Link Search Menu Expand Document

Obfuscate JS Code - Introduction


What is obfuscation? Obfuscation is an act or process of modifying source code so that it is much harder to read and understand for a hacker. Almost all code can be reverse-engineered with enough skill, time, and effort. So to prevent it Programmers may obfuscate code to prevent tampering or deter reverse engineering. In this video, we’ll be going to learn about how we can obfuscate our JavaScript code using different techniques.

In this session, we’ll be going to learn about how we can Obfuscate your JavaScript code. As a programmer, let’s say we have developed one website which caters to our client needs perfectly. However, there are many security threats out there, like hackers creating a malicious program to gain unauthorized access to our applications or devices. Many times our software code itself provides the entry point for the attackers.

What exactly is obfuscation? Obfuscation is one of the security techniques to guard against application hacking. As per Wikipedia, Obfuscation is an act of process for modifying source code. It is much harder to read and understand for a hacker, almost all the code can be reverse-engineered with enough skill, time, and effort. So to prevent it, programmers may obfuscate code to prevent tampering or deter reverse engineering. There are some techniques used to obfuscate more scripts.

These are:

  1. obfuscating the format of the code.
  2. Adding extra lines of the code into the main code.
  3. Substituting variable names in the code.
  4. Obfuscating the code itself.

What do you mean by obfuscating the format of the code? It means removing all the nice line breaks and indentation that makes our code readable. If you have this (see screenshot) type of code, then after obfuscating the formatting, you are left with this (see screenshot) type of large ugly piece of code.

JS Obfuscate

The next is adding an extra line of code into the main code. In this case, we need to insert some extra code into our script that does nothing. This is just confusing to an analyst. If you have this type of code, then the final code would look like this. While one or two extra lines of code won’t do much but imagine what happens when you have hundreds of these lines within your code. It quickly becomes difficult in determining which code is valid and which is not doing anything.

The other one is substituting variable names. As a programmer, the first thing we learned was to give a meaningful variable name in the code. But this methodology does the exact opposite. It changes your meaningful variable name to some meaningless words. When you look at the example here, it’s easy to figure out what the variable on the left-hand side is doing and the meaning of it. Once a variable substitution is applied, it becomes much more difficult to figure out what the variable is used for.

JavaScript Obfuscate

The last one we are going to talk about is obfuscating the code. In this case, it is nothing but a process of modifying the source code so that it is much harder to read and understand. If you see this example, we have two lines of code. One is setting the product name with the value ‘gun’ and another one is setting its price to 50.

Obfuscate JS

When the obfuscation is applied to them, it would look like this (see screenshot). If we look carefully, then you can see that from the first line, it splits out the first letter of the ‘gun’ and continues it to a blank character, which is really adding nothing to it. Then it appends (0x70+5) which is the value for the letter ‘u’. Then it continues to a character ‘n’. This whole line just creates the word gun, but in a way, that’s difficult to parse by an analyst. Both of these lines are an example of data obfuscation.

For more videos and articles visit:

👉 GET YOUR FREE API KEY for PDF.co

https://app.pdf.co/signup?utm_source=youtube

✅ ON-PREMISE SDK FREE TRIAL:

https://bytescout.com/download/web-installer?utm_source=youtube

🔎 SDK DOCUMENTATION:

https://bytescout.com/documentation/

🔑 WEB API DOCUMENTATION :

https://pdf.co/rest-web-api