I know JavaScript or CSS for expample can be "compressed", "simplified" in order to be loaded faster. After simplifying they are difficult to be read by humans... and this is exactly what I need.
Is there anyway to make it automatically? Rename all variables to short random strings and make it all hypercompressed. I don't think it is a fool thing because I have seen this lot of times in javascript. The idea is to conserve the original source and upload the minified one.
There is no need for doing this. The Server reads the file, and the file never gets transferred to the user.
Therefore, compression is useless because there is no bandwidth saved.
CSS & JavaScript does however get transfered to the user, and therefore they can see it. A user can never see PHP unless you've done something wrong on your server. But then you need to worry about totally different things than compression.
If you want to compress it, this is basically useless, since you have it on the server and only the output gets transferred to the client.
If you want to make the code more difficult to read for other human beings, you're looking for something which is called an obfuscator.
There are a few php obfuscator engines out there, p.e.
http://www.codeeclipse.com/
http://www.truebug.com/
http://www.raizlabs.com/softwarephpobfuscator/
Related
<?php
include 'components/server.php';
Is it possible to make it include server.php for desktops and server-mobile.php for mobile devices?
While technically possible, it's absolutely not the best way of doing things.
Why?
Because PHP runs on the server and only the output of that PHP execution is given to the browser. You would probably be wanting something using javascript which can load and then seamlessly react to the browser conditions, such as screen size and/or dimensions.
If you're trying to change which PHP script is running based on the browser criteria (as mentioned above) this sounds very much like your programming logistics are simply wrong.
If you somehow really do need to change PHP script execution based on end-client (browser) characteristics you could do this by calling a script based on javascript AJAX or using mechanisms mentioned in comments above, but as said, you're almost certainly "doing it wrong".
Alternative
It would be far better to load everything you need in PHP and then pass all of that content to the browser (as output; HTML, CSS, Javascript, etc.) for the Javascript in the browser to then decide which parts of the data it needs to use and ignoring the others.
Actually I'm developing a Chrome extension and a jQuery plugin to upload it and sell it on Codecanyon. When I "Inspect source" of the page and I click on the "Resources" tab, the javascript file looks empty. How does Codecanyon do that? I want to have file theft prevention in my own website too, but I don't know how to do it. I know php and javascript and there's no method to do it, because the browser downloads the file to execute it.
You can see the example here.
You cannot hide it because your browser needs it to perform it. Simple as that.
You need to understand that it is a script executed on the client side. It is not compiled (meaning it's not a binary (0 and 1 machine language)). So it is freely readable.
Nevertheless you can obfuscate it using tools like YUI compressor
Basically this kind of tools remove extra spacing, tabs line returns and rename methods (like method "a" standing for "MyShinyMethodWhoMakesNiceStuff") and variables. That makes it very difficult to read and understand code. Reverse engineering is thus harder to achieve.
Some uses some tricks like base64 or other encode and decode part of code with a function but it's only tricks and will not fool the sharp eye.
By obfuscation, you make people spend much more time in analyzing your code and stealing is thus much more complex, and takes time. Let's say you made a nice javascript plugin that makes every white background in purple (ok, not so great example but used it just for having an imaged example). Somebody might want to steal it and makes it blue instead of purple. If code is obfuscated, he might think that's easier to copy your idea and rewrites it on his own with his own code and blue background, it will takes him less time than reverse engineers and understanding wells yours, easier to maintain in the time too. In the end he will "only" "steal" your idea but not your code.
I think that in the end, it's just a matter of time.
If you see it's empty, it means that it's empty. There is no way to hide your javascript code from a client that must execute the code.
You can only try to make it less readable (through minifiaction and obfuscation), but the code is still tranferred and it can be reverse engineered.
The actual code in your example is downloaded with the jquery.js file.
On JavaScript "protection" - basically what everyone else said.
Explaining the example you provided:
Indeed, http://demos.pixelworkshop.fr/circular_countdown_cc/js/countdown.min.js appears to be empty, however the actual plugin code is appended to the jquery.js file, starting at line 58:
http://demos.pixelworkshop.fr/circular_countdown_cc/js/jquery.js
You can use this javascript obfuscator tools:
http://www.javascriptobfuscator.com
http://www.daftlogic.com/projects-online-javascript-obfuscator.htm
If you're licensing the code on a per-site basis, I would suggest domain locking your javascript as well.
You can do this yourself by simply checking the window.location somewhere in an encrypted file. This isn't going to be very secure, but for 90% of users who just drop a script into a directory and hope it works, it will provide some level of deterrent.
You can also use https://domainlockjs.com (free) to easily lock scripts to domains. This is a slightly better solution because DomainLockJS throws hard to trace errors and is much harder to debug.
A more complicated approach would involve using an Ajax script injection, and allowing specific domains to access the script / not trigger an XSS error. This is the hardest to set up, but if you inject a large amount of js, it might be the hardest to get around.
All of these can be circumvented by a skilled coder though... you're only making things difficult, not impossible.
Liblock is a small tool built by myself. It encrypts your JS-sources - it's no simple obscurity by obfuscation, but good security by encryption.
When you inspect the DOM in your client, all you'll see is: nplreq(url) for each script that you bind into HTML head.
See how it works here liblock-demo - this is a demo only for hiding the scripts in "nopro_lib" and "xscroll.js".
Encryption and decryption are totally transparent to the browser. It is tested with Firefox, Chrome, Opera, Konqueror, IE8-10 on PC, and with Dolphin and Safari on an Android tablet.
The sources are securely hidden, and only with really great efforts they may be layed open again. Encryption is done with AES (Rijndael 256) using one-shot-keys which are negotiated between client and (liblock-)server using Diffie-Hellman.
I have searched and found another with quite close question but the result was YUI Compressor and I didn't find that useful.
I use php to obfuscate my JavaScript code but it is not enough. I need a php script that I can run and then rename all functions and variables to random names (only letters) and ofcause before I obfuscate.
I have seen a few but they are either standalone programs like Java or something you need to pay for, and I can't use that.
Does anyone know a class or code snippet that might be able to do that?
And if the YUI Compressor actually can do that, can anyone point out some help to how I implement it into php?
After writing this long-winded response I began to wonder why you need to obfuscate javascript code in the first place? Javascript code is by nature public and anyone looking at your page can see the result. If you have secret/proprietary things you need to do, look into something like AJAX or otherwise making a callback to your server to do the processing and have it spit out the results for javascript. Any processing you do in javascript will be visible by anyone. Obfuscating just makes debugging harder, and isn't guaranteed to keep someone from cracking the code.
In general use javascript to control presentation, parse results from a server call into the document, and validate user input. Anything secret you want done, do on the server side where they can't see the exact code that is going on.
And with that off my chest here is my response if you still want to go the renaming route:
I haven't taken the time to Google what a YUI compressor is yet, but what you're describing sounds like you would need to parse any javascript and from there go about renaming functions and variables. I see a few issues
If/when your javascript uses built-in variable names like document or window and like-wise built-in functions like .getElementById(). Those you can't touch or the script can't do what it was meant to do.
Javascripts are executed in the context of the browser and might use functions/variables from other javascript files ex an HTML like
<script type="text/javascript" src="a.js"></script>
<script type="text/javascript" src="b.js"></script>
Since b.js was included after a.js, b.js can refer to and use any functions or variables in a.js thus if you scramble the names you will have to make sure any references made in b.js are updated to your new names appropriately.
Depending on how often you are wanting to do this renaming you have a trade off of having the code being cracked easier vs completely trashing the browser cache
Modify the names just once and keep the results - then browsers will cache the responses correctly and your site should work pretty well, however since the names are consistant between calls it will be easier for someone to crack the renaming. Though for this solution you don't necessarily need PHP, just any language or script and run it once
Modify the names per session - probably the best solution and middle of the road though it would require you to keep extra memory associated with each session as to the name changes so any requests for new java script files from the same session get renamed as they should (most modern browsers and server settings will allow for caching of the same named javascript file so as described in point 2 if any functions/variables in a.js are used by another javascript file they will have to be updated accordingly
Modify javascript files per request - this may require you to disable caching of your javascript files as every request for a page will require downloading a new javascript file(s) even if the user reloads the same page. This will lower page loading performance considerably (you have to rename all the functions again and generate a new javascript file, that is then downloaded by the browser and parsed by it) and also increase bandwidth consumption, however no two scripts for a page will be alike.
Overall this doesn't seem like a 1 man (or even 2 or 3 man) project that you want to undertake (unless you have a lot of time on your hands, but then things will have changed), there could be something like this out there already or something close which you could fork off of and modify to your needs. Essentially I think what you are wanting to do would be more work than its worth.
I'm not sure why you want to do this, but it seems like a pretty easy task to do manually.
All you need is to write a function that generates random strings, and in you PHP define variables for all JavaScript functions that you have and have those get assigned random strings. Then just substitute them when you print out your code for the actual JavaScript methods. The only caveat is you need to double check that your random strings aren't ever duplicates. If you can't use numbers (as per your question) then use letters and increment them appending to the back of your random string. So in pseudo code...
$var1 = generateRandomString(); //custom method to create random string and append unique letter at end to guarantee no duplicates.
$function1 = generateRandomString();
and in javascript...
//variable assignment
<?php echo "$var1='foo'"; ?>;
//function definition
function <?php echo "$function1" ; ?>( myArg ){
alert(myArg); //this will alert 'foo'
}
//calling the function
<?php echo "$function1($var1)" ; ?>
etc.
This is a string (see below, after the dashed line) in a database.inf file for a free program I downloaded that lists some websites.
The file is plain text as you can see , but there is a string after it that looks base64 encoded (due to the end chars of ==). But b64_decoding it gives giberish.
I wanted to decode it so I could add to the list of sites it had (the program lists a bunch of sites and data about them which I can read in the GUI) and to do that I need to decode this, add to it, and re-encode it.
I think the program uses .net since I think the .net library was required on install, but I know nothing of the original source language.
I am using php to figure out if there is a simple way to read this. I have tried using unpack, binhex, base_convert, etc as I suspect the file is binary at some level, but I am lost.
Nothing illegal, just wanting to know what it is and if I can add a few things to it to make it more useful for me.
here is the file - any ideas how to decode and recode this for playing with?
Site List
file size: 62139
db version: 13
generated: 2010-04-27 11:53:40
eJztPWmT27iVnze/gjVVk56pXXXz1BW3XW2PPXaNr/iIa69SUSIkMaZIhaQstys/fgHwEIiDBEjQk6Q2lUraeuAD8PDwbgAPtkl6eBoZsX8At1enDKRXRvGfL350gj/9uEmBn4MVAqFGP14Z+f0R3FoP//CA+Rb9ddXj26OfZYJ+EeicpEHrt/5V/2/XA75FDTjzlf7WvlL/NgWXnlW/BQc/jPjzxaAfMUzU7+Xr7m+pj7cVZ/C63pa8Iewa/e+299fbMM3yuv8+fa8wCs5Cy/W9EmwLztfU51Eb2SKZoUe9v458gmq9+l4hFDyiS/W9Ei0Z52tO5/W8+VQ3aGwipvcjIRGUMPmnfN8XE40qCFKABSaFpgQg2ggGARtwB9D55SbM77lfIkCxGIIvsxw2460jBrRxwbfwyJdVEFB2eSERTaTstP4r2OQsG+RhHoEfL7+XOGy6d9yObKaKwE/zJo4eCFYNDD0QhJsIXHD0RHAZRV8EzF6WRQCXkU/ECnDBIUSwB37A8oEsgg3kuF2S3rOCtASwCNq1H4ECCYVCuTT4mRlDUwH2QNDUgT1HcFGDfUewIobQjaBVGdIYkMqoV0I8h2gIgqZK7DmCi1bsOYKVcB25CFp1I38djAY6wXqeokg8Enk8qEWSXg0eT4GHGFFPPMk5BmkHn8rgaVoOA+ZVStCaTgPoo2U8eBzD6bNdHUHci38Ycwi14Xk2F0C7aCpZh3Vv1BAQQ1BFUDDdAATk9PsjuBiW/WjQGIUqglPamACBAJpBH9+9JIwFsbkE27GaXhoBXkZiHKoIzmCdhTnH9VBEsKrHoIoAfd0gZB8i8pexAnQpGMhBySndsIKmAnDsJc6GXocJX1RBQJfJViwkgaEfAmIMqgjI0fcbwTo55cINLYOg0BsXPL1GQGrnnkQMQA65hvRWxQgoDAHINlxbBQHS8JiHSUz6nswQiHZXvRCUVGzi4SNpV98NDCoIstPh4BPeR8scWkdA4FFEkOVJo38JBBSGz+AehSWzKwZDBekwe8s5EHj6IVhdMHQioN3AJM5BnHPWocQtsSFXTSTqCPAc1klAhWLUEAyaAmpGzKIfghx87UuDQqYMQFBFNGoMiggu1JcmImP5VpGD8BKW4AcV2udQtV2FZCqAiwCOIQeHYwSBxotfbq/uChTGL362Xyd+GhhRsgtjOzutD2EOO7g+7o9XD//wbw+yI9iEfrRCmB5KffbgpvENxLGN/F328O/P/axo//e7U54U3/z9wU0Bhc0wDNk+D2+4aC/wS+MMpA+DZHM6QIa83oH8aQTQn9nj+9eQVj9BYtd5qZ//2/zfa0ymGhX6usaFsicduOrMC4sLf13j2oZxmO0f3tQzwCKYnEbZAlEYt0HzsvkfkA1g+xTswiyH/gKmVBbu4tOxaNiAXDAXQrpjanW08jI149b4oQzU/fCn/4H/6cRQKRkKB6knJDHhbUahqTaYJApob9IYahNUEgVUDjSKWl/88Kd6ZUoCXygeJDEoludwX466sZQ1nPokSpLPcKtb9UZ7f9psoEeGgi33xtsELm7QRFJ/ATGVDnXRcfmPolsSQjQkMTx8C2IDTb3Z510QoC65X5C8KMVjDSeTomsjlSizPGU+Uhc6ztYmEdWpVbmh6cS2paQXiahIHMlgiVqwRNJYSmpbAkRVGkkGVZHd4eNBCR4ZHDgrxUeB81IyOIr8FB9JkaJCO51mdCTpUSx2s/fjHXhom+Z8YjoT2zKsxdKyl5YHBT3R4A8PbioF/JBWxjdhHICvaKc+Ovo7cIsVBKt8uc10KFs+Xo62rTb+R6g3jZdkM0IkSCpm1GBV8qQ1TC8Tm43GxNfK9YRZZUz+u54VnKrx5pQ3W5NzbqhwipwNjc4o88s/rRrhc5AC4z45GRs/NooGRgzORmUVkEgsrjTmLWsFHGImNPOBPS0FKqJNK3l++FcebRaHxyPIh9kgNTK+QXOxRGRsAGohDlBCwv+XNwb+E9os1eIbe7iv1wBUjNFqEHB+t5vYwqwDj82RdLOJucCSbrq05kvPVJB0aGdf413EdzCoBkLpdhdFydl4/uHVS0LQ8aUbjbGPF1FERAc7EBLuA7Gzy6FDnXpN2JCPHjW2PyN9ur/hOBH4o+Kn1EdbBH8FZc4BHNYgvX0Nzv/+Cv85RHoMkhp15EZsj3du6ktUlyd0UERSWjIUGMpIyCe4w5Pzdf0Zcl6uwzgGKeJQUmKgf0t0IuVHcUSPijlOKuAhpuUlJT3MuMTjoTdaH1ten+2t046vckOsJsF5me/FvRQSWQa+BO0xB19JWcRYT1gLw7KgObw05wp6ohhndiMyhRtwCRuYrxooLH00w8dLdGmgFfu224ptCPpq8NU63ARJp5ynvxkizT8MkebvdQSKnoXsACrDbRuKzDMVGfmRjR2S27+ua+8e61ttgqTC9CSJoZl8GI7wGTK2Xw9XBC/9VjSyeuCpBhXwOEx2qX/cs4b7RVRKSjBvYi8M21ma9tK25SXYVRs2c2nPl46CPCzDgR9SP4CG2iY5CEPzlya9pSL+86afOMQHSLTYydIh9uZwOzx56PxAD+oLgF4PEeSETXcgMKCHIOPiW1WU/qbdEuc04ojkWnxr8Mt1uOVaQvhknq93EL9RwTDYYJfwHzQY1MMVhS4L+G64YkBNH8uhURGmlr10vKXlKpiD5+OkLWhAgnWEDJr4+shB2EyDGDzLRQpsPGI/OEA5eEyyfAIdd4nMITnLR/4Gbe2WIGH970omvit/MJ4lqfFhH2bGe+jfEB+ywlNiE6HxDwsvHjZwowRhDt0cc5iXrsPBLhyYwVJByTlW3IzmdOk6CpuxULjGT2s/MPb5IfqZsyOZNv+61ohena9f4Uhzg2UhT92ZLW1LnhtevH/6y+vrJN2xTFCDdIjkgp6TykjhMwSRrwlj44/G+yJ3clfnTYYkq/TUkGC9KS3W6VkX/nsp6itgPOGVGAiqRZoI+WUjjAR/gpnKuIuNu80mOcU5j7bD5H5lXw6zO1uqRiQjr63WJoFjoG4gTkMNc7oPYRBEYAXdlRxuMArZ9wveQn/z6Mc07SXI3Vq9IV9OMLwQ4JgmX8J401UJ0IkG2i/MOqiVNRz3SUwPQ6KQwf/KlFN8h6i0DneFI117mkn6wvUbNVRKSnaG0qa2Sji8zfnR5flUYptE2Fdf+hqrLv0VZYAV9O7Umit5rVj9a2gVpZ8OrYxYZVC/5/i0wMAITL6KwvgzOgvUP+OUrvApT95oWK0qwPb4/kXw01WIwtXICUueQtfMuvp5UOp0oPLlcmdPiVNwp6geTkHgFIhsHYh0yGR/aKIRSo0NLiUYppb9lZSKUgrmm0vbWbrTVvkbhKkB0d9enc/na0j5z0kcQoZNY5DX8XckH/jgBzel7EBc9PCVn34GeRjvDD8OjAxEEfo7ieH/AeMc5nvDN7KDH0VGkhr75ACM9SmDsAxa1RgBRLRLkl0EHk6ga1b+CX/0I/DVx78Vf1Fh6n2eH5c3N/wh3hQG/Ko04K+Rl94azx6EzVYTpNXlHT3laHFiqVVicUQIyy7uxLQxu7hLh/WJIYswnOIf/G9o5RgeIQFN7rgrIcxau+xSW3PPnBGrrexHE4tIjuimqPMpolXXm+1hQJkUa9KPVy3VyPmozq0jVbRPwfb2Bzib2pCA3z7CLFjWdK7uk1NaQTO51JFokFQ/sjtRFgdr9IiQ1LYQxvD7pqSInI1Ffq9S80WWaykIA2VnXlMllQZfXOOxCP1VCxIGjqQu7yGci0Vfh99Y8dwAUQK6rJV9HH5jZPSUldGeNTOtVhlNSGaRaGgMh3Jo2tPOvbCoq2fUUhzEIoq4ZYodMTZhKEqlCLzExbWAiYsopBENEl8ljuFByQpRq0U+kkWTAT+FLaqAMbT3GhuHBTc3z3sMv0SJqf3jcWwcZ+bNZ90mLdszFd1W0aPKyBR3DK8uqvdJB26FlBJ3D6rdu2tVqTLFf+Eu9vNTyqfIqNxcWSXNQipKC+REDRVPERQ1VlK87E3nU132Oj24MjX6KABZfnvJPP7DJkqFxrrSxIYVeMkd4WodnFSKtxVDnf6lZ6jrYBZzrFL1aFaADoKE6xOK36zIm9V0H9ZqdKTjiAcPr86SturiiGFJxuoEXHk5T3e6UX3REOrVMfLZ6pN2Kfv/FW/aPBRvYs9wScV8abGH5HjqqQyKTzZJmvoRo59YcK2gdFzTgfVZGac3nuA+GCXnsErOtheeaxNaToeiBpUtVoRJGVJw4PppUZmtxhvciUyEbu5NvXkHLSxMCw+Ro5MWMUhqC5QgQfNn/TN/DZK76sSyRFjSsuYzT+OsCb2Zhpu9yFCrYKOtvPEO9iBDAddzGk6/RgJ8gYLGF1GgBo5Ggr+gHmTEgOWac1RHqJUGh/tS5q1PYcQz2XkN9NPi1b1RycXHRT9SFHHMhauTK2r/FP4CNijJsUuioEETcRP9VPml6uJX2IVRY6p+ldk39tS1zREo5KbgmIZxzqUNCRxRabjGu6IfhhAmJ2o4s217JBG69UOhr1vBxhOhz2APDAVsDis4c9ObjkOBLAY5SlqKqEDCR+SI10UvUrLDMq2FTkMCzTZOcnD0g+vySG1FhMvPIxgSBW6ZKU89+B9X85RPx9M6gq4+nNw2acy6AdE/8Y/G2wI/USLbLQ8905nqXvUqDRAleS4OehHg8WTB46ITGW6YzSxzoZkS2xSAKqA7CcAxYWs5+E30U+QZ7OeiMlE/MkRxp/OF9i2Shrt9dT8RQw8aqJ8S71APFSmkbG3L9izdiuLo536cQ1syO0VFRUulGr748JcGTTra6ifRW9whMkFRj/DPzHiBi29wgRXHS+eEomeOO7VnI6lXHG0SKtcaOp5qvUNdyFgZlu0ubO2CxY8i6BsgsxLE4JQijcJSg99mBJpE0VOioxdYvUlQZr5wF7oZBHyrHRJGAVMw/YR4+l+17m3xSni6Z+o4C61uCcrAX2++3dSapRrOxTkRNhlPHSu5apY7s2Y6iUKIiA2I2GgnBRuPDE9gDzI+GnRVLVMnBa7a+xN3ZZmoK9vDZ6ndpSMXXa62G9bpcXIWCmyywXgyGyv+18mZIT2nxtW25wvt7lCtn04b1vChgeOx33vUhYwKt73ZwtYdYSvn+dlPD8IoYw0cjQi/oR6kAkbuwprqjpOgaxn/dgIZMlKuT58pY68BG8O4KzuQmf5s6lnaI+1lOGxSRlJZH4CFj+AGFJ1UcVYZYixmnjOSResHX+AgTqlQLjQajCcb7qpuZMwW6BU5nnYNbU2SYx4ewm/FxZCku9MkTEvDEQhkTd4QvUlEnzuPTggLOFom1nr9Pldnu4YJdba5NNkLolv48VAdIamP2lP82GgwHj/WR1nkMkLWCOGKKvcHcpSXF6YGL+ARs4NFJ1J7E7rf2oMWdRKQVyxAA8cjw19C2UoBbzGf6SZCqZW2JxCBgKECAx2tYuIZ7kKKDObMm+q244LT4RCCbHcKA5Cz0QcWrJ8QH/bwu6If41fUkQwxFtO5N9ettML4S5iFaygW16xRSwP1E+JF1cOrx3cyNHBm5szVLSfzvZ9nh/s43OxZK4YGjsEMsAfj1b3xGvUhRQUbunj6qVBVCp2TNGLlAwc+zsaovv+EupGSElNvrt3TgdMtJeImSWNONojXYByCEIVmsWw9heNYuhkEneGr8htMiJIG6qcEvo2/23jl88fMHKligCkr4cBGsyd+ffPyF5mAtePazlglEwdo2SXHJAo5J3l5LUa0uOt+pIooZtPFQmuMskqKnsG6FAwsSTjwETKm754+NT6BdSU4pOgxm831kwO/5wGCyy1arIXBNhjDysC9iOsLeEkec6rf9IS+FhRcqJA6Cr9A37Ccdp3A4ASUuj8YI8JU9Wq8xN1KyF2e2IF62TV10/Ds7w9ihmKg+qnz6e75q4kSK808z/S66r77yl8/Pol92gt0zEgH6kMmLWTPp+58rMx6GGcoTSJMTxDwEQvXXhS9tGwUHl2mtjt3RmKQjTj0sxk57POEE/HhZSqcETRxHd3yo4M49FUC+RSQfEaOCnRBlHJli97CstpnPZ2YHn4TxFracolLZF9wdASdqhE3G06JZr2WyjaYtO8AdWocQbqF3QuVBQc+fP5vC6RiY4PHDPbcnC/aC+DVpr+FIyZWuTF1DkzDssO2Brn2UpUSpgudM93LTs6NTgJQMD3srjBjG/rl3rRdB6rN+LN/hhPa+2WRLkpskIvNBw+f928l3qp4l5fp4B6AWkxnHcEa9RWvHG6opUAsdMdrqJLCk7CAfsWYZQoTPHPecYpDffKHe7E5TMF0TfzVvUy9GO/Qn23PdS7+8Logc7F00Du0UqT+GzR0w/yeECIsyQVtdJH+zwX6hqiV8kJcqGQcnSqG2Fq1ESEMAjVbfIdCPZYm3GIpx5yJhfGFSWboIkSLvYiWR5Mo8FEEND0USXD6HhgWrJ8aL3+5I/ooeKVinH6uvOWZC7GeJgllzXg3RnLzkX6aRGHsC7cSr8EIWcmyF6XjJ9bUk6LHdOnA/y7kNtN60xkQErQZYUM9ftLvoKJltVXPk5RBkkaOU8opx+DrSShhauB4wuU16kLGk7Es1xbXYJI0gBvGk9M9+LwNMt3F2p7fRJfmwVIEm/nCjcIlxXwxd3UavGQAIzkcw6guNuLGOJpNRqyNvnQk5/qYltgSarCIs/TkBMgO1dhUS4/Ef3JgmUTUSBeb/IrwX8xD2IPxCnYhQ5Pp3LQX7fHi/iZKNQGhhUI2GNFAqb6VqmOeOmJyXHjEW3rO0mZfJuKGz4tLoi8SgrZPeA108canArdSbMRFx5BGchiz2M/Fl2ZcoKOxw3vchSEZM+Pdm7bwxDZ9g0MgbeSkyD5Zr+87DRFhK1288hx10C/hb9mLxdTSHVYqJzspbkAE8Y53246okeaQw+Q9gf93ia0GAByFhggNHOFGDdiDkvvrebOZ3E5xob6Vk6U130+S7UVeMrUx4mYj3jRivNkq2WmOYzVvYGwhkLc0lZIwAeaGA+/EBLeFrs1SvryFK4deg7MwMv099osfJPgCvWr9W1y8tpYjaKKyu74RvelUcl85ztLp3lenz9fr1IcuzBpOoUEbBqKLTR4jrOjGhZ1avmpmubO5tSCPSHPuxmSGfUOvSvN2TJbZqucnoQqXOL9YC5jsGAYg3VCnF/lgQT4A3U143bnLMKInyScleWPPLdsy20vc1XdZvgenzxIJ0JZ2Q0iBqjU//tYv++k4ZmuMrR9BCmue5x83IIJJFxeaZjdtiaBPFR6pU3nzmWe77RuGGRxxhqjaOYUYl9s5tolOEXEekW/XWAnvjCML5l98zL+nhHfZhNes6Zd765W9NJcYEfssWXXK6nd5wrP9XZL2y4TJWcXgXCVuO98pa8fU/oiZyrWuJZks4VMWRq8nKQQof4dXAs9aHgjUgaX7kS2ll60slNCRiLxW70t9jpMz5KIdyKAxSR2Cb2nTlA6Py4a/VQ3f44ZydQPedDZvF5wt42hKzqGPTpVojIFP+BVIylro/pfko3umfchPrzks71Nvn0lcle9NzJlhLZauJVtqhp4P3KWodoI9JULBmvzwEgJ/LYBy94pMZ2YHD3D6pF955L3P0EoGp3ubVLgBfv01TU4x97JNGt4kB6qdM57iFv1MKNtcLOwOc1wwEuFl9TzKWCaijDNbmtLmODSjwm+UFcaC+MbE86KBlH01c8xGgYWSPcEO6FIR1PqM+IfE8IPA8GOj2tX3yck4nLIc9Uq8JqD+QCpu9l2fppcgxiP8rvhtYZJImSIcbMVra1mBb5PfHtNkGyKztvOV8WdhFBnQhTG2IYiCzFgD9EpGnhhVS8M34NgMRKP/QE8lwj8MqAv4T4+rGDz0avS0KzTdY6/nGnuogLZymNTeL8ZCwptDZ03eZ4c0PO8TvsN+gTXFxEe4uJ/27M1lPB9zbi08zjMrtXiwZeQDOZSbR2Fwe2f9k7yCKN7m7JwclX3Nfm7L7uMwRsIyNQKQQ2rUm3kPYmMThZvPxnv0SAu6p+6ev3+5zGfhwjZXJnO82QP/CB3ufZKh+you0WoMKH9NwZcQnOGCfAk3IMNPwAdIeJGcOhRRk62foI/wMbbnxZeqtoDpTht3vHAWf+iI6+W/3EFHvYZVx/snuDgDA7MsTGJJSwOvI8pIdIcvAHqa8pJfICufWVCT1k8x/BIA9nN/7cfs9cs8kYKumeqwudjui5+ouI4KSTx76XbfC4NyLMckiVA86QtcwKbfxoU2CfOphBjobsi3sK2Ur2YvPIvz+KycEcYdVfnQ0z/wm1WcZefPROVVKD6G+lWoYcEbuTd55PW9ZVjmEp1R6t6qB7gF/CrBgxK5IcWaogbUc9m4Ve0r3RXtpG4GXszdRUccVjSGm80unKwhNxbfXB/ZUIKYPlAloepACa86gUvHPj9a/yqIWJ+Pk64gPYFCppoRDn/Bf2Sx4XTXWNEQsHtwc4T6QylW2cAhGaWsDIF3lemPCq7yfQgNCUgIeYsBBcWK67bkEgto2ML8Pw1ssi2CKpUAefa0+W6SYA3obrtixmI29dylK0cHaz6fC+lAA5t0QFAxHXinR1zT7q1XeOMpUwVFOLCPasm/5vrSBRBZ/4wBMzXqVVJuyFO0ERlk9WYs0PR/fjD/WgVhBwQ8v+aDIq9oDDix1x1T70Cj5b1AiKd8t7DjOcOBb/DBflqyIj3zNfwN0DMswt8APUMbENkmidXwyXBO63PpJVRyrvskBtSTjlIfbv2vVz0+Qwqxz3eohNyP7zlrLPW5jlcbEZulNBLZwR/Y9IqiXWstzfnSlCuKq+RmmEV+LKy2JsACS67weIyf1n5gIKn7c+fVCxij1LGvKXTQzPZLsvtUeE0Ofp6GX5mS6gZk6HSDySuMS+qiuOl0Pm2/B6zH8eow9uMNmFTpxknksxekixo1LaBnRSujSowad3FgvPTPxrsydymXFlvYjt0W1ey0i0Sj/ad0u1snVHrfjx5J20JCVC1uuHIqWUcmWefjxZIPLEtiwy8h63gHuXgGufsRZDG6D/6uwBhu07p4pUzBfwrjIDlf1x+uk+D+OoxjkCLUSqNmu7GVumlO6V/q8WVfT9ZqLYdG6QFmdNBsaUkeVi1PXYYb4YHMAqRHvUNkMlX+C2vutFSx91Ts8b3Qw6dgVAI/vlc6VOzC0VtOd5yD6vQGWt3tfq6CfyoWVTKlXoWxSYtNpeqbwt5Ex+3V7M3yeWvBre8EmFtkofJytTdz3Mapq9LeuItQ5g7JLNLgaK9wJMZF1+nwIlbKirVd7SgsibN0F7LnUMEXkN4HvnjX8BpQGSmqhdx9g1OnsS4C0vN6V01BFbLSlKNHtkmSY/U0SpMSTVCTBu8R7M+yD55YrjdrXvAhmH6zy5tqAyhTwF3ai6Ut9zgDCj5P3JCdPwmgiuPevPlt4r74IBcgXkwtTtmT0o4kh0JHDwfuRa7Jtg3TLP/RKP6BaChjhHAxyZofG5+R7fAnsEvSe5kYRF/7nAk+qZnkjKWjZjpvWkKcCvIPcru3tLtLefAVQGeQsamr+tcmn/8Z/Sz18LU7h//t3t91P9+jOgHSxYHaWu4Ki3wPinOxRSEdTSAW3KQUOl1TnHs18I2+UifoZ47tSKSO2L6pkmmV/JGLLn2xJF/USsEhBOnlEBJtwPAaNOnytmiheHDc9UyZvCave/pATrvx2UKluaxF4Uw9oTFBwZq0gUCVU2kLy5pyMmyEHpEPKlHjujkkwQn9jeo90Uhu0bnU1d1mk5zQK16/71Ed1HzVP/vWOdfiKO6qPoErGXxSouEfkyMqycVTHxKTyvBzo6qGs0pEAl08qz8XpS8RhblBR8BDxFY9Ax8NdLbmCAiSSTN8SlnpPohjmgjvpKpgXJfzLQTKnbA2p5wjgn28zWo8OGKQnOOBdi2bkqIO3LTustO6Mj5XvVJrKG6ozb2doVsNJC9IIa929ONA9BikuBmVBFG9yXEOdZQpcYhWPIBKga+qEq5BbLD1/Q1vCfu7ORgjV/4o+TsYzaDUQoFhUEwMo1hHp5T1Y+jziyrcOlc80ZztEyg9henYGsqPjj1HYKnaV3QxokQQgukXiaQoxAXX1352fARlw61m0SRf2kI4qPRZ3MvCK62XN1tacqGSKs+2D3f7CL9YQHsE3Bb8k6bG86qNzOKhBzssicXjDgDfkDBpOgRDAtFf83LrGkbPzYtQ7IEfQJYaXKG0Gn5MFSJZ36NgbwdjyiDCQrVL5sqNCbOkEJOkwEaICnnNrJaSxEZ4tJZA1c3RAkKyHPRgxYZoU0ooV+asypv2VqLKHgUBM8e3RIoiDv8H/FOXyg==
In all likelihood they created this string in such a way that you couldn't change it.
This isn't that they haven't thought about whether or not they want the data to be changed, they have specifically sought to obfuscate it to make it harder to change, which suggests they don't want you to do it.
Given that you are using some else's code, you should carefully check what license covers your use of the code and whether it permits you to make the modification. Once you've done that, you should approach the originator of the code to ask them how to make the change, if you feel you are entitled to.
My guess is that you have a script that contains this string. Check if you have eval() function calling this string to be base64_decode (ed). Change the eval to print. Then, execute it, redirecting the output to a file for later reading.
kevin#server:~# php suspicious_script.php > out.php
You should be able to see what's going on.
I have a whole range of jQuery code, how do I stop users from seeing the actual code, or how can I encrypt the .js file.
Please suggest opensource
Thanks
Jean
[edit]
I don't want users to know how I have coded or copy my code
[edit]
Once I use the base62 encode, can it be reverse engineered?
Check out packer by Dean Edwards. It has the ability to encode your JS. You have to let your JS be world readable, otherwise a browser couldn't download it.
You cannot prevent your users from being able to see the source code of a Javascript file : it's executed by the user's browser, which means it must be readable on the client side.
The "best" you can do it minify/obfuscate it ; see for instance the YUI Compressor, which exists to minify JS files (so they are smaller, and can be transferred faster), but also has some obfuscating functionnalities.
If will make you Javascript code harder to read/understand -- but someone really motivated will still be able to read it ; well, it will take some time and a bit of work, but it'll still be possible.
You can use google closure compiler
http://code.google.com/closure/
The Closure Compiler compiles JavaScript into compact code, it obfuscates the code, it can still be read but it will be hard to trace and will take time
Try to pack the code with the packer:
http://dean.edwards.name/packer/
This is not like code encryption, but it obfuscate the code.
There is not really much point in encrypting your js file, everyone knows you can view the source code of anyone's website. I believe there are encryptors out there for javascript, but users will have to download the decryptor module to decrypt it. Also since the browser does need to interpret the code, it would probably not be that hard to circumvent.
You could obfuscate the code, but I would do this using a minification technique, and more for performance reasons rather that hiding the code, some obfuscators are more intrusive than others, but again, the code could be re-formatted, albiet the original variable names will not be recoverable.
You just can't encrypt JavaScript that runs on the client machine. Browsers need the unencrypted code in order to execute it!
This is the first thing I found, but it looks like it might do the job:
http://www.vincentcheung.ca/jsencryption/instructions.html
As others have mentioned though, the browser has to be be able to decrypt the code, so the user would also be able to (although it may be some work to do so).
You should look at obfuscation too, which will make the code much harder to reverse engineer.
http://www.javascriptobfuscator.com/Default.aspx