i was checking if it is possible to actually encrypt html code or not. I found a place where they encrypt the HTML code in Javascript. I wonder how does it work or in what format can anyone please tell me ??

Actual code

<!DOCTYPE html>
<html>
<body>

<p>This is going to be encrypted.</p>
</body>
</html>

The encrypted HTML CODE

  <html>
<head>
</head>
<body>

<script type="text/javascript">
<!-- 
eval(unescape('%66%75%6e%63%74%69%6f%6e%20%69%31%64%62%33%31%39%65%38%61%66%28%73%29%20%7b%0a%09%76%61%72%20%72%20%3d%20%22%22%3b%0a%09%76%61%72%20%74%6d%70%20%3d%20%73%2e%73%70%6c%69%74%28%22%37%36%39%35%39%36%38%22%29%3b%0a%09%73%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%30%5d%29%3b%0a%09%6b%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%31%5d%20%2b%20%22%38%31%33%35%32%39%22%29%3b%0a%09%66%6f%72%28%20%76%61%72%20%69%20%3d%20%30%3b%20%69%20%3c%20%73%2e%6c%65%6e%67%74%68%3b%20%69%2b%2b%29%20%7b%0a%09%09%72%20%2b%3d%20%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%28%70%61%72%73%65%49%6e%74%28%6b%2e%63%68%61%72%41%74%28%69%25%6b%2e%6c%65%6e%67%74%68%29%29%5e%73%2e%63%68%61%72%43%6f%64%65%41%74%28%69%29%29%2b%2d%33%29%3b%0a%09%7d%0a%09%72%65%74%75%72%6e%20%72%3b%0a%7d%0a'));
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%69%31%64%62%33%31%39%65%38%61%66%28%27') + '%3b%21%46%51%44%56%59%5b%49%20%6e%75%79%6b%44%11%0e%3d%6a%72%78%6e%42%15%0f%36%61%77%66%7f%43%11%08%18%0c%3c%76%43%5e%6f%69%77%20%6e%77%26%62%73%6f%74%68%2a%73%77%22%66%6a%22%6d%79%67%76%79%71%7e%6c%62%30%3c%30%72%44%18%0c%3c%37%67%7b%63%79%40%13%0f%3e%37%63%76%73%6a%437695968%34%35%31%33%32%31%35' + unescape('%27%29%29%3b'));
// -->
</script>
<noscript><i>Javascript required</i></noscript>

</html>

You can try running in their file. It works with out any effort.So can anyone tell how did it encrypted. Or kind of encryption it is?

i was checking if it is possible to actually encrypt html code or not. I found a place where they encrypt the HTML code in Javascript. I wonder how does it work or in what format can anyone please tell me ??

Actual code

<!DOCTYPE html>
<html>
<body>

<p>This is going to be encrypted.</p>
</body>
</html>

The encrypted HTML CODE

  <html>
<head>
</head>
<body>

<script type="text/javascript">
<!-- 
eval(unescape('%66%75%6e%63%74%69%6f%6e%20%69%31%64%62%33%31%39%65%38%61%66%28%73%29%20%7b%0a%09%76%61%72%20%72%20%3d%20%22%22%3b%0a%09%76%61%72%20%74%6d%70%20%3d%20%73%2e%73%70%6c%69%74%28%22%37%36%39%35%39%36%38%22%29%3b%0a%09%73%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%30%5d%29%3b%0a%09%6b%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%31%5d%20%2b%20%22%38%31%33%35%32%39%22%29%3b%0a%09%66%6f%72%28%20%76%61%72%20%69%20%3d%20%30%3b%20%69%20%3c%20%73%2e%6c%65%6e%67%74%68%3b%20%69%2b%2b%29%20%7b%0a%09%09%72%20%2b%3d%20%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%28%70%61%72%73%65%49%6e%74%28%6b%2e%63%68%61%72%41%74%28%69%25%6b%2e%6c%65%6e%67%74%68%29%29%5e%73%2e%63%68%61%72%43%6f%64%65%41%74%28%69%29%29%2b%2d%33%29%3b%0a%09%7d%0a%09%72%65%74%75%72%6e%20%72%3b%0a%7d%0a'));
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%69%31%64%62%33%31%39%65%38%61%66%28%27') + '%3b%21%46%51%44%56%59%5b%49%20%6e%75%79%6b%44%11%0e%3d%6a%72%78%6e%42%15%0f%36%61%77%66%7f%43%11%08%18%0c%3c%76%43%5e%6f%69%77%20%6e%77%26%62%73%6f%74%68%2a%73%77%22%66%6a%22%6d%79%67%76%79%71%7e%6c%62%30%3c%30%72%44%18%0c%3c%37%67%7b%63%79%40%13%0f%3e%37%63%76%73%6a%437695968%34%35%31%33%32%31%35' + unescape('%27%29%29%3b'));
// -->
</script>
<noscript><i>Javascript required</i></noscript>

</html>

You can try running in their file. It works with out any effort.So can anyone tell how did it encrypted. Or kind of encryption it is?

• javascript
• jquery
• html
• encryption
• cryptography

• That looks like it's just hex encoding the characters. Ref: developer.mozilla/en-US/docs/Web/JavaScript/Reference/… – Taplar Commented Dec 21, 2017 at 19:21
• 1 Note that that is encoded not encrypted. Encoding isn't hard to get around – Rory McCrossan Commented Dec 21, 2017 at 19:27
• Out of curiosity, can you elaborate on why you feel the need to encode your html from your client? – Taplar Commented Dec 21, 2017 at 19:27
• 1 Time to take a break and learn what encryption and encoding are and the difference between them. – zaph Commented Dec 21, 2017 at 19:52

4 Answers 4

This is known as URL-encoding or percent-encoding. It's easily reversible with JavaScript's unescape() method, as is seen here.

The first line decrypts to:

function i1db319e8af(s) {
    var r = "";
    var tmp = s.split("7695968");
    s = unescape(tmp[0]);
    k = unescape(tmp[1] + "813529");
    for( var i = 0; i < s.length; i++) {
        r += String.fromCharCode((parseInt(k.charAt(i%k.length))^s.charCodeAt(i))+-3);
    }
    return r;
}

The second line is split into three parts:

document.write(i1db319e8af('

;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215

'));

Combined as:

document.write(i1db319e8af(';!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215'));

This passes the string;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215 into the i1db319e8af function as a function parameter, and then writes the result to the page.

The i1db319e8af function then takes this string, and splits it into two parts on 7695968. You then have a variable called tmp which contains two parts:

;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC
4513215

k (4513215) has the string 813529 added to it, which gets appended, causing the variable to be 4513215813529.

The function then loops over the length of ;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC, and returns what appears to be characters based on the position in characters in this string.

Note that this may return 12 characters or possibly more, given that it stops at the character for me, thinking it is invalid (a character that's not UTF-8).

Unfortunately I don't currently have access to a sandbox, so I can't step into this further. Hopefully this will give you the info you're looking for though :)

Unescape operates upon hex character codes.

https://developer.mozilla/en-US/docs/Web/JavaScript/Reference/Global_Objects/unescape

var myAwesomeHTMLString = "<p>Weeeee</p>";
var hexEncoded = '';

for (var i = 0; i < myAwesomeHTMLString.length; i++) {
  hexEncoded += '%'+ myAwesomeHTMLString.charCodeAt(i).toString(16);
}

console.log("'encoded': "+ hexEncoded);
console.log("'unencoded': "+ unescape(hexEncoded));

This would be very weak encryption as all that is required to decrypt is readily available in the browser, namely the unescape method.

script type='application/ld+json' class='yoast-schema-graph yoast-schema-graph--main'>{"@context":"https://schema","@graph":[{"@type":"WebSite","@id":"https://avormin.in/#website","url":"https://avormin.in/","name":"\u0909\u0924\u094d\u092a\u093e\u0926 \u0938\u092e\u0940\u0915\u094d\u0937\u093e","potentialAction":{"@type":"SearchAction","target":"https://avormin.in/?s={search_term_string}","query-input":"required name=search_term_string"}},{"@type":"ImageObject","@id":"https://avormin.in/arthrazex#primaryimage","url":"https://avormin.in/wp-content/uploads/2020/01/1-3.jpg","width":700,"height":300},{"@type":"WebPage","@id":"https://avormin.in/arthrazex#webpage","url":"https://avormin.in/arthrazex","inLanguage":"en-US","name":"Arthrazex \u091c\u094b\u0921\u093c\u094b\u0902 \u0915\u0947 \u0932\u093f\u090f: \u0938\u0942\u091c\u0928 \u0914\u0930 \u091c\u0932\u0928 \u0926\u0942\u0930 \u0915\u0930\u0924\u0940 \u0939\u0948. \u0938\u092e\u0940\u0915\u094d\u0937\u093e, \u092e\u0942\u0932\u094d\u092f, \u092f\u0939 \u0915\u0948\u0938\u0947 \u0915\u093e\u092e \u0915\u0930\u0924\u093e \u0939\u0948, \u0930\u091a\u0928\u093e, \u0915\u0939\u093e\u0902 \u0938\u0947 \u0916\u0930\u0940\u0926\u0947\u0902.","isPartOf":{"@id":"https://avormin.in/#website"},"primaryImageOfPage":{"@id":"https://avormin.in/arthrazex#primaryimage"},"datePublished":"2020-01-31T21:00:27+03:00","dateModified":"2020-01-31T21:00:27+03:00","author":{"@id":"https://avormin.in/#/schema/person/99c8a23bb122b30eb43f5f425a89e0af"},"description":"Arthrazex \u091c\u094b\u0921\u093c\u094b\u0902 \u0915\u0947 \u0932\u093f\u090f: \u0938\u0942\u091c\u0928 \u0914\u0930 \u091c\u0932\u0928 \u0926\u0942\u0930 \u0915\u0930\u0924\u0940 \u0939\u0948. \u0938\u092e\u0940\u0915\u094d\u0937\u093e, \u092e\u0942\u0932\u094d\u092f, \u092f\u0939 \u0915\u0948\u0938\u0947 \u0915\u093e\u092e \u0915\u0930\u0924\u093e \u0939\u0948, \u0930\u091a\u0928\u093e, \u0915\u0939\u093e\u0902 \u0938\u0947 \u0916\u0930\u0940\u0926\u0947\u0902."},{"@type":["Person"],"@id":"https://avormin.in/#/schema/person/99c8a23bb122b30eb43f5f425a89e0af","name":"author2","image":{"@type":"ImageObject","@id":"https://avormin.in/#authorlogo","url":"https://secure.gravatar./avatar/2696bbcbc2e8deeea6af0e36de8e159d?s=96&d=mm&r=g","caption":"author2"},"sameAs":[]}]}</script>