In this post, we will discuss more on obfuscation and where it is used and its advantages.
What is Obfuscation?
Obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. It is something similar to encryption however machine can able to understand the code and able to execute the code.
Sample URL to Obfuscate JavaScript code.
Obfuscation using danstools.
Original code:
function hello(name) { console.log(‘Hello, ‘ + name); } hello(‘New user’);
After Obfuscation:
eval(function(p,a,c,k,e,d){e=function(c){return c};if(!”.replace(/^/,String)){while(c–){d=k||c}k=[function(e){return d[e]}];e=function(){return’\w+’};c=1};while(c–){if(k){p=p.replace(new RegExp(‘\b’+e(c)+’\b’,’g’),k)}}return p}(‘3 0(1){2.4(‘5, ‘+1)}0(‘7 6′);’,8,8,’hello|name|console|function|log|Hello|user|New’.split(‘|’),0,{}))
the output of both programs will be same.
Obfuscation can be used to hide the business logic from outside world and also obfuscation will reduce the size of the file drastically so data transfer between server and client will be fast.
Minification also a type of obfuscation here empty spaces will be removed and variables will be renamed.
Examples:
Minified File: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.5/angular.min.js
Original File: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.5/angular.js
Why are open source projects obfuscated?
- Code size will be reduced.
- In JavaScript, download time will reduce.
Most of the Open source javascript projects are minified to reduce the download time and to reduce the code size. During minification, minified file and map file will get generated. Using map file actual code can be retrieved. Map file for the above angular js file will be
Map file: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.5/angular.js.map
Why Obfuscation?
- Code size will be reduced.
- Hide the business logic and your code from others.
- Reverse Engineering is highly difficult.
- In JavaScript, download time will reduce.
Obfuscation == Encryption ?
No, Obfuscation != Encryption .
- In JavaScript, Browser can?t execute encrypted code whereas browser will execute the obfuscated code.
- Encrypted code always needs decryption to being executed.
- The obfuscated code doesn?t require Deobfuscation to execute.
Bottom line, It is good to obfuscate the javascript code.
If you are developing enterprise application, Then I believe you can use a product like Jscrambler for obfuscating your code. Reverse engineering of obfuscated code is really difficult hence we can hide the business logic and core logic from outside world.
Support Us With One Cup Of Coffee 🙂