Browsing articles tagged with " obfuscation"
JavaScript/Ajax
Jun 29, 2011
Jesse Mazur
No Comments

javascript obfuscation

with all the use of javascript and the various libraries that are now available, there are a lot of really great web applications coming out that use some pretty serious proprietary javascript code. unlike server side code, it can be rather difficult to protect your code base from other people since javascript runs in the browser. if you want to disable people from just downloading your code and running it you need to protect its source code some how. the best method i have used is to obfuscate the code so that its difficult to read. a real quick way to obfuscate is to simply minify (remove all white space), however, there are also unminifiers out there and many IDEs have code formatters built in that will beautify the code. i prefer to use a great tool that gives a number of options that will allow for further obfuscation:

JavaScript Packer by Dean Edwards

generally speaking it can remove all white space to minify the code (which is already a great idea anyway to keep the file size down) but there are also a couple of checkboxes that allow you to select two other options:

Base62 encode
Base62 encoding is just a conversion that will change the code from how it appears to a different representation of the same text in a 62 character scale. it is a two way conversion so it can be decoded, but its virtually impossible to read normally. checking this box will Base62 encode the javascript text so that the typical user cannot read it by just viewing the source. there’s also the added level of obscurity considering the reader will not to wither to Base62 or Base64 decode the string.

Shrink variables
this options converts all variable names to a single letter so that even if the user was able to decode the string, the still one have obvious variable names to read. think of how much more difficult it would be to figure out what var a = b + '  ' + c; means instead of var helloWord = hello + '  ' + world; for example.

so the reader would have to get the source code, then determine if its Base 62 or Base64, decode it, and unminify it and decipher what each variable represents before have any means of reverse engineering or stealing it. definitely a good place to start if you want to protect your javascript.