Creating an Obfuscator for Javascript filesUddhav NavneethBlockedUnblockFollowFollowingJun 13ob·fus·cateComing to software development, obfuscation is the deliberate act of creating source or machine code that is difficult for humans to understand.
Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even as a puzzle or recreational challenge for someone reading the source code.
This can be done manually or by using an automated tool, the latter being the preferred technique in industry.
— source ‘wikipedia’.
Let us create one such tool, which can later be automated, for javascript.
We will be using an npm package called ‘javascript-obfuscator’.
This does all the difficult work for us, which is obfuscating it.
An example of the obfuscation can be viewed at this site(this also uses the same package):JavaScript Obfuscator ToolJavaScript Obfuscator is a free online tool that obfuscates your source code, preventing it from being stolen and used…obfuscator.
ioAn example of this would be:After Obfuscating it it becomes:When you run both the things in an environment with nodejs you will get the same output.
So it basically uglifies the code but it will run in the same way.
Let us begin:Create a folder (name it what ever you want, I’m naming it obfuscator).
Using the terminal cd into this folder and run the following commands in the terminal:npm initnpm install javascript-obfuscator commanderThere are 2 packages being downloaded here.
One is the main package(javascript-obfuscator) this will be used to obfuscate the code.
The other one is ‘commander’.
This will be used so that we can make our function a node script or shell script.
Inside the folder I created a file (I’m naming it obfuscator.
js).
Lets start writing the code:const JavaScriptObfuscator = require('javascript-obfuscator');data = "console.
log('hello world')"let obfuscationResult = JavaScriptObfuscator.
obfuscate(data);let uglyCode = obfuscationResult.
getObfuscatedCode();console.
log(uglyCode);We run this file (running node obfuscator.
js in the terminal) to getvar _0x1e07=['hellox20world'];(function(_0x5b6203,_0x3cfa4a){var _0x2e8799=function(_0x4c8f70){while(–_0x4c8f70){_0x5b6203['push'](_0x5b6203['shift']());}};_0x2e8799(++_0x3cfa4a);}(_0x1e07,0x137));var _0x3844=function(_0x362391,_0x40d5a3){_0x362391=_0x362391-0x0;var _0xd11018=_0x1e07[_0x362391];return _0xd11018;};console['log'](_0x3844('0x0'));Which is console.
log('hello world!') , you can check whether this is right or wrong by copying the output into another file and running that file in nodejs environment using node <filename.
js>.
Let us create a sample file to be obfuscated, let us name it sample.
js.
We fill it with this.
console.
log('Nice nice');Now we will work on obfuscator.
js in which we will use the fs module to read sample.
js file, after which we will obfuscate it.
The code is something like this:const JavaScriptObfuscator = require('javascript-obfuscator');const fs = require('fs');const obfuscate = () => { fs.
readFile(sample.
js,'utf8', function(err, data) { if (err) {console.
log(err)}; let obfuscationResult = JavaScriptObfuscator.
obfuscate(data); let uglyCode = obfuscationResult.
getObfuscatedCode(); fs.
writeFile('ugly.
js', uglyCode, function (err) { if (err) throw err; console.
log(`sample.
js has been obfuscated at ugly.
js`); }); })};obfuscate();Using the fsmodules readFile function we read the sample.
jsfile.
The .
js files are encoded in utf8 that’s why we need to specify it as a parameter.
After reading the file we obfuscate it and then write it into ugly.
js.
On running this and then running ugly.
js(newly created file) we get:Now I will make a few changes to make the function more reusable:const JavaScriptObfuscator = require('javascript-obfuscator');const fs = require('fs');const obfuscate = (fileName) => { fs.
readFile(fileName,'utf8', function(err, data) { if (err) {console.
log(err)}; let obfuscationResult = JavaScriptObfuscator.
obfuscate(data); let uglyCode = obfuscationResult.
getObfuscatedCode(); fs.
writeFile('ugly.
js', uglyCode, function (err) { if (err) throw err; console.
log(`${fileName} has been obfuscated at ugly.
js`); }); })};module.
exports = { obfuscate };module.
exports is used so that we can call this function defined here in another file.
Till now I have given a good example of how to obfuscate your js code, actually the module provides a lot of options to choose from.
You can go over the documentation to learn about them:javascript-obfuscator/javascript-obfuscatorA powerful obfuscator for JavaScript and Node.
js.
Contribute to javascript-obfuscator/javascript-obfuscator development…github.
comObfuscation is done … What Next?The next part will be to make it into a script which can be run in shell using ‘Commander.
js’ library.
This will be useful if you want to automate this in the future.
Create a file in the same folder called command.
js, write the following code in it:#!/usr/bin/env nodeconst program = require('commander');const {obfuscate} = require('.
/obfuscator');program.
version('0.
0.
1').
description('Command to obfuscate a nodejs file');program .
command('obfuscate <filename>') .
alias('obf') .
description('obfuscate filename') .
action((filename) => obfuscate((filename)));program.
parse(process.
argv);The first line is used to tell the shell how to execute this file.
To learn commander.
js in more depth I would recommend reading :Build An Interactive Command-Line Application with Node.
jsJavaScript has evolved over the last five years with the introduction of Node.
js.
Basically, It serves as a language…scotch.
iotj/commander.
jsnode.
js command-line interfaces made easy.
Contribute to tj/commander.
js development by creating an account on GitHub.
github.
comAfter this you would like to add this code to your package.
json file:"preferGlobal": true, "bin": ".
/contact.
js",So that it looks something like:This is done so that it becomes an application which should be installed globally.
After this run:yarn linkto create a symlink between project directory and executable command.
Now you can try to using it in another folder.
The folder structure will look something like this in the end:The github link for this application is:UddhavNavneeth/JS-ObfuscatorSimple obfuscator for javascript files.
Contribute to UddhavNavneeth/JS-Obfuscator development by creating an account…github.
com.. More details