Learn more about javascript obfuscation ! Sometimes, the minification is not enough.
Obfuscate your javascript code here
Sometimes, the minification of a script doesn't seems to satisfy our expectations. We want something more discreet and unreadable , for our luck exist the Javascript Obfuscation, for example :
Turn this :
var MyUnreadableSecretObject = {};
MyUnreadableSecretObject.sayWelcome = function[]{
console.log["Say hello"];
};
MyUnreadableSecretObject.anotherFunction = function[]{
alert["Hola"];
};Into this :
// Try this obfuscated code in your browser
var _0x44d8=["\x73\x61\x79\x57\x65\x6C\x63\x6F\x6D\x65","\x53\x61\x79\x20\x68\x65\x6C\x6C\x6F","\x6C\x6F\x67","\x61\x6E\x6F\x74\x68\x65\x72\x46\x75\x6E\x63\x74\x69\x6F\x6E","\x48\x6F\x6C\x61"];var MyUnreadableSecretObject={};MyUnreadableSecretObject[_0x44d8[0]]=function[]{console[_0x44d8[2]][_0x44d8[1]]};MyUnreadableSecretObject[_0x44d8[3]]=function[]{alert[_0x44d8[4]]};What Is Javascript Obfuscator?
Javascript Obfuscator converts the JavaScript source code into obfuscated and completely unreadable form, preventing it from analysing and theft. It's a 100% safe JavaScript minifier and the best JavaScript compressor.
It's free online ! However exist a paid version too, try by yourself and obfuscate your javascript now !
Remember that you can increase the unreadability creating a library and wrapping everything in anonymous functions in order to hide the most of them in the console and exposing just 1 variable.
You can also minify your code first and then use the obfuscator.
Obfuscate your javascript code here
As I need to minify my javascript source code, I'm looking for a javascript program whose minify itself any javascript code.
Why a javascript minifier ? Because, i'm writing some randomized javascript code from the web server to the client.
I should use "node.js" on the web server to execute a javascript program which generates a javascript code and minifying it on the fly and send it to the client.
This javascript program is a : encryption and decryption program. The javascript code result for the client should contains a javascript function which decrypt each portion of a json or hexadecimal version of an encrypted data. The function executes some plus, minus and multiplications of integers. Sometimes, I can generate a condition [if,then and else] to compute two different operations. This function is used to decrypt two or more parameters inputs.
That's the randomized function : each time the client requests some private data, the web server generates two different javascript functions : one for encryption and one another for decryption. The decryption function is sent to the client. The encryption function is used by the web server to encrypt and send private data to the client. It's make a sense for obfuscation : each time the process is running, each time the sending function is totally different.
And, to convince the encryption/decryption is very secured, I add for the client, a tabular values conversion of two or more parameters ; but, the tabular values are generated, in fact, by a function written for the web server only and contains some numeric constants, which are NEVER send to the client. Thus, any one whose want to decrypt must have the constants value.
I'm explained that process because :
you are taken some things about obfuscation in javascript source code; but, obfuscation in javascript is not yet implemented by web server and browsers...maybe, it could happen...but, what kind of solutions is useful with the help of "SSL-ize" all transmission over the internet.
It's possible to crypt and decrypt with encryption/decryption functions which can be readable. And, without the cost of SSL certificates. Even, "a man in the middle" would decrypt the encrypted data ; for that, he just has to execute the javascript function. Ok..but imagine that the javascript decryption function is also encypted...then, the "man in the middle" has to execute the decryption function and then decrypt again the decrypted content which are javascript function to decrypt the encrypted data.
And, imagine if the web server asks a question to the client and the unique answer is handled by the client's result computation [whose not sent through Internet] ... it's impossible to "the man in the middle" to have the answer.
Check out my idea; i'm waiting for comments from any one.
Why would I want to obfuscate my JavaScript code?
There are numerous reasons why it's a good idea to protect your code, such as:
- Prevent anyone from simply copy/pasting your work. This is specially important on 100% client side projects, such as HTML5 games;
- Removal of comments and whitespace that aren't needed. Making it faster to load and harder to understand;
- Protection of work that hasn't been paid for yet. You can show your work to the client knowing that they won't have the source code until the invoice has been paid.
Is this obfuscator absolutely foolproof?
No, while it's impossible to recover the exact original source code, someone with the time, knowledge and patience can reverse-engineer it.
Since the JavaScript runs on the browser, the browser's JavaScript engine must be able to read and interpret it, so there's no way to prevent that. And any tool that promises that is not being honest.
Why is my obfuscated code larger than my original source?
Because the obfuscator introduces new pieces of code that are meant to protect and defend against debugging and reverse-engineering. Also strings are converted to \xAB hexadecimal code to make things a little bit harder to understand. You don't have to worry too much about code size because there is a lot of repetition, so the obfuscated code will be compressed extremely well by your webserver [if you have GZIP compression enabled on
your server, which most do nowadays].
Can I run a minifier such as UglifyJS or Google Closure Compiler on the obfuscated output?
No, it's not recommended and in some cases it'll break the code [such as if you enable self-defending]. You can run your code through a minifier before to make sure that it removes dead code and do other optimizations, though.
Do you store my source code?
No. The source is processed by our application server, then to the obfuscator and back to the browser, so it only stays on our server memory for a brief period of time [usually milliseconds].
Can I recover the original source code from the obfuscated one?
No, it's impossible to revert the obfuscated code back to your original code, so keep the original safe.
Does this tool works with Node.js source code?
Yes.
I want to run the obfuscator on my own server/machine. Is it possible?
Sure. This tool uses a free and open source [BSD-2-Clause licensed] obfuscator written in TypeScript. You can go to its GitHub page and read more there.
There are also a number of plugins, such as: webpack-obfuscator, gulp-javascript-obfuscator and grunt-contrib-obfuscator.
Also, this web app is open-source as well. Check out our GitHub.
What are other similar tools?
If you're interested in just uglyfing and compressing your code, I suggest JSCompress.com.
[Bitcoin] bc1q203p8nyrstwm7vwzjg3h9l9t6y9ka0umw0rx96