One trick to crack the JavaScript code after Obfuscation

Javascript is not very powerful. How can it be cracked!This article teaches you not only about cracking solutions, but also about source code protection!

I. Principle:

Javascript is an explanatory language with no suspense. It relies heavily on the browser. Regardless of JavaScript obfuscation, the browser will eventually know the most authentic code. Some people have raised questions about obfuscation methods. If you know the obfuscation methods and develop anti-obfuscation algorithms? If you think so, you are in a quagmire. Why not try another way? First, obfuscation is necessary as a mature JavaScript product. However, he must provide the browser with an anti-obfuscation algorithm because the user needs to run it. The word "run" gives me unlimited opportunities. I don't need to know the anti-obfuscation algorithm. I only need to know an interface. With the help of ie9-> F12, everything is quite simple, because the browser kernel has something I desperately want. A friend asked me a question. After obfuscation, I will not give you an interface or a browser anti-obfuscation algorithm. The answer I always give is: all the code that cannot run is useless, and I am too lazy to crack it.

Ii. solution:

When you need to learn the source code of a javascript product, but are relentlessly confused, you may feel bad. Therefore, you can only get examples from the official website and learn more. What? Example? That's easy. Isn't that the interface I want? First, remember that as long as the JS source code contains throw, we have achieved a huge success. First, find this interface. Well, all parameters are normal. Normal? It's not what we want. What we really want to do is to let the source code throw an exception and let the eval code restore the most authentic code. I intentionally modified an incorrect parameter and passed it in. Well, the source code is already in front of me.

Iii. source code protection solution:

① Before obfuscation, make the variables and method names unreadable:

The trick is an absolute trick. When someone else cracks your code, you may lose your life at a glance. However, there is another trouble in doing this, that is, the APIS provided by your external developers must be meaningful. Otherwise, no one can understand them. The ing work during this period is also very complicated.

② Browser Vendor cooperation:

The real implementation of JavaScript source code protection is not an option for non-browser vendors. It is unrealistic to attempt to use JavaScript to implement full source code protection.

③ Eliminate the existence of throw in the source code

If you use jquery or extjs, throw the class library as much as possible to prevent the browser from throwing exceptions from the source code file.