You need obfuscation. I've hidden eggs in all kinds of things, including heavily peer-reviewed projects, without problems. If you play it right, it takes so long for the egg to even be discovered that by the time someone finds it, the original client doesn't care. Usually you can even get a laugh or three.
Start with very wrong comments and symbols, as suggested - but make the thing as complicated as possible to discourage reverse-engineering. One of my favorite eggs is just a simple text-injection that prints "Apoch was here" into a text stream at a strategic time. It was controlled by four separate functions and the actual text was "encoded" in the form of several constants and constant arrays that were combined mathematically to produce the final string. Even better, the formula that decoded the constants made use of other perfectly legitimate constants, so it blended in with the surrounding code and looked innocent.
Hiding easter eggs in web scripts
Author
I'm definitely going for this obfuscation thing. I have the perfect place for it to... I just need to figure out a clever way of composing it from innocent-looking constants.
Yes, why not? But how?
Quote:Original post by WanMaster
Why not just generate a picture using php and add it to the response stream?
Yes, why not? But how?
Quote:Original post by Boris Karloff
I'm definitely going for this obfuscation thing. I have the perfect place for it to... I just need to figure out a clever way of composing it from innocent-looking constants.Quote:Original post by WanMaster
Why not just generate a picture using php and add it to the response stream?
Yes, why not? But how?
Well, you could always use the PHP image generation functions (look in the PHP manual extended CHM for details) - a few "circle" commands are all that are needed.
Place in something like
document.writein("<scr" + "ipt language="javascript" src='Adds.js' \>")
Then in adds.js, you do the adds and the easter eggs (or one easter egg).
In adds, you go and you store an encrypted script, which you then writein (and decrypt) when the time comes (But you need to make sure that noone stumbles upon it.
From,
Nice coder
document.writein("<scr" + "ipt language="javascript" src='Adds.js' \>")
Then in adds.js, you do the adds and the easter eggs (or one easter egg).
In adds, you go and you store an encrypted script, which you then writein (and decrypt) when the time comes (But you need to make sure that noone stumbles upon it.
From,
Nice coder
Quote:Original post by Boris KarloffQuote:Original post by WanMaster
Why not just generate a picture using php and add it to the response stream?
Yes, why not? But how?
http://www.php.net/manual/en/ref.image.php
It is really simple.
EDIT: Note: you cannot just send out the image when generating the document. In the document, you must create an object which URI invokes some PHP code that may generate the image under certain conditions.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
