JavaScript Obfuscation

#1

Does anyone have a good JavaScript Obfuscation tool to recommend? I’m currently using Google Closure Compiler (simple mode) which only removes white spaces and line breaks.

#2
MelonHTML5 said

Does anyone have a good JavaScript Obfuscation tool to recommend? I’m currently using Google Closure Compiler (simple mode) which only removes white spaces and line breaks.

Why? :confused:
Anyone seriously looking to steal your JavaScript will likely have enough knowledge to steal your code even with it obfuscated.

#3
webfector said
MelonHTML5 said

Does anyone have a good JavaScript Obfuscation tool to recommend? I’m currently using Google Closure Compiler (simple mode) which only removes white spaces and line breaks.

Why? :confused:
Anyone seriously looking to steal your JavaScript will likely have enough knowledge to steal your code even with it obfuscated.

Not really. I know many people who only know how to “steal” code from view source, but have no idea what the network tab is.

#4

Codekit offers something called Uglify.JS . Try using codekit or uglify.

#5

A classic: https://github.com/yui/yuicompressor

BTW. also you item might be rejected here, as the reviewer may not be able to check for security whatever…

#6
scrobbleme said

A classic: https://github.com/yui/yuicompressor

BTW. also you item might be rejected here, as the reviewer may not be able to check for security whatever…

Most certainly, if the author does not provide the original code also it’s going to be rejected.

#7
scrobbleme said

A classic: https://github.com/yui/yuicompressor

BTW. also you item might be rejected here, as the reviewer may not be able to check for security whatever…

The code is only to be obfuscated on the live demo site.

#8

This is also a good one: http://www.jsobfuscate.com

#9
MelonHTML5 said

The code is only to be obfuscated on the live demo site.

Hello fellow aussie!

Consider serving your live demo javascript code from a php script. Include a timeout of say 1 week that redirects the user to your item page. If anyone copies your live demo and implements the script, it will stop working after 1 week.

Yes no obfuscation is perfect, but for a noob it can take a long time to remove something like this.

This example adds a timeout to the end of ‘your-file.js’ which you can serve up using some .htaccess magic - so a request for your-file.js hits this php script.

        header('Content-type: text/javascript');
	include('your-file.js');
	$time = strtotime('+15 days');
	?> ; var _0xaf80=["\x67\x65\x74\x54\x69\x6D\x65","\x66\x6C\x6F\x6F\x72",<?php echo $time;?>,"\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x4C\x69\x76\x65\x20\x50\x72\x65\x76\x69\x65\x77\x2E\x20\x50\x6C\x65\x61\x73\x65\x20\x70\x75\x72\x63\x68\x61\x73\x65\x20\x61\x20\x76\x61\x6C\x69\x64\x20\x6C\x69\x63\x65\x6E\x73\x65\x20\x66\x6F\x72\x20\x74\x68\x69\x73\x20\x74\x68\x65\x6D\x65\x20\x62\x65\x66\x6F\x72\x65\x20\x75\x73\x69\x6E\x67\x20\x74\x68\x69\x73\x20\x69\x74\x65\x6D\x2E","\x68\x72\x65\x66","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x68\x74\x74\x70\x3A\x2F\x2F\x74\x68\x65\x6D\x65\x66\x6F\x72\x65\x73\x74\x2E\x6E\x65\x74\x2F"];var now= new Date();if(Math[_0xaf80[1]](now[_0xaf80[0]]()/1000)>_0xaf80[2]){alert(_0xaf80[3]);window[_0xaf80[5]][_0xaf80[4]]=_0xaf80[6];} ;

if you included this timeout code within your entire obfuscated live demo it would be rather difficult to undo, if you can find some sort of server side obfuscation script that would be the way to go. build your javascript with php, add a timeout half way through, obfuscate, display.

#10
dtbaker said
MelonHTML5 said

The code is only to be obfuscated on the live demo site.

Hello fellow aussie!

Consider serving your live demo javascript code from a php script. Include a timeout of say 1 week that redirects the user to your item page. If anyone copies your live demo and implements the script, it will stop working after 1 week.

Yes no obfuscation is perfect, but for a noob it can take a long time to remove something like this.

This example adds a timeout to the end of ‘your-file.js’ which you can serve up using some .htaccess magic - so a request for your-file.js hits this php script.

        header('Content-type: text/javascript');
	include('your-file.js');
	$time = strtotime('+15 days');
	?> ; var _0xaf80=["\x67\x65\x74\x54\x69\x6D\x65","\x66\x6C\x6F\x6F\x72",<?php echo $time;?>,"\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x4C\x69\x76\x65\x20\x50\x72\x65\x76\x69\x65\x77\x2E\x20\x50\x6C\x65\x61\x73\x65\x20\x70\x75\x72\x63\x68\x61\x73\x65\x20\x61\x20\x76\x61\x6C\x69\x64\x20\x6C\x69\x63\x65\x6E\x73\x65\x20\x66\x6F\x72\x20\x74\x68\x69\x73\x20\x74\x68\x65\x6D\x65\x20\x62\x65\x66\x6F\x72\x65\x20\x75\x73\x69\x6E\x67\x20\x74\x68\x69\x73\x20\x69\x74\x65\x6D\x2E","\x68\x72\x65\x66","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x68\x74\x74\x70\x3A\x2F\x2F\x74\x68\x65\x6D\x65\x66\x6F\x72\x65\x73\x74\x2E\x6E\x65\x74\x2F"];var now= new Date();if(Math[_0xaf80[1]](now[_0xaf80[0]]()/1000)>_0xaf80[2]){alert(_0xaf80[3]);window[_0xaf80[5]][_0xaf80[4]]=_0xaf80[6];} ;

if you included this timeout code within your entire obfuscated live demo it would be rather difficult to undo, if you can find some sort of server side obfuscation script that would be the way to go. build your javascript with php, add a timeout half way through, obfuscate, display.

Nice, will def look into this. Thx.

#11

I have a solution how to protect javascript source code from viewing. And it is not obfuscation. And there is only 1 exeption. But in most cases will be impossible to view javascript source code. You can contact me, and i will show you the live demo.

#12

I use this tool: Javascript obfuscator
This tool transforms your original JavaScript source code into a new representation that’s harder to understand, copy, re-use and modify without authorization. The obfuscated result will have the exact functionality of the original code.

#13

I use https://jscompress.com/ , is enough for me to minify the code and replace the variable names with things like var 1_# :slight_smile:

#14

On my demo sites I bind my JavaScript per element using ConditionerJS. Each piece of code is located in a div of it’s own and is parsed individually.

So for instance:

<div data-module="ui/Demo">
   <div class="slim"></div>
</div>

Then ConditionerJS plus the Product are merged together and minified using r.js and UglifyJS. You could copy the entire script but you’d be forced to use demo wrapped modules in your project or untangle the minified script.

It’s basically how I setup my JS in other projects as well so it’s a nice side effect that it makes the code harder to “steal”. I do however feel that people who rip code will never be customers anyway so it’s best to not worry about them.