Javascript code obfuscation solution-Javascript online obfuscators-Javascript tutorial

Source: Internet
Author: User
Javsciript: a comprehensive solution to Javascript code obfuscation-Javascript online obfuscators and Javascript tutorials

Source: http://www.BizStruct.cn/JavascriptOnlineObfuscator'> javascriptOnlineObfuscator "> http://www.BizStruct.cn/JavascriptOnlineObfuscator

Avascript code obfuscation

Javascript is a script language for interpretation and execution. It is mainly used in browsers of clients in the Web field. Due to the characteristics of Javascript interpretation and execution, the Code must be downloaded to the client in plain text, debugging is easy, making it very difficult to protect Javascript code;

Different people have different opinions on the protection of Javascript code. Some people who work hard on the code can be easily obtained by competitors, and they hope to have a solution to protect Javascript code, however, the existing scheme may not meet their requirements. Many people think that the Javascript language is very simple, and Javascript code has no protection value. It may be that their code is indeed simple, or they don't know the powerful functions of the Javascript language. Some people think that they are all open-source now, and they also want to protect the code. Of course, open-source people are admirable, however, the open source requirements for others' Code are not reasonable.

To improve user experience, Web 2.0 technology has emerged. With the development of AJAX and rich interface technology, Javascript becomes increasingly important in Web applications, javascript code is becoming increasingly complex, functional, and technical, and the need for Javascript code protection is becoming increasingly urgent.

Javascript online obfuscators are designed to protect Javascript code and provide a new comprehensive solution, including encoding rules and free online obfuscators.

Difference between obfuscation and Encryption

Many people discuss the two together. In fact, there are some differences in the purpose of the two, and there are also great differences in the methods used. Encryption is mainly used to prevent unauthorized use. In this case, even if encryption is cracked, it can only be used illegally and may not necessarily obtain the code logic of the software. However, for scripts, the measure to prevent code access is also encrypted. In this case, the code is obtained after the encryption is cracked. obfuscation means that the Code cannot be obtained by others, measures taken to protect the logic of code from others' understanding; for obfuscation code, it is hard for others to understand and cannot be modified or re-applied;
For languages that generate machine code, such as the C language, you only need to consider unauthorized access and almost do not need to consider code protection. For compiled software, you can only disassemble the code into assembly language code, almost no code logic can be analyzed.
For languages that generate intermediate code, such as Java and C #, unauthorized access and code protection must be considered, it is easy to decompile into a more advanced language, so that you can understand the logic in the Code and easily crack encryption. After obfuscation, it is difficult to understand the logic of the Code and to find the encryption point.
For scripting languages, such as Javascript, it can only be obfuscated and difficult to encrypt. Because scripts exist in plain text and are easy to debug, tracing can easily crack the encryption for the above two purposes. However, the obfuscated code is difficult to understand the logic of the Code.

We only involve obfuscation of Javascript scripts, not encryption. For encryption of systems involving Javascript, we recommend that you not place encryption points in Javascript scripts, but in the compiling program on the server, because Compilation Program Encryption can adopt more protection methods, and the encryption strength is higher.

First, we need to analyze the characteristics of Javascript language and obfuscation, and the shortcomings of existing obfuscation products, and then propose our solution to obfuscation of Javascript code, the last is our Javascript online obfuscator. Javascript language and obfuscation-related features Javascript is a script language for interpretation and execution. Compared with compilation languages, Javascript has many characteristics, some of these features bring great difficulties to code obfuscation.

You cannot define whether the attributes and method names of a class need to be confused.

Javascript is a prototype-based language without strict Type Definitions. In a custom class, the attributes and methods that require external access cannot be confused. For internal access attributes and methods, obfuscation is required. However, the Javascript language itself, attributes and methods cannot be distinguished in this way. For this reason, we need to find a flexible mechanism to identify whether the names of attributes and methods need to be confused.

A large number of core and client methods and attributes defined by the system cannot be confused.

The Javascript language itself defines a large number of core classes, methods, and attributes; the browser also defines a large number of client classes, methods, and attributes; these classes, methods, and attributes cannot be confused. However, these classes, methods, and attributes are too large to be confused by enumeration; therefore, we need to find a way to identify these classes, attributes, and methods.

Cannot define whether global variables need to be confused

Global variables are the properties of window objects, and local variables are the properties of function objects. All local variables can be confused with those that should be, while some global variables need to be confused and some cannot be confused; however, global variables are the same as local variables and are difficult to distinguish. Moreover, global variables cannot define whether they need to be confused. To solve this problem, we need to find a way to distinguish between global variables that cannot be confused, global variables that need to be confused, and local variables.

These features of the Javascript language bring great difficulties to code obfuscation. If these problems are not solved, obfuscation of Javascript Code lacks practical value.

 

Existing Javascript obfuscation product problems

When we need to confuse the Javascipt code, we first examine the existing products on the market and the obfuscation ideas in some forums, but these products and ideas cannot meet our requirements.

There is a commercialized Javascript obfuscation product that uses a obfuscation similar to a C # obfuscation tool to analyze all the identifiers in the Code and does not confuse some preset identifiers of the system, obfuscation of others and the user selection and configuration of identifiers are also provided. Many features of this product are complicated, but there is a big problem, that is, the preset identifiers are limited, many system-defined attributes and methods used in the Code are confused. Therefore, you need to manually configure these attributes and methods to avoid confusion, this is almost an impossible task for large systems.

Obfuscation ideas are also discussed in some forums, including some examples. These ideas are more about changing the expression of identifiers, and some are about replacing attributes with correlated arrays of encoded strings, for example. dd is replaced with xx ["\ x64 \ x64"]. More complicated is to save "\ x64 \ x64" to a string array, and then call the string array as the subscript of the associated array; this approach can avoid the above problems, but there is a bigger problem: obfuscation is reversible, and obfuscation identifiers are only converted into hexadecimal forms, it can be easily restored.

Because of the shortcomings of existing products, we had to study our own solutions. Our solution has also gone through several versions. The first version was much more complicated and took a lot of work, but the results were not satisfactory. The existing solution was found only after several modifications; although a lot of work has been done at the end, there will be no subsequent results without the previous work. Even if you may think that our solution is simple, it is only the result of our efforts, not the process. Simple things are often effective.


Javascript code obfuscation Solution

Through the analysis of Javascript features and related obfuscation products, we realized that it is not enough to work on obfuscators; because the Javascript language itself imposes great restrictions on obfuscation functions, it cannot be solved. For this reason, we have designed a comprehensive solution, that is, Javascript online obfuscators rules. Javascript online obfuscators can be used for obfuscation as long as they are written in accordance with the Rules.

The rules of the Javascript online obfuscators are not complex, but they can solve the problems encountered by the features of the Javascript language and other obfuscators.

Rule 1: all classes, variables, and functions restricted by windows are not obfuscated. Other classes, variables, and functions are obfuscated.

Global classes, variables, and functions are the properties of windows. They are logically the same from the perspective of window. However, we can use the window constraints to distinguish whether global classes, variables, and functions need to be confused.

[1] [2] Next page

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.