Uncovering the Popup Script Theft...

Well, since you are here, I assume you'd like to know how the individuals at popovergenerator.com stole my Popup Windows script. If you don't know what I am talking about, just take a visit to their site. They actually downloaded my free script, encoded it (presumably to hide the source code evidence), and are selling it as their own! It makes no sense as the real and original version can be found at my site for free (see FAQ page for Terms of Use). Plus, the version they are using is an older one.

So, without further ado, here we go...

First of all, if you go to popovergenerator.com and view the source code of the main HTML page, you'll find a confusing mess of escaped/encoded javascript near the top. There are three sections blocked off with start and end script tags, although they all run together to make it look confusing. Once you separate the blocks of script from each other a bit, you'll notice each block starts with var ep="... and goes on from there. You want to pay close attention to the third script block; this is where they load the js file that my stolen popup javascript resides in. FYI: The first two script sections simply create a function to print the window and a function to open a standard popup window, but that's not important here (unless they stole those scripts too).

The third block starts with var ep=".... This just creates a variable which contains a long string of encrypted text which finally ends with a ". Let's skip this for now, but remember where this string is.

Towards the last two-thirds of the third script block, you'll see some code that starts with function%20dc%28... and ends with ...%29%3B. This whole string is unescaped and written to the browser page. If you copy this string and paste it into the unescape portion of my encoder/decoder page, you'll see the actual unescaped decoding script they use.

Then, they just call their freshly written decoding function passing the contents of the ep variable and write that to the browser page.

The contents of this ep variable happens to be a mini script that simply loads a js file, PopOver.js to be exact. To get their freshest version of this file, simply copy and paste the following URL into your address bar and download the js file whereever you would like: http://www.popovergenerator.com/PopOver.js.

Or, if this seems a little shady to you, simply go to their website and when it is done loading, view your temporary internet files folder and you should find the js file there too. Either way. It makes no difference.

Okay, if you open the js file in your favorite editor (you might want to turn on "word-wrap" to make things easier to read), you'll see a big confusing mess of code again. This time however, they decided to use a different variable enkripsi, which I suppose is a cutesy term for "encrypted" or something like that. The string contained in this variable starts with "'1Aqapkrv'1G'2F' and ends with '02'02'02'02".

Wayyyy down at the bottom of the js file, they actually have their decoding function unencrypted! This is easier than I thought it would be to figure out! Once again, they use "clever" variable and function names, presumably to make it difficult to comprehend. :rolls eyes:

Anyway, they use their decoder function to decode the enkripsi variable and write the output to the browser page.

I made a little decoder to allow you to decode the contents of "enkripsi". Just copy the full contents of the variable and paste it into the first textbox below. Press the "Decode" button and you'll see the unencrypted code.

Doesn't that look remarkably familiar to someone else's source code? Of course, they were smart enough to strip the credits out of the file, but I think you can compare their source code and my source code easy enough.


Paste the contents of the variable enkripsi in the box below and press the "Decode" button.
(Select all...)




Totally decoded javascript...

(Select all...)

Incidentally, their decoder script is similar in function to the one found in my encoder-decoder script with the exception of a few minor details. The only real difference is the method they use to shift the character codes to make the output look unreadable. Nothing fancy.

I have already tried to write the webmaster a nice cease-and-desist letter, but never got a response. I also e-mailed their host letting them know of their client's dishonesty. So far, no response there either.