JScript.Encode is a method created by Microsoft used to encode both server and Client-side JavaScript or VB Script source code in order to protect the source code from copying.[1] JavaScript code is used for creating dynamic web content on many websites, with the source code easily viewable, so this was meant to protect the code.

The encoding is a simple polyalphabetic substitution using three alphabets.[2]

How to use

edit

You can use a command line script encoder to encode your scripts.[1][3] To encode a HTML web-page file called default.htm, use the following command:

screnc.exe default.htm defaultenc.htm

It would output to a file called defaultenc.htm.

Weaknesses

edit

It has been reverse engineered[2] and many websites provide an on-the-fly decoder.[4]

References

edit
  1. ^ a b Clinick, Andrew (Aug 1999). "Script Encoding with the Microsoft Script Engine Version 5.0". Script Engine. Microsoft. Archived from the original on 2002-12-14.
  2. ^ a b "Breaking the Windows Script Decoder". Virtual Conspiracy. Archived from the original on 2013-12-08. Security by obscurity is a bad, bad idea. Instead of encouraging that approach, Microsoft should educate programmers to find other ways to store their passwords and sensitive data, and tell them that an algorithm or any other piece of code that needs to be 'hidden', is just bad design
  3. ^ Clinick, Andrew (Aug 1999). "Clinick0899.exe". Microsoft. Archived from the original (program) on 2002-12-14. The command-line script encoder (screnc.exe) provides a simple mechanism for encoding HTML, ASP, SCT, VBScript, and JScript files. The Microsoft Script group developed it as an easy-to-use command-line tool that can be easily built into your existing deployment batch files
  4. ^ Lee, Grey (Feb 15, 2012). "Windows Script Decoder". GitHub. Decoding JScript.Encoded
edit