Skip to content
/ JsPatronum Public

JsPatronum is a JavaScript code obfuscator to make js code unreadble.

36 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ginqi7/JsPatronum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
src
src
 
 
.gitignore
.gitignore
 
 
README.org
README.org
 
 
pom.xml
pom.xml
 
 

Repository files navigation

JsPatronum

Introduction

JsPatronum is a JavaScript code obfuscator to make js code unreadble.

JsPatronum ‘s name derived from defense magic incantation in Harry Potter : Expecto Patronum.

JsPatronum ‘s implementation inspired from YUI Compresser

Implement priciple: AST replacement

Abstract Syntax Tree (AST)

In the process of interpreting and compiling source code, the parser creates an abstract syntax tree, which is a tree-like representation of the abstract syntax structure of the source code, and each node on the tree represents a structure in the source code. An abstract syntax tree shows the complete syntax structure of a program, and does not contain every detail that appears in the real syntax,

Abstract syntax tree substitution

The abstract syntax tree represents the complete syntax structure of a program, so we can construct a functionally equivalent but difficult to read obfuscated program by adjusting the syntax tree.

Obfuscating steps

  1. Generate AST by parsing a JavaScript program with a JavaScript engine;
  2. Traverse the syntax tree and adjust the syntax tree according to the appropriate obfuscation rules;
  3. Convert the adjusted syntax tree into JS source code through the JS engine, which is the obfuscated code.

obfuscation strategy

  1. Variable name substitution
    • Global variables are replaced with property calls of window
    • Attribute calls are replaced with element fetch operations[]
    • Local variable name randomization
  2. Constant confusion
    • Extract all strings, shred by character array
    • Constant encoding conversion
  3. Control flow substitution
    • Unroll ordinary loop statements
    • Place sequentially executed code in well-designed loops

Self-defense mechanism

Through the above obfuscation strategy, proper obfuscation and compression of a piece of JavaScript code can play a good defensive role. But the front-end code is displayed in front of the user as the source code, and the attacker has enough patience to debug the code in depth, and it is still possible to sort out the logic of the code.

Therefore, the self-defense mechanism of js code is introduced

Policy

  1. Disable code formatting and variable renaming
  2. Disable code debugging
  3. Domain name binding

Through the above obfuscation strategy, proper obfuscation and compression of a piece of JavaScript code can play a good defensive role. However, the front-end code is displayed in front of the user as the source code, and the attacker has enough patience to debug the code in depth, and it is still possible to sort out the logic of the code.

Therefore, the self-defense mechanism of js code is introduced

Strategy

  1. Prohibit code formatting and variable renaming
  2. Disable code debugging
  3. Domain name binding

About

JsPatronum is a JavaScript code obfuscator to make js code unreadble.

Resources

Readme
Activity

Stars

36 stars

Watchers

3 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages