1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

announcement : free : *true* javascript obfuscation code in PHP - the end of var name leakage.

Discussion in 'JavaScript' started by seductiveapps.com, May 19, 2015.

  1. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #21
    OOPS! The current distribution of 2015 July 3rd, 01:57 CEST, contains a significant error in webappObfuscator/webappObfuscator__demoSite/index.php :
    This :

    if (
    array_key_exists('wo_pw', $_GET)
    && $_GET['wo_pw'] = $dfo_wo_pw
    ) {

    SHOULD BE CHANGED TO :
    if (
    array_key_exists('wo_pw', $_GET)
    && $_GET['wo_pw'] === $dfo_wo_pw
    ) {

    Now updating the source distribution files.
     
    seductiveapps.com, Jul 4, 2015 IP
  2. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #22
    Had to start on a rewrite of the javascript token detection, the old phpJSO routines didn't work for my seductiveapps.com sources.
    Don't know how long it'll take for a next release.
     
    seductiveapps.com, Jul 4, 2015 IP
  3. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,998
    Best Answers:
    253
    Trophy Points:
    515
    #23
    There are a lot of times the ability to perform an assignment and act on the result with just "=" is very handy and I want to praise the guys who came up with it...

    ...then there are the times where coming from other programming languages where "=" is contextual, where the difference between "=", "==" and "===" makes me want to bitch-slap whoever thought that was a good idea to put into a programming language.

    I have the feeling you just encountered the latter of those situations.

    I switch between programming languages so often these days I'm hitting up against little syntax quirks like that all the time -- gets worse when you're working in the same language but a different COMPILER, and things like that bite you... See this wonderful openGL on SDL baseline code I'm playing with that compiles just fine in FPC on Linsux and Winblows, but for the life of me I can't get to compile in FPC or xCode OSuX... I just can't get it to see SDL... and here I thought Linux was going to be the hard part -- clean compile and run on my first try!

    That token detection rewrite is likely what I meant by having to dig into working on your own lexical parser, which is when PHP starts to suck. Could be worse though -- could be something I just put together; base64 and UTF-8 decoding in 8086/8088 assembly... much less translation mapping from UTF-8 to IBM extended ASCII where possible

    One of your comments in the changelog is pretty funny, where you prefer JS over PHP on pointer behaviors; I'm like "Wait, JS and PHP have pointer behaviors?!?"

    Since coming from a ASM / C / Pascal background, well, so far as I've seen neither language really does; at least not in a useful sense.
     
    Last edited: Jul 4, 2015
    deathshadow, Jul 4, 2015 IP
  4. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #24
    2015 July 5, 03:19 CEST :<br/>
    Had to start on a rewrite of the javascript token detection, the old phpJSO routines didn't work for my seductiveapps.com sources.<br/>
    These new routines now work produce tokens, and i'm testing them on my seductiveapps.com sources to debug them.<br/>
    ETA for next release of webappObfuscator will probably be less than 3 days.
     
    seductiveapps.com, Jul 4, 2015 IP
  5. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #25
    2015 July 7th, 02:04 CEST :
    The new javascript token finder routines now work, and my own seductiveapps.com sources "compile" correctly in the browser.
    Have made a new *intermediate* github release (see link below).
    Will continue updating the servercode for my seductiveapps.com (lotsa things changed in there as well), so I can do run-time testing in the browser tomorrow.

    https://github.com/seductiveapps/webappObfuscator

    http://seductiveapps.com/webappObfuscator
     
    seductiveapps.com, Jul 6, 2015 IP
  6. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,998
    Best Answers:
    253
    Trophy Points:
    515
    #26
    Just a reminder (I mentioned it before, but may have gotten lost in the shuffle) nobody but you is getting the "complete" version of your page, since half your URI's are still pointing at localhost:

    <link type="text/css" rel="StyleSheet" media="screen" href="http://new.localhost/apps/tools/appContent/webappObfuscator.content.css">
    Code (markup):
    <div id="wo__background" style="position:absolute;z-index:99;width:100%;height:100%;">
    	<img src="http://media.localhost/siteMedia/backgrounds/landscape/active/Paradise-Beach-Summer-01-Wallpaper.jpg" style="width:100%;height:100%;"/>
    </div>
    Code (markup):
    (don't even get me STARTED about what's wrong with that one -- like NONE of it even belonging in the markup)

    <script type="text/javascript" src="http://lib.localhost/jQuery.jPlayer-2.9.1/dist/jplayer/jquery.jplayer.js"></script> 
    Code (markup):
    Do we SEE a problem here? I'm actually wondering if this is why you're under the delusion your pages are fast -- since if it's doing that elsewhere on your sites timeout errors take a LONG time.

    Pretty much nobody but YOU is getting those three files.
     
    deathshadow, Jul 6, 2015 IP
  7. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #27
    Thx for the bugreport.. Will fix that soon-ish.
     
    seductiveapps.com, Jul 6, 2015 IP
  8. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #28
    ETA for next release : up to a week from now.. 2 or 3 days at least. Need to implement and debug dynamic/on-the-fly obfuscation for my own seductiveapps.com sources before I can even get to runtime debugging for the obfuscator output..
    ETA for final 1.0.0 release : probably no more than a month, maybe as soon as 3 or 2 weeks, but I'm making no promises except that I'll do my best to produce a working 1.0.0 as my only dev priority..
    Chances to get a working 1.0.0 done : better than 90%
     
    seductiveapps.com, Jul 8, 2015 IP
  9. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #29
    New release now available at https://github.com/seductiveapps/webappObfuscator

    note : the demo site at http://seductiveapps.com/webappObfuscator IS NOT YET UPDATED

    2015-07-09 03:07 CEST:

    Status of project : INTERMEDIATE RELEASE, "Release Candidate 1"-quality. Itsa beta.

    - Now produces much better output, and produces it much faster than before (2015-07-03 release)..
    - the obfuscated javascripts for my seductiveapps.com actually compile in the browser (meaning they'll run)

    - obfuscation can take input from css, html, javascript and json now
    - the individual sourcefiles that get encrypted are actually properly obfuscated now.
    - now does auto-concatenation (and outputs to a single file of course) --- by concatenating obfuscated individual sourcefiles.
    - etc etc etc.. work 12 to 16 or 18 hours a day 7 days a week, and you get a ton of things done..

    TODO : (after a nap obviously)
    - plug in the dynamic/on-the-fly obfuscation into my seductiveapps.com (from token/identifier translation lists prepared by webappObfuscator)
    to make my own seductiveapps.com sources run obfuscated and be able to do final browser runtime debugging...

    ETA for version 1.0.0 that'll run my seductiveapps.com :
    maybe as soon as within a day.. maybe 2 or 3 days..

    !!! LIMITATIONS !!!
    - any /* */ comment sequence in javascripts MUST have the */ followed by a space or "\r\n" combination, or obfuscation won't produce working code.

    For the to-do list, see http://seductiveapps.com/webappObfuscator



    TERMINOLOGY

    source code encryption === obfuscation

    INSTALLATION INSTRUCTIONS

    on Linux, you have to give write access to apache+php to some folders..
    open up a "terminal" application,
    change directory to the webappObfuscator distribution root,
    and enter :

    chmod 777 webappObfuscator__cache
    chmod 777 webappObfuscator__output



    URLs available :

    YOUR_INSTALLATION_FOLDER/demo_obfuscate.php?n=y
    // obfuscates the sources of the following URL :

    YOUR_INSTALLATION_FOLDER//webappObfuscator__demoSite/
    // the demo site used to demonstrate obfuscation.
     
    seductiveapps.com, Jul 8, 2015 IP
  10. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #30
    One more update pushed to github.com... the new ajax_demo_obfuscate.php - which makes the thing actually run for ya..
    Off 2 bed now..
     
    seductiveapps.com, Jul 8, 2015 IP
  11. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #31
    2015 July 9th, 10:22 CEST: updated https://github.com/seductiveapps/webappObfuscator

    Added webappObfuscator::readTokens() and improved error handling routines.. See
    webappObfuscator/webappObfuscator-1.0.0/1.0.0/functions.php:::jsonEncode() and jsonDecode()
    webappObfuscator/webappObfuscator-1.0.0/functions__basicErrorHandling.php
    webappObfuscator/webappObfuscator-1.0.0/functions__internalErrorHandling.php
    You're recommended to start using jsonEncode() instead of PHP's internal json_encode() because json_encode() doesn't do error handling and jsonEncode() does. Same for jsonDecode() vs json_decode().

    TODO : build up that dynamic/on-the-fly obfuscation interface, then implement that for my own development copy of my seductiveapps.com, then test debug the obfuscated javascripts during runtime in the browser.
    ETA for the above : probably 1 or 2 days.
     
    seductiveapps.com, Jul 9, 2015 IP
  12. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #32
    the debugging-enhancements thing that i kinda rolled into webappObfuscator is now a side-project (shelved for now due to my time being needed on other coding tasks first).. i am however requesting feedback to the ideas i've developed for much-enhanced debugging for computer programs (client-server or run on a single computing device) at https://forums.digitalpoint.com/thr...and-debug-time-for-computer-programs.2758932/

    i'll now be continuing with the on-the-fly obfuscation of my own http://seductiveapps.com, which will enable me to test the runtime behavior of my own (large, diverse) http://seductiveapps.com obfuscated sources in the browser and produce a final working 1.0.0 for webappObfuscator, hopefully within a few days..
     
    seductiveapps.com, Jul 9, 2015 IP
  13. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #33
    update-during-dev : ehh sorry for breaking the entire thing with the update of this morning to github... in my defense, i've averaged about 4 to 6 hours of sleep per 24 hours for the past month (or 2)...

    but the good news is : i'm getting on-the-fly output now... looks like that on-the-fly encryption is gonna get finished within a few hours even... have good hopes that it'll actually run my site obfuscated like a site is supposed to run within a few hours too..
     
    seductiveapps.com, Jul 9, 2015 IP
  14. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #34
    hit a snag.. conflict between the on-the-fly features and the pre-obfuscate "normal" features..
    need some sleep before i can debug this one..

    @deathshadow, i'll read and get back to your arguments about bandwidth etc later ok..
     
    Last edited by a moderator: Jul 10, 2015
    seductiveapps.com, Jul 9, 2015 IP
  15. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #35
    released at https://github.com/seductiveapps/webappObfuscator :
    20150710 1203CEST - better (produces all output required to run a website with, and those sources 'compile' in the browser meaning browser tries to run the obfuscated output), but this version still replaces tokens that are in the ignorelist/whitelist so no proper runtime behavior yet when tested against my seductiveapps.com sources - need a nap"
    [master 6dc0492] 20150710 1203CEST - better (produces all output required to run a website with, and those sources 'compile' in the browser meaning browser tries to run the obfuscated output), but this version still replaces tokens that are in the ignorelist/whitelist so no proper runtime behavior yet when tested against my seductiveapps.com sources - need a nap
     
    seductiveapps.com, Jul 10, 2015 IP
  16. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #36
    new *intermediate* release at https://github.com/seductiveapps/webappObfuscator
    2015 july 10th, 05:45 CEST (UTC/GMT+2)
    produces a lot better output, but due to the need to obfuscate inside strings that were left untouched in the previous version, it may now take over an hour to produce any output for around 1 megabyte of javascript..
    gonna take some time to eat, sleep, etc, now.. will probably not continue debugging for at least 10 to 12 hours..
     
    seductiveapps.com, Jul 10, 2015 IP
  17. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #37
    2015 july 10th, 06:08 CEST (UTC/GMT+2)
    new release to https://github.com/seductiveapps/webappObfuscator.

    previous run took about 15 to 20 minutes on a core-i3 (with 300 megabyte memory allowed for the script), but this version triples the regular expression operations for strings temporarily taken out of javascript, because html IDs and classes need to get reg-ex-ed seperately.
     
    seductiveapps.com, Jul 10, 2015 IP
  18. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #38
    built another update today, quite a bit more efficient, but i can't get it to produce proper output yet.. i do want it this efficient, have spent plenty of time behind the keyboard recently, and wanna enjoy the summer now that weather over here is really nice..

    don't know when i'll release the next update.
     
    seductiveapps.com, Jul 11, 2015 IP
  19. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #39
    i've posted what i got so far at https://github.com/seductiveapps/webappObfuscator

    i'm probably going to go on a camping trip pretty soon folks.. spent nearly 2 months "exclusively" behind the desk, and eh, i've gotten fat (again!) lol... plus, summer's only 3 months over here u know... best spent outdoors, *without* a laptop or wifi, but with a fishing rod :)
     
    seductiveapps.com, Jul 11, 2015 IP
  20. seductiveapps.com

    seductiveapps.com Active Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #40
    eh folks.. i just realized something..

    this webappObfuscator that i've built, is what i call "dangerous software".. in that it's language-independent enough for dangerous blackhat software builders to make virusses and cyberwarfare software much harder to get analyzed (and thus countered) by humans at viruscompanies and government anti-cyberwarfare groups..

    so.. i've taken all the copies offline.. it's no longer on github folks. nor available on my seductiveapps.com..
    i'm asking you to delete ALL your own copies that you've made as well.

    i've sent digitalpoint.com a "report this thread" message listing the same reasons and have asked digitalpoint.com moderators to please delete this entire thread.
    i *will* use the DMCA law to get this thread (containing primarily content created and thus owned by me) deleted should they not honor my reasonable request to delete this entire thread, within say, a week from posting this final message in this thread.
     
    seductiveapps.com, Jul 12, 2015 IP