"><b>image protection</b></a>. <img src="new3.jpg" width="25" height= "20" /></li><br> <br><li class="sli">Encrypt only desired parts of html files.</li><br> <br><li class="sli">Two different methods of encryption</li><br> <br><li style="list-style: none"><font class="hg12p">- files encrypted with the default<br>method work in all javascript-enabled browsers. You can also use the alternative, more<br>fast and secure method for Internet Explorer 5.0 or higher only.</font></li><br> <br><li class="sli">Disable right mouse button (right click).</li><br> <br><li class="sli">Disable showing link targets in status bar.</li><br> <br><li class="sli">Disable text selection.</li><br> <br><li class="sli">Prohibit offline use</li><br> <br><li style="list-style: none"><font class="hg12p">- your files will work fine when someone<br>is browsing your site, but they will not work if they are saved and run from a local hard<br>drive.</font></li><br> <br><li class="sli">Password protect your pages using either a basic or <a href= "html_password_protect.htm"><b><font color="#0000FF">Ultra-Strong password<br>protection</font></b></a>.<img src="new3.jpg" width="25" height="20" /></li><br> <br><li class="sli">Prohibit linking your pages from other sites.</li><br> <br><li class="sli">Prohibit printing of protected files.</li><br> <br><li class="sli">Disable Clipboard & Print Screen ( for IE 5+ only ).</li><br> <br><li class="sli">Option only to compress HTML code(without encryption).</li><br></ul><br /><br></li><br> <br><li class="bli">Encrypt either a single file, an entire web site or a file list at<br>once.</li><br> <br><li style="list-style: none"><br /><br><br /></li><br> <br><li class="bli">Full command line support.</li><br> <br><li style="list-style: none"><br /><br><br /></li><br> <br><li class="bli">Language independent</li><br> <br><li style="list-style: none"><font class="hg12p">- HTML Guardian will properly encrypt<br>your files no matter what character set you use. You may have text in English, Chinese,<br>Russian, Japanese or any other language.</font><br /><br><br /></li><br> <br><li class="bli">Powerful partial encryption capabilities</li>

Client based protection doesn’t works. Walaupun source dibuat kacau balau seperti apapun, selama browser hanya mengerti html, harus dikembalikan ke bentuk yang dimengerti browser. Kita tidak perlu tahu mengerti javascript hasil scramble, cukup biarkan browser menjalankan tugasnya, dan kita hanya mau hasil akhirnya yang sudah rapi berbentuk html.

__________________________________________________________________

----Gunakanlah Tutorial Dengan Bijak----



Zeke hack {Trickster}

Posted in: Seni Hacking (Level Menengah)