Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Hardest-To-Reverse JavaScript obfuscator [duplicate]

Tags:

javascript

I am looking for the currently hardest-to-reverse JavaScript obfuscator. Bonus points if it can be run on one's own server. Performance hit and code bloat are fine.

like image 637
cmc Avatar asked Jul 14 '11 17:07

cmc

People also ask

Is obfuscated JavaScript slower?

It is not recommended to obfuscate vendor scripts and polyfills, since the obfuscated code is 15-80% slower (depends on options) and the files are significantly larger.

Can obfuscation be reversed?

Deobfuscation techniques can be used to reverse engineer -- or undo -- obfuscation. These techniques include program slicing, which involves narrowing the program code to just the relevant statements at a particular point in the program.

Is it possible to Deobfuscate JS?

Press F12 to open Developer Tools inside Chrome. Now switch to the Scripts tab, right-click and choose De-obfuscate source. That's it! Alternatively, go to jsbeautifier.org and copy-paste the cryptic JavaScript /HTML code that you are trying to understand.

Is there a good obfuscator for any source code?

Although obfuscation can make reading and reverse-engineering a program difficult and time-consuming, it doesn't make it impossible. It's important to keep in mind that while code obfuscation does a good job of obscuring source code, there's no obfuscator that guarantees maximum security.

3 Answers

Write it in Java, then run the bytecode in JavaScript with an obfuscated orto. That'll require two layers of decompilation in order to make any sense of it.

like image 165
tadman Avatar answered Sep 28 '22 21:09

tadman

I'd be curious as to why you want to do this. Obfuscation offers no real protection. If you have something to protect, move it to the server-side, otherwise, why bother. If you're doing as you should and minifying/combining your JS that should be more than enough to scare away anyone not serious about knowing what your code is doing, and has performance benefits to boot. If they are serious, obfuscation isn't going to help you.

like image 45
aepheus Avatar answered Sep 28 '22 22:09

aepheus

The JavaScript Code Encrypter And Obfuscator looked nice, until I actually tried to attack it. Took me about two minutes. The trivial solution:

for (i in window) { console.log(window[i]) }

That churned out a bunch of gibberish, but also the original code neatly boinked into one variable.

Note to self: Never, ever, ever, ever use anything you don't fully understand when it comes to security.

like image 40
cmc Avatar answered Sep 28 '22 23:09

cmc
Sign in to Comment

Related questions

What is the best auto-suggest search algorithm for javascript
animated 'show' without jQuery
How to use Mustache.js if the JSON object is in a nested array?
Will jQuery ever return a CSS measurement in something other than px?
iPad - cannot scroll inside frame
If element exist then check?
JavaScript/JSON: Get unknown property of an object
Making and handling JSONP request using JavaScript
JS - iframe height with 100% and no scroll (Scroll-y in body)
Prototype inheritance. obj->C->B->A, but obj.constructor is A. Why?
how do i create a prompt in javascript with 3 checkboxes/radio buttons as choices?
How to know when a user scrolls past a <div>?
Animating item size in Isotope: Why is first item wonky?
Creating Bookmarklet: Append current URL with specific string
Make DIV fixed inside a scrollable DIV
backbone.js view inheritance. `this` resolution in parent
Javascript alert messages in infinite loop
Javascript pathname referrer
Line-oriented streams in Node.js
jQuerymobile - Blocks & Splitscreen for iPad

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!