Windows Script EncoderScript Encoder는 사용하기 쉬운 명령줄 도구입니다. Script Encoder를 사용하면 스크립트 디자이너가 자신의 최종 스크립트를 인코딩할 수 있어서 웹 호스트나 웹 클라이언트가 원본을 보거나 수정할 수 없게 됩니다. 그러나 이렇게 인코딩하면 사용자의 코드를 쉽게 볼 수만 없을 뿐, 전문 해커들이 사용자가 어떻게 스크립트를 작성했는지 보는 것을 막지는 못합니다.
|
Windows Script Decoder
Introduction
The Windows Script Encoder (screnc.exe) is a Microsoft tool which can be used to encode your scripts (i.e. JScript, ASP pages, VBScript). Yes: encode, not encrypt. The use of this tool is to be able to prevent people from looking at, or modifying, your scripts. Microsoft recommends using the Script Encoder to obfuscate your ASP pages, so in case your server is compromised the hacker would be unable to find out how your ASP applications work.
The Windows Script Decoder is a tool that I wrote which can be used to decode all scripts that have been encoded with the Windows Script Encoder.
Please note that this program was originally written to demonstrate the ease of a cryptoanalysis attack against a tool like the Windows Script Encoder. Nowadays, script encoding is used often to hide malicious scripting commands and the script decoder can be very useful to uncover the original code. Do not use this tool to violate copyright. That's not what it is meant for.
Windows Script Decoder :
http://www.virtualconspiracy.com/scrdec.html
(한글이 섞였을 경우는 끝에 949 추가)
Soya.Encode.ScriptDecoder :
http://www.saltstorm.net/lib-soya/examples/Encode.ScriptDecoder.html
Obfuscated-HTML De-obfuscation Tools :
http://www.swishweb.com/dec.htm
Script Decoder is a simple Win32 command line executable that is used as follows:
scrdec18 <infile> <outfile> [-cp codepage] [-urldec|-htmldec] [-verbose] [-dumb]There's no fancy stuff like wildcard support or overwriting the input file with the output file. If you really want to do that, just use the DOS for command:
md decoded for %a in (*.asp) do scrdec18 %a decoded\%a del *.asp move decoded\*.asp . rd decodedNote that the FOR command does not support long file names on Windows 95/98/Me.
Alternatively, you can use this little VBScript that Gene Naftulyev sent me (thanks dude!), or the further improved version by Ninio Erez.
After running the decoder, you'll see that all garbled blocks of script, like
<%#@~^swIAAA==@#@&@!Z OJz@#@&zJ/WaX.kTtO�~8,,R~HbmDKdG0DP;W.wG.mYrW PzVs~"ko4OkP]+knM\n9R@#@&0!x1OkKx~DrWHZWM.+1YAMGADv#`@#@&~,kW`%>will have been decoded into their original form. Please note that you will still have to manually strip the '.Encode' out of the 'JScript.Encode' and 'VBScript.Encode' in the <script language=".."> tags!
The script decoder recognizes all encoded blocks that start with the sequence #@~^, so it will correctly decode 'plain files' that only contain script, ASP style blocks <%script%>, and <script language="...">script<script> blocks.
Starting with version 1.2, the script decoder has the ability to use different code pages so it can decode scripts that contain Asian characters. If you want to decode such scripts, just supply the code page identifier as the third parameter.
Id | Code Page |
932 | Japanese |
936 | Chinese (Simplified) |
950 | Chinese (Traditional) |
949 | Korean (Wansung) |
1361 | Korean (Johab) |
The -urldec switch allows you to do on-the-fly unescaping of scripts that have been URLEncoded. Such scripts contain characters that have been replaced by a percent sign and a hexadecimal number, for instance %76%61%72%20%72%69. They are usually unescaped by the JScript using the unescape() function. Supplying the -urldec switch to scrdec will save you this effort.
The -htmldec switch pretty much works the same way, only for & style encoding.
There are two more switches. To get a better insight in the workings of the decoder, try -verbose. If you see the decoder skips an encoded block, this might be the result of the HTMLGuardian defeat mechanism. The decoder tries to be smart and recognize blocks that HTMLGuardian inserted in order to deceive it. Sometimes this results in scrdec skipping a genuine encoded block. To disable the defeat mechanism, pass the -dumb switch.
'Infrastructure' 카테고리의 다른 글
adaptec (0) | 2009.12.17 |
---|---|
윈2003의 미디어 서비스를 (0) | 2009.12.11 |
MySQL DB 사용자 추가 (0) | 2009.12.10 |
아파치 데몬실행파일 : httpd (0) | 2009.12.09 |
nice (스케줄링에 의한 프로세스 우선순위 변경) (0) | 2009.12.09 |