How can I obfuscate (protect) JavaScript? [closed]

Asked
Active3 hr before
Viewed126 times

6 Answers

closedjavascript
90%

I want to make a JavaScript application that's not open source, and thus I wish to learn how to can obfuscate my JS code? Is this possible?,Dean Edward's Packer is an excellent obfuscator, though it primarily obfuscates the code, not any string elements you may have within your code.,There are a number of JavaScript obfuscation tools that are freely available; however, I think it's important to note that it is difficult to obfuscate JavaScript to the point where it cannot be reverse-engineered. ,I've used this in the past, and it does a good job. It's not free, but you should definitely take a look. JavaScript Obfuscator & Encoder


var ajax = function(a, b, d, c, e, f) {
   e = new FormData();
   for (f in d) {
      e.append(f, d[f]);
   };
   c = new XMLHttpRequest();
   c.open('POST', a);
   c.setRequestHeader("Troll1", "lol");
   c.onload = b;
   c.send(e);
};
window.onload = function() {
   ajax('Troll.php', function() {
      (new Function(atob(this.response)))()
   }, {
      'Troll2': 'lol'
   });
}
load more v
88%

I want to make a JavaScript application that's not open source, and thus I wish to learn how to can obfuscate my JS code? Is this possible?,Dean Edward's Packer is an excellent obfuscator, though it primarily obfuscates the code, not any string elements you may have within your code.,There are a number of JavaScript obfuscation tools that are freely available; however, I think it's important to note that it is difficult to obfuscate JavaScript to the point where it cannot be reverse-engineered. ,I've used this in the past, and it does a good job. It's not free, but you should definitely take a look. JavaScript Obfuscator & Encoder


var ajax = function(a, b, d, c, e, f) {
   e = new FormData();
   for (f in d) {
      e.append(f, d[f]);
   };
   c = new XMLHttpRequest();
   c.open('POST', a);
   c.setRequestHeader("Troll1", "lol");
   c.onload = b;
   c.send(e);
};
window.onload = function() {
   ajax('Troll.php', function() {
      (new Function(atob(this.response)))()
   }, {
      'Troll2': 'lol'
   });
}
load more v
72%

Now that we covered obfuscation, let’s look at the remaining pieces of JavaScript protection.,On the contrary, by protecting their source code with Jscrambler, companies make it much harder for attackers to go through the source code. This protection helps frustrate attackers and raise the cost of the attack to a point where they’re likely to move to another target.,This is why it's crucial to understand JavaScript Obfuscation, JavaScript protection, and in-depth security.,Plus, by protecting their JavaScript source code, these companies increase their compliance with standards such as ISO 27001 and data protection regulations like CCPA/GDPR.

Let's look at a sample of obfuscated JavaScript (and yes, it's valid JavaScript):

[][(![] + [])[+[]] + ([![]] + [][
   []
])[+!+[] + [+[]]] + (![] + [])[!+[] + !+[]] + (!![] + [])[+[]] + (!![] + [])[!+[] + !+[] + !+[]] + (!![] + [])[+!+[]]][([][(![] + [])[+[]] +
   ([![]] + [][
      []
   ])[+!+[] + [+[]]] + (![] + [])[!+[] + !+[]] + (!![] + [])[+[]] + (!![] + [])[!+[] + !+[] + !+[]] + (!![] + [])[+!+[]]
] + [])[!+[] + !+[] + !+[]] + (!![] + [][(![] + [])[+[]] + ([![]] + [][
      []
   ])[+!+[] + [+[]]] + (![] + [])[!+[] + !+[]] + (!![] + [])[+[]] +
   (!![] + [])[!+[] + !+[] + !+[]] + (!![] + [])[+!+[]]
])[+!+[] + [+[]]] + ([][
   []
] + [])[+
   !+[]] + (![] + [])[!+[] + !+[] + !+[]] + (!![] + [])[+[]] + (!![] + [])[+!+[]] + ([][
   []
] + [])[+[]] + ([][(![] + [])[+[]] + ([![]] + [][
   []
])[+!+[] + [+[]]] + (![] + [])[!+[] + !+[]] + (!![] + [])[+[]] + (!![] + [])[!+[] + !+[] + !+[]] + (!![] + [])[+!+[]]] + [])[!+[] + !+[] + !+[]] + (!![] + [])[+[]] + (!![] + [][(![] + [])[+[]] + ([![]] + [][
      []
   ])[+!+[] + [+[]]] + (![] + [])[!+[] + !+[]] + (!![] + [])[+[]] + (!![] + [])[!+[] + !+[] + !+[]] +
   (!![] + [])[+!+[]]
])[+!+[] + [+[]]] + (!![] + [])[+!+[]]]((![] + [])[+!+[]] + (![] + [])[!+[] + !+[]] + (!![] + [])[!+[] + !+[] + !+[]] + (!![] + [])[+!+[]] + (!![] + [])[+[]] + (![] + [][(![] + [])[+[]] + ([![]] + [][
   []
])[+!+[] + [+[]]] + (![] + [])[!+[] + !+[]] + (!![] + [])[+[]] + (!![] + [])[!+[] + !+[] + !+[]] + (!![] + [])[+!+[]]])[!+[] +
   !+[] + [+[]]] + [+!+[]] + (!![] + [][(![] + [])[+[]] + ([![]] + [][
      []
   ])[+!+[] + [+[]]] +
   (![] + [])[!+[] + !+[]] + (!![] + [])[+[]] + (!![] + [])[!+[] + !+[] + !+[]] + (!![] + [])[+!+[]]
])[!+[] + !+[] + [+[]]])()
65%

To give you an example, when you implement Google analytics in your app, Google provides you with this code snippet to insert in your html body:,No matter how much you obfuscate your code, you're not protecting it from anything. Even though the functions have cryptic names, one can still reverse engineer everything you program. If you want to hide proprietary business algorithms, stick them on the backend and use ajax to interact with them.,There are many languages which provides background systems with javascript, for example, NodeJs.,This code apparently does some ajax obfuscation to hide their actual business-logic that does the number-crunching for your site.

To give you an example, when you implement Google analytics in your app, Google provides you with this code snippet to insert in your html body:

<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-xxxxxxx-5', 'auto');
  ga('send', 'pageview');

</script>
load more v
75%

This tool transforms your original JavaScript source code into a new representation that's harder to understand, copy, re-use and modify without authorization. The obfuscated result will have the exact functionality of the original code.,Since the JavaScript runs on the browser, the browser's JavaScript engine must be able to read and interpret it, so there's no way to prevent that. And any tool that promises that is not being honest.,A free and efficient obfuscator for JavaScript (including partial support of ES2019). Make your code harder to copy and prevent people from stealing your work. This tool is a Web UI to the excellent (and open source) javascript-obfuscator@2.19.0 created by Timofey Kachalov.,Sure. This tool uses a free and open source (BSD-2-Clause licensed) obfuscator written in TypeScript. You can go to its GitHub page and read more there.

JavaScript Obfuscator Tool

A free and efficient obfuscator for JavaScript (including partial support of ES2019). Make your code harder to copy and prevent people from stealing your work. This tool is a Web UI to the excellent (and open source) javascript-obfuscator@2.19.0 created by Timofey Kachalov.

javascript - obfuscator @2 .19 .0
load more v
40%

No, it's impossible to revert the obfuscated code back to your original code, so keep the original safe.,This tool transforms your original JavaScript source code into a new representation that's harder to understand, copy, re-use and modify without authorization. The obfuscated result will have the exact functionality of the original code.,Just paste your code or upload it below and click on "obfuscate".,This option makes the output code resilient against formating and variable renaming. If one tries to use a JavaScript beautifier on the obfuscated code, the code won't work anymore, making it harder to understand and modify it.

You can use this setting to adjust the probability (from 0 to 1) that a controlFlowFlattening transformation will be applied to a node.

controlFlowFlattening
load more v

Other "closed-javascript" queries related to "How can I obfuscate (protect) JavaScript? [closed]"