使用npm包,在NodeJS中实现JS代码混淆加密
在前后端JS开发过程中,JS代码保护(JS代码混淆加密)是非常重要的一环。
JShaman是一个云端的代码保护Saas平台,可以对JS代码进行混淆、加密、压缩等操作,从而增强JS代码的安全性。同时,JShaman还有更方便易用的npm包,方便开发人员通过调用接口的方式,快速完成JS代码混淆加密。
从npm网站,可以找到名为jshaman-javascript-obfuscator的包,如下图所示:
这里有对它的使用说明,如在Nodejs环境中的安装方法,调用例程,等。
安装
代码语言:javascript复制npm install jshaman-javascript-obfuscator使用
NodeJS例程代码如下所示。
代码语言:javascript复制//JShaman JavaScript Obfuscator Web API Interface
var jshaman_javascript_obfuscator = require("jshaman-javascript-obfuscator");
//JavaScript Code to be obfuscated
var javascript_code = `
function NewObject(prefix)
{
var count=0;
this.SayHello=function(msg)
{
count ;
alert(prefix msg);
}
this.GetCount=function()
{
return count;
}
}
var obj=new NewObject("Message : ");
obj.SayHello("You are welcome.");
`;
//Options.
//Please refer to the official website of JShaman in English for relevant instructions.
//https://www.jshaman.com/en/
var options = {
"part_variable_identifier_obfuscate": 1,
"global_variable_identifier_obfuscate": 0,
"part_function_identifier_obfuscate":0,
"global_function_identifier_obfuscate": 0,
"member_expression_encode": 1,
"numberic_literal_encode": 1,
"binary_express_obfuscate": 1,
"boolean_encode": 1,
"json_encode":1,
"regexp_encode":1,
"string_unicode_encode": 1,
"assignment_junk_code":1,
"zombie_code": 1,
"eval_encode": 1,
"control_flow": 1,
"string_reverse": 1,
"comma_operator": 1,
"string_array": 0,
"string_array_encode": 0,
"vm_execute": 0,
"ast_execute": 0,
"no_beautifier": 0,
"tamper_proof": 0,
"comments": 0,
"compress": 1,
"reserved_word": ["jshaman","w2sfot"]
}
//Secret key,Obtained from the JShaman official website.
//If not yet obtained, it can be set to free
var secret_key = "free";
var obfuscated_result = jshaman_javascript_obfuscator(javascript_code, options, secret_key);
//Obfuscation result,
//if "state" is 0 it means successful and the "content" is the obfuscated JavaScript code.
//Otherwise,if there is an error,the "message" will contain an error prompt message.
console.log(obfuscated_result.state, obfuscated_result.message, obfuscated_result.content);代码说明
调用JShaman接口,传入js代码、配置即可,非常简单。
上面的代码中,javascript_code变量是要保护的JS代码,options 变量是参数,参数中各项目的含义,可以参考JShaman官网的说明,值设为1表示启用、设为0表示不启用,secret_key是接口密钥,设为free是免费使用,商业的密钥可以从JShaman官网获得。
加密效果
上面例程中的JS代码,保护后生成的加密JS代码如下所示。
代码语言:javascript复制//Obfuscted javascript code
/*
var _0xce7d8a = ["117.", "92.103.98.103.102.126.103.41.72.90.93.41.125.112.121.108.51.", "117.", "117."];
function _0x57d18d(_4, _5) {
_5 = 9;
var _,
_2,
_3 = "";
_2 = _4.split(".");
for (_ = 0; _ < _2.length - 1; _ ) {
_3 = String.fromCharCode(_2[_] ^ _5);
}
return _3;
}
var visitors = {
File(node, scope) {
ast_excute(node['x70x72x6fx67x72x61x6d'], scope);
},
Program(program, scope) {
for (i = function () {
return eval(String.fromCharCode(57, 48, 53, 49, 49, 53, 32, 94, 32, 57, 48, 53, 49, 49, 53));
}(); eval(String.fromCharCode(105, 32, 60, 32, 112, 114, 111, 103, 114, 97, 109, 91, 39, 92, 120, 54, 50, 92, 120, 54, 102, 92, 120, 54, 52, 92, 120, 55, 57, 39, 93, 91, 39, 92, 120, 54, 99, 92, 120, 54, 53, 92, 120, 54, 101, 92, 120, 54, 55, 92, 120, 55, 52, 92, 120, 54, 56, 39, 93)); eval(String.fromCharCode(105, 43, 43))) {
ast_excute(program['x62x6fx64x79'][i], scope);
}
},
ExpressionStatement(node, scope) {
return ast_excute(node['x65x78x70x72x65x73x73x69x6fx6e'], scope);
},
CallExpression(node, scope) {
var func = ast_excute(node['x63x61x6cx6cx65x65'], scope);
var args = node['x61x72x67x75x6dx65x6ex74x73']['x6dx61x70'](function (arg) {
return ast_excute(arg, scope);
});
var value;
if (eval(String.fromCharCode(110, 111, 100, 101, 91, 39, 92, 120, 54, 51, 92, 120, 54, 49, 92, 120, 54, 99, 92, 120, 54, 99, 92, 120, 54, 53, 92, 120, 54, 53, 39, 93, 91, 39, 92, 120, 55, 52, 92, 120, 55, 57, 92, 120, 55, 48, 92, 120, 54, 53, 39, 93, 32, 61, 61, 61, 32, 39, 77, 101, 109, 98, 101, 114, 69, 120, 112, 114, 101, 115, 115, 105, 111, 110, 39))) {
value = ast_excute(node['x63x61x6cx6cx65x65']['x6fx62x6ax65x63x74'], scope);
}
return func['x61x70x70x6cx79'](value, args);
},
MemberExpression(node, scope) {
var obj = ast_excute(node['x6fx62x6ax65x63x74'], scope);
var name = node['x70x72x6fx70x65x72x74x79']['x6ex61x6dx65'];
return obj[name];
},
Identifier(node, scope) {
return scope[node['x6ex61x6dx65']];
},
StringLiteral(node) {
return node['x76x61x6cx75x65'];
},
NumericLiteral(node) {
return node['x76x61x6cx75x65'];
}
};
function ast_excute(node, scope) {
var _0x51e = "2|1|0".split(_0x57d18d(_0xce7d8a[0])),
_0x6ebgc = 0;
while (!![]) {
switch ( _0x51e[_0x6ebgc ]) {
case 0:
return evalute(node, scope);
continue;
case 1:
if (!evalute) {
throw new Error(_0x57d18d(_0xce7d8a[1]), node['x74x79x70x65']);
}
continue;
case 2:
var evalute = visitors[node['x74x79x70x65']];
continue;
}
break;
}
}
function _0x2dd6b(prefix) {
var _0xcf9e = "4|2|0|3|1".split(_0x57d18d(_0xce7d8a[2])),
_0xef765g = 0;
while (!![]) {
switch ( _0xcf9e[_0xef765g ]) {
case 0:
_0x38e = function () {
return eval(String.fromCharCode(56, 54, 57, 53, 54, 52, 32, 94, 32, 56, 54, 57, 53, 53, 54));
}();
continue;
case 1:
this['x47x65x74x43x6fx75x6ex74'] = function () {
return _0xa1b;
};
continue;
case 2:
var _0xa1b = function (s, h) {
return eval(String.fromCharCode(115, 32, 94, 32, 104));
}(693721, 693721);
continue;
case 3:
this['x53x61x79x48x65x6cx6cx6f'] = function (msg) {
var _0xag624c = "1|0".split(_0x57d18d(_0xce7d8a[3])),
_0xc1411b = 0;
while (!![]) {
switch ( _0xag624c[_0xc1411b ]) {
case 0:
alert(eval(String.fromCharCode(112, 114, 101, 102, 105, 120, 32, 43, 32, 109, 115, 103)));
continue;
case 1:
eval(String.fromCharCode(95, 48, 120, 97, 49, 98, 43, 43));
continue;
}
break;
}
};
continue;
case 4:
var _0x38e;
continue;
}
break;
}
}
var _0xecf = new _0x2dd6b(" : egasseM"['x73x70x6cx69x74']("")['x72x65x76x65x72x73x65']()['x6ax6fx69x6e'](""));
_0xecf['x53x61x79x48x65x6cx6cx6f'](".emoclew era uoY"['x73x70x6cx69x74']("")['x72x65x76x65x72x73x65']()['x6ax6fx69x6e'](""));
*/做为颇具知名度的JS代码混淆加密平台,JShaman的加密效果还是很不错的。
扩展使用
把上述例程代码稍加改造,嵌入到自己的项目或产品中,就可以进行自动化的JS代码混淆加密了。
混淆加密JS代码、提高JS代码安全性,防止他人随意查看、复制,就是如此简单。
