I'd like to know how to protect a commercial app built with Electron.
I'm not talking about the source code. At least for my specific scenario, I believe the minified bundle generated by Webpack is secure enough (except for the security part). I'm talking about preventing non-paying users to actually access the application.
Here's what I thought of:
In the website, the user can generate an activation code. The activation code is simply the Base64 of the user's e-mail address plus a digital signature. The app contains the signature public key so it can verify the activation code. This seems secure enough for me except that someone can hack the bundle to start returning true every time. I can't think of a way to bypass this.
So, is there a better way to protect a commercial app built with Electron?
If I don't find a better way, I'm probably going with what I described and live with the risk.
While Electron can obfuscate code, performance is reduced. The V8 JavaScript engine as not designed to hide source code, an application will need to be written in C++ and make a native Node module to protect source code.
"Electron for Mobile"Web Developers can use the standard HTML, CSS, and JavaScript they use for web apps, including any popular libraries like React/Angular/Vue, Tailwind, or Material UI, and turn those apps into powerful desktop apps.
If you see an app. asar file, or something similar with the . asar suffix, it is most likely an Electron App. Windows: Open up the program files directory of the application you are wondering about, and check the file folder for any file with .
I believe this topic has nothing to do with the app being built with electron as almost all apps can be reverse-engineered. It's only easier for apps built with javascript but still it's always possible with other apps.
What you might want to do is make some of the functionality depend on some parts not included in the app code. Like a feature not bundled with the app but rather has to be downloaded from a server upon activation. This would be a good advantage for having a js app as it's easier to inject new scripts.
You can use the JS library "bytenode". This library and it's command line allows you to convert your JS files into V8 bytecode binary files.
https://www.npmjs.com/package/bytenode https://github.com/OsamaAbbas/bytenode
Here is how it works:
1.you install bytenode 1/locally and 2/globally.
npm i bytenode -g && npm i bytenode
2.you convert (compile) your JS into JSC binary file using the global bytenode command line.
bytenode -c test.js
3.you must call the local bytenode module thanks to require and then you call your .jsc binary files in which you have your JS file:
const bytenode = require('bytenode');
bytenode.runBytecodeFile('/path/to/test.jsc');
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With