Dave Heavy Industries Dave Heavy Industries – blog

28Apr/110

Decoding Windows Script Encoder encoded scripts

Decoding Windows Script Encoder encoded scripts

isn't that a mouthful? Microsoft released this in 2001 - http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e7877f67-c447-4873-b1b0-21f0626a6329 which is a way of obscurifying vbscript (like ASP) scripts so that people can't change or copy your code. Great, right? well, as with most script encoding  (zend encoder aside, others I'm sure), it doesn't do a very good job of it, and more makes it annoying to debug asp pages when the developers encode their includes.

I ran into this particular problem when dealing with ProductCart by EarlyImpact. I ran into some issues integrating with their XMLtools, opened it up and to my surprise was presented with gibberish like below..

<snip><%#@~^K6gAAA==@#@&@#@&UE(PZ4+1V?Mm6D9+.d:lokc#@#@&fbh~Z4k^NHW[nk~dYMHW9+SOsw1G[1C:SD:2gW9+.mV!n~D:2.mV;n</snip>

small amount of reading later, discovered Microsoft script encoder, decided that this can't be the end of it, and googled microsoft script decoder, hit the I'm feeling lucky button and blamo! success :D

http://www.greymagic.com/security/tools/decoder/

there's also a downloadble program to do the same thing if you have a lot of scripts to decode - http://www.virtualconspiracy.com/index.php?page=scrdec/intro

within minutes I'd discovered where I was going wrong with my REST request xml and was back to being productive. happy days.

hope I've saved someone some headaches.

disclaimer - proof of concept as to why you shouldn't trust your IP to the microsoft script encoder, not a way to rip off your competitors, extend your trials or anything of the similar.

 

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.