Securing JS code/files?

[Qunox]

One thing that really annoys me with .js files is that the source is so open for everyone that wan't to watch it.
I tryed diffrent encrytions but they didn't work ( They didn't even excecute ).
So JavaScript scripters any tips or ideas on how to make your code "more" secure?
Except from a PHP server validation ofcourse ( I personaly love PHP server validation )

[Jackolantern]

When you say encryption, you mean obfuscation? If so, what obfuscator did you use because any good one should work with no problem? Obfuscation is the main way of protecting client-side code of all types. Google, Amazon, Mapquest and many other major sites use it.

[Qunox]

Yea, i mean Obfusicate(Spelling?)
I tryed several free online but they didn't work. Maybe i'm doing something wrong though.
(Notice i have AJAX in my code if that makes anything diffrent)
I obfusicated it then Copy/paste it inside the .js file.
Would not execute though. May be some "special" trick for it? or am i not doing it right?
Jackolantern: You have any good free obfusication out there you would like to share ?

[Jackolantern]

Sadly, a lot of the browser-based obfuscators are garbage. Some won't run with even the slightest bump in the code, and most of them only turn letters to hex anyway, which won't stop someone who wants your code for very long.

While the obfuscator I use is not free, it is only $50, and works as well if not better than some of the $200+ dollar ones I demoed.

[davidc088]

Yea it would be nice to release a free one though. It would make alot of people happy.

[Jackolantern]

I bet there are some good free ones out there. I just have not looked. Google Code and Sourceforge would be good places to start looking.

[Jackolantern]

I think I may have found a decent free JS obfuscator. While it still doesn't look as strong as the one I linked above, it turn this:

Code: Select all

// FallT v1.0  By Maxx Blade - http://www.maxxblade.co.uk

/////////////  Only Edit these lines  ////////////////
var no=15,speed=30,slider=30,fallmax=8,wind=0,fallwhat="?;o)",fallsize=20,fallfont="Tahoma";
var colours=new Array("#000000","#1B1B1B","#383838","#555555","#717171","#8D8D8D","#AAAAAA","#C6C6C6","#E3E3E3","#FFFFFF");
//////////////////////////////////////////////////////

var o=new Array(), tog=1, dofallt=new Array();
var ns4=(document.layers)?1:0;
var ie4=(document.all)?1:0;
var ns6=(document.getElementById&&!document.all)?1:0;
if(ie4)	falllayer="document.all['gf'+i].style";
if(ns4) falllayer="document.layers['gf'+i]";
if(ns6) falllayer="document.getElementById('gf'+i).style";
function winWid(){ return (ns4||ns6)?window.innerWidth:document.body.clientWidth; }
function winHei(){ return (ns4||ns6)?window.innerHeight:document.body.clientHeight; }
function winOfy(){ return (ns4||ns6)?window.pageYOffset:document.body.scrollTop; }
function togFall(){ for(i=0;i<no;i++){ if(tog==1){ with(eval(falllayer)){ left=-500; } clearTimeout(dofallt[i]); }else{ fallt(i); } } tog*=-1 }
function newobj(q,t){
	spin = parseInt(Math.random()*slider);
	spin = (Math.random()>0.5) ? spin : -spin;
	o[q] = new Array(parseInt(Math.random()*(winWid()-slider)),-30,spin,0.02+Math.random()/10,parseInt(1+Math.random()*fallmax),0);
	if(t==1){
		if(ns4){ document.write('<layer name="gf'+q+'" left="0" top="0" visibility="show">'+fallwhat+'</layer>'); }
		if(ie4||ns6){ document.write('<span id="gf'+q+'" style="POSITION: absolute; Z-INDEX: -'+q+'; VISIBILITY: visible; TOP: 0px; LEFT: 0px; font-size: '+fallsize+'px; font-family: '+fallfont+';">'+fallwhat+'</span>'); }
	}
}
function fallt(i){
	if((o[i][1]>winHei()-(fallsize*1.5))||(o[i][0]>winWid()-slider-(fallsize*fallwhat.length))){ newobj(i,0); }
	o[i][1] += o[i][4];
	o[i][0]+=wind;
	o[i][5] += o[i][3];
	sizexy=Math.sin(o[i][5]);
	lay=(ie4)?sizexy:parseInt(sizexy+1);
	sizexy=(sizexy>0)?sizexy:0-sizexy;
	with(eval(falllayer)){
		top = o[i][1]+winOfy();
		left = o[i][0]+o[i][2]*Math.cos(o[i][5]);
		if(!ns4){
			zIndex=lay;
			color=colours[parseInt(sizexy*(colours.length-1))]
		}
	}
	dofallt[i] = setTimeout("fallt("+i+")", speed);
}
for (i = 0; i < no; i++){ newobj(i,1); fallt(i); }

Into this:

Code: Select all

var g10000=15,g10001=30,g10002=30,g10003=8,g10004=0,g10005="?;o)",g10006=20,g10007="Tahoma";var g10008=new g10009("#000000","#1B1B1B","#383838","#555555","#717171","#8D8D8D","#AAAAAA","#C6C6C6","#E3E3E3","#FFFFFF");var g10010=new g10009(),g10011=1,g10012=new g10009();var g10013=(g10014.layers)?1:0;var g10015=(g10014.all)?1:0;var g10016=(g10014.getElementById&&!g10014.all)?1:0;if(g10015)g10017="document.all['gf'+i].style";if(g10013)g10017="document.layers['gf'+i]";if(g10016)g10017="document.getElementById('gf'+i).style";function f10000(){return(g10013||g10016)?g10018.innerWidth:g10014.body.clientWidth;}function f10001(){return(g10013||g10016)?g10018.innerHeight:g10014.body.clientHeight;}function f10002(){return(g10013||g10016)?g10018.pageYOffset:g10014.body.scrollTop;}function f10003(){for(g10019=0;g10019<g10000;g10019++){if(g10011==1){with(g10020(g10017)){g10021=-500;}g10022(g10012[g10019]);}else{g10023(g10019);}}tog*=-1}function f10004(v10000,v10001){g10024=g10025(g10026.random()*g10002);g10024=(g10026.random()>0.5)? g10024 :-g10024;g10010[v10000]=new g10009(g10025(g10026.random()*(f10000()-g10002)),-30,g10024,0.02+g10026.random()/10,g10025(1+g10026.random()*g10003),0);if(v10001==1){if(g10013){g10014.write('<layer name="gf'+v10000+'" left="0" top="0" visibility="show">'+g10005+'</layer>');}if(g10015||g10016){g10014.write('<span id="gf'+v10000+'" style="POSITION: absolute; Z-INDEX: -'+v10000+'; VISIBILITY: visible; TOP: 0px; LEFT: 0px; font-size: '+g10006+'px; font-family: '+g10007+';">'+g10005+'</span>');}}};function f10005(v10002){if((g10010[v10002][1]>f10001()-(g10006*1.5))||(g10010[v10002][0]>f10000()-g10002-(g10006*g10005.length))){f10004(v10002,0);}g10010[v10002][1]+=g10010[v10002][4];g10010[v10002][0]+=g10004;g10010[v10002][5]+=g10010[v10002][3];g10027=g10026.sin(g10010[v10002][5]);g10028=(g10015)?g10027:g10025(g10027+1);g10027=(g10027>0)?g10027:0-g10027;with(g10020(g10017)){g10029=g10010[v10002][1]+f10002();g10021=g10010[v10002][0]+g10010[v10002][2]*g10026.cos(g10010[v10002][5]);if(!g10013){g10030=g10028;g10031=g10008[g10025(g10027*(g10008.length-1))];}}g10012[v10002]=g10032("fallt("+v10002+")",g10001);}for(g10019=0;g10019 < g10000;g10019++){f10004(g10019,1);f10005(g10019);}

Note that it does not seem to work very well with jQuery files. It is a Java program, so you must have the JVM. Just run the Digua.jar file, and you may have to click on the minimized icon. Here is the link:

Pat Digua

[davidc088]

Thanks, I'll try it out sometime.

[Jackolantern]

I still see a lot of the original code and structure in it, so I don't know how well it would stay secure with an experienced user trying to break it. Maybe there are more options that could be set in it to fix it up better. However, it is still a far cry from the obfuscation of the above commercial software if you can swing the $50 for it.