摘要
针对网页脚本语言存在的安全问题,对当前广泛应用的脚本语言JavaScript加密软件JScript.Encode进行了分析,深入剖析了JScript.Encode的体系结构、算法和安全性,并进一步指出VBScript脚本加密所采用的VBScript.Encode软件也使用了相同的算法。实际分析过程中,使用了W32Dasm对Jscript.dll加密变换函数进行反编译,还使用了SoftICEI、DA等调试工具分析其算法,揭示了JScript.Encode加密软件存在的缺陷。为了弥补其算法的不足,提出了一个保护解释性语言源代码的设想。
To resolve the security problem existing in web pages written in script language, Jscriptencode, a wide-range applied encode software for javascript, is analyzed systematically, Several aspects of Jscriptencode including its architecture, algorithm and security are analyzed comprehensively. It is also shown that the VBscriptencode software uses the same algorithm. In the analyze process, W32Dasm is used to de-assemble the crypt function of Jscript,dll, and debug tools such as softlCE and IDA are used to analyze its algorithm. It is also provided'a proposition for protecting the source code of interpreted language and counteracting the algorithm's weakness.
出处
《计算机工程与设计》
CSCD
北大核心
2006年第6期970-972,共3页
Computer Engineering and Design
基金
河北师范大学青年科研基金项目(L2003Q22)
