• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Is Javascript obfuscation useless?
#1
I have thought about obfuscating my JS code on the client side to prevent people to copy a JS program. I have discovered that there were expensive Javascript offers online. First of all, I have tried several free JS obfuscation websites. But then, I have been able to hack my own code by using de-obfuscation codes. I also thought that it was theoretically possible to debug my own obfuscated code in a browser and watch the variables. Since the variable content aren't encrypted it is easy to understand how it works looking at the variables because there are numbers, text and strings. Do you think it is possible to reverse engineer a JS code this way? So, I have decided to deploy the most important part of my code on NodeJS even if it is going to cost me more money using a server to do the job that I intended to do on the client side. Do it make sense? What are your thoughts?
  Reply
#2
(04-26-2019, 05:07 AM)StormyBed Wrote: I have thought about obfuscating my JS code on the client side to prevent people to copy a JS program. I have discovered that there were expensive Javascript offers online. First of all, I have tried several free JS obfuscation websites. But then, I have been able to hack my own code by using de-obfuscation codes. I also thought that it was theoretically possible to debug my own obfuscated code in a browser and watch the variables. Since the variable content aren't encrypted it is easy to understand how it works looking at the variables because there are numbers, text and strings. Do you think it is possible to reverse engineer a JS code this way? So, I have decided to deploy the most important part of my code on NodeJS even if it is going to cost me more money using a server to do the job that I intended to do on the client side. Do it make sense? What are your thoughts?

In short...yes.  So basically a lot of it has to do with what you're trying to protect.  Here are my thoughts.

1. If it absolutely has to be javascript and it has to be protected, then it needs to be server side javascript like node/react. That's what I do in those situations.
2. If the primary worry is that someone with just basic knowledge is going to take the code and use it, I generally mix it with some AJAX to where the "important" information is coming from php (server side) to where the program can't be run without doing a good bit of reverse engineering.
3. If you're worried about some sort of corporate espionage (see #1).
4. If you are worried about people seeing "sensitive" data in the chrome inspector, then you're doing it wrong.  All that stuff should be done server side in php/node/react and even if someone could change it client side, it gets verified server side.

That's just my basic thoughts on it.
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)