Login
    Contenu x
    Features
    • 26 Dec 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Features

    • Mis à jour le 26 Dec 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    The JavaScript protection is designed to minimize the chances of apps breaking or stopping working due to functional changes. For this reason, function names and other identifiers are left unmodified.

    Instead, the JavaScript protection feature performs other types of transformations, such as obfuscating constants. The obfuscated scripts should functionally behave the same as the original, but the size of the resulting scripts will be significantly larger.

    The different script transformation passes are described in the following sections.

    String encoding

    Constant strings are rewritten to a different form using a string encoder that produces code which constructs the original string. Several different string encoders exists, and are chosen at random every time obfuscation is being applied.

    In its simplest form:

    var s = "abc"

    Can become:

    var s = ("a"+"b"+"c")

    Or use a number of much more complex variants that are each chosen at random.

    Arithmetic encoding

    Numeric constants are also subject to being transformed into more complex forms. These will typically be transformed into an arithmetic expression which is calculated to derive the original value.

    Examples of arithmetic encodings of the number 1234

    Encoding

    Description

    Output

    NONE

    Do not modify the number

    1234

    ADD

    Add two numbers

    (468+766)

    SUB

    Subtract two numbers

    (11132-9898)

    MUL

    Multiply two numbers (and add the remainder)

    (18+(19*64))

    DIV

    Division

    (76508/62)

    XOR

    Bitwise xor

    (9279^8429)

    The above outputs are examples, as they will consist of randomly chosen factors.

    Furthermore, the number may be encoded during output in several ways, such as hexadecimal or as a string form. For example the number 1234 can become 0x4d2 in hexadecimal form or in string forms: parseInt("1234"), parseInt("0x4d2"), or parseInt("10011010010",2).

    Original script

    var memsize = 1024 * 64

    After obfuscation, this could be transformed to:

    var memsize = (parseInt ("1210",8)+376) * ((0x15*3)+1)

    Anti-debugging

    The obfuscator can inject debugger statements into functions. This forces a breakpoint for JavaScript debugging environments which can make the process of analyzing or understanding the script more tedious.

    These debugger statements are also sometimes injected as an eval which is further string obfuscated.

    JavaScript source map support

    The JavaScript protection supports generating JavaScript source maps in order to ease debugging scripts or understanding stack traces.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle