ProtWare "HTML Guardian" has pathetic "encryption"

2003-03-22T00:00:00
ID SECURITYVULNS:DOC:4265
Type securityvulns
Reporter Securityvulns
Modified 2003-03-22T00:00:00

Description

For $40 or $70, ProtWare's "HTML Guardian" (http://www.protware.com) claims to "encrypt html code and javascripts, [making] it impossible to reuse them." Unfortunately, "HTML Guardian" does not do anything more than to obfuscate the HTML source code. There is no encryption. In fact, the JavaScript that "encrypts" that data is included in the HTML code at the end (just translate the HTML hex to HTML ascii).

Basically how it works is this:

original = abcdefgh encrypted = acegbdfh

They simply take every other letter, smash them together, then append the leftovers all into one string. $70 encryption, woohoo!!

Attached is a Perl script that re-assembles their "encrypted" code. The script takes a file as input, and in that file is a modified version of the HTML source code. In this file, just have the big JavaScript variable included from the HTML source code (minus the single quote characters). An example of this "encrypted" HTML can be retrieved from ProtWare's demo page at http://www.protware.com/e_demo.htm.