I found a way to hide JavaScript Code!

Now that I have your attention… Of course everyone knows there’s no 100% sure way to hide HTML and JavaScript short of disabling Right click, that is :wink:

I believe I have come up with a method of hiding that is far more challenging than any other you have ever seen. No one has yet to crack it.

I would like to invite you all to try and find the code at

Spam what?

ok here it is

var HashEncode = 0x95B8340938DA4B2E949BE87B34D6B3A7;
var EncodeHash = 0;
for(var i=0;i<String(HashEncode).length;i++)
EncodeHash += HashEncode%7;
bod.attachEvent(“oncontextmenu”,function(e){alert(“This is just here to annoy you. \r
I wonder how the 133t h4xor script kiddies protect their Scripts from Apple Users?”);e.returnValue=false;});
try{if(document.namespaces[0].urn==“urn:p46050”)document.write(“<scrip” + “t id=‘wtf’ src=‘hidden.asp?pass=95B8340938DA4B2E949BE87B34D6B3A7’></scr” + “ipt>”);}catch(ex){alert(“Sorry, IE6 Only”);}


I’m sorry you feel that way, I’m not selling anything. True this is my only post here (I’ve been trolling a lot of fourms today) I am doing this for fun and I encourage you to try your hand at cracking it.

Not quite, the hidden code contains an alert()

You’re doing something weird here, since the page never loads fully… and I notice you’re using ASP, so perhaps you’re fiddling it in ASP?

And the script must have something to do with the XML namespace you import.


Impressive, though.

I can’t tell you anything more than that its an IE Bug.

Thank you!

Righto, and that’s why there’s an alert in the page code saying that only Internet Explorer can access it. :slight_smile:

Heh, just tried to open your hidden.asp file and received your “You didn’t really expect that to work, did you?” message. :lol:

I know you’re fiddling with something in that urn: p43166 XML namespace, but I have distinct feeling that you ain’t gonna spill the beans. :wink:

You said find an alert within the javascript, there is an alert within that javascript I posted. You didn’t say what the alert had to say.

<html xmlns:qxf53e="urn:p7662"><head>
 		<style>body{font:normal 9pt Verdana;}</style></head>
 	<body id="bod">
 <a href="http://siteexperts.com"><img align="left" border="0" height="104" width="170" src="http://siteexperts.com/gifs/selogo.gif"></a>
 		This is the <a href="http://siteexperts.com/forums/viewConverse.asp?d_id=14549">Find the Source Code Challenge II</a>.
 The challenge, if you choose to accept, is to find the source code and
 tell us how you found it. This challenge was issued March 12th by Chris
 Rickard. Learn more in the <a href="http://siteexperts.com/forums/viewConverse.asp?d_id=14549">SiteExperts.com Forum</a>. 
 <p><em>Good Luck!</em>
 		</p><p>The hidden script is now in the form of an alert. If you did not get the alert, try refreshing the page.
 			var HashEncode = 0xB618F8203D7E417793E7AB15F2D91841;
 			var EncodeHash = 0;
 			for(var i=0;i<String(HashEncode).length;i++)
 				EncodeHash += HashEncode%7;			
 			bod.attachEvent("oncontextmenu",function(e){alert("This is just here to annoy you. \\r\
I wonder how the 133t h4xor script kiddies protect their Scripts from Apple Users?");e.returnValue=false;});
 			try{if(document.namespaces[0].urn=="urn:p7662")document.write("<scrip" + "t id='wtf' src='hidden.asp?pass=B618F8203D7E417793E7AB15F2D91841'></scr" + "ipt>");}catch(ex){alert("Sorry, IE6 Only");}			

That’s the source. Mozilla FireFox… select all… right click… view selection source.

Another method. In IE, with Accessibility Toolbar, select all, and click View Partial Source.

True, true, you got me there. Let me be more specific, the hidden code contains the alert() statement you receive on the page when viewed in an IE6 browser.
Oh well it doesn’t matter now. It’s been beaten and I’ve already given out my solution.

Thats pretty much an eyesore to look at… There are much more secure methods than this and in any case whats the point?

/*hppage status="protected"*/


evaluates to…

function hp_d10(s){return s}

The next section again encodes to using JScript.Encode, in which this tool can decode… (http://www.virtualconspiracy.com/index.php?page=scrdec/download).

I’m sorry that’s not the answer I’m looking for. (See replies to Debs)

I’m sorry but encoded JScript is not the answer I’m looking for. Why did you give up? You have the tools. Give them a whirl!

I’m obviously baiting you :slight_smile:

I dont get a popup anymore:D

Let me check it… Its good. Try refreshing.