• 在NodeJS中使用npm包实现JS代码混淆加密

    使用npm包,在NodeJS中实现JS代码混淆加密

    在前后端JS开发过程中,JS代码保护(JS代码混淆加密)是非常重要的一环。

    JShaman是一个云端的代码保护Saas平台,可以对JS代码进行混淆、加密、压缩等操作,从而增强JS代码的安全性。同时,JShaman还有更方便易用的npm包,方便开发人员通过调用接口的方式,快速完成JS代码混淆加密。

    npm网站,可以找到名为jshaman-javascript-obfuscator的包,如下图所示:

    这里有对它的使用说明,如在Nodejs环境中的安装方法,调用例程,等。

    安装

    npm install jshaman-javascript-obfuscator

    使用

    NodeJS例程代码如下所示。

    1. //JShaman JavaScript Obfuscator Web API Interface
    2. var jshaman_javascript_obfuscator = require("jshaman-javascript-obfuscator");
    3.  
    4. //JavaScript Code to be obfuscated
    5. var javascript_code = `
    6. 	function NewObject(prefix)
    7. 	{
    8. 		var count=0;
    9. 		this.SayHello=function(msg)
    10. 		{
    11. 				count++;
    12. 				alert(prefix+msg);
    13. 		}
    14. 		this.GetCount=function()
    15. 		{
    16. 				return count;
    17. 		}
    18. 	}
    19. 	var obj=new NewObject("Message : ");
    20. 	obj.SayHello("You are welcome.");
    21. `;
    22.  
    23. //Options. 
    24. //Please refer to the official website of JShaman in English for relevant instructions.
    25. //https://www.jshaman.com/en/
    26. var options = {
    27.     "part_variable_identifier_obfuscate": 1,
    28. 	"global_variable_identifier_obfuscate": 0,
    29. 	"part_function_identifier_obfuscate":0,
    30. 	"global_function_identifier_obfuscate": 0,
    31. 	"member_expression_encode": 1,
    32. 	"numberic_literal_encode": 1,
    33. 	"binary_express_obfuscate": 1,
    34. 	"boolean_encode": 1,
    35. 	"json_encode":1,
    36. 	"regexp_encode":1,
    37. 	"string_unicode_encode": 1,
    38. 	"assignment_junk_code":1,
    39. 	"zombie_code": 1,
    40. 	"eval_encode": 1,
    41. 	"control_flow": 1,
    42. 	"string_reverse": 1,
    43. 	"comma_operator": 1,
    44. 	"string_array": 0,
    45. 	"string_array_encode": 0,
    46. 	"vm_execute": 0,
    47. 	"ast_execute": 0,
    48. 	"no_beautifier": 0,
    49. 	"tamper_proof": 0,
    50. 	"comments": 0,
    51. 	"compress": 1,
    52. 	"reserved_word": ["jshaman","w2sfot"]
    53. }
    54.  
    55. //Secret key,Obtained from the JShaman official website. 
    56. //If not yet obtained, it can be set to free
    57. var secret_key = "free";
    58. var obfuscated_result = jshaman_javascript_obfuscator(javascript_code, options, secret_key);
    59.  
    60. //Obfuscation result,
    61. //if "state" is 0 it means successful and the "content" is the obfuscated JavaScript code.
    62. //Otherwise,if there is an error,the "message" will contain an error prompt message.
    63. console.log(obfuscated_result.state, obfuscated_result.message, obfuscated_result.content);
    64.

    代码说明

    调用JShaman接口,传入js代码、配置即可,非常简单。

    上面的代码中,javascript_code变量是要保护的JS代码,options 变量是参数,参数中各项目的含义,可以参考JShaman官网的说明,值设为1表示启用、设为0表示不启用,secret_key是接口密钥,设为free是免费使用,商业的密钥可以从JShaman官网获得。

    加密效果

    上面例程中的JS代码,保护后生成的加密JS代码如下所示。

    1. //Obfuscted javascript code
    2. /*
    3. var _0xce7d8a = ["117.", "92.103.98.103.102.126.103.41.72.90.93.41.125.112.121.108.51.", "117.", "117."];
    4.  
    5. function _0x57d18d(_4, _5) {
    6.   _5 = 9;
    7.  
    8.   var _,
    9.       _2,
    10.       _3 = "";
    11.  
    12.   _2 = _4.split(".");
    13.  
    14.   for (_ = 0; _ < _2.length - 1; _++) {
    15.     _3 += String.fromCharCode(_2[_] ^ _5);
    16.   }
    17.  
    18.   return _3;
    19. }
    20.  
    21. var visitors = {
    22.   File(node, scope) {
    23.     ast_excute(node['\x70\x72\x6f\x67\x72\x61\x6d'], scope);
    24.   },
    25.  
    26.   Program(program, scope) {
    27.     for (i = function () {
    28.       return eval(String.fromCharCode(57, 48, 53, 49, 49, 53, 32, 94, 32, 57, 48, 53, 49, 49, 53));
    29.     }(); eval(String.fromCharCode(105, 32, 60, 32, 112, 114, 111, 103, 114, 97, 109, 91, 39, 92, 120, 54, 50, 92, 120, 54, 102, 92, 120, 54, 52, 92, 120, 55, 57, 39, 93, 91, 39, 92, 120, 54, 99, 92, 120, 54, 53, 92, 120, 54, 101, 92, 120, 54, 55, 92, 120, 55, 52, 92, 120, 54, 56, 39, 93)); eval(String.fromCharCode(105, 43, 43))) {
    30.       ast_excute(program['\x62\x6f\x64\x79'][i], scope);
    31.     }
    32.   },
    33.  
    34.   ExpressionStatement(node, scope) {
    35.     return ast_excute(node['\x65\x78\x70\x72\x65\x73\x73\x69\x6f\x6e'], scope);
    36.   },
    37.  
    38.   CallExpression(node, scope) {
    39.     var func = ast_excute(node['\x63\x61\x6c\x6c\x65\x65'], scope);
    40.     var args = node['\x61\x72\x67\x75\x6d\x65\x6e\x74\x73']['\x6d\x61\x70'](function (arg) {
    41.       return ast_excute(arg, scope);
    42.     });
    43.     var value;
    44.  
    45.     if (eval(String.fromCharCode(110, 111, 100, 101, 91, 39, 92, 120, 54, 51, 92, 120, 54, 49, 92, 120, 54, 99, 92, 120, 54, 99, 92, 120, 54, 53, 92, 120, 54, 53, 39, 93, 91, 39, 92, 120, 55, 52, 92, 120, 55, 57, 92, 120, 55, 48, 92, 120, 54, 53, 39, 93, 32, 61, 61, 61, 32, 39, 77, 101, 109, 98, 101, 114, 69, 120, 112, 114, 101, 115, 115, 105, 111, 110, 39))) {
    46.       value = ast_excute(node['\x63\x61\x6c\x6c\x65\x65']['\x6f\x62\x6a\x65\x63\x74'], scope);
    47.     }
    48.  
    49.     return func['\x61\x70\x70\x6c\x79'](value, args);
    50.   },
    51.  
    52.   MemberExpression(node, scope) {
    53.     var obj = ast_excute(node['\x6f\x62\x6a\x65\x63\x74'], scope);
    54.     var name = node['\x70\x72\x6f\x70\x65\x72\x74\x79']['\x6e\x61\x6d\x65'];
    55.     return obj[name];
    56.   },
    57.  
    58.   Identifier(node, scope) {
    59.     return scope[node['\x6e\x61\x6d\x65']];
    60.   },
    61.  
    62.   StringLiteral(node) {
    63.     return node['\x76\x61\x6c\x75\x65'];
    64.   },
    65.  
    66.   NumericLiteral(node) {
    67.     return node['\x76\x61\x6c\x75\x65'];
    68.   }
    69.  
    70. };
    71.  
    72. function ast_excute(node, scope) {
    73.   var _0x51e = "2|1|0".split(_0x57d18d(_0xce7d8a[0])),
    74.       _0x6ebgc = 0;
    75.  
    76.   while (!![]) {
    77.     switch (+_0x51e[_0x6ebgc++]) {
    78.       case 0:
    79.         return evalute(node, scope);
    80.         continue;
    81.  
    82.       case 1:
    83.         if (!evalute) {
    84.           throw new Error(_0x57d18d(_0xce7d8a[1]), node['\x74\x79\x70\x65']);
    85.         }
    86.  
    87.         continue;
    88.  
    89.       case 2:
    90.         var evalute = visitors[node['\x74\x79\x70\x65']];
    91.         continue;
    92.     }
    93.  
    94.     break;
    95.   }
    96. }
    97.  
    98. function _0x2dd6b(prefix) {
    99.   var _0xcf9e = "4|2|0|3|1".split(_0x57d18d(_0xce7d8a[2])),
    100.       _0xef765g = 0;
    101.  
    102.   while (!![]) {
    103.     switch (+_0xcf9e[_0xef765g++]) {
    104.       case 0:
    105.         _0x38e = function () {
    106.           return eval(String.fromCharCode(56, 54, 57, 53, 54, 52, 32, 94, 32, 56, 54, 57, 53, 53, 54));
    107.         }();
    108.  
    109.         continue;
    110.  
    111.       case 1:
    112.         this['\x47\x65\x74\x43\x6f\x75\x6e\x74'] = function () {
    113.           return _0xa1b;
    114.         };
    115.  
    116.         continue;
    117.  
    118.       case 2:
    119.         var _0xa1b = function (s, h) {
    120.           return eval(String.fromCharCode(115, 32, 94, 32, 104));
    121.         }(693721, 693721);
    122.  
    123.         continue;
    124.  
    125.       case 3:
    126.         this['\x53\x61\x79\x48\x65\x6c\x6c\x6f'] = function (msg) {
    127.           var _0xag624c = "1|0".split(_0x57d18d(_0xce7d8a[3])),
    128.               _0xc1411b = 0;
    129.  
    130.           while (!![]) {
    131.             switch (+_0xag624c[_0xc1411b++]) {
    132.               case 0:
    133.                 alert(eval(String.fromCharCode(112, 114, 101, 102, 105, 120, 32, 43, 32, 109, 115, 103)));
    134.                 continue;
    135.  
    136.               case 1:
    137.                 eval(String.fromCharCode(95, 48, 120, 97, 49, 98, 43, 43));
    138.                 continue;
    139.             }
    140.  
    141.             break;
    142.           }
    143.         };
    144.  
    145.         continue;
    146.  
    147.       case 4:
    148.         var _0x38e;
    149.  
    150.         continue;
    151.     }
    152.  
    153.     break;
    154.   }
    155. }
    156.  
    157. var _0xecf = new _0x2dd6b(" : egasseM"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));
    158.  
    159. _0xecf['\x53\x61\x79\x48\x65\x6c\x6c\x6f'](".emoclew era uoY"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));
    160. */

    做为颇具知名度的JS代码混淆加密平台,JShaman的加密效果还是很不错的。

    扩展使用

    把上述例程代码稍加改造,嵌入到自己的项目或产品中,就可以进行自动化的JS代码混淆加密了。

    混淆加密JS代码、提高JS代码安全性,防止他人随意查看、复制,就是如此简单。

  • 相关阅读:
    Java练习题-输出斐波那契(Fibonacci)数列
    当下、百年之计与蝼蚁一生——读《原则2 :应对变化中的世界秩序》(下)...
    36.骑士周游算法及其基于贪心算法的优化
    一次简单易懂的多态重构实践,让你理解条件逻辑
    图片转表格怎么转?看完这篇你就会了
    堆外内存和堆内内存及虚引用的应用
    mysql查看binlog内容,dump 恢复单表
    壳聚糖-聚乙二醇-吲哚菁绿,Indocyaninegreen-PEG-Chitosan
    学习架设传奇入门必读的好文章
    夜神模拟器微信扫码
  • 原文地址:https://blog.csdn.net/w2sft/article/details/134021719