My Favorite Gadgets

Truth about HTML Guardian

Step-by-step instruction how easy hack pages protected by HTML Guardian.

Trust no one
The Conspiracy is Out There
Warning!!! This page contains codes of crypted HTML and maybe false positive alert some antiviruses!


Once surfing the Internet I came across one interesting page. Text was not singled out. The browser didn't also react to the clicks of the right mouse button. Nothing really happened. At the beginning of the text on a green background there were proud words "The source code of this page is protected by HTML Guardian".

I didn't understand the staff and tried to see page source. Oops! File empty. But it was empty at the first sight. The text was displaced on a few screens downward. Trick for nuts. I pushed DEL-key and in a few seconds the situation was all right. I saw the following: "The source code of this page is encrypted with HTML Guardian, the world's standart for website protection. Visit for details." Yes STANDART :)

Well well, I think and go to the link.      
On I discovered this:
"HTML Guardian sets the standard for intellectual property protection on the Web."
Very funny. On crypted page they wrote standart, but on site they wrote standard.
Hee-hee, I think. Very interesting.
I investigated this site and saw the following:

Creating a professional-looking website requires a huge amount of time, effort, and knowledge and experience in many areas of expertise - from image editing to programming. But the result of all this effort can be simply taken and reused by anyone. In today's highly competitive environment, this is something serious web developers would like to prevent.
As a solution for this situation, in June 1997 ProtWare released Web-Cipher!, the HTML Guardian predecessor, which quickly became extremely popular.
Today, HTML Guardian is the de facto world standard for protection of intellectual property on the Web.
It is being used by thousands of corporations, organizations, web design companies, software developers, web hosting providers, universities, colleges, agencies, foundations, small- and medium-size businesses, non-profit organizations and individuals in more than 100 countries all over the globe.

Sounds good really? In BUY section I saw:
A one computer license for HTML Guardian Professional costs $39.95.
A one computer license for HTML Guardian Enterprise costs $69.95.
Not so much,doesn't it? But they lie and it is the loss of money. Below I will try show it to you.
      THEY LIE TO US      
To hack this de facto world standard of protection I need 5-7 minutes. Very strong cipher :) I must tell you how you can do it. Maybe I save some money for people, who want to buy this do-nothing software. So, I start.

1. Analyzing document.
See on HTML-code below inscription The source code of this page is encrypted with... The content of the document makes impression complete abracadabra: text is not quite readable, it is not divided into lines and paragraphs, the width of the text exceeds the width of screen considerably.
But we make sure that this is HTML and not something else by finding at the beginning and at the end of the document standard tags: <html>, <head> and others.
The small formatting clears the situation - all content of page is placed in a script, being in a logical heading between the descriptors <script> and </script>.

... ... ...
The language of script is not indicated, but I know that it is set as default as JavaScript.
It is necessary to say that I almost do not know Javascript. I remember only some general information about syntax, for example, that after operators they put semicolon and variable value placed between single apostrophes. Great! A few minutes after I diligently tap the Enter key after every combination of symbols: "';" (don't forget to use the search). Now the code is clearly visible. A result is represented in a browser without changes. I do a back-up copy. Let's study the structure of protection script. At the beginning we see the code. As far as I understand these are the starting settings and checking. Next we see:
I don't understand anything :(
Continue investigation.
OOO0=new Array();

A few kilobytes of abracadabra are appropriated a variable. Look like that this variable contains the coded text. Continue investigation...
Next I see:
OO00+='nction __'+'__(_'+'O0){';
Interesting. Look here OO00='fu'; OO00+='nction __'+'__(_'+'O0){'; You see word function?
The variable OO00 will contain the function __(_O0){;. It is already something clever. Obviously the function of decoding begins to gather. Pay attention to this line: OO0O='of uxoRqZXEpNDrITBy'; Probably, it is the key which is used for enciphering. Continue research in a hope to understand something, because this key is not interest for us. The other area of code make me think:
OOOO='v%61r%20l%32%3D%77i\156%64ow%2E%6F%70er\ …’;
We have already seen it :) Looks like a piece of sly Shell-code. But at the same time it is clear that it is not binary data. Probably, it is a text coded by standard facilities of JavaScript. All right, I hope it will soon be clear. Turn the castor of scrolling of the mouse. Aha!
There is an increase of variable of OO0[0]:
OOO0[0]+= (many kilobytes of abracadabra)
Looks like some binary encrypted data.
Scroll the next...
Again the acquainted combination:
And below OOOO+='%20Ar%72a\171%28%29%2C%6C%30%3Dnew%20…;
What to say, all put into places. Judge for yourself:again there is an increase of variables OOO0[0] and OOOO, a few service variables are entered, a function is constructed. By the way, it is quite clearly which function: eval(unescape(_O0))
After that finally OO00 = function(_O0){(_eval(unescape(_O0))}
The function of eval() executes the programmatic code passed to it. Such the compiler itself in a compiler. But what does procedure of unescape() do? It converts the hexadecimal Unicode into a string. It mean unescape() decodes a line.
All absolutely clear - unescape brings content over of variable of OOOO to the normal kind, to executable JS-code. Thus, it appears that the coded program which decrypts OOO0[0] - text of document is kept in this variable. Reading documents on this function, I understood that the code of program-decipherer had been initially coded by the built-in function of escape() in order to frighten off inexperienced hackers, - in fact, in a document in this case there almost will be not a single intelligent operator.
Great, all is clear now. It is time to get a code, decrypting the content of the document.

2. Decrypting content of document.
We must find ALL value of OOOO variable (or other contains not binary code like %20A\162ra%79%28%29%2C\154%30%3D). In my case I have 3 part of OOOO variable. After that we must use unescape function to this variable for decode it. And finally we have decoded text. We put it into text field TT. You can see 100% working code:

<input id="decrypted" type="text" style="width: 800px; height: 100px">

After putting this page into browser we can copy/paste from text field the following decrypting program:

var l2=window.opera?1:0;
function l3(l4){
var l7=new Array(),l8=_1=l4.length,l9,lI,il=16256,_1=0,I=0,li='';
var l1=new Array(),l0=new Array(),Il=128;
var l_=l7.length-1;
case 0 :
else{return li}
var lO='';
if(naa) {document.write(lO)};

This is the decoding code of the text which is kept in the variable OOO0[0]. A bit confusing. But fortunately, we don't need to understand what exactly this program does. We are interested in the last line, in its very part document.write(lO). Obviously, that exactly this variable of lO will contain the final (deciphered) code of the page.
Thus, there is the last jerk to success. Remove OOOO and functions eval() and unescape() (does not forget to do back-up copies just in case). Then repeat the act which we have just done, for reliability instead of conclusion of the deciphered code in the alphanumeric field, we put it in a text file. For this purpose we replace the line of if(naa){document.write(lO)}; with such sequence of commands (or comment out this line, adding commands below):
var fs = new ActiveXObject("Scripting.FileSystemObject");
var decfile = fs.OpenTextFile("finaldecoded.html", 2, true);

Voila. We got the deciphered file :)
For decoding of files, treated by this program, neither thorough knowledge of script language nor algorithms of encoding was required. Just a little attention and non-standard approach was enough. A few minutes - and I have a script, decoding any file, treated by this program. But in fact I do not write harmful software and do not trench not upon whose copyrights.
      Alternative way      
I found it here. It's a very simple way. But this way not work on crypted javascript.js files. For decrypt such files use my way described above.
Web pages source cannot be protected by any means because the internet browsers can understand only HTML and other mark up languages.
Most of the website and software use JavaScript to encode the content and the same JavaScript is used to decrypt the content at the client.
While trying to view source of source if you find the content are encrypted by JavaScript. Here is one way to reveal the source content of web pages.
Just copy and paste the below lines in to address bar of the encrypted website now you can view the JavaScript generated original HTML source

javascript:var sorc=document.documentElement.outerHTML;"text/plain"); document.write(sorc);

This can break all the encrypted code generated by the software namely HTML Protector, HTML Guardian and others.
This can decrypt the code generated by the escape and unescape functions of the JavaScript
I am badly impressed by the programmers, taking money for "defense" which even a dilettante can crack. It is high time to understand: however was tangled JavaScript - or VBScript, whatever ingenious algorithms were used, there always will be a man who has enough patience to decipher it. It is possible to disconnect the menu of browser, it is possible to create sites wholly on Flash, it is possible to place text as graphic arts, it is possible to make different ways. But friend, nothing will help :)
Trust no one. The Conspiracy is Out There.
      And finally automatic encoding gadget :)      
Just get it here Enjoy!

Copyright © 2010-2016 Igor "Igogo" Bushin. All rights reserved worldwide.
Counter Powered by  RedCounter      Page copy protected against web site content infringement by Copyscape
Google bot last visit for My Favorite Gadgets Bing bot last visit for My Favorite Gadgets Yahoo! bot last visit for My Favorite Gadgets Adsense bot last visit for My Favorite Gadgets
Alexa rank for My Favorite Gadgets We are in DMOZ now