升级了个 npm 包,基于 gulp 的 JavaScript 代码混淆,字符串转 16 进制\x00 或者\u0000 的工具

2016-09-20 09:38:20 +08:00
 thundernet8

Github 地址:点我

Ext-Gantt 库的代码就是这种做法

下面直接复制 README 了,有兴趣的可以用 npm 下载配合 gulp pipe 试一试

Note

This is a package modified from confusion

About

Sometimes, we want to obfuscate our source code to against theft or abuse.

Confusion makes it harder to decipher your code by replacing string literals and property accesses with lookups into a string map.

Gulp-str2hex inherit the basic functionality of Confusion, integrate with gulp, and also bring some enhancement.

Install

use npm:

npm install gulp-str2hex --save

Example

This code snippet:

var cnStr = "中文测试";
var enStr = 'This is a sentence in English';
 
String.prototype.myLog = function () {
    console.log('>> ' + str + ' <<');
};

will be converted to

var cnStr = '\u4e2d\u6587\u6d4b\u8bd5';
var enStr = '\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x73\x65\x6e\x74\x65\x6e\x63\x65\x20\x69\x6e\x20\x45\x6e\x67\x6c\x69\x73\x68';
String[['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65']][['\x6d\x79\x4c\x6f\x67']] = function () {
    console[['\x6c\x6f\x67']]('\x3e\x3e\x20' + str + '\x20\x3c\x3c');
};

or use string map

var _x28494 = [
    '\u4e2d\u6587\u6d4b\u8bd5',
    '\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x73\x65\x6e\x74\x65\x6e\x63\x65\x20\x69\x6e\x20\x45\x6e\x67\x6c\x69\x73\x68',
    '\x6d\x79\x4c\x6f\x67',
    '\x70\x72\x6f\x74\x6f\x74\x79\x70\x65',
    '\x6c\x6f\x67',
    '\x3e\x3e\x20',
    '\x20\x3c\x3c'
];
var cnStr = _x28494[0];
var enStr = _x28494[1];
String[_x28494[3]][_x28494[2]] = function () {
    console[_x28494[4]](_x28494[5] + str + _x28494[6]);
};

or bring all the string through call parameter of <abbr title="immediately invoced function expression">IIFE</abbr>:

(function (_x16425) {
    'use strict';
    var cnStr = _x16425[0];
    var enStr = _x16425[1];
    String[_x16425[3]][_x16425[2]] = function () {
        console[_x16425[4]](_x16425[5] + str + _x16425[6]);
    };
}.call(this, [
    '\u4e2d\u6587\u6d4b\u8bd5',
    '\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x73\x65\x6e\x74\x65\x6e\x63\x65\x20\x69\x6e\x20\x45\x6e\x67\x6c\x69\x73\x68',
    '\x6d\x79\x4c\x6f\x67',
    '\x70\x72\x6f\x74\x6f\x74\x79\x70\x65',
    '\x6c\x6f\x67',
    '\x3e\x3e\x20',
    '\x20\x3c\x3c'
]));

you can also choose only hex some none ASCII chars like Chinese(like what some Chinese to unicode packages to do)

(function (_x53816) {
    'use strict';
    var cnStr = _x53816[0];
    var enStr = _x53816[1];
    String[_x53816[3]][_x53816[2]] = function () {
        console[_x53816[4]](_x53816[5] + str + _x53816[6]);
    };
}.call(this, [
    '\u4e2d\u6587\u6d4b\u8bd5',
    'This is a sentence in English',
    'myLog',
    'prototype',
    'log',
    '>> ',
    ' <<'
]));

and compress the code(the uglify-js package will restore what we have converted, so we cannot use it after our working pipe):

(function(_x37168){'use strict';var cnStr=_x37168[0];var enStr=_x37168[1];String[_x37168[3]][_x37168[2]]=function(){console[_x37168[4]](_x37168[5]+str+_x37168[6]);};}.call(this,['\u4e2d\u6587\u6d4b\u8bd5','This is a sentence in English','myLog','prototype','log','>> ',' <<']));

Usage

first, import the package

var str2hex = require('gulp-str2hex');

use with gulp

gulp.src(['./src/js/*.js'])
    .pipe(webpack(require('./webpack.config.js')))
    .pipe(uglify())
    .pipe(str2hex())
    .pipe(gulp.dest('./assets/js')) 

add some options

gulp.src(['./src/js/*.js'])
    .pipe(webpack(require('./webpack.config.js')))
    .pipe(uglify())
    .pipe(str2hex({
        hexall: false,
        placeholdMode: 2,
        compress: true
    }))
    .pipe(gulp.dest('./assets/js')) 

options

available values: true or false

available values:

0 - keep string in their positions,
1(alias `prependMap`) - use a array includes all the strings, and expose the array as a variable prepend the code;
2(alias `wrapWithIife`) - use a array includes all the strings, and use Iife to wrap the array as a parameter of the function;
4259 次点击
所在节点    JavaScript
3 条回复
Septembers
2016-09-20 09:59:57 +08:00
整体不错不过
1. 不要集成 uglify-js 因为 单一职能 我认为没有集成 uglify-js 的必要性
2. 请求支持 SourceMaps 支持。(支持的话才能方便调试)
3. options.hexall 可以考虑增加随机选项
>> '\u4f60\x2D\u{597D}\45' // unicode escape && hex string && octal string 随机混合
<< "你-好%"
see http://www.ecma-international.org/ecma-262/7.0/index.html#sec-literals-string-literals
4. 可以考虑引入基于 RegExp 的描述方式
>> /Test/.source
<< "Test"
see http://www.ecma-international.org/ecma-262/7.0/index.html#sec-literals-regular-expression-literals
yimity
2016-09-20 13:39:33 +08:00
前端或者后端搞这个有什么意义?
Septembers
2016-09-20 17:09:18 +08:00
@yimity 对付 bot

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/307427

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX