Encrypting/Decrypting

Report · Aug 07, 2011

Hi.

What can you encrypt Coldfusion in? Like, to work on HTML but nobody can see the code when you realise it.

This is some of it(Encryped) [code]

– $class$coldfusion$tagext$sql$QueryTag coldfusion.tagext.sql.QueryTag ™ ˜ n › coldfusion/tagext/sql/QueryTag  cfquery Ÿ name ¡

MakeUpdate £ setName ¥ B

ž ¦

datasource ¨ \(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Object;Ljava/lang/String;)Ljava/lang/Object; … ª

«

setDatasource P

ž ®

doStartTag ()I ° ±

ž ² _pushBody _(Ljavax/servlet/jsp/tagext/BodyTag;ILjavax/servlet/jsp/JspWriter;)Ljavax/servlet/jsp/JspWriter; ´ µ

¶ !UPDATE cms_settings SET value = ' ¸ write º B java/io/Writer ¼

½ » _escapeSingleQuotes ¿ L

À %' WHERE variable = 'cms_name' LIMIT 1 Â doAfterBody Ä ±

ž Å _popBody =(ILjavax/servlet/jsp/JspWriter;)Ljavax/servlet/jsp/JspWriter; Ç È

É doEndTag Ë ±

ž Ì doCatch (Ljava/lang/Throwable;)V Î Ï

ž Ð doFinally Ò

ž Ó $' WHERE variable = 'cms_url' LIMIT 1 Õ &' WHERE variable = 'rts_uname' LIMIT 1 × metaData Ljava/lang/Object; Ù Ú Û &coldfusion/runtime/AttributeCollection Ý java/lang/Object ß ([Ljava/lang/Object;)V á

Þ â this (Lcfbasics_update_general2ecfm1114071321; LocalVariableTable Code <clinit> varscope "Lcoldfusion/runtime/VariableScope; locscope Lcoldfusion/runtime/LocalScope; getMetadata ()Ljava/lang/Object; runPage out Ljavax/servlet/jsp/JspWriter; value include0 #Lcoldfusion/tagext/lang/IncludeTag; query1 Lcoldfusion/tagext/sql/QueryTag; mode1 I t7 Ljava/lang/Throwable; t8 t9 t10 t11 t12 query2 mode2 t15 t16 t17 t18 t19 t20 query3 mode3 t23 t24 t25 t26 t27 t28 LineNumberTable java/lang/Throwable 1 " & * m n ˜ n Ù Ú ç # *·

± æ ä å è ç = p¸ v³ x š¸ v³ œ» ÞY ½ à· ã³ Ü± æ ä å ç  O*+,· ** +,¶ µ ** +,¶ µ ** +,¶ µ !** #+,¶ µ %** '+,¶ µ )** ++,¶ µ -± æ O ä å O é ê O ë ì í î ç " ² Ü° æ ä å ï î ç µ *´ 4¶ :L*´ >N* @¶ D*´ )* ¶ H* J¶ N¶ T*+ V¶ Z*´ * ¶ H***´ )¶ ^¸ d f ¶ j¶ T*+ V¶ Z*´ ! l¶ T*+ V¶ Z*² x -¶ |À ~: * ¶ H € ‚ „ ¸ ˆ¶ ‹ ¶ ‘ ¸ •™ °*+ —¶ Z*² œ -¶ |À ž: * ¶ H ¢ ¤ ¸ ˆ¶ § ©**´ ¶ ^ ¸ ¬¶ ¯ ¶ ‘ ¶ ³Y6 ™ M* +¶ ·L+ ¹¶ ¾+**´ -¶ ^¸ d¸ Á¶ ¾+ Ã¶ ¾ ¶ ÆšÿÝ¨ § : ¨ ¿: * +¶ ÊL© ¶ Í : ¨ # °¨ § #:

¶ Ñ¨ § : ¨ ¿: ¶ Ô© *+ V¶ Z*² œ -¶ |À ž:

* ¶ H

¢ ¤ ¸ ˆ¶ §

©**´ ¶ ^ ¸ ¬¶ ¯

¶ ‘

¶ ³Y6 ™ M*

+¶ ·L+ ¹¶ ¾+**´ ¶ ^¸ d¸ Á¶ ¾+ Ö¶ ¾

¶ ÆšÿÝ¨ § : ¨ ¿: * +¶ ÊL©

¶ Í : ¨ # °¨ § #:

¶ Ñ¨ § : ¨ ¿:

¶ Ô© *+ V¶ Z*² œ -¶ |À ž: * ¶ H ¢ ¤ ¸ ˆ¶ § ©**´ ¶ ^ ¸ ¬¶ ¯ ¶ ‘ ¶ ³Y6 ™ M* +¶ ·L+ ¹¶ ¾+**´ %¶ ^¸ d¸ Á¶ ¾+ Ø¶ ¾ ¶ ÆšÿÝ¨ § : ¨ ¿: * +¶ ÊL© ¶ Í : ¨ # °¨ § #: ¶ Ñ¨ § : ¨ ¿: ¶ Ô© *+ V¶ Z ° ä Ù : F @ C F Ù : U @ C U F R U U Z U ¶ é ì ì ñ ì « « ' ' $ ' ' , ' ˆ » ¾ ¾ Ã ¾ } Þ ê ä ç ê } Þ ù ä ç ù ê ö ù ù þ ù æ $ ä å ð ñ ò Ú ; < ó ô õ ö ÷ ø ù ú û Ú ü Ú ý ú

þ ú ÿ Ú ö

ø ú Ú [/co

Report · Aug 07, 2011

Anyone know what encryption that is?

Report · Aug 07, 2011

Likely using cfencode, which ships with CF but rarely used. There are

utilities to unencode the files, which makes them not very secure.

http://www.usefulconcept.com/index.cfm/2009/11/19/Encrypting-CFM-Files-with-CFencode

Report · Aug 07, 2011

Do you know how I can decrypt, though?

Report · Aug 07, 2011

A quick google search shows how that is done, however searching google for

the code here shows that it is part of a project.

http://code.google.com/p/phoenixcf

Perhaps you should contact them?

Based on it, looks like the only part that is encoded is the housekeeping

folder. Which may be compiled CF, not raw cfm files. Also not using

cfencode, as already suggested. Whatever is there isn't the full app, or

the app isn't complete. At least that is what it looks to me after a quick

look. The first line of the code in that svn shows the path to the original

file, or at least suggests where one would find it.

Report · Aug 07, 2011

Joshua Cyr wrote:
A quick google search shows how that is done, however searching google for
the code here shows that it is part of a project.
http://code.google.com/p/phoenixcf
Perhaps you should contact them?
Based on it, looks like the only part that is encoded is the housekeeping
folder. Which may be compiled CF, not raw cfm files. Also not using
cfencode, as already suggested. Whatever is there isn't the full app, or
the app isn't complete. At least that is what it looks to me after a quick
look. The first line of the code in that svn shows the path to the original
file, or at least suggests where one would find it.

That is correct - yes.

But I see at the top, it says C:\XAMPP etc. It works on IIS with no XAMPP folder so I'm not sure why that is there but it doesn't help.

Report · Aug 07, 2011

Was it precompiled on another machine, maybe the developer?

Report · Aug 08, 2011

That's what I'm guesssing.

Report · Aug 08, 2011

Yeah, when CFM files are compiled, they do end up with residual references to the original location of the source files within them. Don't worry about 'em: they're not important.

--

Adam

Report · Aug 08, 2011

Adam Cameron. wrote:
Yeah, when CFM files are compiled, they do end up with residual references to the original location of the source files within them. Don't worry about 'em: they're not important.
--
Adam

Okay, so is there any way to decompile?

Report · Aug 08, 2011

Okay, so is there any way to decompile?

With a Java decompiler. Google "java decompiler".

However this will only return the bytecode back to Java. There is no way (that I am aware of) to decompile Java bytecode to CFML source code.

Just get in touch with whoever wrote the code and ask them for the source!

--

Adam

Report · Aug 07, 2011

Likely using cfencode,

It doesn't look like a file that's been encrypted with CFENCODE though. As your owb blog article suggests, these templates always start with "allair coldfusion template [etc]". Also the encrypted results - in my experience - never had anything that looked even remotely clear-text in them, as per the sample posted.

The thing is, it also doesn't look like a compiled CFM file either (which should look like Java byte code).

--

Adam

Report · Aug 07, 2011

I was thinking the same when I saw Java throughout the code - could it be a Java encrypter which added the Java things but not enabled through the code if you know what I mean?

Report · Aug 07, 2011

I have no idea (either what it is, or what you mean 😉

Where did the code come from?

--

Adam

Report · Aug 07, 2011

Okay what I mean (I'm not sure with Java) but if Java has tags, they could of removed < and > so it makes people confused and the server isn't trying to run anything Java related? I really don't know.

I got it from another forum - and I want to decrypt it

Report · Aug 07, 2011

It looks like a debug page. Which could also some encoded source as an

include.

Report · Aug 07, 2011

How could I decrypt it?