Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Fixing Dean Edwards Famous PHP Javascript Packer |
|
| Author |
|
C0nw0nk
Joined: 07 Oct 2013
Posts: 241
Location: United Kingdom, London
|
 Posted: Thu 08 Jun '17 19:16 Post subject: Fixing Dean Edwards Famous PHP Javascript Packer |
 |
|
PHP Class Source Code : https://github.com/C0nw0nk/php-packer/blob/master/src/Packer.php
Code to use above Class and reproduce the error :
(example.php)
| Code: |
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<h2>JavaScript Variables</h2>
<p>In this example, x, y, and z are variables</p>
<!-- This should be modified by javascript and output should be 11 -->
<p id="demo"></p>
<script>
<?php
$script = "var x=5;var y=6;var z=x + y;document.getElementById('demo').innerHTML=z;";
echo "/* code before packing output inside the HTML demo id should be 11 \n" . $script . "\n*/\n\n";
$encoding = (int)95; //High ASCII
$fast_decode = true;
$special_char = true;
$remove_semicolon = false; //default is true
$packer = new Packer($script, $encoding, $fast_decode, $special_char, $remove_semicolon);
$packed = $packer->pack();
echo $packed;
?>
</script>
</body>
</html>
|
The Javascript output should run fine and cause the HTML page to display the number "11".
But instead you get Javascript syntax errors in browser console.
The HIGH ASCII setting is the only setting that does this all others appear to be working fine.[/u] |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
C0nw0nk
Joined: 07 Oct 2013
Posts: 241
Location: United Kingdom, London
|
| Posted: Fri 09 Jun '17 17:23 Post subject: |
|
|
Ooo that's very nice and cool James the major difference is Dean Edwards is for obfuscation and creates an output that is to prevent problems like content scrappers etc.
The JavaScript output from Packer will always be obfuscated.
| Code: | | eval(function(p,a,c,k,e,d) |
All the other settings work on it just not the High ASCII setting but it is hard to know why and to debug to find the root cause to fix it to prevent the High ASCII setting causing JavaScript syntax errors in the browser.
With the class I provided I can always run it in Normal mode like so.
| Code: |
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<h2>JavaScript Variables</h2>
<p>In this example, x, y, and z are variables</p>
<!-- This should be modified by javascript and output should be 11 -->
<p id="demo"></p>
<script>
<?php
$script = "var x=5;var y=6;var z=x + y;document.getElementById('demo').innerHTML=z;";
echo "/* code before packing output inside the HTML demo id should be 11 \n" . $script . "\n*/\n\n";
$encoding = (int)62; //Normal
$fast_decode = true;
$special_char = true;
$remove_semicolon = false; //default is true
$packer = new Packer($script, $encoding, $fast_decode, $special_char, $remove_semicolon);
$packed = $packer->pack();
echo $packed;
?>
</script>
</body>
</html>
|
And the output from the above code will execute in the browser just fine.
Another cool feature that I liked and worked great while it is not to be used as security but just to prevent content scrappers / bots / leechers obtaining page contents from the plain text of the page. Is to encrypt the JavaScript output with a secured Key.
| Code: |
<?php
$script = "var x=5;var y=6;var z=x + y;document.getElementById('demo').innerHTML=z;";
echo "/* code before packing output inside the HTML demo id should be 11 \n" . $script . "\n*/\n\n";
$encoding = (int)95; //62 Normal //95 High ASCII
$fast_decode = true;
$special_char = true;
$remove_semicolon = true; //default is true
/* Encrypt javascript with a Key to only be unpacked by this key too */
$key = "theSecretKey11";
$packer = new Packer($script, $encoding, $fast_decode, $special_char, $remove_semicolon, $key);
$packed = $packer->pack();
echo "var UNPACK_KEY = '" . $key . "';" . $packed;
?>
|
The above output will require JavaScript to be unpacked with a Key before it can be executed.
You can pack things multiple times over hiding it behind multiple packed levels and as with the UNPACK_KEY you can run that through the packer hiding that too.
It is very nifty and preventing automated bots and python scripts etc stealing content and following links they are not suppose to follow wasting bandwidth on your site. It's one major downfall seems to be the High ASCII bug. ( https://github.com/C0nw0nk/php-packer/blob/master/src/Packer.php#L64 )
This is what the Javascript should look like when Packed with High ASCII encoding.
| Code: |
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(c/a))+String.fromCharCode(c%a+161)};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\[\xa1-\xff]+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp(e(c),'g'),k[c])}}return p}('¡ x=5;¡ y=6;¡ z=x+y;¢.£("¤").¥=z;',5,5,'var|document|getElementById|demo|innerHTML'.split('|'),0,{}))
|
What the output I get is.
| Code: | eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(c/a))+String.fromCharCode(c%a+161)};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\[\xa1-\xff]+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp(e(c),'g'),k[c])}}return p}('� x=5;� y=6;� z=x+y;�.�(\'�\').�=z;',5,5,'var|document|getElementById|demo|innerHTML'.split('|'),0,{}))
|
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 12 Jun '17 11:50 Post subject: |
|
|
| The � is an encoding problem. Did you try to use utf8_encode and or utf8_decode before the output? |
|
| Back to top |
|
C0nw0nk
Joined: 07 Oct 2013
Posts: 241
Location: United Kingdom, London
|
| Posted: Mon 12 Jun '17 23:39 Post subject: |
|
|
| James Blond wrote: | | The � is an encoding problem. Did you try to use utf8_encode and or utf8_decode before the output? |
Thanks James I changed my example code here.
| Code: |
$packed = utf8_encode($packer->pack());
|
Works flawlessly so it was not any problem with the packer just me missing out that critical function. <3  |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 13 Jun '17 15:06 Post subject: |
|
|
| That shows that one of your files is not saved as UTF-8 and or your apache does not send UTF-8 response header. |
|
| Back to top |
|
C0nw0nk
Joined: 07 Oct 2013
Posts: 241
Location: United Kingdom, London
|
| Posted: Tue 13 Jun '17 21:19 Post subject: |
|
|
Oh the header for UTF-8 was present and so was the Meta tag in the HTML document for UTF8.
It was the packer itself outputting these characters in Highascii setting.
https://github.com/C0nw0nk/php-packer/blob/master/src/Packer.php#L452
The PHP script outputs those characters but using the function you provided it now encodes them to make them UTF8 compatible it seems.
I don't know if they intentionally did not use the utf8_encode function for a reason but it does the trick. |
|
| Back to top |
|
|
|
|
|
|
