How to hide your code from everyone!!!!

[codeone]

Alright ladies in gentlemen, Code One has just made a legendary webdevelopment discovery, how to hide code from everyone. I made a page, because I figured I outta stop talkin about it, and just do it, this example is exsclusive to you, because I love you. Please go here:

http://home.insightbb.com/~kingx2003/ST/index.htm

Now I inputted a comment in my script, with a phrase for you to post back here if you manage to get into my code, so remember if you do, post it here, and prove me wrong, if I prove you wrong, bring your admittance here as well, and I will teach you how I did it, if you want to know.

Code One

 

[jammer1221]

nice try but you can't fool mondern day technology ... although it made it a little bit agrivatting to get to the source code...which is what happens to most people that just want to check out the code for the page...The magic words are hocus pocus
Jammer1221

 

[jammer1221]

but i would like to know how you did it..as it did take me a little bit

 

[Lrnmore]

CodeOne,

You have really presented some interesting ideas...

I especially like the line:

<button onclick=&quot;javascript:alert('Gurus please bow, Code One got cha all')&quot;style=&quot;position:absolute;top:76; left:446;&quot;>Click.........Me</button>

But I am impressed!

2b||!2b

 

[codeone]

Haha I know I was being obserd with that line, a bit cocky, I am more impressed with you for getting to it, I personally would have been stumped, good job!!!

Code One

 

[codeone]

Oh and all I did was alt print screen, edited the tool bar, status, etc, and layerd it over top of the real page, positioned the button, and bamb...you got an almost impossible way to hide code.

Good job again,

Code One

 

[ZachFSW]

Ok I am not here to respond to these and do not care about these - but

the closest you are going to come to hiding your code is as follows, in my opinion, and I am making this up as I go so I might miss something.


1) Have first page redirect to second page.
2) Have second page redirect to third page. If you do it fast enough it might get missed that it happened.
3) Have first and second page right a time stamp cookie, and a unique session id number cookie, and record that to a db or text file or something.
4) Only send the third page, the real page, the page if the referer matches, and the session id cookies and timestamps matchup, and the timestamps where recorded in the last half a second or so.
5) encrypt all of your data, dynamically change the decryption keys and method every page request. Repeat the first three steps in an iframe or something, and send them the key through that.
6) all the real data is in a js file
7) Send a full page of real code, that looks right, but really is not what is being used at all, fill it full of js file calls and css calls and this and that and everything else, but make it all look real.
8) Your real code would be in a js that I would call from a different domain name, that is like (I grabbed this from sportsline so its a real file)

<code>
<script src=&quot;

http://ad.doubleclick.net/adj/butto...85x60;tile=4;ord='+random+'?&quot;><\/script>

</code>

Put just change the name around to like ad.doubleclick.myserver.net or the like - just have that sitting on the same server so you can share files and such back and forth between domains and such with out a problem.

Put five or six ad calls in like that that really do nothing. Make em all encrypted, but dont use real encryption, just goblygook that looks like encryption. Do that for like another fifteen js files, again goblygook instead of encryption.

And again this is all in a page that a person can view source on, see all kinds of html, and js, and etc, that is based on the page they see. Just for the heck of it, put some enrypted goblygook right there so they see that there is some good stuff to seen here, so they will get right to work on decrypting your goblygook, and really get excited when they see fifteen files of goblygook encryption. Keep js files full of goblygook code looking to the correct size also.

Send goblygook keys through the first three steps for each piece of goblygook encryption.

And either a) Someone is gonna win the lottery and start with what looks like an ad call (and put your real ads on your page to originate from that domain so it really is an server type thing) and decrypt your data and get your source and then go oh my god I just got lucky, b) more likely they are going to get very frustrated with this awesome encryption that you are using that they have got twenty seven crays working on and can not decrypt.

You could even spread your real code out and put it and amoungst some goblygook code.

You could even have your real code start that process over again, still not revealing that all the rest is junk, and putting another layer in between you and the user.




Results would be 1) Probably not the fastest page in the west 2) A lot of time and effort on your side 3) All it takes is one person to get lucky, and then show everyone your code 4) Your browser is still seeing it if you want to show anyone, and somebody could get it through other means and never bother with the encrytped code 5) See my first post on this subject

I can think of many methods along these lines, but they all have the same theme, you got to accept that you can not hide it, that no cache is meaningless, that everything you do is fruitless in the end. The only thing you can try to do is make hard to read some encrytped code, and spew out a ton of disinformation in the process and get people off on the wrong track if you are lucky. If you are unlucky its someone from the NSA that is trying to view your source and they decide that they must know your goblygook encryption so they &quot;draft&quot; you to come visit them for a few years until they figure out your goblygook encryption they can not crack and must crack before the ruskies use it or something.





Disclamer - I literally made that all up as I wrote off the top of my head, so it was free flow of ideas, so if something does not jive or matchup, be creative and think around it not through it.

 

[jammer1221]

Hey do you think you could write a test page using all those things you just said above...Thanks
Jammer1221

 

[codeone]

LOL..to jammer...your totally in to this hide code crap, lol, it's cool. I think to hide code is the wrong idea, perhaps encrypting the code with some form of albertie cipher type crap, would be the best, but extremly difficult to produce, but if done correctly, would be impossible to decipher, especially if the code is really long, and NO, jammer I wont try to make an example, lol

jk

Code One

 

[jammer1221]

LoL alrite you dont have to if you dont want to...but i do think if someone were to fingure out a way to make it impossible to dechiper an almost impossible to get the code they would be pretty famous...and the Programming world would deffiently change and little punks like me would stop stealing other peoples codes and actually figure out this whole javascript deal...but i do know its impossible to hide your code becuase the browser has to read something but what ZachFSW was saying is pretty darn close to hiding it, and thats why I was wondering if he could make a sample page demostrating what he was talking about.
Jammer1221

 

[codeone]

jammer, im one of those punks myself, so welcome to the club, lol!!! I was only kidding about you asking for a sample, I would actually like to see that myself, learn ...learn..learn, thats my motto, anyways, there already exists a method of this type of ciphering, for text ONLY, but I know how to cipher using this method, and how to decode it, small strings ONLY, like I said, large strings are virtually impossible to decode (by hand - even with the decoder), due to the complexity of the system used to cipher, it is all quite mind boggling at first, and only a few people have actaully invented simular methods of ciphering text like this, one, Alberti, two Da Vinci, to name a couple out of like 5 people in all, the method is highly sophisticated due to the way it is first written and then deciphered, they write it in mumbo jumbo, using a chart, which is the decoder, and then once you decode the mumbo jumbo, there is more mumbo jumbo, so you have to decode that, and then more mumbo jumbo, and then you decode that, and you got the real text, not mumbo jumbo, lol. For ex. something as simple as Hello Jammer, would be something like &quot;ertaf ahsbtw&quot;, then when you decode that it would be something like &quot;jhagsi hsgabt&quot;, then when you decode that it would be something like &quot;lhdns cvicht&quot;, then once you decode that it would say of course &quot;Hello Jammer&quot;. Can you see why something like this entire post if ciphered using this method would be virtually impossible to decode, even with the decoder? Its just two much. But with a program that is set up to follow and reference the decode chart would instantly cipher the text, as you would like then you would have to cipher it again and one more time using the system in which you designed to decode, which is only about 26 characters and 26 numbers, aligned in a certain order, which is what you follow to decode the text. I think since it will be a challenge I might try to pull this off, sounds fun.

Wanna collab?

Code One

 

[ZachFSW]

Lets see, right now I am writing two different search engines, (httdig and mnogo dont serve my purposes), a fairly involved game, three on desktop web apps, a couple of websites, a really nice cms that could be worth a lot of $ but in the end wont ever get done more than the five or six seperate scripts that run stuff on some of my sites.

I dont wanna be famous or rich - just read through what I said, and start with finding the hole in it, since I wrote it off the top of my head there is gonna be problems, (which I have no clue if there is in fact some or not), but find the places that it all breaks down and fix then just step by step figure out how to do each thing.

Or in other words, I wish to god I had time to write the fun pushing the boundries stuff - I have a lot of stuff that I am sitting on that I know others would love to have and a lot of theories a I want to test on stuff - but even coming over here -and posting for the first time yesterday was like a major chunk of time out of my day - but this is one of the sites that more often than not between here and three othere sites when I am looking for that magical function, be it php or javascript, this is one of the places I find that line of code that I have been searching for desperatly for the last three weeks - so if figured what the hell, why not post.

And does anybody know java - I need a java applete that can load an external website into javascript variable - i got one that can do it with local files and I love the thing, much better than the iframe buffer, but I need to load external sites, and right now the only way I can do it is with active x and that sucks - though for those that have insecure ie settings or put my site in their trusted list the result is awesome.

 

[codeone]

I know how to load external exe programs almost automatically without the users input...maybe that might work for you, you can take the code and tweak it if you want. I think it works in most browsers I only tested it in IE 6 and it warned me of active x but I think in other browsers it may work without warning, I dont know I never tested it, if you want it I'm going to have to find it again because last night I accidentally downloaded some shwag reg file that wouldnt let me run my computer, stupid site, not this one, but someother that isnt very nice, , so I had to reformat my disk just to get back on, so I lost my code, but I think I recall the site I found it on, so I can always get it again.

code one

 

[BillyRayPreachersSon]

I just came across this old thread, and thought I'd bounce it to the top again just to illustrate a point that hasn't been asked in a while (there is normally someone asking how to hide code every so often):

If it is published on the web, there is no way to hide code, or stop people stealing code or images from web pages.



Dan

[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]

 

[BabyJeffy]

f it is published on the web, there is no way to hide code, or stop people stealing code or images from web pages.

Are you sure?! I have some Javascript code that I want to put on my web page, but I don't want everyone stealing it! Please can someone share some script (or even a good technique) to do this? I have tried the solution that codeone posted in this thread -- but I don't want to overlay an image over the whole page.

Appreciate any thoughts,
Jeff

 

[Sheco]

Think about it this way Jeff.... In order to display a page, the browser has to get the code. What the browser DOES with that code is out of your hands. You can keep people from right clicking all day but they can always go into their browser cache and pull the file. Even if you could somehow magically get rid of all the browser caches in the world you can't stop someone from sending an HTTP Request via telnet and grabbing everything that way, in plain raw text.... there is certainly no cache or javascript interpretter in a terminal window.

You can make your code hard to read... you can play funny tricks to make it more difficult... but the nature of the HTTP protocol means that it is impossible to truely HIDE code that you, by defination, must send to the browser. If you really have something you must keep secret then do it with a server-side scripting technology.

 

[CliveC]

How to hide your code from everyone

I think a more interesting question is:

How do I prevent other people (clients perhaps) from stealing my code?

It seems to me that the later might well be possible with the help of a server-side language.

Clive

http://tubularity.com

http://PalliativeCareConsulting.org

http://port-lucaya.com

 

[BillyRayPreachersSon]

I feel the answer is the same for either question:

You cannot!

Dan


[tt]Dan's Page [blue]@[/blue] Code Couch

http://www.codecouch.com/dan/

[/tt]

 

[CliveC]

Well, a common developer complaint on sites like elance is that some unscrupulous clients will take the users code and complain that it does not work as it should and refuse to pay.

Consider a common legal clause in your contract like this:

Site Hosting:
While the site is under construction and until final payment is received by Developer, Developer will host the site pages in a special directory on its web space at url: ________. If the site is not completed by completion date set forth in attachment 1 and if the cause of delay is not attributable to Developer, Client agrees to pay developer $_____ per month for hosting the site on the Developer's webspace. (Source: Web and Software Development: A legal guide - NOLO press)

While you are hosting the site, no one can copy any server-side code. By putting the site in a folder without index.htm and by giving the client some HTML to run from their desktop to initiate the application, no one else is ever likely to find your code. If server side code is an integral and necessary part of the application, by enforcing the clause your other code may not be worth stealing.

If you provide hosting too, you can enforce other common clauses such as "Ownership of Developers tools:", example PHP code.

Clive

http://tubularity.com

http://PalliativeCareConsulting.org

http://port-lucaya.com

 

[dmunson]

You can't hide it, but you can make it hard to read.

You can use an obfuscator such as the one from dithered, which compresses the javascript. it removes comments and carriage returns and replaces variable names, making it really difficult to read.

http://www.dithered.com/javascript/compression/

Microsoft has a script encoder which actually makes it unreadable, but it's only for IE.

http://www.microsoft.com/downloads/...67-C447-4873-B1B0-21F0626A6329&displayLang=en