Fossil SCM
Additional obfuscation of the javascript that runs to implement the anti-robot defense.
Commit
4c4bce351d974e5b628b8305ddac18c705ab06a88568e4e42bd3fa4ba8ca1823
Parent
e5991efb681a88e…
1 file changed
+16
-9
+16
-9
| --- src/robot.c | ||
| +++ src/robot.c | ||
| @@ -38,11 +38,11 @@ | ||
| 38 | 38 | ** Or, if valid proof-of-work is present as either a query parameter or |
| 39 | 39 | ** as a cookie, then return 0. |
| 40 | 40 | */ |
| 41 | 41 | static int robot_proofofwork(void){ |
| 42 | 42 | sqlite3_int64 tm; |
| 43 | - unsigned h1, h2; | |
| 43 | + unsigned h1, h2, p1, p2, p3, p4, p5, k2, k3; | |
| 44 | 44 | int k; |
| 45 | 45 | const char *z; |
| 46 | 46 | const char *az[2]; |
| 47 | 47 | |
| 48 | 48 | /* Construct a proof-of-work value based on the IP address of the |
| @@ -97,22 +97,22 @@ | ||
| 97 | 97 | style_header("Browser Verification"); |
| 98 | 98 | @ <h1 id="x1">Checking to see if you are a robot<span id="x2"></span></h1> |
| 99 | 99 | @ <form method="GET" id="x6"><p> |
| 100 | 100 | @ <span id="x3" style="visibility:hidden;">\ |
| 101 | 101 | @ Press <input type="submit" id="x5" value="Ok" focus> to continue</span> |
| 102 | - @ <span id="x7" style="visibility:hidden;">You appear to be a robot.</span></p> | |
| 102 | + @ <span id="x7" style="visibility:hidden;">You appear to be a robot.</span>\ | |
| 103 | + @ </p> | |
| 103 | 104 | cgi_query_parameters_to_hidden(); |
| 104 | 105 | @ <input id="x4" type="hidden" name="proof" value="0"> |
| 105 | 106 | @ </form> |
| 106 | 107 | @ <script nonce='%s(style_nonce())'> |
| 107 | - @ window.addEventListener('load',function(){ | |
| 108 | - @ function aaa(x){return document.getElementById(x);} | |
| 108 | + @ function aaa(x){return document.getElementById(x);}\ | |
| 109 | 109 | @ function bbb(h,a){\ |
| 110 | 110 | @ aaa("x4").value=h;\ |
| 111 | 111 | @ if((a%%75)==0){\ |
| 112 | 112 | @ aaa("x2").textContent=aaa("x2").textContent+".";\ |
| 113 | - @ } | |
| 113 | + @ }\ | |
| 114 | 114 | @ if(a>0){\ |
| 115 | 115 | @ setTimeout(bbb,1,h+a,a-1);\ |
| 116 | 116 | @ }else if(window.getComputedStyle(document.body).zIndex==='0'){\ |
| 117 | 117 | @ aaa("x3").style.visibility="visible";\ |
| 118 | 118 | @ aaa("x2").textContent="";\ |
| @@ -123,15 +123,22 @@ | ||
| 123 | 123 | @ aaa("x7").style.visibility="visible";\ |
| 124 | 124 | @ aaa("x2").textContent="";\ |
| 125 | 125 | @ aaa("x3").style.display="none";\ |
| 126 | 126 | @ aaa("x1").textContent="Access Denied";\ |
| 127 | 127 | @ }\ |
| 128 | - @ } | |
| 128 | + @ }\ | |
| 129 | 129 | k = 400 + h2%299; |
| 130 | - h2 = (k*k + k)/2; | |
| 131 | - @ setTimeout(function(){bbb(%u(h1-h2),%u(k));},10); | |
| 132 | - @ }, false); | |
| 130 | + k2 = (h2/299)%99 + 973; | |
| 131 | + k3 = (h2/(299*99))%99 + 811; | |
| 132 | + p1 = (k*k + k)/2; | |
| 133 | + p2 = h1-p1; | |
| 134 | + p3 = p2%k2; | |
| 135 | + p4 = (p2/k2)%k3; | |
| 136 | + p5 = p2/(k2*k3); | |
| 137 | + @ function ccc(a,b,c){return (a*%u(k3)+b)*%u(k2)+c;}\ | |
| 138 | + @ window.addEventListener('load',function(){\ | |
| 139 | + @ bbb(ccc(%u(p5),%u(p4),%u(p3)),%u(k));},false); | |
| 133 | 140 | @ </script> |
| 134 | 141 | style_finish_page(); |
| 135 | 142 | return 1; |
| 136 | 143 | } |
| 137 | 144 | |
| 138 | 145 |
| --- src/robot.c | |
| +++ src/robot.c | |
| @@ -38,11 +38,11 @@ | |
| 38 | ** Or, if valid proof-of-work is present as either a query parameter or |
| 39 | ** as a cookie, then return 0. |
| 40 | */ |
| 41 | static int robot_proofofwork(void){ |
| 42 | sqlite3_int64 tm; |
| 43 | unsigned h1, h2; |
| 44 | int k; |
| 45 | const char *z; |
| 46 | const char *az[2]; |
| 47 | |
| 48 | /* Construct a proof-of-work value based on the IP address of the |
| @@ -97,22 +97,22 @@ | |
| 97 | style_header("Browser Verification"); |
| 98 | @ <h1 id="x1">Checking to see if you are a robot<span id="x2"></span></h1> |
| 99 | @ <form method="GET" id="x6"><p> |
| 100 | @ <span id="x3" style="visibility:hidden;">\ |
| 101 | @ Press <input type="submit" id="x5" value="Ok" focus> to continue</span> |
| 102 | @ <span id="x7" style="visibility:hidden;">You appear to be a robot.</span></p> |
| 103 | cgi_query_parameters_to_hidden(); |
| 104 | @ <input id="x4" type="hidden" name="proof" value="0"> |
| 105 | @ </form> |
| 106 | @ <script nonce='%s(style_nonce())'> |
| 107 | @ window.addEventListener('load',function(){ |
| 108 | @ function aaa(x){return document.getElementById(x);} |
| 109 | @ function bbb(h,a){\ |
| 110 | @ aaa("x4").value=h;\ |
| 111 | @ if((a%%75)==0){\ |
| 112 | @ aaa("x2").textContent=aaa("x2").textContent+".";\ |
| 113 | @ } |
| 114 | @ if(a>0){\ |
| 115 | @ setTimeout(bbb,1,h+a,a-1);\ |
| 116 | @ }else if(window.getComputedStyle(document.body).zIndex==='0'){\ |
| 117 | @ aaa("x3").style.visibility="visible";\ |
| 118 | @ aaa("x2").textContent="";\ |
| @@ -123,15 +123,22 @@ | |
| 123 | @ aaa("x7").style.visibility="visible";\ |
| 124 | @ aaa("x2").textContent="";\ |
| 125 | @ aaa("x3").style.display="none";\ |
| 126 | @ aaa("x1").textContent="Access Denied";\ |
| 127 | @ }\ |
| 128 | @ } |
| 129 | k = 400 + h2%299; |
| 130 | h2 = (k*k + k)/2; |
| 131 | @ setTimeout(function(){bbb(%u(h1-h2),%u(k));},10); |
| 132 | @ }, false); |
| 133 | @ </script> |
| 134 | style_finish_page(); |
| 135 | return 1; |
| 136 | } |
| 137 | |
| 138 |
| --- src/robot.c | |
| +++ src/robot.c | |
| @@ -38,11 +38,11 @@ | |
| 38 | ** Or, if valid proof-of-work is present as either a query parameter or |
| 39 | ** as a cookie, then return 0. |
| 40 | */ |
| 41 | static int robot_proofofwork(void){ |
| 42 | sqlite3_int64 tm; |
| 43 | unsigned h1, h2, p1, p2, p3, p4, p5, k2, k3; |
| 44 | int k; |
| 45 | const char *z; |
| 46 | const char *az[2]; |
| 47 | |
| 48 | /* Construct a proof-of-work value based on the IP address of the |
| @@ -97,22 +97,22 @@ | |
| 97 | style_header("Browser Verification"); |
| 98 | @ <h1 id="x1">Checking to see if you are a robot<span id="x2"></span></h1> |
| 99 | @ <form method="GET" id="x6"><p> |
| 100 | @ <span id="x3" style="visibility:hidden;">\ |
| 101 | @ Press <input type="submit" id="x5" value="Ok" focus> to continue</span> |
| 102 | @ <span id="x7" style="visibility:hidden;">You appear to be a robot.</span>\ |
| 103 | @ </p> |
| 104 | cgi_query_parameters_to_hidden(); |
| 105 | @ <input id="x4" type="hidden" name="proof" value="0"> |
| 106 | @ </form> |
| 107 | @ <script nonce='%s(style_nonce())'> |
| 108 | @ function aaa(x){return document.getElementById(x);}\ |
| 109 | @ function bbb(h,a){\ |
| 110 | @ aaa("x4").value=h;\ |
| 111 | @ if((a%%75)==0){\ |
| 112 | @ aaa("x2").textContent=aaa("x2").textContent+".";\ |
| 113 | @ }\ |
| 114 | @ if(a>0){\ |
| 115 | @ setTimeout(bbb,1,h+a,a-1);\ |
| 116 | @ }else if(window.getComputedStyle(document.body).zIndex==='0'){\ |
| 117 | @ aaa("x3").style.visibility="visible";\ |
| 118 | @ aaa("x2").textContent="";\ |
| @@ -123,15 +123,22 @@ | |
| 123 | @ aaa("x7").style.visibility="visible";\ |
| 124 | @ aaa("x2").textContent="";\ |
| 125 | @ aaa("x3").style.display="none";\ |
| 126 | @ aaa("x1").textContent="Access Denied";\ |
| 127 | @ }\ |
| 128 | @ }\ |
| 129 | k = 400 + h2%299; |
| 130 | k2 = (h2/299)%99 + 973; |
| 131 | k3 = (h2/(299*99))%99 + 811; |
| 132 | p1 = (k*k + k)/2; |
| 133 | p2 = h1-p1; |
| 134 | p3 = p2%k2; |
| 135 | p4 = (p2/k2)%k3; |
| 136 | p5 = p2/(k2*k3); |
| 137 | @ function ccc(a,b,c){return (a*%u(k3)+b)*%u(k2)+c;}\ |
| 138 | @ window.addEventListener('load',function(){\ |
| 139 | @ bbb(ccc(%u(p5),%u(p4),%u(p3)),%u(k));},false); |
| 140 | @ </script> |
| 141 | style_finish_page(); |
| 142 | return 1; |
| 143 | } |
| 144 | |
| 145 |