Hide JavaScript Code in Browser | obfuscation
Introduction
The process of hiding javascript code is also known as obfuscation in this article we are going to deal with the JavaScript obfuscate scenario, for this problem let's say you have a client that wants to make some of the JavaScript code or all of the JavaScript code difficult to see or copy how would you do that there.
Usually, even if javascript code is exposed to the end-user nothing really can do much about it because whatever changes he is making all will be at the client-side i.e those changes will be specific to that user only. but still, sometimes developers unknowingly expose some sensitive data like API key or password, etc. that can be dangerous and nobody recommends doing that even if you have applied obfuscation. if your program is dealing with a password or API key or any other sensitive information then always prefer fetching it from the cloud here you can take the help of firestorm which is free.
To hide code generally the solution most people use to obfuscate code is using a couple of sites they provide a way to do it rather easily now off you skate is simply a fancy word for making something unclear or obscure and so basically that's what it does it uses JavaScript to make it unclear so it's not easy to see what's going on now an important thing to remember here this is obfuscated just convert your code into unreadable format but that doesn’t mean that your code is completely hidden people can still code in fact you cannot hide your code 100% because there will always be some catch to decode that data at the end of the day it's just encoding style. Our intention is to make it harder for the third person to get access to our code.
Let's See this in Action
Method 1
There are several ways we can Hide javascript code. I will try to introduce some of those ways. in order to implement obfuscation you just need to copy your javascript code and pest it in http://javascriptobfuscator.com/ this website
This website converts your code into a non-readable format .( Note: remember you can obfuscate only 2MB of js code at a time.)
E.g
function NewObject(prefix)
{
var count=0;
this.SayHello=function(msg)
{
count++;
alert(prefix+msg);
}
this.GetCount=function()
{
return count;
}
}
var obj=new NewObject("Message : ");
obj.SayHello("You are welcome.");
After obfuscation ,
Output
var _0x13f9=["\x53\x61\x79\x48\x65\x6C\x6C\x6F","\x47\x65\x74\x43\x6F\x75\x6E\x74","\x4D\x65\x73\x73\x61\x67\x65\x20\x3A\x20","\x59\x6F\x75\x20\x61\x72\x65\x20\x77\x65\x6C\x63\x6F\x6D\x65\x2E"];function NewObject(_0x2d25x2){var _0x2d25x3=0;this[_0x13f9[0]]= function(_0x2d25x4){_0x2d25x3++;alert(_0x2d25x2+ _0x2d25x4)};this[_0x13f9[1]]= function(){return _0x2d25x3}}var obj= new NewObject(_0x13f9[2]);obj.SayHello(_0x13f9[3])
Now this is clearly non-readable and we cannot decode it easily there are some more options you will get to see if you purchase the premium version.
Method 2
I took the same example
function NewObject(prefix)
{
var count=0;
this.SayHello=function(msg)
{
count++;
alert(prefix+msg);
}
this.GetCount=function()
{
return count;
}
}
var obj=new NewObject("Message : ");
obj.SayHello("You are welcome.");
But I got a different result
Output
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('2 6(5){8 1=0;9.3=2(7){1++;a(5+7)}9.b=2(){d 1}}8 4=f 6("g : ");4.3("h e c.");',18,18,'|count|function|SayHello|obj|prefix|NewObject|msg|var|this|alert|GetCount|welcome|return|are|new|Message|You'.split('|'),0,{}))
If you are using javascript inside HTML file inside script tag you can replace your regular code with any of this encoded format it will work normally.
Conclusion
Here we have learned how to obfuscate our regular javascript code to make it hard to read others.
0 Comments