Code Obfuscation: Why, How & When...

最新推荐文章于 2024-10-18 10:56:08 发布

w2sfot

最新推荐文章于 2024-10-18 10:56:08 发布

阅读量1k

点赞数 22

CC 4.0 BY-SA版权

分类专栏： JavaScript前端编程文章标签： javascript obfuscator obfuscation

本文链接：https://blog.youkuaiyun.com/w2sft/article/details/137719830

JavaScript前端编程专栏收录该内容

110 篇文章

订阅专栏

本文介绍了代码混淆技术，如何通过改变变量名和函数名、添加冗余代码来使逆向工程师难以解析源代码。与代码美化不同，混淆后的代码难以恢复原貌。在商业应用中，通过提前混淆代码可以防止未经授权的发布和知识产权被盗用。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

With huge number of available code decompilers out there on the internet, it is becoming more important day by day to hide our source code, so that any reverse engineer cannot decompile it.

Interpreted languages like Python & JavaScript have made obfuscation more necessary to protect the source code. Even though you package your app as an executable, you source code can still be viewed from the memory.

What is Code Obfuscation?

Code Obfuscation is the technology for making lives of reverse engineers hard so as to keep our source code safe.

It's similiar to the Oxford provided defination for obfuscation the action of making something obscure, unclear, or unintelligible.

Code Obfuscation is the process of converting the actual source code to a unreadable and un-understandable code.

Here's a Javascript Obfuscated Code Example

Real Source Code

function NewObject(prefix)
{
    var count=0;
    this.SayHello=function(msg)
    {
            count++;
            alert(prefix+msg);
    }
    this.GetCount=function()
    {
            return count;
    }
}
var obj=new NewObject("Message : ");
obj.SayHello("You are welcome.");

Obfuscated Code

function _0xeca37b(prefix){var _0x="2|0|4|1|3".split("|"),_0x9ea8dc=0;while(!![]){switch(+_0x[_0x9ea8dc++]){case 0:var _0x1ee67g=function(s,h){return s^h;}(625455,625455);continue;case 1:this['\x53\x61\x79\x48\x65\x6c\x6c\x6f']=function(msg){var _0x0g9ab="1|0".split("|"),_0x2=0;while(!![]){switch(+_0x0g9ab[_0x2++]){case 0:alert(prefix+msg);continue;case 1:_0x1ee67g++;continue;}break;}};continue;case 2:var _0x5ffb=function(s,h){return s+h;}(251253^251249,985180^985178);continue;case 3:this['\x47\x65\x74\x43\x6f\x75\x6e\x74']=function(){return _0x1ee67g;};continue;case 4:_0x5ffb=function(){return 960658^960662;}();continue;}break;}}var _0x29e1b=new _0xeca37b(" : egasseM"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));_0x29e1b['\x53\x61\x79\x48\x65\x6c\x6c\x6f'](".emoclew era uoY"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));

How does Code Obfuscation work?
As you can see, in the obfuscated code, the variable names have been changed, function name changed into random hex.

Also, unnecessary variables and loops have been added so that no reverse engineer can understand it.

I would also recommend you to experiment with it yourself, here is the link to the online JS Obfuscator which I used in the above example:https://js-obfuscator.com

How is Code Obfuscation different from Code Uglifying

Code Uglifying is very different from Code Obfuscation. Code Uglification only removes excess space characters and tab characters, the uglified code can be easily brought back to it's earlier state using Beautifier use as Prettier for VS Code.

Why obfuscate your code?

Let's say you and your team is working hard on a new commercial application for your company. The application is obviously paid $. You released the first public version (v1.0.0).

Now, after 2 days you get to know that your app is available as a free download on a 3rd party torrent website. You would be too sad after hearing this news.

Your months and years of hard work was stolen!!

This situation could be prevented.
How?

If you had obfuscated your Source Code before compiling it and releasing.