Code Obfuscation: Why, How & When...

With huge number of available code decompilers out there on the internet, it is becoming more important day by day to hide our source code, so that any reverse engineer cannot decompile it.

Interpreted languages like Python & JavaScript have made obfuscation more necessary to protect the source code. Even though you package your app as an executable, you source code can still be viewed from the memory.

What is Code Obfuscation?

Code Obfuscation is the technology for making lives of reverse engineers hard so as to keep our source code safe.

It's similiar to the Oxford provided defination for obfuscation the action of making something obscure, unclear, or unintelligible.

Code Obfuscation is the process of converting the actual source code to a unreadable and un-understandable code.

Here's a Javascript Obfuscated Code Example

Real Source Code

function NewObject(prefix)
{
    var count=0;
    this.SayHello=function(msg)
    {
            count++;
            alert(prefix+msg);
    }
    this.GetCount=function()
    {
            return count;
    }
}
var obj=new NewObject("Message : ");
obj.SayHello("You are welcome.");

Obfuscated Code

function _0xeca37b(prefix){var _0x="2|0|4|1|3".split("|"),_0x9ea8dc=0;while(!![]){switch(+_0x[_0x9ea8dc++]){case 0:var _0x1ee67g=function(s,h){return s^h;}(625455,625455);continue;case 1:this['\x53\x61\x79\x48\x65\x6c\x6c\x6f']=function(msg){var _0x0g9ab="1|0".split("|"),_0x2=0;while(!![]){switch(+_0x0g9ab[_0x2++]){case 0:alert(prefix+msg);continue;case 1:_0x1ee67g++;continue;}break;}};continue;case 2:var _0x5ffb=function(s,h){return s+h;}(251253^251249,985180^985178);continue;case 3:this['\x47\x65\x74\x43\x6f\x75\x6e\x74']=function(){return _0x1ee67g;};continue;case 4:_0x5ffb=function(){return 960658^960662;}();continue;}break;}}var _0x29e1b=new _0xeca37b(" : egasseM"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));_0x29e1b['\x53\x61\x79\x48\x65\x6c\x6c\x6f'](".emoclew era uoY"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));

How does Code Obfuscation work?
As you can see, in the obfuscated code, the variable names have been changed, function name changed into random hex.

Also, unnecessary variables and loops have been added so that no reverse engineer can understand it.

I would also recommend you to experiment with it yourself, here is the link to the online JS Obfuscator which I used in the above example:https://js-obfuscator.com

How is Code Obfuscation different from Code Uglifying

Code Uglifying is very different from Code Obfuscation. Code Uglification only removes excess space characters and tab characters, the uglified code can be easily brought back to it's earlier state using Beautifier use as Prettier for VS Code.

Why obfuscate your code?

Let's say you and your team is working hard on a new commercial application for your company. The application is obviously paid $. You released the first public version (v1.0.0).

Now, after 2 days you get to know that your app is available as a free download on a 3rd party torrent website. You would be too sad after hearing this news.

Your months and years of hard work was stolen!!

This situation could be prevented.
How?

If you had obfuscated your Source Code before compiling it and releasing.