Obfuscation of client-side scripts for WWW

Below is a sample input file before obfuscation and encoding.

'~~Author~~. Mythran

'~~Email_Address~~. kip_potter@hotmail.com

'~~Script_Type~~. vbscript

'~~Sub_Type~~. Html

'~~Keywords~~. date picker, calendar, calender, calinder, vbscript, script, no javascript

'~~Comment~~.
'A calendar which allows you to select a date, then dynamically insert the date you selected into a text box on another page.

'~~Script~~.
'Put the following into a file called date-picker.asp in the same
'directory you are going to have the asp files, or another directory
'where ALL asp files on your site will use it.

Option Explicit
function OBJNAME(n): n = n & "":OBJNAME=n:end function:
Dim CalendarWindow					' Window created by Window.Open
Dim HelpWindow						' Help Window created by Window.Open
Dim FormElement						' Text box which the date will be stored in
Dim CurMonth						' Current month
Dim CurYear						' Current year
Dim FirstWDay						' First day of week for month's first day
Dim CurWeekDay						' Current Week Day
Dim DOMonth				            	' Day Of Month (NonLeap Year)
Dim LDOMonth						' Day Of Month (Leap Year)
Dim Months							' Month Names

DOMonth = Array(0,31,28,31,30,31,30,31,31,30,31,30,31)
LDOMonth = Array(0,31,29,31,30,31,30,31,31,30,31,30,31)
Months = Array("","January","February","March","April","May","June","July","August","September","October","November","December")


Private Sub StartCalendar(Element)
  Set FormElement = Element
  CurMonth = DatePart("m", Date)
  CurYear = DatePart("yyyy", Date)
  CurWeekDay = DatePart("w", Date)
  FirstWDay = Calc_First_Day_Of_Month()

  ' Open a new blank window WHOLE PROCESS
  OpenNewWindow
End Sub

'''''''''''''''''''''''''''
'''''''''''''''''''''''''''
''   Window Functions    ''
'''''''''''''''''''''''''''
'''''''''''''''''''''''''''
'' Open a new blank window
Public Sub OpenNewWindow()
  Set CalendarWindow = Window.Open("","Calendar","width=275,height=205,status=no,resizable=no,top=200,left=200")
  WriteHead
End Sub

'''''''''''''''''''''''''''''''''''''
'' Re-Open window for next year/month
Public Sub NextWindow()
  CalendarWindow.Document.Write ""
  CalendarWindow.Document.Close
  OpenNewWindow()
End Sub

Private Sub WriteHead
  WPrint "<html><head><title>Merced County Calendar</title>" & vbCrlf
  WPrint "<style>"
  WPrint "TD {"
  WPrint "  background-color: #888888;"
  WPrint "  font: 8pt Verdana;"
  WPrint "  color: #FFFFFF;"
  WPrint "  text-decoration: None;"
  WPrint "}"
  WPrint "BODY {"
  WPrint "  background-color: Black;"
  WPrint "  color: #AAAAAA;"
  WPrint "  font: 8pt Verdana;"
  WPrint "}"
  WPrint "A {"
  WPrint "  color: #FFFFFF;"
  WPrint "  font: 8pt Verdana;"
  WPrint "  cursor: hand;"
  WPrint "  text-decoration: None;"
  WPrint "}"
  WPrint "TD.Titles {"
  WPrint "  font: 10pt Verdana;"
  WPrint "  text-align: center;"
  WPrint "  color: #000000;"
  WPrint "  background-color: #e0e0e0;"
  WPrint "  font-weight: Bold;"
  WPrint "}"
  WPrint "</style>"
  WriteBody
End Sub

Public Sub WriteBody()
  WPrint "<body>"
  WPrint "<div align=""center"" style=""font: 10pt Verdana;"">"
  WPrint "<a onClick=""window.opener." & OBJNAME("PrevYear") & "()""><<</a>&nbsp;&nbsp;&nbsp;"
  WPrint "<a onClick=""window.opener." & OBJNAME("PrevMonth") & "()""><</a>&nbsp;&nbsp;&nbsp;"
  WPrint "<b>" & Months(CurMonth) & ", " & CurYear & "</b>&nbsp;&nbsp;&nbsp;"
  WPrint "<a onClick=""window.opener." & OBJNAME("NextMonth") & "()"">></a>&nbsp;&nbsp;&nbsp;"
  WPrint "<a onClick=""window.opener." & OBJNAME("NextYear") & "()"">>></a>"
  WPrint "</div>"
  WPrint "<table width=""100%"" align=""center"" bgcolor=""White"">"
  WPrint "<tr>"
  WPrint "<td width=""14%"" class=""Titles"">Sun</td>"
  WPrint "<td width=""14%"" class=""Titles"">Mon</td>"
  WPrint "<td width=""14%"" class=""Titles"">Tue</td>"
  WPrint "<td width=""14%"" class=""Titles"">Wed</td>"
  WPrint "<td width=""14%"" class=""Titles"">Thu</td>"
  WPrint "<td width=""14%"" class=""Titles"">Fri</td>"
  WPrint "<td width=""14%"" class=""Titles"">Sat</td>"
  WPrint "</tr>"
  PrintDaysOfTheMonth
  WPrint "</table>"
  WPrint "<br><br><br><br><div align=""center""><a onClick=""window.opener." & OBJNAME("ShowHelp") & "()"">Help</a></div>"
  WPrint "</body></html>"
End Sub

Private Sub PrintDaysOfTheMonth()
  Dim intCtr, theWeekDay

  If (Calc_Month_Length(CurMonth, CurYear) <= 0) Then
    Exit Sub
  End If

  For theWeekDay = 1 to Calc_First_Day_Of_Month()-1
    WPrint "<td width=""14%"">&nbsp;</td>"
  Next

  For intCtr = 1 To (Calc_Month_Length(CurMonth, CurYear))
    If ((theWeekDay = 7) OR (theWeekDay = 1)) Then
	  WPrint "<td width=""14%"" style=""color: #AAAAAA;""><a onclick=""vbScript:Window.opener." & OBJNAME("CloseWindow") & "(" & intCtr & ")"">" & intCtr & "</a></td>"
      If (theWeekDay = 7) Then
	    WPrint "</tr><tr>"
	    theWeekDay = 1
	  Else
	    theWeekDay = theWeekDay + 1
	  End If
	Else
	  WPrint "<td width=""14%""><a onclick=""vbScript:Window.opener." & OBJNAME("CloseWindow") & "(" & intCtr & ")"">" & intCtr & "</a></td>"
	  theWeekDay = theWeekDay + 1
	End If
  Next

  WPrint "</tr>"
End Sub

Public Sub WPrint(strText)
  CalendarWindow.Document.Write strText & vbCrlf
End Sub

Public Sub CloseWindow(DayOfMonth)
  Window.FormElement.Value = CStr(CurMonth & "/" & DayOfMonth & "/" & CurYear)
  CalendarWindow.Close
End Sub
'''''''''''''''''''''''''''
'''''''''''''''''''''''''''
'' Calculation Functions ''
'''''''''''''''''''''''''''
'''''''''''''''''''''''''''
'' Calculate what weekday the first day of the month resides
'' on.
Public Function Calc_First_Day_Of_Month()
  Calc_First_Day_Of_Month = DatePart("w", CDate(CurMonth & "/1/" & CurYear))
End Function

'' Calculate how long this month is in days, 28, 29, 30, or 31.
Public Function Calc_Month_Length(MonthNum, theYear)
  If ((theYear MOD 4) = 0) Then
    If (((theYear MOD 100) = 0) AND ((theYear MOD 400) <> 0)) Then
	  Calc_Month_Length = DOMonth(MonthNum)
	Else
	  Calc_Month_Length = LDOMonth(MonthNum)
	End If
  Else
    Calc_Month_Length = DOMonth(MonthNum)
  End If
End Function

'''''''''''''''''''''''
'' Set up previous year
Public Sub PrevYear()
  CurYear = CurYear - 1
  'CurMonth is same as before
  'CurWeekDay is same as before
  FirstWDay = Calc_First_Day_Of_Month()

  Call NextWindow
End Sub

''''''''''''''''''''''''
'' Set up previous month
Public Sub PrevMonth()
  If (CurMonth = 1) Then
    CurYear = CurYear - 1
    CurMonth = 12
  Else
    CurMonth = CurMonth - 1
  End If
  FirstWDay = Calc_First_Day_Of_Month()

  Call NextWindow
End Sub

'''''''''''''''''''
'' Set up next Year
Public Sub NextYear()
  CurYear = CurYear + 1
  FirstWDay = Calc_First_Day_Of_Month()
  Call NextWindow()
End Sub

''''''''''''''''''''
'' Set up next month
Public Sub NextMonth()
  If (CurMonth = 12) Then
    CurYear = CurYear + 1
	CurMonth = 1
  Else
    CurMonth = CurMonth + 1
  End If
  FirstWDay = Calc_First_Day_Of_Month()
  Call NextWindow
End Sub

''''''''''''''
'' Help Window
Public Sub ShowHelp()
  Set HelpWindow = Window.Open("","Help","width=275,height=250,status=no,resizable=no,top=200,left=485")
  With HelpWindow.Document
    	.Write "<html><head><title>Calendar Help</title></head>" & vbCrlf
	.Write "<style>" & vbCrlf
	.Write "BODY {" & vbCrlf
	.Write "  font: 8pt Verdana;" & vbCrlf
	.Write "  color: #e0e0e0;" & vbCrlf
	.Write "  background-color: #000000;" & vbCrlf
	.Write "}" & vbCrlf
	.Write "</style>" & vbCrlf
	.Write "<body>" & vbCrlf
	.Write "<div align=""center"" style=""font: 14pt Verdana;"">Calendar Help</div><hr>" & vbCrlf
	.Write "To find a specific date, click on the use the navigation symbols located on either side" & vbCrlf
	.Write "of the Month and Year.  They look like either of these: <<, <, >, or >>.<br>" & vbCrlf
	.Write "<< - Previous Year<br>< - Previous Month<br>> - Next Month<br>>> - Next Year<br>" & vbCrlf
	.Write "<br>"
	.Write "To select a month and place it into the date text box, just click on the date."
	.Write "<br><br><div align=""center""><input type=""button"" value=""Close Help"" onClick=""window.close()""></div>"
	.Write "</body></html>" & vbCrlf
  End With
End Sub

'Now in the header section of the asp file you are going to use please the following script tags:
'<script language="vbscript" src="date-picker.asp"></script>

'Name a form:
'<form name="frmSomething" method="POST" action="test.asp">

'Name a textbox (or other element):
'<input type="text" name="txtDate">

'Now, add an image near the textbox, such as immediately after.
'<img src="show_calendar.gif" onclick="VBScript:StartCalendar(frmSomething.txtDate)">

'That should be it.  I do ask that if you use this script, please make sure my name and stuff is kept in the date-picker file you are using.

'Thank You,
'Mythran (Kip C. Potter)

Below is that file with just obfuscation applied (though by default VBS-Obfus applies encoding too). No encoding was applied to the result of obfuscation, so it still looks like difficult-to-understand VBScript code.

option explicit:  :function OBJNAME(z14851c4b0f):z14851c4b0f=z14851c4b0f&"":OBJNAME=z14851c4b0f: _
end function:Dim z46d942ada2:Dim z702cea96f0:Dim za46aa47f3e:Dim zf326326684:Dim _
 z27005b7a98:Dim z480be6922c:Dim z99483bbe5a:Dim zbac279de45:Dim zd825e25ad5:Dim _
 z77592bc850:zbac279de45=Array((&he1d+5202-&H226f),(&he64+2696-&H18cd), _
(&h1d45+331-&H1e74),(&hf34+780-&H1221),(&h1316+3660-&H2144),(&h6c0+4889-&H19ba), _
(&h14c5+2208-&H1d47),(&hbf1+1946-&H136c),(&hbbd+776-&Hea6),(&h9a1+7392-&H2663), _
(&he4f+5205-&H2285),(&h1b31+83-&H1b66),(&heab+113-&Hefd)):zd825e25ad5=Array( _
(&h228a+803-&H25ad),(&h4de+7853-&H236c),(&hcb+6155-&H18b9),(&hfe2+540-&H11df), _
(&hdc5+1812-&H14bb),(&h3ce+5375-&H18ae),(&h403+5512-&H196d),(&h4fe+3546-&H12b9), _
(&h931+6457-&H224b),(&h1199+3076-&H1d7f),(&h8ca+2227-&H115e),(&h17c+1634-&H7c0), _
(&h172e+2070-&H1f25)):z77592bc850=Array("","January","February","March","April", _
"May","June","July","August","September","October","November","December"): _
Private Sub StartCalendar(zb9b4ee1e46):Set za46aa47f3e=zb9b4ee1e46:zf326326684= _
DatePart("m",Date):z27005b7a98=DatePart("yyyy",Date):z99483bbe5a=DatePart("w", _
Date):z480be6922c=z5432fa9477():ze8c4fa6420:End Sub:Public Sub ze8c4fa6420():Set _
 z46d942ada2=Window.Open("","Calendar", _
"width=275,height=205,status=no,resizable=no,top=200,left=200"):zf71078d0b9:End  _
Sub:Public Sub za44378e4e2():z46d942ada2.Document.Write "":z46d942ada2.Document. _
Close:ze8c4fa6420():End Sub:Private Sub zf71078d0b9:z3aa9a20d50  _
"<html><head><title>Merced County Calendar</title>"&vbCrlf:z3aa9a20d50 "<style>" _
:z3aa9a20d50 "TD {":z3aa9a20d50 "  background-color: #888888;":z3aa9a20d50  _
"  font: 8pt Verdana;":z3aa9a20d50 "  color: #FFFFFF;":z3aa9a20d50  _
"  text-decoration: None;":z3aa9a20d50 "}":z3aa9a20d50 "BODY {":z3aa9a20d50  _
"  background-color: Black;":z3aa9a20d50 "  color: #AAAAAA;":z3aa9a20d50  _
"  font: 8pt Verdana;":z3aa9a20d50 "}":z3aa9a20d50 "A {":z3aa9a20d50  _
"  color: #FFFFFF;":z3aa9a20d50 "  font: 8pt Verdana;":z3aa9a20d50  _
"  cursor: hand;":z3aa9a20d50 "  text-decoration: None;":z3aa9a20d50 "}": _
z3aa9a20d50 "TD.Titles {":z3aa9a20d50 "  font: 10pt Verdana;":z3aa9a20d50  _
"  text-align: center;":z3aa9a20d50 "  color: #000000;":z3aa9a20d50  _
"  background-color: #e0e0e0;":z3aa9a20d50 "  font-weight: Bold;":z3aa9a20d50  _
"}":z3aa9a20d50 "</style>":z3f3da32a80:End Sub:Public Sub z3f3da32a80(): _
z3aa9a20d50 "<body>":z3aa9a20d50  _
"<div align=""center"" style=""font: 10pt Verdana;"">":z3aa9a20d50  _
"<a onClick=""window.opener."&"z004751ab46"&"()""><<</a>&nbsp;&nbsp;&nbsp;": _
z3aa9a20d50 "<a onClick=""window.opener."&"zeda1f8d5d2"& _
"()""><</a>&nbsp;&nbsp;&nbsp;":z3aa9a20d50 "<b>"&z77592bc850(zf326326684)&", "& _
z27005b7a98&"</b>&nbsp;&nbsp;&nbsp;":z3aa9a20d50 "<a onClick=""window.opener."& _
"z07249a2371"&"()"">></a>&nbsp;&nbsp;&nbsp;":z3aa9a20d50  _
"<a onClick=""window.opener."&"z39dd568c55"&"()"">>></a>":z3aa9a20d50 "</div>": _
z3aa9a20d50 "<table width=""100%"" align=""center"" bgcolor=""White"">": _
z3aa9a20d50 "<tr>":z3aa9a20d50 "<td width=""14%"" class=""Titles"">Sun</td>": _
z3aa9a20d50 "<td width=""14%"" class=""Titles"">Mon</td>":z3aa9a20d50  _
"<td width=""14%"" class=""Titles"">Tue</td>":z3aa9a20d50  _
"<td width=""14%"" class=""Titles"">Wed</td>":z3aa9a20d50  _
"<td width=""14%"" class=""Titles"">Thu</td>":z3aa9a20d50  _
"<td width=""14%"" class=""Titles"">Fri</td>":z3aa9a20d50  _
"<td width=""14%"" class=""Titles"">Sat</td>":z3aa9a20d50 "</tr>":z72eb6574ae: _
z3aa9a20d50 "</table>":z3aa9a20d50  _
"<br><br><br><br><div align=""center""><a onClick=""window.opener."& _
"z3329df96de"&"()"">Help</a></div>":z3aa9a20d50 "</body></html>":End Sub:Private _
 Sub z72eb6574ae():Dim zdb1b67612f,z2e94873d68:If(zacae73b69d(zf326326684, _
z27005b7a98)<=(&h669+4527-&H1818))Then:Exit Sub:End If:For z2e94873d68= _
(&hb49+5448-&H2090) to z5432fa9477()-(&h434+4638-&H1651):z3aa9a20d50  _
"<td width=""14%"">&nbsp;</td>":Next:For zdb1b67612f=(&h921+7093-&H24d5) To( _
zacae73b69d(zf326326684,z27005b7a98)):If((z2e94873d68=(&h1544+2766-&H200b))OR( _
z2e94873d68=(&h1703+2376-&H204a)))Then:z3aa9a20d50  _
"<td width=""14%"" style=""color: #AAAAAA;""><a onclick=""vbScript:Window.opener." _
&"zf5e813d5b0"&"("&zdb1b67612f&")"">"&zdb1b67612f&"</a></td>":If(z2e94873d68= _
(&h3f+1587-&H66b))Then:z3aa9a20d50 "</tr><tr>":z2e94873d68=(&h13e8+2808-&H1edf): _
Else:z2e94873d68=z2e94873d68+(&h148f+2411-&H1df9):End If:Else:z3aa9a20d50  _
"<td width=""14%""><a onclick=""vbScript:Window.opener."&"zf5e813d5b0"&"("& _
zdb1b67612f&")"">"&zdb1b67612f&"</a></td>":z2e94873d68=z2e94873d68+ _
(&hf84+5131-&H238e):End If:Next:z3aa9a20d50 "</tr>":End Sub:Public Sub  _
z3aa9a20d50(z718d5a466b):z46d942ada2.Document.Write z718d5a466b&vbCrlf:End Sub: _
Public Sub zf5e813d5b0(z20d5612395):Window.za46aa47f3e.Value=CStr(zf326326684& _
"/"&z20d5612395&"/"&z27005b7a98):z46d942ada2.Close:End Sub:Public Function  _
z5432fa9477():z5432fa9477=DatePart("w",CDate(zf326326684&"/1/"&z27005b7a98)):End _
 Function:Public Function zacae73b69d(z88c3293bcc,zd8e70f6ef2):If((zd8e70f6ef2  _
MOD (&h1c9e+2123-&H24e5))=(&h1712+3361-&H2433))Then:If(((zd8e70f6ef2 MOD  _
(&hf50+5362-&H23de))=(&hba2+5014-&H1f38))AND((zd8e70f6ef2 MOD  _
(&h1956+3372-&H24f2))<>(&he75+5764-&H24f9)))Then:zacae73b69d=zbac279de45( _
z88c3293bcc):Else:zacae73b69d=zd825e25ad5(z88c3293bcc):End If:Else:zacae73b69d= _
zbac279de45(z88c3293bcc):End If:End Function:Public Sub z004751ab46(): _
z27005b7a98=z27005b7a98-(&h198d+3229-&H2629):z480be6922c=z5432fa9477():Call  _
za44378e4e2:End Sub:Public Sub zeda1f8d5d2():If(zf326326684=(&h3c6+8862-&H2663)) _
Then:z27005b7a98=z27005b7a98-(&h8c0+1433-&He58):zf326326684=(&hd68+5431-&H2293): _
Else:zf326326684=zf326326684-(&h93b+3693-&H17a7):End If:z480be6922c=z5432fa9477( _
):Call za44378e4e2:End Sub:Public Sub z39dd568c55():z27005b7a98=z27005b7a98+ _
(&hacc+2982-&H1671):z480be6922c=z5432fa9477():Call za44378e4e2():End Sub:Public  _
Sub z07249a2371():If(zf326326684=(&ha98+6282-&H2316))Then:z27005b7a98= _
z27005b7a98+(&h91a+6187-&H2144):zf326326684=(&h9ae+3567-&H179c):Else:zf326326684 _
=zf326326684+(&h1726+2123-&H1f70):End If:z480be6922c=z5432fa9477():Call  _
za44378e4e2:End Sub:Public Sub z3329df96de():Set z702cea96f0=Window.Open("", _
"Help","width=275,height=250,status=no,resizable=no,top=200,left=485"):With  _
z702cea96f0.Document:.Write "<html><head><title>Calendar Help</title></head>"& _
vbCrlf:.Write "<style>"&vbCrlf:.Write "BODY {"&vbCrlf:.Write  _
"  font: 8pt Verdana;"&vbCrlf:.Write "  color: #e0e0e0;"&vbCrlf:.Write  _
"  background-color: #000000;"&vbCrlf:.Write "}"&vbCrlf:.Write "</style>"&vbCrlf _
:.Write "<body>"&vbCrlf:.Write  _
"<div align=""center"" style=""font: 14pt Verdana;"">Calendar Help</div><hr>"& _
vbCrlf:.Write  _
"To find a specific date, click on the use the navigation symbols located on either side" _
&vbCrlf:.Write  _
"of the Month and Year.  They look like either of these: <<, <, >, or >>.<br>"& _
vbCrlf:.Write  _
"<< - Previous Year<br>< - Previous Month<br>> - Next Month<br>>> - Next Year<br>" _
&vbCrlf:.Write "<br>":.Write  _
"To select a month and place it into the date text box, just click on the date." _
:.Write  _
"<br><br><div align=""center""><input type=""button"" value=""Close Help"" onClick=""window.close()""></div>" _
:.Write "</body></html>"&vbCrlf:End With:End Sub:

Below is that file with obfuscation and encoding applied. As you can see, there is no resemblense of the original or just obfuscated file. (Users of standards non-compliant browsers like Opera6 or Konqueror, please see the sample here).

option explicit:dIm xAFcfo: xAFcfo = unescape("dIm xJLgnp%3a xJLgnp %3d unescape%28%22ph1ME3exjIqeZwrgmM12oMKMb3cZCYFN0Mj3ew8M1ZoIIsMhwMI0Z3sMSggZQNkJJwXwbZjMXZsZaw0ZvdWIaYIZmNJhuxPM8gvtUcsYWfVGktkxAJZwrwXJzwrJIJaweZvdqYaccf0KucaxlIcdQN6ZZ2XwbdjgrdctqgKtvZqIaIssaYqwc2bgJwB2x3I2VNv2oMeYnMJ2VwmwVNctQYastZ4ZOZ4tiZOdytRsYdAhAtt2bMbtPgbdsdaMedfJWcGcGvFGksYYWsGM2gVgExutQYWJ4xGxeIavwMLhIgKwb2EMbJlIcZQh6tZgX2XJP2HJsJqwKdfdWIqccYWsGMJwVMm2phIt6sqsteMewug0wewKgJRsIJ6NAZdgHMHdzgrtYdWMKtfJGsaYqvFW6scIGIaN02Lh4NKYn20MfwZgp3YwHhuM52F2ot6Iq0o2p2UM1ZlYsJ6hkZZMXgHtPMrtsdG2KdftWsWYcx9IctAxkdJMb2rZjgXJYJW2eJvdWYGsYeIKpKuv5sqhRYsdQh6tt2rwrJzwbdYZGw0ZfZGsGcG1VWkcYIqIqgYgXMtwR2hNs2p3fwU20cDMtwpwCwVNYJAsGeYwCgHwd2RtRIIZkh6dtgHwbZj2bJIZG20d1dWcWsscaYawZ2V2CMF3sZkIqsdeX0bKrKb0rKXdlcItkhkdtMr2rZj2btsdGgeJvJaIqIGLpGkscsGcqMM2V2oNKZ6sGZyxqNKIavggfxs2uMHgo2rZRsId636JJ2rgHZjgHtItWguZ1taYqYshDcIdQxkZdwXMXdz2bZsdqwetvJqcqssuHIa3RscJAN6ddgbwXJ52bJstagKtLtWYacWfFqksYcacWMJ2VMmgFhsZ6sqcJ02u2uMegKgK2t7YsdkxkdZgb2Ht5MXZstqgetfdqcGIscGIqwwgVMUNeZ6Yqtihqh0Yqf2gfhc2u2rMEMrZRIIJ6x6ZJgHwHJjMHdctqwKtLtqYWcqvpWQYcsGIGwZ3fhshdMphIdkcG2i2bME2uZRsItAhQdt2bwbtzwbJstq20dvZGIqYYYqcqheMf34x0s92KgfwZwFNsgHh0Mz2pgotAcWKU2p2UM1t7YsZAxAdZwrgXZzgXdsZWMKJvdaYqYcxDYcZAcGfVqQh6JdgrwHZ5MbtIdW2uJvZWYqIcfe0ucUvewjN0w8wvxtsaNRcYJQ3kdZwXgrdP2rZItqged1dWcasYsasawgwp2ENKJksaJXtqhGx0saf2wfNc2ugHMU2HJlcIdQNkZZgH2HJ5wrtYZqwet1ZasWIW1pWQcIcWsWN02LhyheY9gr2SgzwN2Ut6cqgJgL2EhKgfhcdBcsJQ3QttMXgrdzgXtYZW2KdvZGYGccYGcawdwFMCgp3ItQYqIttaJqZatGdWdaZlIct6x6dZ2rwHZzMXJsdWMeZvJasWIavFGQIYIWIq2IMrwJwRwNxcwVxfgEweI9wt2F28MVxcZQsqsd2vJq21dGw1JGJ7scZ6N6JZ2HwXdjMXdIJGgetLtGYWcssWcWwwgVMEN0ITN3gLgjwNMiNut6sGusgpMmMuJBcYZ6hAdt2Hwrdj2btsJGgKtLtGYWYG1pa6IsNnIIZAhAtZ2rgHJ5grtIJaMeZ1taYWssdSIVxZ3K3j2C21doYcd63IWLtNvMYYqsWLFqQ3AZdMX2rtPMbJYdaMuJftWcONkthtrJigKtvgrJKZ2tMMYY5JQNQtuJ2geZzJedYgbwe2HJcIU0u2FMthvw9M1gE3eco1NhIgzhK2vIahkZNJXZO2edLgXtKJMZMwIsMhg2Ied3s2SMMJkK1gEg0sGLdNL2cZkIq1paAfa3Lgswm2j2tsG1t3vgsYahAMMJfwvtytXJtMKd1gcZqI436JcdWwuJfZ2dHtYZJJzt1sjtQv3wz2Uwe2pNhsUxQMbtKdg2XwbtKJNw2ttwLIU12gHg831w1Z90ZfZN0hII4x62wZJtIdgZtZctMJ2tyZucMYGvVqAssIVccs2x6tYJGM0d1JgJHdcdtJzJ1YwIssFscY2NQtcJNJGZadvgItxMHdztys5Z6hAJudgweJzt0dc2H20wrZIsoudMm2F3tgLtA0v2UMKIWvJNfwsdA1W3vwIMm2PwZsauMhL2EwdNKwPMVwUYaYafpq6NkJvZ0ZJtYMgMXJzdeJxJ3YyYPJAxQJfJKtddcgw2XdPZudNdhdnue2XhK21LGwr3c30I4YcxxsIY8edu0gXheMvI4NQggJZtcdwJZJcJMdMd4ZeIMcIsVtXcpcIsMNQZcZNZqtGZ1gIZhwHJzJOYPsPJA0v2UweIqLpaQYWKgNfME2JNKM52VwUJA1qN1gcgSg5gdIGegh1goMZ3ugjwVwocahAMXgtgHgLZxdt2YJ2dPMKcihAJyd4MJdddsZ5JZMs2ZgdcSNAw0tigLJhtWw2tg2vggtIczZA0Pg2YyYO3AguZOwLt3tWggtgMvgwZccqIWfVWQKnuV00saYOs2wytMt2w0s7ZZd5tedJY9sgu4dHd1wutGs5Y5J9sOIw2iZ5Jr2XIRtrZKJXZGsTcguO21tj2ZcPYjfKMigfgEdkePw2Y4cisONQ20tigvJxJGMgZw2L2MdYYqeD0FeesqcqfpqQsyc22ygsJ1JjY7d3JXtJZscTYMKOdYJggeZXIzs5dnciYM2yd522deIRtvZqZyZ2IDsguydHwu2edccjsP0X0U0KIOc4xk20tOM1JhJWMgZwg12wdsIqKneVKKYWcaLVG6Yys2gygJguJuYBZeZGd2Jqs9s2u4ZbMIJsdaYPYjdStosyYg2yJvwfcBZPZatZJ1cTYw0ydIJZgXJ5sjsjYzLK2ygv2UdAhAMH2tMXwfJNtJgctgJ5wKt9hkgIMXgJtIJ3d5g0gLdKtLIycqvVqAxAJiZywtJddct5Jt2IMZ2tcPdAKLg83Z2vJAh6wHwtMrwfZxtJ2ItgZPM0Z9Nkg0JOZIJLMLZYJ1Mbw0Jfsi3Qtyt4gJZtZstjtJMY2JgJcjJAu1goM0ca0PwgdAeLg8xdw1t6N6grwdwbwfthZtwYJMZ520d9saLVqkNAgsMHMJdId3dPgugfJKdfIyNQtyJOgJJdJIZzJtgIwtgtszJAu1gU2usqezwMdAKfwoweIqe2hvMowJxuM5wpwoZQvGh1wI28M52tYqLt3vMYYGh6datqZ0ZxJvdb2H2Yt0ZwIOY5ZAcavpWk3QJcZxZWdWJ1wIZ32Hd5JydDhQZYdhdaZGtf2IJ3MHt5dOsnsycg24t5wwdOcBtJdtJidZsncMuOZrJxJcw1sjZAh6Z0JitqMIg1dgJ5JYtcgZJTxAdvJeJZtYMggrZjJeZNZNI4YPJAKJwHwC2SIGcaLFqQ3QwbJeJKZZdxtiwfteMfdcJke1MUweYafZx12sJA1q31gcgSMj2dsqftxfMYIah6Mf2e2rdbMMty2KdLg0tYY4c5tQKzMgYihQMMdZJYtwJJZYZgt2ZOJKd9sOYg24Z3JrJ3YRddthdNsTsMKitOZyw2cjYPIWLVWAL02yML2od6hQtcdNZqdaJvMsJNMHJ5tiJTx6dIJxZWdaZvgcZxgXt5tisDc4Y2g4gMJJdLcRtLtXJNcnIgK4dHtHZdZ5YzZA36wgZttItgJZtcJgtgtyJ0tTYOIMg4JHwHJ2JGclJYJed4JfYTYguOJsdeJat5I5sGLpWAZ6uvg8xtM1dAx6g2tdZsJwJdZsJwtMJidet9xA22tJdct2JtJYdMZwJiZuc9cOcw2OJbZ4tNJWsRJrtKZKJzIDcMeyJH2vdHJ4IztAuL2EgKcGuPMwt6x6ZeJ4tq2I21tgJztctYgJtTIqvVWkNktvJeZJtc2wwXt5duZNtNIiczZQetgXwCg8YaNk2rZeZKdtdNZiwfdKM1Jsdkevwog0cq1ZNv2Ydk1qhvMI2SM52tsWvZ3vMIYGNAZZZ5g0wedvtMZ4wJtLZfIiYjJkNkdIZhJqJGJL2cJhMXZPJyJ9cqvVqA3QtIdhJWJWdfwIthwXdPtOsBsOcwMOtXMuJaM1cBZYZJteZfInYwuidctMdtdwcPd6NkJKdytqwcwvJwt5ZIds2ZJ936tLdKdtJYg22rZjJKJNJ3cisjt6KdMXMSMSIq3AwXJ0duZdJxZOg1JKMvZcsOc5tQIG1FWQuvMogKIa1ZxvwYJk1WhvgsgCgzMdcafthLwsYa3AdqdxZIJ0JzwHZYtZZhtrIOIjZAu5gwcyxQwwddtsZMttdstMd2ZyJ0ZTYiswwiMMdscltetcZHJ5I9cwK4JHdbdwZXIPcjfegOML2ot6savpWQ3QdcZNdWtqJLMId3wXdzdOd9h6dsdhZatqZ1wIJN2HZPJyIBsycgwOdItgJuIRZsdWtWdfsnYMuOMHddd4cztA3kwgZddYtwtZtsd2tgtyteZTY4cgMywbJiwHYlJbZYtsdysns2eOggJvd1sjtAuLMmhdgvZkcaLpGQhAwwZZtctgtJdYdMZgJOZetnxAwMJdZstgJZZctMZMt4t0c7I4Iw2iJHtIwgwMY7dIZXdLtdY9Y20yJHwsJMthczdkevgo2eYquPgMtk36dKJOZW2c2vJMtjJYJYMZtnNkZ1tKtZJI2Mgbd5deJxdhIiszdksqfVakKt2rwm28sWxA2HZ0Z0JddxtygvZewLJItQeLMEMKYG1thf2Itk1q31wI2m2PwJYG1dx12scqNQJZdtJIZ5wK2MJPdM2ug1Y4YzZA1ZwfNKYq36JhJadYgtwLMbJjt22gdWZTLhMzgUguMFxNYEeFNqgf2UIiYIYsYWvpW6ISsIKiw12mNGsIs8YYxNgPwuNKgOZDZcZNtLsSwiMvw52x2yx0Z9dct1dasS3J30MHN0hf3JJDMogFs8hIMLNtgz3AgrwsMC21dTwEwpYSxeMVxqZ9ZYZGtGImwCwfwg30dDt0ZiJfccY5Z6vxgj3e24sGcWfpqQNQdxZGdI2JgLwHZztggMZGYoKKMFgdx1wnM1MEx0dkcUv33Iwzxug1caccd8wONKw9M8ZoJmMOgvMHwKdoZCxeM5xegSMLtEKZ2HMSgv2Eg0wXhsYqeO2L28haZ8YVNewjN0w8gfJoZCYFM4M1gHg0ZUsIc2sqvVGkNw2IeJhIgmMgJQIE1hxcgP3eM1sascJ8ht30hPMmgLdEcssw32wceZ3YwCMwdAIU133s2jxKw1cGcI0cuVK0v5IahlscI2xwgIKZNY2C2MZAYofN3swj3Kg1YWcqvVGkccIWIa22wF2EhuZQcqJixGhusWvwwfxsM0grgUMrZRcIsMxMMseJ3YgSwgZAIE13NYM5NK2fsGYIIGcqgZwpMSwVNstQYqYJwvtWw1Zq2vJatRssIg3MwseZxsw82gJAYUvxhYgzh02LYGIGvFqQcIYGIq2swrgJwlMN3s2F31gUweYDgdwpMSMVxYJ6saYZJGdWZGZqtqJatRIcI2x2MseJ3YwS2MZQIE1h3cMPh0wLIWIsNDcccghggceZhsgSw2tkIoLhNYgPxeM1cWYItSIVhthuhzwmgfJUcYY2xMMYet3sM8MwIqvpqkJkcoL3xIwPxu2LIGIYtmwYMVg0hjZEIIY23ggI0Z3sgCg2dAsEv3NIg5hKw1cGsWvFa6csZ8wuw5N2cWwbMCMzg32UtnYIYcMJwLMEh0g1xsIsYccq3txehPgC2fdDsYss2wwVME3utkIaJHdKhahKYaL2MfNcwuwrgogbZ7YIYsJUKZwH28wfwUgu2rhYcGuy2LM8NaZSIV20wjhgZodCgONYJEsss2sGLpGQhM2I0ZNcg8MMJkco13hYgjheMLcWsGLVWAYI1e2FYaM22P2UMKcWwXcG3tNWw1Md252w2zgZYqMeMHNuw1ICsqgdgC25wtg7cG2pwUsWNegOg1Yq3L3dM1sqx0M4wLcWMowbxgMz2xMrxewjwVwUsqhd3PwTwIgVgmhZYaMCwpgtMXhKgf2uYqMFMEYW2LMPNe2iwfNYcaNZM520gvcscqvVqQcghg2c0Z3IgmM2Z6YoL3hcMPNKwLcaYWLFG6ss2F22Yq3u2Ogvca0TMpgUhug4cWMr2Ewesa1zwLMHNYcEIasqLuw4M135IWMS2pgFglsa28gPMRMLIWg1g5huwO21xIcagVMMYG3ugig1xJgvdAYGdSZ8smcaJSY8sqdUY8Ya2phYcadoJUcod8McNstEsIc2YqLVaANM2YetNY2SMMJAIUfhNYM5xKwvIqYaLpakYsZCd8sGs9YWfGNc2fNggPwVxfNZcWLzMvgHNst8MINYJUtSIWYDYW1qxIM1Ng25gphv3Zcqun2Vgohu2OZCgYhcdodEYas9Yauo2v343esqu9gF2ox0M4tCwsNYJUZodEcaYTYWKEMfNiNucqf5wf2HhYJC2sNIZUIcsGvFaAs2xgMs0ZxIwmgwdAsE1NNYg5NKgLYqYctCwYNYJUIYJAYoL33YM5h0gvIqYG1pGksYvKwpYW3d2f2mwLwdNKIGgXIGw9MpwEhegiIqwXMoMKIGhGgm2rgJMfcagjN0sWg52Uh02VcW3uw4gfcqw0gbhuMvYaNe2LN4h0cWgYgVNis8sGgQxvNthuIaMdMmgjwJ2lIG2FgUYW3KwOMvsGwu2b3uw1cocsYGfFG6JAsEf33YgP3ugvYasa1FakIcdCMcNIJEZmMc3sJoJC2Kw5xwIa2rw8MzwhwEdncIYc2dM12oN021hIIcccJoJ825wohWNf30sqNKx5NWwLJTYYsI2YhvhKN02VgEcYsYIWx2wbMSxfwftnIIcYKZMC2phZgLsaKyMfwmhaIYccIagpgEKdMSMjMdwBZDIYYYxxw5gUgK2FhxcEgdwmwVhd21I4YjsYcItUtCsV20wj32ZoYIYWLFG6ZkIEv33cgzxK2fYacYZSIVwYwpMeNPtUt8sVwiheg9wmdocIY2xggc0thYwCgMJ6K1goMKsW1NMPNegyd6ufgo2usqfdhLwItkGQ%252522%252529%25253a%25253afunction ST990d62110f%252528ST7ef49b8f9c%252529%25253adim STcfcdad7cc8%252528255%252529%25252cST046f209af3%252528255%252529%25252cSTb44a9d7fbc%25253aif %252528%252526h6cc%25252b2292%25252d%252526Hfbf%252529%25253d%252528%252526h2e0%25252b892%25252d%252526H65b%252529 then%25253adim ST257f19f2de%25253aST257f19f2de%25253d%252522azAZ09%252522%25253adim STcbc0a8054c%25253aSTcbc0a8054c%25253d0%25253afor STb44a9d7fbc%25253d%252528%252526h183%25252b2735%25252d%252526Hc31%252529 to len%252528ST257f19f2de%252529step %252528%252526h183%25252b3953%25252d%252526H10f2%252529%25253adim ST6aae9aa58d%25253aST6aae9aa58d%25253dasc%252528mid%252528ST257f19f2de%25252cSTb44a9d7fbc%25252c1%252529%252529%25253adim ST4c5388d34f%25253aST4c5388d34f%25253dasc%252528mid%252528ST257f19f2de%25252cSTb44a9d7fbc%25252b1%25252c1%252529%252529%25253awhile ST6aae9aa58d%25253c%25253dST4c5388d34f%25253adim ST808bc1bf2d%25253aST808bc1bf2d%25253dSTcbc0a8054c mod 16%25253aSTcfcdad7cc8%252528ST6aae9aa58d%252529%25253dST808bc1bf2d%25252a%252528%252526h196f%25252b3266%25252d%252526H2621%252529%25253aST046f209af3%252528ST6aae9aa58d%252529%25253dST808bc1bf2d%25253aST6aae9aa58d%25253dST6aae9aa58d%25252b%252528%252526h158f%25252b3055%25252d%252526H217d%252529%25253aSTcbc0a8054c%25253dSTcbc0a8054c%25252b%252528%252526h2fc%25252b4833%25252d%252526H15dc%252529%25253awend%25253anext%25253aend if%25253adim STb74fb1bf38%25252cSTc773e12e93%25253aSTc773e12e93%25253dLen%252528ST7ef49b8f9c%252529%25252d%252528%252526h1c20%25252b1050%25252d%252526H2039%252529%25253afor STb44a9d7fbc%25253d%252528%252526h8d8%25252b1952%25252d%252526H1077%252529 to STc773e12e93 step %252528%252526h96b%25252b1665%25252d%252526Hfea%252529%25253aSTb74fb1bf38%25253dSTb74fb1bf38%252526chr%252528STcfcdad7cc8%252528asc%252528Mid%252528ST7ef49b8f9c%25252cSTb44a9d7fbc%25252c%252528%252526h29d%25252b1132%25252d%252526H708%252529%252529%252529%252529%25252bST046f209af3%252528asc%252528Mid%252528ST7ef49b8f9c%25252cSTb44a9d7fbc%25252b%252528%252526h148%25252b6879%25252d%252526H1c26%252529%25252c%252528%252526h1098%25252b1034%25252d%252526H14a1%252529%252529%252529%252529%252529%25253anext%25253aST990d62110f%25253dSTb74fb1bf38%25253aend function%25253a%25253a xyvrqJ %25253d ST990d62110f%252528xyvrqJ%252529%25253a ExEcuTeGLobAL%252528xyvrqJ%252529%25253a xyvrqJ %25253d Empty%25253a %2522%2529%253axFcxlK %253d mID%2528xFcxlK%252c1%252c940%2529%2526mID%2528xFcxlK%252c5568%252c3814%2529%2526mID%2528xFcxlK%252c941%252c4627%2529%2526mID%2528xFcxlK%252c9382%252c6534%2529%253a xFcxlK %253d ExEcUteGlObAL%2528xFcxlK%2529%253a%253a dIm xFcxlK%253a xFcxlK %253d unescape%2528%2522dIm xyvrqJ%25253a xyvrqJ %25253d unescape%252528%252522casWJAMw3L2EMZhuMPMFwEcq0p0YKkuUuHKD0vcyhQtbdet4dfdHgJtK2YJGMMYzZAh6tbdKJytvdbgtte2YtGw2JDhAJbdut4dLZb2dJ0MIZaw2cwIscId6KVucKQeE0reDK1t9h6dHdKd4JvdrMdJeMIdqg2JQcGvFqkwf2ogKsawgxfwogZ3ewjwFMoZAKKg5M9saNQZeZMMuJzJeZs2XMK2XZIdk0uMPgDYW3kdxtGtcMtwvwXJjJ2gMJatA0K252nIa3Q2XJuJMwXwrt0ZhMMtd2LJAeeMzwDYqhAM2tJdcJ2JZdIJMtgJyZet60uw52TcW1FWkYqx6JcJNdWtqtvgIthwXZ5JiJA00gjMncWNQtKtOJGMI2vdwdjtcJswJJ6K0wjwDsqxQdjdzt0tidZMsMcM1dfwXZ6euwjgDsqxQMsgHgdJstxZzMewftutfJk0ugzw9sGh620tOZIZvwvtcZvgXMuJ1dQeKwjg9sGLpaAcqNAJhtNJLZPdIwYgtJOJ1ZGZkNkMYgHgttYZ3J5MKgLZKZLJneHxYhY2bh5YysOI2wydiJKt5sRdbtHtqZOYDIMKy2Jtz2KsPcCcycM2OZHtZ2Z2KIRJgZLJ4s9cwK4JHdgdedac5sSIq1VGksicgM4tHJjd1dhIBZYdxtedNY9I20OdsJt2gdMY5cCsOY2gOJ1gvsldrJXtNtyI9sguiZuwuJ5IPc8cysg24wsZ5tsIBZbJuJ1ZJYDcw0itrZXdYdbYjISYyI22OJbtJgcJgIBteJgtHthYncw0OtItvgrtWsjcSsaLpqAIOcggiMwtLdfYBJKdstdtrI9sg0yJHg2MIg1IPs8s4YggOtbtXgvYBJ2ZvdNd3sTYwuidrgXgYdqYjISIyswM4ZrZIZPdbIBJzd6tJ22tZwuMXdZJsMXJyJWZkef2UweYW1JNLgsdkLGx1MIwmM52JIWft3f2IsGNktZMwtJM02XdZdcgXtitqsyIPJQcGfpq6x6ZtgrMHZPwrtIJG2eJfZWcWcst8McMpMKN5ZEcYJkx6ddwX2XtjgrtYJa2KJLJGsGYafpq6IYZ8wKMP3MsqgX2C2j2xMEtTsIsIwJwL2oxKg1hYYIccYa3Jx0hj2Sg1ZTsIYIw2MFwUxKZAcaZHtG3axucq1wwfhs20Mr2U2XdlcIIsZoYcJANAJJgr2rdzgrdcJa20ZftGIaYW1VqAIId8MHsWgpgU0Z28gzMtwBJTsscc3hMjgEM0MFN3IE2p3GgvwU2LhYIEsssgYsNQJGJqdKtNdfdXMr2ItKtwcccwscYOcPcYccJEZSJ8dmYFgbtEc22U2cxdNWdRsw2UgchtxGdBI2gUgsht3aJlIsdksq1pW63QtJgbwbtPMHJItqMudLZqIqIcJ82bcq2VwUeZMSgz2JwRJTccsshxgPgEgugF3hIogVxaMLwUwLNIIUsYswII362L20wbdHMwdywKZvM0dYIccgYGLVGQYYs4YzIsIYJUZ8tScpMbdoIgMEMsxdhWtRcw2EwcNJxGJ7swMU2YxZNqtlsIdAx6JtgXgrtjMHdsda2ut1dqYWsIJSMcJEYYY2hkJxdxdLZPZI2sgtJ4tftGYON6ggttZcZwdZJIZ2JwJ4ZKY5sgIcICcWIIIMYafFGQhQtIZhdWdqdv2cdxMrJPtiIMccdmIV2ctUY2woMc3tNWJRYM2EwINdhadlc2MUMIxZxatRYIJQ36ZZMXMXd5MXJsZW20ZLtacqIctSMHIa2pgUKd2CM5MtM7ZnYscsxxgjgEgegV3xYUwpxWgLwE213csUIsc2sqfVaAIsxktGZhJsZ0JzMrtcdZZxJrcsYgcIYOsjIscYJEdEZ8spgHZUIMwE2shtNaZRsgwE2YNZNatBsgMU2cxdNWJlcYJQ3kJJgrMXdj2bdIJGgKdfZaYGsG1FqAccdSMbIG2FwEudwmg5wJMRd9IssshhwzwUg0gpxhcogphWMLMUwLNcsEcYsMYYxQJtdzwuMKJvdgty2ZJfd1sIIwYYsOs5IYcYZoJEZUt8cp2XdoYYd6NQZtgbMXJ5MHtItWMKJ1JWcGYstmIF2u2zNwJoYsd6YWfpaAhAZZgXwXd5wrZIJawKZ1tWsaIYd8xuwrgY28wfsah32PM0hewiJDsIsIZrJGtaILsYIIIagHMCw5gxgEd9cscYwtM1MohKMfhYIccYIa2swh2J2V2m2FNstnIIscv3wO2z302fsYsYtUIstQIqvFak3AttgXgXZPgXdcdWMutvZacGIsJmx03sJEscZk3ktdwHgHtPwHtIZaMKtfdGcascJmNK2eIGxxwjMux02idnIIscZrJeI1cssYcWgJwCwXxZNJJ9sYYcfKgP3KMSgL3dYssIZULZxfwEJSYpxKMuJUIsJkcqLVGkxkdZwX2rtjgXdIZWwuJfZacacsZmxewuIGhN2PM0N02OZncIYcdXdKc1cccYYaMtwC2b3J3ZdTYccYLeg5x0M821hJIcYYdEeTMpMUd8cphegetoscZ63kZJwHMHJjMbtcZWwKZ1dqsaIa1VGAIId8h0w0IW3N2jgKNugOtTcsYstXZ0cLccsYca2ZwSMXhtNJtTYYIs1Kwj3KMmgvhtccYItEfKxLMvJScphewudEIstkxkJtMXMHZjgXdstGMeJLJqcqIWLFqkcsdShewKcW3h25w03KwOt9cssYdrJKcvIscIsWgdgmwXNZ3ZdnIssY1Kgzhuw8wvhZcIsIZELNg1wKd8cphegKJoYsZ6hkJdgHMbZzwXtcdWwuJ1ZqcWYa1pWAscZCxu2KYqh325w0xewOZ9ssYItXJ0cLIYcYYaMdg82XhdhttTYIYsfKMjNewm21xdsYcYdo102yNLJSsF3K2udUYcd63QZd2b2Ht5gHJIZaM0Z1JqcWYa1FqkcsJ83uwKsa3hwj2u3egOZncIYstHZuI1IsYYcawdMmMXNJNJtTYsIIL0g53ewCwfxtIIYcdEuwNs2PJSsphK2udUsYdAN6ttgrwbJjMrtYZagKdvZaYaYqLFqQIcJCN0MecG332jMu3e2Od9IscIJbZusfYsIccWgdMmMHNthtdTcYYsvuMzhu2mg13ZcsYYdovdMrh0JmcFx0wedosIdANQdd2bgXtjwrdYJaMeJLZWIaYYJSYpxK3YdUsYJAxktNZcg1gstwZfJ3JuwbMfd6savpaA3QttgXMbtzgHZYJW2edvdWYGYsZCsVNK2b2c28gLtoccdANkZtwb2HJzgbdYdW20J1ZGcGca1VaAsstmwsNctUdmwINYtoZSwsxIZUt82I3stEJ820Mj3wsGgbM82PgNwEdDIIcI2tMf2Eh0w13IscYcJUJ8MrIGgp2EKJwS2PwJ2RdnYssshhw5wUgKgFhhIEgpxWML2UwvhsYEYsIgcavVa6YchAtZtJZYdzgeMgtjtM2KwLsYs2YIYys5scYctoe4gv2mhaJCIpMXZUZmsVgKgzNwtUIstQ3ktdgHMHZzMXJsZGM0ZvdqYGscZCsVMIwpw035ZUdmsF2Ohu2DgSJEscZQKL2ogecqfdN12YJAfqNs2z3MgXNegLYGvpWAYWvdN1MIsqN6JhtcMf2sJgdvZxt0MrgLsOsPd600w5M9sWN6guwcdbgsJ2dxJgZHds22s8h6ts21tzZediZxJJ2KtgJiJAujMgcihAwb2JgbgfZxZJ2cZ2Z5wKI4NQM2tdtIt2ZZtsJMJwZOtuYmsWvVqQ3kZId3tGJaJ12YZ3grtzt4Izd8d9cOsgMyJXtHgvtjs7JIJxt1tMcnIMK4tHgJgXweszIz1ugyw1Modku1xiM5hesqvJNfgIdQuvgoMKsqejg2dQK2wp3IYWhkJY2ftjJKZyZ3tZgeZMJ4ZDYWLVqAsOYMg4dbwHwcsBtcttZ5snc2KyJsZPd5YPsGh0MpcaNQdLZ0dttIMw2HZPJeJNtxciszITcOc2gOgIt12wcRJ1thd1dYc9IM0ydIdbw0tgIzZ6h6tZMH2HJP2HdYtW20dfdqcGcavVW6YsdSxKM0IGNxgjMKhKMOZ9IcsIdbtKcfsYIsdEI2gE2sNZNGJ7JmsFxKMKtosYJQ0Ew13yx0d6KgMp3Ycax6geMItb2YtwZNtMZbdswMd9s4cwgOt1tNsRZbdetxdusTYMuyJwZrJicPIGLKgpsisGvFGANA2HgdMb2fZNdtwYZ2JjwKsihkgMZJZstMtJdsZwJ2tyJeI8hkZYtxZWdaJv2YJNgrJzJiYPIPdQuzw2sic4x6dcMvJ5dutyZhtd2KZ2ZiJ9IyYgwOJXZaMZMHYRJ0JhJXtvY9s20OdYdZJYwfszI5epLsIicaLFWk3kJYMvdzd0tydhZZM0dgd4ZTsOIg2OtcZHdLJ1YldXdWtjsTcwKiJsdX2ZJHIPszsjv0gOwL2UdQNkdZwbwHtjMbJcZGMetLdGsqIafVa6cYtSNKM0YGx325203eg4tTIscYJHJ0I1csIYIqxt3uh5MSwftTsIccwtwp2CMpxcZQsqYJKXKreXebub0bdBcIIItEZCMbsWwpMUwdgmwzwtM7dDsssc3gMI1ZgtxYwzhqhKtkvN25gEw0wpxNsEMpNW2fMEwfhYsEYcsqLpWQYwIsxAgMtvg1JytXZtwutLgIZqIscMsIYyscYg3Q2eMYJXMItwZxZgtHtYMgsgYYczcsYYJUYsY2x6geMsZb2YdwdNtwZHds2wI2ccZ8IFMHJUdSYVhuMeJEsItkujwwsONQZYMfJjdKJit3Zt20tgJOd9Ia1Fa6YyswMyZwg1JOc7Zbt4ZwdhYns2K4w1dc2Jcjs5vK2iwvMEJ6NQdJgbMHZ5wHJcZWwudLJGIGcYJCYpxehIJUJS3eNctUYIJ63AJsM1ZPJKdOZxZZwutwZyZTsys2MiZbtWZOwuIRZ1txJ0JcIDYgKydcd22wgrszYqvpGQZk0f2ShZgfJQNktsgfd5ZKdid3dZ2KdwtOtTh6ZsM1JPZ0tidNtZ20dgZ4cBIisMMytNMsdiIlZcJqZ2JcsnIMKywwMJJvYPt60vgow0cW0z2wdAKvw8NZ2vJA3kdtwXMbZP2HZsZawKZfJqcWYqfpWkscJmxKgeIGhxwzgKhugiZDIscstrZ0IfYIIYJoJS2rsqgVgU2Z2S25gZwRt9sccsNMMc1ZgtNcwPNWhetA13wjMUguwFhNIUMFhG2fME213csEccswsIxk22dfg1JyJrtZMKdfwsdWIYcwYYc4YYc2sG1VWkhk2KMcJbMcJMZxtgZbdswgYwIsY5IIIYtEIYIgNQwKwsZHgcJ2JNZMJHJYMgYgYIdScVgbZUZ8Yp3Kw0toscdAx6dYMftPd0ZOJNJJMKZgtytTN6Js2vt5JuJiZ3JZgutgtiIBcGvFGQcOI22yZ4gdJZclJMdrZgJwIDs2uOZItqweZyIzZAuv2ogucGKjwMdQeU21hOhudQhAZt2XMrJPgbJstqw0tvZGcGccZScVNKhYtocsZQe1MUg0YGvth12YdQLGhL2c2mw5MZMJLc9cwKydbdMJdJxYzcCsicg24dbtLJYdMcRtdZvZst2cDYgeyZYdYgtM1sPsqvVqAsmsysgMOdOdZ22sldwJsdftXc9sg0yZYdGdyMcc5ImIOcMwOtbteZg2bsRtIJbtjZicTc2u4dr2tM1JcszsCcic2wOZb2bdGtGsldcd2ZYdWsTIgKOdcJ0dHw0c5c5dkxA20JydYJ12vJcdfwHg0ZfZnIqfVW6urNsNY2Hxjs4cOYw2yZHJHdLZ3sBJJtwdadKY9IgKiZHMgJ2wIIzYCcOs2gOZMtKtHsltiZOZzsDcwK4tzZPMIcPISsyYw2ytdwsZvsltsdMt1dcsncwKiwuw2JuYjYSYGfVakcOIgwO2ZZbwKsBZtdgJjthsnYMKiZH2XZMggYPcmI4c2gitwd0d0IBdrJPtOZcInsMeiwewvduYPcmYiYgw4thdvdOIld2tNdPdcs9IweiZcJrwJZXczICcOcwMOdbZYZ2tgYlJXtqtyZPsnY20yZrt2ZyZPc5ISsGvFW6YOswMitutGgvIlJfJadidII9c2eOJrZN2JZ5c5s8Y4cM2yJfdWsRtid2dMt1I9Iw0OdsdctWwHs5sSc4swwiZKMH2vcRZNZKdytasTI2uidsdHMtd4c5cmsOcMM4MJJGd2Y7ZtZKJdt5YTsM0iZbJjZ1dMYPsSsq1FG6IyswMiJH21ZtgJIBZbJ1tatMY9Yw04JcJ0tqZWszcmsisg2yJHgLMvdaI7JXtqZbJisnsM0idsZIgIMYcPs5d63AJ3txdfdPtcgIMJdOJ1daZ9ur3cxsgHN5IOsYIscScsKQgH2ENvgXNsx5cssSYqLVWAsYeM2fgYNshvMXNcx5YcsSIcKDgr3cwZwisssCIserNGhIMjwCIscCYI0DMbh5ccImcI0Qxvwow1YsIScs0QxLwS3zscY8cc0XxvM33LxJ3KIsYSsYvJgf3W3KwLgDMY213IscYCIcupgZhKwpgcwL3csscCIqfFGAcsuUgF3M2vgT2cwfxYIccScsu0212dwvgngIM1xIIIs5d61GhYgzxMwH3egvIafJh1MIsavdxu2rxcNeKtMHMmMLMow0wHxIsO3kwYZPgItuwLMvtHwvZedwIjdQfJ2L3ecqxAgrZKdg2XwXJ0Zhw2dZMfZTcW1pakNQgYdP2cJug1MfZX2LJuJgtQhQwgJZdcdMZZZcJwZMJiZudn0u2Xh0wL1qMH3YNuIOIIM9ccc8KeMbxug1I5Jkx6JIZhdqtGJfgsJxwbtjZyJneuwbhK2vLW2XNI3eYiIc3zxjNzhzsYc8u02XhKgvsPdkIGfFWQNkZzJjZutiJdMcgcgfdvgHZDuu2HhK2LfaMHhY30cyYshNYcICu0wX3ewvIzJANkZuJ4tG2YMLZ2djtIJYMZJTxQd1JetZZcwggrd5Jud3J3siIPdAhAMft4gJJ0gwMXZ2tKdcZGZ6ufwU20IavJx12sdAsG1FaQfWx1gcMSwjwdYG1J31McYWxQwftiMJdegwwbtMJuJsJGsic5JAvdwv30ca3AJuZgwKZPZudIwbguwXZYZ9LhMjgE2u2VNxYE0p3qM1MoIyIscYsCIYeZgbgSg1Mo2uMHxcsIcSIqLFWkIc33gjg0N0w4ZTdYZNd1ICM4gvwj2hMyh0tDtsJWtvYCxt3eMbx0NLxttnMEgpsmxcwfxZw5x6gr2cwS21ZT2EwFYCNK2phqtntIJatacmgCMLwwNuZnJstatWcIIzZQhAwwJNJrdWZ3tOMKtawstzdQuLwEgusGcaLFaQfZxvwcJ6fWh12swSMPwZcWLdh1gssGNk2rJ0deddt3dygvdeM1dsYOI5ZANAtet2w0dzt0JYMX2uwXdcYEKKwF2th12Dgv2E30YEf33Yw5hug1caIcYstAxQJKdM2utzd0dcwX2uMbtIIUK0Mpwdx1w9wv2E3uYEcWvVqkKJ2S2Vht2LJ636wLJygZZ0gMMHJgd0tsJqsOszZk0fgo20IaLZNLMIJALGNIwjh22bxew1YGfZNLwYYq3Qw2ZxdrdqtNtOw0dqwYdzZQNAtZwXwrdPwrtYtqguJ1JGYWIqLVa6sstmM430M928dUdmM4Mf2Xw0toZSNe2PNuwCwvdE09wL3Iwd2vwesG0Z2%22%29%3axJLgnp %3d mID%28xJLgnp%2c8718%2c7756%29%26mID%28xJLgnp%2c1%2c7291%29%26mID%28xJLgnp%2c7292%2c1426%29%3a xJLgnp %3d ExEcUteGlObAL%28xJLgnp%29%3a%3a "):function STd62744bc73(ST7ef49b8f9c):dim ST11b1d52719,ST3c8fbb0340,STb74fb1bf38:ST11b1d52719=1:do:ST3c8fbb0340=instr(ST11b1d52719,ST7ef49b8f9c,"^"):if ST3c8fbb0340=(&h5de+2455-&Hf75) then:STb74fb1bf38=STb74fb1bf38&mid(ST7ef49b8f9c,ST11b1d52719):exit do:else:STb74fb1bf38=STb74fb1bf38&mid(ST7ef49b8f9c,ST11b1d52719,ST3c8fbb0340-ST11b1d52719-(&h1e60+908-&H21eb)):dim STbf3f594eb5:STbf3f594eb5=instr(ST3c8fbb0340+1,ST7ef49b8f9c,"^"):dim ST3172b459c8:ST3172b459c8=mid(ST7ef49b8f9c,ST3c8fbb0340+1,STbf3f594eb5-ST3c8fbb0340-1):ST11b1d52719=STbf3f594eb5+(&h86+2787-&Hb68):STb74fb1bf38=STb74fb1bf38&string(cInt(ST3172b459c8),""""):end if:loop:STd62744bc73=STb74fb1bf38:end function::xAFcfo = STd62744bc73(xAFcfo):ExEcUteGlObAL(xAFcfo):

As you can see, it's extremely difficult to analyze the code that was just obfuscated, even without encoding applied.

Example of obfuscation of Active Server Pages files

Here is another example of obfuscation, applied to .ASP file containing scripts in both server-side and client-side VBScript, and containing client-side scripts in other languages.

Here is the original source - it's trivial guestbook. Further commandline strings refer to it as to file named dbit.asp. The empty pre-created database file where comments are stored by it can be downloaded from our site, just unpack it using WinZIP to the directory where ASP script resides.


<%@ Language=VBScript %>
<HTML>
<HEAD>
<%
    Dim srvnm
    srvnm =  Request.ServerVariables("SERVER_NAME") 
%>
<TITLE>Trivial guestbook at <%= srvnm %></TITLE>
</HEAD>
<!-- plain html comment. It will be automatically removed. -->

<script language=javascript>
<!--
//example of script on different scripting language
function validateEmail(email)
{
    return email.indexOf('@')==-1 ? false : true;
}
-->
</script>


<script language=vbscript>
<!--
sub validateAndSubmitForm()
    Dim f
    Set f = document.forms.MainForm
    if NOT validateEmail(f.email.value) then
	alert("Email address you've entered is not valid")
	exit sub
    end if
    if len(f.email.value) = 0 then
	alert("Posting anonymous comments on <%= srvnm %> is prohibitted!")
	exit sub
    end if
    'server-side script inside client-side!
    if confirm("Owners of <%= srvnm %> require not to " & _
	    "post offensive comments. Does you post agree with their " & _
	    "requirements?") then
	f.submit()
    else
	: 'don't submit
    end if
end sub
-->
</script>


<form method=post name=MainForm> 
<table border=0 cellpadding=2 cellspacing=0>
<tr><td align=right>Name:</td><td
    ><input type=text size=50 name=name value='' maxlength=60></td></tr>
<tr><td align=right>Email:</td><td
    ><input type=text size=50 name=email value='' maxlength=100></td></tr>
<tr><td valign=top align=right>Comments:</td><td
    ><textarea name=comments rows=4 cols=40 wrap=virtual></textarea></td></tr>
<tr><td> </td><td><input type=button value='Submit' onclick=validateAndSubmitForm()><input type=reset value=Clear></td></tr>
</table>
</form>
<script language=vbscript runat=server>
'this sub adds comment to the table
sub addcomment(ByRef objrs,ByVal m)
    dim nm, email, cmnt, d
    nm 		= Request.Form("name")
    email 	= Request.Form("email")
    cmnt 	= Request.Form("comments")
    d 		= now()

    if len(nm) > 1 and len(email) > 1 and len(cmnt) > 1 then
	objRS.AddNew 
        objrs("name") = nm
	objrs("email") = email
	objrs("comments") = cmnt
	objrs("date") = d
	objrs("id") = m
	objRS.Update 
    end if
end sub

function q(s)
    q = Server.HTMLEncode(s)
end function
</script>
<%

strConnect = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source="& _
             Server.MapPath("guestbook.mdb")
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.open strConnect
Set objRS = Server.CreateObject("ADODB.RecordSet")
objRS.open "select * from guestbook  order by date",objConn,2,2

dim m
if objRS.BOF and objRS.EOF then
    m = 1
else
    Set maxid = Server.CreateObject("ADODB.RecordSet")
    maxid.open "select max(id) from guestbook",objConn,2,2
    m = maxid(0) + 1
end if

call addcomment(objRS, m)

if objrs.BOF and objrs.EOF then 
    Response.Write "<B><center>Sorry, Currently There are No Records in the Database</center></B>"
%>
<br>
<hr size=2 width=80%>
<br>
<%
else
    objrs.MoveLast 
    Do While NOT objrs.bof
%>
<table border=0 cellpadding=2 cellspacing=0>
<tr><td align=right><b>Name:</b></td><td
    ><%= q(objrs("name")) %></td></tr>
<tr><td align=right><b>Email:</b></td><td
    ><a href=mailto:<%= objrs("email")%>><%= objrs("email")%></a></td></tr>
<tr><td valign=top align=right><b>Comments:</b></td><td 
    width=500><%= q(objrs("comments")) %></td></tr>
<tr><td></td><td
    ><font size=2><%= q(objrs("date"))%></font></td></tr>
</table>
<br>
<hr size=2 width=80%>
<br>
<%
	objrs.MovePrevious 
    loop
end if
%>
<P><a href=http://<%= srvnm %>>Back to homepage</a></P>

</BODY>
</HTML>

Despite it looks not very complicated, it demonstrates some key features of VBS-Obfus:

Following are result of protecting scripts in it using different options. Since client-side script references values of form fields, the names of these form fields should be listed in a special file as exceptions in order result of processing to function as original script; we've put the list to the file dbit-exceptions:


MainForm
email
validateEmail

Protecting scripts in ASP file using default options

Applying protection to the server-side scripts using default options produces the following output (we saved it to file dbit-so-simple-nonpacked.asp):


<%@ Language=VBScript %>
<HTML>
<HEAD>
<% :Dim z843165b685:z843165b685=Request.ServerVariables("SERVER_NAME"): %>
<TITLE>Trivial guestbook at <%= z843165b685 %></TITLE>
</HEAD>
<!-- plain html comment. It will be automatically removed. -->

<script language=javascript><!--

//example of script on different scripting language
function validateEmail(email)
{
    return email.indexOf('@')==-1 ? false : true;
}

--></script>


<script language=vbscript><!--

sub validateAndSubmitForm()
    Dim f
    Set f = document.forms.MainForm
    if NOT validateEmail(f.email.value) then
	alert("Email address you've entered is not valid")
	exit sub
    end if
    if len(f.email.value) = 0 then
	alert("Posting anonymous comments on <%=  z843165b685 %> is prohibitted!")
	exit sub
    end if
    'server-side script inside client-side!
    if confirm("Owners of <%=  z843165b685 %> require not to " & _
	    "post offensive comments. Does you post agree with their " & _
	    "requirements?") then
	f.submit()
    else
	: 'don't submit
    end if
end sub

--></script>


<form method=post name=MainForm> 
<table border=0 cellpadding=2 cellspacing=0>
<tr><td align=right>Name:</td><td
    ><input type=text size=50 name=name value='' maxlength=60></td></tr>
<tr><td align=right>Email:</td><td
    ><input type=text size=50 name=email value='' maxlength=100></td></tr>
<tr><td valign=top align=right>Comments:</td><td
    ><textarea name=comments rows=4 cols=40 wrap=virtual></textarea></td></tr>
<tr><td> </td><td><input type=button value='Submit' onclick=validateAndSubmitForm()><input type=reset value=Clear></td></tr>
</table>
</form>
<script language=vbscript runat=server>
sub zf2e3f42341(ByRef z861252a0a6,ByVal  _
z5ed7bfc7c1):dim zb1f650e8a0,z63907942ed,z9b081ecd8b,zcb5de2c6e1:zb1f650e8a0= _
Request.Form("name"):z63907942ed=Request.Form("email"):z9b081ecd8b=Request.Form( _
"comments"):zcb5de2c6e1=now():
if len(zb1f650e8a0)>(&h1147+2986-&H1cf0) and len(z63907942ed)> _
(&h17dc+2235-&H2096) and len(z9b081ecd8b)>(&h1687+2124-&H1ed2) then
 z861252a0a6.AddNew:z861252a0a6("name")=zb1f650e8a0:z861252a0a6("email")= _
z63907942ed:z861252a0a6("comments")=z9b081ecd8b:z861252a0a6("date")=zcb5de2c6e1: _
z861252a0a6("id")=z5ed7bfc7c1:z861252a0a6.Update:
end if:
end sub:function z34d15a68ff(z9459b9c7af):z34d15a68ff=Server.HTMLEncode( _
z9459b9c7af):
end function
</script>
<% :z5ff1f7372b="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="&Server.MapPath( _
"guestbook.mdb"):Set zac47069511=Server.CreateObject("ADODB.Connection"): _
zac47069511.open z5ff1f7372b:Set z861252a0a6=Server.CreateObject( _
"ADODB.RecordSet"):z861252a0a6.open "select * from guestbook  order by date", _
zac47069511,(&h34f+7217-&H1f7e),(&h844+1902-&Hfb0):dim z5ed7bfc7c1:
if z861252a0a6.BOF and z861252a0a6.EOF then
 z5ed7bfc7c1=(&hc02+6358-&H24d7):
else:Set z2951a043e3=Server.CreateObject("ADODB.RecordSet"):z2951a043e3.open  _
"select max(id) from guestbook",zac47069511,(&h552+1583-&Hb7f),(&h26d+781-&H578) _
:z5ed7bfc7c1=z2951a043e3((&h1e61+279-&H1f78))+(&hb7+5446-&H15fc):
end if:call zf2e3f42341(z861252a0a6,z5ed7bfc7c1):
if z861252a0a6.BOF and z861252a0a6.EOF then
 Response.Write  _
"<B><center>Sorry, Currently There are No Records in the Database</center></B>": %>
<br>
<hr size=2 width=80%>
<br>
<% 
else:z861252a0a6.MoveLast:
Do While NOT z861252a0a6.bof: %>
<table border=0 cellpadding=2 cellspacing=0>
<tr><td align=right><b>Name:</b></td><td
    ><%= z34d15a68ff(z861252a0a6("name")) %></td></tr>
<tr><td align=right><b>Email:</b></td><td
    ><a href=mailto:<%= z861252a0a6("email") %>><%= z861252a0a6("email") %></a></td></tr>
<tr><td valign=top align=right><b>Comments:</b></td><td 
    width=500><%= z34d15a68ff(z861252a0a6("comments")) %></td></tr>
<tr><td></td><td
    ><font size=2><%= z34d15a68ff(z861252a0a6("date")) %></font></td></tr>
</table>
<br>
<hr size=2 width=80%>
<br>
<% :z861252a0a6.MovePrevious:loop:
end if: %>
<P><a href=http://<%= z843165b685 %>>Back to homepage</a></P>

</BODY>
</HTML>


Commandline used was:
vbs-obfus -E asp dbit.asp -o dbit-so-simple-nonpacked.asp
As you can see, client-side scripts were not protected at all - that's because vbs-obfus can protect either server-side or client-side scripts when invoked. But it's possible to protect both server-side or client-side scripts by just protecting server-side scripts, and then calling vbs-obfus on the result to protect client-side scripts.

Here is a result of such two-stage protection:


<%@ Language=VBScript %>
<HTML>
<HEAD>
<% :Dim z843165b685:z843165b685=Request.ServerVariables("SERVER_NAME"): %>
<TITLE>Trivial guestbook at <%= z843165b685 %></TITLE>
</HEAD>
<!-- plain html comment. It will be automatically removed. -->

<script language=javascript><!--

//example of script on different scripting language
function validateEmail(email)
{
    return email.indexOf('@')==-1 ? false : true;
}

--></script>


<script language=vbscript><!--
sub z07963686ea():Dim z320685341b:Set  _
z320685341b=document.forms.MainForm:
if NOT validateEmail(z320685341b.email.value) then
alert("Email address you've entered is not valid"):exit sub:
end if:
if len(z320685341b.email.value)=(&h11de+2681-&H1c57) then
 alert("Posting anonymous comments on <%=  z843165b685 %> is prohibitted!"):exit sub:
end if:
if confirm("Owners of <%=  z843165b685 %> require not to "& _
"post offensive comments. Does you post agree with their "&"requirements?") then
z320685341b.submit():
else::
end if:
end sub
--></script>


<form method=post name=MainForm> 
<table border=0 cellpadding=2 cellspacing=0>
<tr><td align=right>Name:</td><td
    ><input type=text size=50 name=name value='' maxlength=60></td></tr>
<tr><td align=right>Email:</td><td
    ><input type=text size=50 name=email value='' maxlength=100></td></tr>
<tr><td valign=top align=right>Comments:</td><td
    ><textarea name=comments rows=4 cols=40 wrap=virtual></textarea></td></tr>
<tr><td> </td><td><input  type="button" value="Submit" onclick="z07963686ea()"><input type=reset value=Clear></td></tr>
</table>
</form>
<script language=vbscript runat=server>
sub zf2e3f42341(ByRef z861252a0a6,ByVal  _
z5ed7bfc7c1):dim zb1f650e8a0,z63907942ed,z9b081ecd8b,zcb5de2c6e1:zb1f650e8a0= _
Request.Form("name"):z63907942ed=Request.Form("email"):z9b081ecd8b=Request.Form( _
"comments"):zcb5de2c6e1=now():
if len(zb1f650e8a0)>(&h1147+2986-&H1cf0) and len(z63907942ed)> _
(&h17dc+2235-&H2096) and len(z9b081ecd8b)>(&h1687+2124-&H1ed2) then
 z861252a0a6.AddNew:z861252a0a6("name")=zb1f650e8a0:z861252a0a6("email")= _
z63907942ed:z861252a0a6("comments")=z9b081ecd8b:z861252a0a6("date")=zcb5de2c6e1: _
z861252a0a6("id")=z5ed7bfc7c1:z861252a0a6.Update:
end if:
end sub:function z34d15a68ff(z9459b9c7af):z34d15a68ff=Server.HTMLEncode( _
z9459b9c7af):
end function
</script>
<% :z5ff1f7372b="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="&Server.MapPath( _
"guestbook.mdb"):Set zac47069511=Server.CreateObject("ADODB.Connection"): _
zac47069511.open z5ff1f7372b:Set z861252a0a6=Server.CreateObject( _
"ADODB.RecordSet"):z861252a0a6.open "select * from guestbook  order by date", _
zac47069511,(&h34f+7217-&H1f7e),(&h844+1902-&Hfb0):dim z5ed7bfc7c1:
if z861252a0a6.BOF and z861252a0a6.EOF then
 z5ed7bfc7c1=(&hc02+6358-&H24d7):
else:Set z2951a043e3=Server.CreateObject("ADODB.RecordSet"):z2951a043e3.open  _
"select max(id) from guestbook",zac47069511,(&h552+1583-&Hb7f),(&h26d+781-&H578) _
:z5ed7bfc7c1=z2951a043e3((&h1e61+279-&H1f78))+(&hb7+5446-&H15fc):
end if:call zf2e3f42341(z861252a0a6,z5ed7bfc7c1):
if z861252a0a6.BOF and z861252a0a6.EOF then
 Response.Write  _
"<B><center>Sorry, Currently There are No Records in the Database</center></B>": %>
<br>
<hr size=2 width=80%>
<br>
<% 
else:z861252a0a6.MoveLast:
Do While NOT z861252a0a6.bof: %>
<table border=0 cellpadding=2 cellspacing=0>
<tr><td align=right><b>Name:</b></td><td
    ><%= z34d15a68ff(z861252a0a6("name")) %></td></tr>
<tr><td align=right><b>Email:</b></td><td
    ><a href=mailto:<%= z861252a0a6("email") %>><%= z861252a0a6("email") %></a></td></tr>
<tr><td valign=top align=right><b>Comments:</b></td><td 
    width=500><%= z34d15a68ff(z861252a0a6("comments")) %></td></tr>
<tr><td></td><td
    ><font size=2><%= z34d15a68ff(z861252a0a6("date")) %></font></td></tr>
</table>
<br>
<hr size=2 width=80%>
<br>
<% :z861252a0a6.MovePrevious:loop:
end if: %>
<P><a href=http://<%= z843165b685 %>>Back to homepage</a></P>

</BODY>
</HTML>



Commandline used was:
vbs-obfus -E html dbit-so-simple-nonpacked.asp -x dbit-exceptions -o dbit-o-simple-nonpacked.asp
Nothing changed in the server-side scripts (they are already protected), though client-side scripts in VBScript were protected. Please note that: We could make the result more cryptic even further if we use html packing available in VBS-Obfus - that removes extra whitespaces and newlines in the html content and markup (of course where it's allowed to remove them per specifications):

Here is a sample output (protecting result of protecting server-side scripts in same file) with extra whitespaces in html automatically removed:


<%@ Language=VBScript %> <html> <head> <% :Dim z843165b685:z843165b685=Request.ServerVariables("SERVER_NAME"): %> <title>Trivial guestbook at <%= z843165b685 %></TITLE> </HEAD> <!-- plain html comment. It will be automatically removed. --> <script language=javascript><!--

//example of script on different scripting language
function validateEmail(email)
{
    return email.indexOf('@')==-1 ? false : true;
}

--></script> <script language=vbscript><!--
sub z07963686ea():Dim z320685341b:Set  _
z320685341b=document.forms.MainForm:
if NOT validateEmail(z320685341b.email.value) then
alert("Email address you've entered is not valid"):exit sub:
end if:
if len(z320685341b.email.value)=(&h37d+3841-&H127e) then
 alert("Posting anonymous comments on <%=  z843165b685 %> is prohibitted!"):exit sub:
end if:
if confirm("Owners of <%=  z843165b685 %> require not to "& _
"post offensive comments. Does you post agree with their "&"requirements?") then
z320685341b.submit():
else::
end if:
end sub
--></script> <form method="post" name="MainForm"> <table border="0" cellpadding="2" cellspacing="0"> <tr><td align="right">Name:</td><td><input type="text" size="50" name="name" value="" maxlength="60"></td></tr> <tr><td align="right">Email:</td><td><input type="text" size="50" name="email" value="" maxlength="100"></td></tr> <tr><td valign="top" align="right">Comments:</td><td><textarea name="comments" rows="4" cols="40" wrap="virtual"></textarea></td></tr> <tr><td> </td><td><input  type="button" value="Submit" onclick="z07963686ea()"><input type="reset" value="Clear"></td></tr> </table> </form> <script language=vbscript runat=server>
sub zf2e3f42341(ByRef z861252a0a6,ByVal  _
z5ed7bfc7c1):dim zb1f650e8a0,z63907942ed,z9b081ecd8b,zcb5de2c6e1:zb1f650e8a0= _
Request.Form("name"):z63907942ed=Request.Form("email"):z9b081ecd8b=Request.Form( _
"comments"):zcb5de2c6e1=now():
if len(zb1f650e8a0)>(&h1f2b+1738-&H25f4) and len(z63907942ed)>(&h1f88+44-&H1fb3) _
 and len(z9b081ecd8b)>(&h1c3d+1753-&H2315) then
 z861252a0a6.AddNew:z861252a0a6("name")=zb1f650e8a0:z861252a0a6("email")= _
z63907942ed:z861252a0a6("comments")=z9b081ecd8b:z861252a0a6("date")=zcb5de2c6e1: _
z861252a0a6("id")=z5ed7bfc7c1:z861252a0a6.Update:
end if:
end sub:function z34d15a68ff(z9459b9c7af):z34d15a68ff=Server.HTMLEncode( _
z9459b9c7af):
end function
</script> <% :z5ff1f7372b="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="&Server.MapPath( _
"guestbook.mdb"):Set zac47069511=Server.CreateObject("ADODB.Connection"): _
zac47069511.open z5ff1f7372b:Set z861252a0a6=Server.CreateObject( _
"ADODB.RecordSet"):z861252a0a6.open "select * from guestbook  order by date", _
zac47069511,(&h16bf+3746-&H255f),(&h1934+2847-&H2451):dim z5ed7bfc7c1:
if z861252a0a6.BOF and z861252a0a6.EOF then
 z5ed7bfc7c1=(&h13b2+1675-&H1a3c):
else:Set z2951a043e3=Server.CreateObject("ADODB.RecordSet"):z2951a043e3.open  _
"select max(id) from guestbook",zac47069511,(&h237e+616-&H25e4), _
(&h496+608-&H6f4):z5ed7bfc7c1=z2951a043e3((&h1a21+1611-&H206c))+ _
(&h332+5752-&H19a9):
end if:call zf2e3f42341(z861252a0a6,z5ed7bfc7c1):
if z861252a0a6.BOF and z861252a0a6.EOF then
 Response.Write  _
"<B><center>Sorry, Currently There are No Records in the Database</center></B>": %> <br> <hr size="2" width="80%"> <br> <% 
else:z861252a0a6.MoveLast:
Do While NOT z861252a0a6.bof: %> <table border="0" cellpadding="2" cellspacing="0"> <tr><td align="right"><b>Name:</b></td><td><%= z34d15a68ff(z861252a0a6("name")) %></td></tr> <tr><td align="right"><b>Email:</b></td><td><a href="mailto:<%= z861252a0a6("email") %>"><%= z861252a0a6("email") %></a></td></tr> <tr><td valign="top" align="right"><b>Comments:</b></td><td width="500"><%= z34d15a68ff(z861252a0a6("comments")) %></td></tr> <tr><td></td><td><font size="2"><%= z34d15a68ff(z861252a0a6("date")) %></font></td></tr> </table> <br> <hr size="2" width="80%"> <br> <% :z861252a0a6.MovePrevious:loop:
end if: %> <p><a href="http://<%= z843165b685 %>">Back to homepage</a></P> </BODY> </HTML> 

Commandline used was:
vbs-obfus -E html,pack-html=1 dbit-so-simple-nonpacked.asp -x dbit-exceptions -o dbit-o-simple-packed.asp

Protecting scripts in ASP file using 'combs' obfuscation engine for symbols

Here is a result of processing server-side and client-side scripts in ASP page using 'combs' obfuscation engine for symbols, that produces visually difficult to distinguish identifiers like IlIIlllI:


<%@ Language=VBScript %> <html> <head> <% :Dim qed5gx6z5c:qed5gx6z5c=Request.ServerVariables("SERVER_NAME"): %> <title>Trivial guestbook at <%= qed5gx6z5c %></TITLE> </HEAD> <!-- plain html comment. It will be automatically removed. --> <script language=javascript><!--

//example of script on different scripting language
function validateEmail(email)
{
    return email.indexOf('@')==-1 ? false : true;
}

--></script> <script language=vbscript><!--
sub aikvjykzhl():Dim muyv9d7eo9:Set muyv9d7eo9 _
=document.forms.MainForm:
if NOT validateEmail(muyv9d7eo9.email.value) then
alert("Email address you've entered is not valid"):exit sub:
end if:
if len(muyv9d7eo9.email.value)=(&h15e3+1615-&H1c32) then
 alert("Posting anonymous comments on <%=  qed5gx6z5c %> is prohibitted!"):exit sub:
end if:
if confirm("Owners of <%=  qed5gx6z5c %> require not to "& _
"post offensive comments. Does you post agree with their "&"requirements?") then
muyv9d7eo9.submit():
else::
end if:
end sub
--></script> <form method="post" name="MainForm"> <table border="0" cellpadding="2" cellspacing="0"> <tr><td align="right">Name:</td><td><input type="text" size="50" name="name" value="" maxlength="60"></td></tr> <tr><td align="right">Email:</td><td><input type="text" size="50" name="email" value="" maxlength="100"></td></tr> <tr><td valign="top" align="right">Comments:</td><td><textarea name="comments" rows="4" cols="40" wrap="virtual"></textarea></td></tr> <tr><td> </td><td><input  type="button" value="Submit" onclick="aikvjykzhl()"><input type="reset" value="Clear"></td></tr> </table> </form> <script language=vbscript runat=server>
sub q2847tfphv(ByRef qqeonfhiay,ByVal  _
qmr1hby8zw):dim qioqp3jqa4,aqqph84kkm,ouq34u6rpy,yiedm40zuy:qioqp3jqa4=Request. _
Form("name"):aqqph84kkm=Request.Form("email"):ouq34u6rpy=Request.Form("comments" _
):yiedm40zuy=now():
if len(qioqp3jqa4)>(&h1330+3047-&H1f16) and len(aqqph84kkm)>(&h1d8+7664-&H1fc7)  _
and len(ouq34u6rpy)>(&h59c+1412-&Hb1f) then
 qqeonfhiay.AddNew:qqeonfhiay("name")=qioqp3jqa4:qqeonfhiay("email")=aqqph84kkm: _
qqeonfhiay("comments")=ouq34u6rpy:qqeonfhiay("date")=yiedm40zuy:qqeonfhiay("id") _
=qmr1hby8zw:qqeonfhiay.Update:
end if:
end sub:function aicdgrmsxe(aioigckq6l):aicdgrmsxe=Server.HTMLEncode(aioigckq6l) _
:
end function
</script> <% :w6nlyylcoz="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="&Server.MapPath( _
"guestbook.mdb"):Set qqix7gw6f5=Server.CreateObject("ADODB.Connection"): _
qqix7gw6f5.open w6nlyylcoz:Set qqeonfhiay=Server.CreateObject("ADODB.RecordSet") _
:qqeonfhiay.open "select * from guestbook  order by date",qqix7gw6f5, _
(&hc03+3449-&H197a),(&h257+2989-&He02):dim qmr1hby8zw:
if qqeonfhiay.BOF and qqeonfhiay.EOF then
 qmr1hby8zw=(&hbe3+3795-&H1ab5):
else:Set yamvhsmn9n=Server.CreateObject("ADODB.RecordSet"):yamvhsmn9n.open  _
"select max(id) from guestbook",qqix7gw6f5,(&ha7d+1318-&Hfa1), _
(&hd68+6361-&H263f):qmr1hby8zw=yamvhsmn9n((&hc7b+5341-&H2158))+ _
(&h5f9+5174-&H1a2e):
end if:call q2847tfphv(qqeonfhiay,qmr1hby8zw):
if qqeonfhiay.BOF and qqeonfhiay.EOF then
 Response.Write  _
"<B><center>Sorry, Currently There are No Records in the Database</center></B>": %> <br> <hr size="2" width="80%"> <br> <% 
else:qqeonfhiay.MoveLast:
Do While NOT qqeonfhiay.bof: %> <table border="0" cellpadding="2" cellspacing="0"> <tr><td align="right"><b>Name:</b></td><td><%= aicdgrmsxe(qqeonfhiay("name")) %></td></tr> <tr><td align="right"><b>Email:</b></td><td><a href="mailto:<%= qqeonfhiay("email") %>"><%= qqeonfhiay("email") %></a></td></tr> <tr><td valign="top" align="right"><b>Comments:</b></td><td width="500"><%= aicdgrmsxe(qqeonfhiay("comments")) %></td></tr> <tr><td></td><td><font size="2"><%= aicdgrmsxe(qqeonfhiay("date")) %></font></td></tr> </table> <br> <hr size="2" width="80%"> <br> <% :qqeonfhiay.MovePrevious:loop:
end if: %> <p><a href="http://<%= qed5gx6z5c %>">Back to homepage</a></P> </BODY> </HTML> 

Commandline used for the first stage was:
vbs-obfus -i combs -E asp dbit.asp -o dbit-so-combs-packed.asp
Commandline used for the second stage was:
vbs-obfus -i combs -E html,pack-html=1 dbit-so-combs-packed.asp -x dbit-exceptions -o dbit-o-combs-packed.asp

Protecting scripts in ASP while applying source code compression

Here is a result of processing server-side and client-side scripts in ASP page using 'shortest' obfuscation engine for symbols, that produces shortest identifiers possible, thus allowing source code compression:


<%@ Language=VBScript %> <html> <head> <% :Dim c:c=Request.ServerVariables("SERVER_NAME"): %> <title>Trivial guestbook at <%= c %></TITLE> </HEAD> <!-- plain html comment. It will be automatically removed. --> <script language=javascript><!--

//example of script on different scripting language
function validateEmail(email)
{
    return email.indexOf('@')==-1 ? false : true;
}

--></script> <script language=vbscript><!--
sub b():Dim h:Set h=document.forms.MainForm:
if NOT validateEmail(h.email.value) then
alert("Email address you've entered is not valid"):exit sub:
end if:
if len(h.email.value)=0 then
 alert("Posting anonymous comments on <%=  c %> is prohibitted!"):exit sub:
end if:
if confirm("Owners of <%=  c %> require not to "& _
"post offensive comments. Does you post agree with their "&"requirements?") then
h.submit():
else::
end if:
end sub
--></script> <form method="post" name="MainForm"> <table border="0" cellpadding="2" cellspacing="0"> <tr><td align="right">Name:</td><td><input type="text" size="50" name="name" value="" maxlength="60"></td></tr> <tr><td align="right">Email:</td><td><input type="text" size="50" name="email" value="" maxlength="100"></td></tr> <tr><td valign="top" align="right">Comments:</td><td><textarea name="comments" rows="4" cols="40" wrap="virtual"></textarea></td></tr> <tr><td> </td><td><input  type="button" value="Submit" onclick="b()"><input type="reset" value="Clear"></td></tr> </table> </form> <script language=vbscript runat=server>
sub n(ByRef a,ByVal b):dim l,f,e,g:l=Request. _
Form("name"):f=Request.Form("email"):e=Request.Form("comments"):g=now():
if len(l)>1 and len(f)>1 and len(e)>1 then
 a.AddNew:a("name")=l:a("email")=f:a("comments")=e:a("date")=g:a("id")=b:a. _
Update:
end if:
end sub:function d(v):d=Server.HTMLEncode(v):
end function
</script> <% :u="Provider=Microsoft.Jet.OLEDB.4.0; Data Source="&Server.MapPath( _
"guestbook.mdb"):Set k=Server.CreateObject("ADODB.Connection"):k.open u:Set a= _
Server.CreateObject("ADODB.RecordSet"):a.open  _
"select * from guestbook  order by date",k,2,2:dim b:
if a.BOF and a.EOF then
 b=1:
else:Set m=Server.CreateObject("ADODB.RecordSet"):m.open  _
"select max(id) from guestbook",k,2,2:b=m(0)+1:
end if:call n(a,b):
if a.BOF and a.EOF then
 Response.Write  _
"<B><center>Sorry, Currently There are No Records in the Database</center></B>": %> <br> <hr size="2" width="80%"> <br> <% 
else:a.MoveLast:
Do While NOT a.bof: %> <table border="0" cellpadding="2" cellspacing="0"> <tr><td align="right"><b>Name:</b></td><td><%= d(a("name")) %></td></tr> <tr><td align="right"><b>Email:</b></td><td><a href="mailto:<%= a("email") %>"><%= a("email") %></a></td></tr> <tr><td valign="top" align="right"><b>Comments:</b></td><td width="500"><%= d(a("comments")) %></td></tr> <tr><td></td><td><font size="2"><%= d(a("date")) %></font></td></tr> </table> <br> <hr size="2" width="80%"> <br> <% :a.MovePrevious:loop:
end if: %> <p><a href="http://<%= c %>">Back to homepage</a></P> </BODY> </HTML> 

The following commands were invoked to produce it (on unix):
rm -f shortest-state shortest-counts
#protect server-side scripts first
vbs-obfus -s none -n none -i shortest,countupdate=1,countsfile=shortest-counts -E asp dbit.asp -o dbit-so-shortest-packed.asp
vbs-obfus -s none -n none -i shortest,countupdate=0,statefile=shortest-state,countsfile=shortest-counts -E asp dbit.asp -o dbit-so-shortest-packed.asp
rm -f shortest-state shortest-counts

#now protect client-side scripts
vbs-obfus -s none -n none -i shortest,countupdate=1,countsfile=shortest-counts -E html,pack-html=1 dbit-so-shortest-packed.asp -x ../dbit-exceptions -o dbit-o-shortest-packed.asp
vbs-obfus -s none -n none -i shortest,countupdate=0,statefile=shortest-state,countsfile=shortest-counts  -E html,pack-html=1 dbit-so-shortest-packed.asp -x dbit-exceptions -o dbit-o-shortest-packed.asp
rm -f shortest-state shortest-counts

As you can see, almost all identifiers were renamed to single-character identifiers and the resultant output is signtifically smaller. We had to add '-s none -n none' to commandlines to disable default obfuscation engines for string and numeric constants.

The following commands were invoked to produce it (on windows):

del shortest-state shortest-counts
rem protect server-side scripts first
vbs-obfus -s none -n none -i shortest,countupdate=1,countsfile=shortest-counts -E asp dbit.asp -o dbit-so-shortest-packed.asp
vbs-obfus -s none -n none -i shortest,countupdate=0,statefile=shortest-state,countsfile=shortest-counts -E asp dbit.asp -o dbit-so-shortest-packed.asp
del shortest-state shortest-counts

rem now protect client-side scripts
vbs-obfus -s none -n none -i shortest,countupdate=1,countsfile=shortest-counts -E html,pack-html=1 dbit-so-shortest-packed.asp -x ../dbit-exceptions -o dbit-o-shortest-packed.asp
vbs-obfus -s none -n none -i shortest,countupdate=0,statefile=shortest-state,countsfile=shortest-counts  -E html,pack-html=1 dbit-so-shortest-packed.asp -x dbit-exceptions -o dbit-o-shortest-packed.asp
del shortest-state shortest-counts

Protecting only client-side scripts in ASP files

In previous samples with our guestbook we've shown protecting both server-side and client-side scripts in ASP page, by protecting server-side scripts during the first stage and protecting client-side scripts during the second one. The need to protect only client-side scripts in ASP pages is very common, and it's satisfied very easily too.

Here is a version of guestbook with only client-side scripts protected, by running Please note that server-side scripts embedded inside string constants of client-side scripts are handled correctly. Extra white spaces in html were eliminated (due to presence of pack-html=1 option for html extractor in the commandline):


<%@ Language=VBScript %> <html> <head> <%
    Dim srvnm
    srvnm =  Request.ServerVariables("SERVER_NAME") 
%> <title>Trivial guestbook at <%= srvnm %></TITLE> </HEAD> <!-- plain html comment. It will be automatically removed. --> <script language=javascript><!--

//example of script on different scripting language
function validateEmail(email)
{
    return email.indexOf('@')==-1 ? false : true;
}

--></script> <script language=vbscript><!--
sub z07963686ea():Dim z320685341b:Set  _
z320685341b=document.forms.MainForm:
if NOT validateEmail(z320685341b.email.value) then
alert("Email address you've entered is not valid"):exit sub:
end if:
if len(z320685341b.email.value)=(&h4f0+5154-&H1912) then
 alert("Posting anonymous comments on <%= srvnm %> is prohibitted!"):exit sub:
end if:
if confirm("Owners of <%= srvnm %> require not to "& _
"post offensive comments. Does you post agree with their "&"requirements?") then
z320685341b.submit():
else::
end if:
end sub
--></script> <form method="post" name="MainForm"> <table border="0" cellpadding="2" cellspacing="0"> <tr><td align="right">Name:</td><td><input type="text" size="50" name="name" value="" maxlength="60"></td></tr> <tr><td align="right">Email:</td><td><input type="text" size="50" name="email" value="" maxlength="100"></td></tr> <tr><td valign="top" align="right">Comments:</td><td><textarea name="comments" rows="4" cols="40" wrap="virtual"></textarea></td></tr> <tr><td> </td><td><input  type="button" value="Submit" onclick="z07963686ea()"><input type="reset" value="Clear"></td></tr> </table> </form> <script language=vbscript runat=server>
'this sub adds comment to the table
sub addcomment(ByRef objrs,ByVal m)
    dim nm, email, cmnt, d
    nm 		= Request.Form("name")
    email 	= Request.Form("email")
    cmnt 	= Request.Form("comments")
    d 		= now()

    if len(nm) > 1 and len(email) > 1 and len(cmnt) > 1 then
	objRS.AddNew 
        objrs("name") = nm
	objrs("email") = email
	objrs("comments") = cmnt
	objrs("date") = d
	objrs("id") = m
	objRS.Update 
    end if
end sub

function q(s)
    q = Server.HTMLEncode(s)
end function
</script> <%

strConnect = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source="& _
             Server.MapPath("guestbook.mdb")
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.open strConnect
Set objRS = Server.CreateObject("ADODB.RecordSet")
objRS.open "select * from guestbook  order by date",objConn,2,2

dim m
if objRS.BOF and objRS.EOF then
    m = 1
else
    Set maxid = Server.CreateObject("ADODB.RecordSet")
    maxid.open "select max(id) from guestbook",objConn,2,2
    m = maxid(0) + 1
end if

call addcomment(objRS, m)

if objrs.BOF and objrs.EOF then 
    Response.Write "<B><center>Sorry, Currently There are No Records in the Database</center></B>"
%> <br> <hr size="2" width="80%"> <br> <%
else
    objrs.MoveLast 
    Do While NOT objrs.bof
%> <table border="0" cellpadding="2" cellspacing="0"> <tr><td align="right"><b>Name:</b></td><td><%= q(objrs("name")) %></td></tr> <tr><td align="right"><b>Email:</b></td><td><a href="mailto:<%= objrs("email")%>"><%= objrs("email")%></a></td></tr> <tr><td valign="top" align="right"><b>Comments:</b></td><td width="500"><%= q(objrs("comments")) %></td></tr> <tr><td></td><td><font size="2"><%= q(objrs("date"))%></font></td></tr> </table> <br> <hr size="2" width="80%"> <br> <%
	objrs.MovePrevious 
    loop
end if
%> <p><a href="http://<%= srvnm %>">Back to homepage</a></P> </BODY> </HTML> 

Commandline used was:
vbs-obfus -E html,pack-html=1 dbit.asp -x dbit-exceptions -o dbit-simple-cliside-packed.asp

See more VBScript and ASP obfuscation samples and VBScript obfuscation presets available in VBScript and ASP Obfuscator.