Javascript-obfuscator: Question: What's the point of hexadecimal obfuscation?

Created on 6 Jul 2017  路  5Comments  路  Source: javascript-obfuscator/javascript-obfuscator

I'm using mangle=true. It seems function and variable names are turned into hexadecimal, instead of using random names. Isn't decoding that as easily as translating the hex? I'm genuinely asking, I don't really know how the obfuscator works, just curious and concerned about the code I'm protecting. Thanks.

question

All 5 comments

At first, mangle option available only in 0.10.0-x version. Looks like you using 0.9.4 version.

Obfuscation - complex transfrormation of input source code. Just see examples in README.md

You can't restore original names of variables from hex representation.
mangle option - additionally transformation of hex variables to one-length names like in UglifyJs

Thanks. I'm confused about how a public function in my js file (exported) is callable by its original name in an html file. It's called init() , in the file it is obfuscated but I can just call mymodule.init() in the html file? Is this on purpose for public functions/variables?

Please, play with obfuscation here
https://javascriptobfuscator.herokuapp.com/

Names of global functions and variables aren't obfuscated.

mymodule.init() - is MemberExpression.
init name will added to String Array in normal or encoded (depends on options) view.
Pseudo code, very simple example:

var _0xabc = ['init']; // <- value can be encoded in base64 or rc4 with random key
var _0xabc123 = function (index) {  
    return _0xabc[index];
}
mymodule[_0xabc123(0)]();

If i answered your questions, please close issue then.

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

Was this page helpful?
0 / 5 - 0 ratings