Code Obfuscation: Why, How & When...

本文介绍了代码混淆技术,如何通过改变变量名和函数名、添加冗余代码来使逆向工程师难以解析源代码。与代码美化不同,混淆后的代码难以恢复原貌。在商业应用中,通过提前混淆代码可以防止未经授权的发布和知识产权被盗用。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

With huge number of available code decompilers out there on the internet, it is becoming more important day by day to hide our source code, so that any reverse engineer cannot decompile it.

Interpreted languages like Python & JavaScript have made obfuscation more necessary to protect the source code. Even though you package your app as an executable, you source code can still be viewed from the memory.

What is Code Obfuscation?

Code Obfuscation is the technology for making lives of reverse engineers hard so as to keep our source code safe.

It's similiar to the Oxford provided defination for obfuscation the action of making something obscure, unclear, or unintelligible.

Code Obfuscation is the process of converting the actual source code to a unreadable and un-understandable code.

Here's a Javascript Obfuscated Code Example

Real Source Code

function NewObject(prefix)
{
    var count=0;
    this.SayHello=function(msg)
    {
            count++;
            alert(prefix+msg);
    }
    this.GetCount=function()
    {
            return count;
    }
}
var obj=new NewObject("Message : ");
obj.SayHello("You are welcome.");

Obfuscated Code

function _0xeca37b(prefix){var _0x="2|0|4|1|3".split("|"),_0x9ea8dc=0;while(!![]){switch(+_0x[_0x9ea8dc++]){case 0:var _0x1ee67g=function(s,h){return s^h;}(625455,625455);continue;case 1:this['\x53\x61\x79\x48\x65\x6c\x6c\x6f']=function(msg){var _0x0g9ab="1|0".split("|"),_0x2=0;while(!![]){switch(+_0x0g9ab[_0x2++]){case 0:alert(prefix+msg);continue;case 1:_0x1ee67g++;continue;}break;}};continue;case 2:var _0x5ffb=function(s,h){return s+h;}(251253^251249,985180^985178);continue;case 3:this['\x47\x65\x74\x43\x6f\x75\x6e\x74']=function(){return _0x1ee67g;};continue;case 4:_0x5ffb=function(){return 960658^960662;}();continue;}break;}}var _0x29e1b=new _0xeca37b(" : egasseM"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));_0x29e1b['\x53\x61\x79\x48\x65\x6c\x6c\x6f'](".emoclew era uoY"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));

How does Code Obfuscation work?
As you can see, in the obfuscated code, the variable names have been changed, function name changed into random hex.

Also, unnecessary variables and loops have been added so that no reverse engineer can understand it.

I would also recommend you to experiment with it yourself, here is the link to the online JS Obfuscator which I used in the above example:https://js-obfuscator.com

How is Code Obfuscation different from Code Uglifying

Code Uglifying is very different from Code Obfuscation. Code Uglification only removes excess space characters and tab characters, the uglified code can be easily brought back to it's earlier state using Beautifier use as Prettier for VS Code.

Why obfuscate your code?

Let's say you and your team is working hard on a new commercial application for your company. The application is obviously paid $. You released the first public version (v1.0.0).

Now, after 2 days you get to know that your app is available as a free download on a 3rd party torrent website. You would be too sad after hearing this news.

Your months and years of hard work was stolen!!

This situation could be prevented.
How?

If you had obfuscated your Source Code before compiling it and releasing.

### 配置 ProGuard 对 iTextPDF 进行混淆加固 对于 `com.itextpdf:itextpdf:5.5.13.4` 库进行 ProGuard 混淆加固,需要特别注意该库内部依赖关系以及对外暴露 API 的保护。以下是具体方法: #### 1. 添加必要的保持规则 为了确保 iTextPDF 功能正常运行,在 ProGuard 文件中加入如下规则来保留特定类及其成员不被混淆或移除。 ```proguard # Keep all public classes and methods that are part of the itextpdf library's API. -keep class com.itextpdf.** { *; } # Prevent obfuscation but allow shrinking for non-public members within these packages. -dontobfuscate -shrink ``` 这些设置可以防止关键组件因过度优化而失效[^1]。 #### 2. 处理资源文件路径 如果项目中有自定义字体或其他静态资源位于特殊目录下,则需通过 `-injars` 参数指定输入 JAR 包位置,并适当调整 Maven 插件配置项以适应实际环境需求。 ```xml <plugin> <groupId>com.github.wvengen</groupId> <artifactId>proguard-maven-plugin</artifactId> <!-- ... --> <configuration> <options> <option>-injars ${project.basedir}/libs/itextpdf.jar(!META-INF/MANIFEST.MF)</option> </options> </configuration> </plugin> ``` 此部分解决了类似 `<injar>${project.build.finalName}/WEB-INF/classes/</injar>` 所引发的问题[^4]。 #### 3. 调整日志级别与调试信息 为了避免不必要的警告干扰构建过程,建议降低 ProGuard 日志输出等级并关闭无关紧要的日志记录功能。 ```proguard -verysilent -dontnote ** # Suppress notes about missing classes or fields which may be used via reflection only at runtime. -printusage build/logs/proguard/seeds.txt -printmapping build/logs/proguard/mapping.txt ``` 以上措施有助于减少潜在冲突并提高处理效率[^2]。 #### 4. 测试验证 完成上述修改后,务必进行全面测试以确认应用行为未受影响。特别是针对 PDF 文档创建、编辑等功能模块执行单元测试案例集,确保其能够按预期工作。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值