To download your copy click here
(You can purchase Scripts Encryptor from its Help -> Register menu)

Introduction

Scripts Encryptor will be a handy tool for web page developers seeking the way to protect their on-line content from reverse engineering as well as from webbots collecting email addresses and other personal data. Improved Scripts Encryptor can now work not only with JavaScript data, but also with HTML files that might contain JavaScript blocks, and also with C/C++ source files. Unfortunately, HTML and JavaScript code does not allow any substantial encryption the same way as when you compile source code into executable file or when you save Flash movie in a shockwave format. The only way to protect HTML and JavaScript is to employ obfuscation, i.e., scrambling of the contents.

There are many obfuscators available on the web that mostly use scripts to do scrambling. A big downside of this method is that to fully view such page, user's browser should support scripts and have them enabled, which significantly limits number of web browsers that such encrypted page will be viewed on. Moreover, there's always a possibility of a new security upgrade from Microsoft that will either show a virus warning, or won't completely open your page that was encrypted using scripts with other obfuscators.

Scripts Encryptor does not use scripts to obfuscate HTML and JavaScript, instead it uses space stripping, escape sequences and Windows Script Encoder method to scramble web pages. Scrambled pages become fully clear for web browsers but almost unreadable when viewed as HTML, or attempted to alter with an editor. To see what happens with a web page after scrambling by Scripts Encryptor check samples section below.

Main Features

Scripts Encryptor provides the following options:

• Obfuscation (scrambling) of JavaScript, JScript standalone files;
• Obfuscation of HTML and HTML-style files that might include JavaScript, JScript blocks inside;
• Encryption of JavaScript, JScript data in a file or imbedded in HTML page using Windows Script Encoder method (emulation of screnc.exe by Microsoft);
• Compression (reduction of size) of HTML/JScript documents without obfuscation (to downsize your bandwidth and increase loading time);
• Flexible settings for obfuscation that allow to fine-tune level of scrambling;
• Ability to preview obfuscated page and compare it with an original document;
• Scrambling of C/C++/MFC source code files into solid code chunks making them hard to view and edit;
• Checking of missing and/or extra semicolons in JavaScript, JScript code;
• Ability to organize (decrypt) JavaScript, JScript files (including those encrypted using Windows Script Encoder);
• Support of international code pages and file encodings (overall Unicode support);
• Ability to change code page and file encoding while saving in a file;
• Ability to make a Unix-compatible file (with a single linefeed at the end of lines);
• Compatible with Windows XP SP2, and IE6 popup blocker in general (so your previewed code is not blocked as potentially dangerous);
• Command line support (so you can use it on your web server or as part of another software).

To learn more, please read on.

Interface and Operation

Scripts Encryptor employs visual interface with simple navigational controls and two main windows to show code Before and After conversion:

To begin you have to either open an existing file, or type or paste script (code) into Before window. Scripts Encryptor can work with the following script types:

• HTML or HTML-type mark-up files (that may include JavaScript/JScript and CSS blocks - other scripting languages are left intact and not obfuscated);
• JavaScript/JScript standalone files;
• C source code files;
• C++/MFC source code files.

Right after you open a file Scripts Encryptor will attempt to determine its type in Script in 'Before' box. You can also do so, or correct automatic setting manually. This selection is crucial for conversion as all abovementioned file types are converted differently.

Before actually making a conversion set the options for it. First select type of operation you'd like to perform:

• Scramble -- will obfuscate (scramble) code in Before window. If it is HTML code containing JavaScript blocks they all will be obfuscated according to selection. (Any unrecognized scripting language, including VBScript, will be left without changes.);
• Organize -- will organize (de-scramble) code in Before window making it easy to read and edit. (This feature is not available for HTML code in Encoder version of Scripts Encryptor. For more information see Reverse Engineering Protection Policy below)
• No Changes -- will not alter code in Before window, but may allow checking of end-line semicolons in JavaScript blocks, and/or encrypting JavaScript blocks using Windows Script Encoder method.

Then select type of End of Lines in the respective section:

• CR+LF (\r\n) -- stands for Carriage Return and Line Feed. Use this option to make a Windows compatible source file;
• LF only (\n) -- use this selection to make a Unix-compatible file. At this time many browsers understand this encoding, so choosing it will not only make the code less readable but also smaller in size.

Then select HTML scrambling options in HTML section:

• Escape tags -- when checked will make Scripts Encryptor to use escape sequences to scramble some HTML tags. Use this option to protect inline email addresses and web links from crawling robots collecting information for spam distributors. (There are more options available for this selection - see Conversion Properties below.)
• Escape text -- when checked will make Scripts Encryptor to use escape sequences in text within HTML code that is located outside of tags. This option will render document almost unreadable by human eye while in HTML mode. (There are more options available for this selection - see Conversion Properties below.)
• Random escape -- when checked will make Scripts Encryptor to use escape sequences randomly for better obfuscation. We recommend keeping this option on. (There are more options available for this selection - see Conversion Properties below.)

Then select JavaScript scrambling options in JavaScript section:

• Encode script -- when checked will make Scripts Encryptor to apply Windows Script Encoder method to JavaScript blocks within current HTML file, or to the whole document if it's opened as JavaScript. (This option employs emulation of encoding of JScript scripts originally performed by Microsoft® Script Encoder (screnc.exe), Microsoft® Corporation.) WARNING: Use this option with caution as although encrypted code looks visibly safe it can be easily decoded (also by Scripts Encryptor). Besides that this encryption is currently recognized only by Microsoft Internet Explorer 5.0 and later browsers!
  To prevent a certain code block from being encoded use SENoEnc="1" command in a <SCRIPT> tag as shown in this example:
    <SCRIPT language=JavaScript type=text/javascript SENoEnc=1> ... </SCRIPT>
• Escape Quotes -- when checked will make Scripts Encryptor to use escape sequences in JavaScript quotes. This will dramatically decrease readability of your code. (There are more options available for this selection - see Conversion Properties below.)
• Random escape -- when checked will make Scripts Encryptor to use escape sequences randomly for better obfuscation. We recommend keeping this option on. (There are more options available for this selection - see Conversion Properties below.)
• Check semicolons -- when checked will allow Scripts Encryptor to add or remove extra semicolons from JavaScript code;
• Add -- when checked will make Scripts Encryptor to add required semicolons at the end of script lines to ensure better scrambling achieved by stripping spaces between code lines, which might not be possible because of omitted semicolons. WARNING: Try to put semicolons required by language syntax at the end of code lines while programming, or always check semicolons added automatically by Scripts Encryptor (they will be marked in the After window after conversion is done).
• Remove -- when checked will make Scripts Encryptor to remove extra semicolons in the script that are not required for scrambling. WARNING: Always check semicolons removed automatically by Scripts Encryptor (they will be marked in the Before window after conversion is done).

When conversion options are set you may now click Convert button to perform conversion. Depending on the data size, converted code will then appear in the After window, that will include color coding for better readability. If you opted to add or remove semicolons from JavaScript blocks they will be also marked in yellow in the After or Before window respectively.

Controls and Navigation

Scripts Encryptor has all controls located on its toolbar. The same controls (commands) are also available from its main menu:

• Clear 'Before' Window -- opens a new document and clears Before window (use it to insert script into Before window manually);
• Open -- opens a window that allows you to select a file for conversion.
  You can also open the file by dragging its icon into the Before window, or by selecting it from the File menu, recently opened section.
• Save 'After' Window -- opens a window that allows you to save converted document into a file.
  You can select the following options in the Save As window:
  • File Encoding -- allows you to specify file encoding used to save file;
  • Save for offline viewing -- option used for compatibility with Windows XP SP2, when checked saves HTML file for offline viewing. This prevents Internet Explorer from showing warning messages.
• Cut -- cuts selected text from Before or After window to the Windows clipboard. (To determine which window is currently active look at the title on top of it. When it's bold, it means that the window has keyboard focus. To switch between Before and After windows click its title, or press Alt+1 or Alt+2 hot keys.)
• Copy -- copies selected text from Before or After window to the Windows clipboard. (To determine which window is currently active look at the title on top of it. When it's bold, it means that the window has keyboard focus. To switch between Before and After windows click its title, or press Alt+1 or Alt+2 hot keys.)
• Paste -- inserts text from the Windows clipboard into Before or After window. (To determine which window is currently active look at the title on top of it. When it's bold, it means that the window has keyboard focus. To switch between Before and After windows click its title, or press Alt+1 or Alt+2 hot keys.)
• Erase -- erases selected text from Before or After window. (To determine which window is currently active look at the title on top of it. When it's bold, it means that the window has keyboard focus. To switch between Before and After windows click its title, or press Alt+1 or Alt+2 hot keys.)
• Select All -- selects all the text in Before or After window.
• Move to 'Before' -- copies code from After window to Before. This option might be used for recurring conversion due to complexity of the script.
• Undo -- undoes code changes in the Before or After window. This option is now multi-level enabling you to revert to previous state of the script.
• Redo -- rolls back changes undone by undo option.
• Encoding -- shows window to select File Encoding and Code Page that will be used to save script in the After window to a file. Use this option to set conversion type of HTML script to a preferred code page and/or file encoding. Read more here. (Mostly used for non-English pages and alphabets.)
• Find -- shows window to perform text search in the Before or After window.
• Locator -- translates selected segment from one window to another. This option might be useful for debugging your code -- select questionable part of code in Before window and click this button. It will find selected code in the After window. It also works in opposite way. INFORMATION: Locator should not be used for determining exact correlation between original and converted scripts -- it only hints location of selected segment.
• Preview -- previews code in the After window in the web browser. Now you don't have to save contents of the After window to see the results of conversion. Press this button to open script in the browser and you will immediately see if there were any errors during conversion. (Microsoft Internet Explorer is used by default.)
• Conversion Properties -- opens window to set additional conversion settings:
  • Keep comment tags when scrambling -- if checked does not discard HTML comment tags (i.e., tags like <!-- ... -->) when scrambling. In many cases you won't need them to be included in the scrambled file ready for posting online. But, in rare instances some scripts on the page might require comment tags to mark certain code parts -- as a script developer you should know whether to use this option, or not. (When checked reduces the resulting code size.)
  • Use comment tags on script blocks -- if checked puts comment tags (i.e., tags like <!-- ... -->) on script blocks. If on, increases code size and readability of the script. But, these tags might be still required by older browsers to process your HTML document correctly when they do not support scripting.
  • Allow applying Windows Script Encoding to -- option allows you to select which script blocks should be affected by Windows Script Encoding mechanism. If set to "All JavaScript/JScript blocks" it will affect all JavaScript blocks within HTML document. You also have an option to select certain variations of JavaScript language in the box below by specifying them in a comma-separated list.
  • Allow scrambling of URLs -- if checked escaping of links in the HTML document is permitted while scrambling. It is recommended that you keep this option checked as it provides protection of your web links against web robots collecting email addresses.
  • Don't use hex escape sequences in URLs (i.e., %XX) -- if checked will prevent use of hexadecimal escape sequences in links in the HTML document. Example of such symbol is '%20' standing for space. (Some web browsers, including Netscape Navigator, do not interpret these characters correctly when they are present in web links. There also might be an issue with some web servers misinterpreting these escape sequences in the tail of URL.)
  • Random Escaping Threshold -- this slider lets you select preferred random escaping threshold value. Random escaping is used to obfuscate HTML and JavaScript code. If you move this slider towards the left (Less) side, this will mean inclusion of less escaped symbols in the scrambled code (thus reducing file size but increasing readability); if you move the slider towards right (More) side, this will mean inclusion of more escaped symbols (thus increasing file size but decreasing readability).

• First section contains description of the button or command currently pointed by the mouse cursor;
• Second section contains line and column number that specifies location of the keyboard cursor in the currently active window;
• Third section contains current file encoding that will be used to save contents of the After window to a file. (To change it double-click it);
• Fourth section contains current code page name that will be used to save contents of the After window to a file. (To change it double-click it);
• Next sections show keyboard status, such as Caps Lock, Num Lock.

International Settings

Scripts Encryptor is a Unicode-based program, now supporting many file encodings and international code pages. It will automatically detect the code page and file encoding when you open a file. To change any of these settings go to File -> Encoding. You will have an option for the following file encodings:

• ANSI -- encoding from American National Standards Institute using one byte per character. (This encoding is used by default for all English pages as it produces the most size-efficient files. But, it might not contain enough symbols to save non-English page.)
• Unicode -- encoding using two bytes per character, which allows many international characters to be saved without distortion. The downside of using this encoding is that it significantly increases file size needed to store and transmit the page.
• Unicode (Big-endian) -- the same as Unicode but with reversed byte sequence.
• UTF-8 -- encoding that employs a mix of ANSI and multi-byte encodings. Might be the most effective for saving international web pages since it uses one byte encoding for English characters and multi-byte encoding for any others.

Besides that Scripts Encryptor allows you to select the code page that will be used in HTML document (or for conversion) when saving data to a file. A complete list of supported code pages might be found in the corresponding box in the File Encoding & Code Page window.

Command Line Operation

Scripts Encryptor can be run from the Windows command line without involving visual editor. This could be useful if you prefer to run Scripts Encryptor on a background as an integral part of another software, or on a web server. It can perform the same tasks as those available in its normal (GUI) operation. For more information go to Help -> Command Line Help from the main menu in Scripts Encryptor, or click here to read the command line operation manual.

Batch Conversion Using Command Line

Scripts Encryptor does not currently support a built-in feature that would allow batch conversion of more than one file at a time, but it is possible to use any outside programming language to call Scripts Encryptor in a command line mode repeatedly for a list (batch) of files. Click here to see an example of how to do it.

Reverse Engineering Protection Policy

Scripts Encryptor is now distributed in the "Encoder" package, which allows every possible obfuscation (scrambling) of HTML, JavaScript, C, C++ code for the same low cost, but offers a limited set of operations on de-scrambling of the same code back. To maintain backward compatibility with previous versions of Scripts Encryptor it still allows to decrypt JavaScript and C/C++ code into a readable file, but it significantly limits de-scrambling (organizing) of any HTML code, thus preventing its use as a reverse engineering tool.

For those who would like to receive a complete set of features of Scripts Encryptor (including a full decryption, de-scrambling) we offer the "Full Version" available after an additional registration and a surcharge. (To learn more go to Help -> About Scripts Encryptor in its main menu, then click "Check how to buy the Full Version" link.) We believe that these measures will discourage reverse engineering attempts using Scripts Encryptor.

Obfuscation Samples

To better understand the way Scripts Encryptor can obfuscate (scramble) and de-scramble source code look at some samples produced by it. Click here to view.

Bug Report and Feedback

Please let us know about any glitches that you may find in Scripts Encryptor, also feel free to post your comments and suggestions through feedback. This will improve any future versions of this software. Plus if we find your report/suggestion useful we will give you a new improved version absolutely free of charge.

Thank you for choosing Scripts Encryptor!