Obfuscate code
-
I want to be able to obfuscate the source code of my mobile application, to make it difficult even partially to understand it.
Is there any way to do it? Thank you -
Don’t use javascript script if you need to obfuscate your work.
-
@gaguerrero Cross-posting my previous post in https://forum.quasar-framework.org/topic/4919/solved-how-to-achieve-obfuscation-like-https-obfuscator-io-in-cli
Use npm install --save-dev webpack-obfuscator.
Here’s a sample from my quasar.conf.js:
let JavaScriptObfuscator=require('webpack-obfuscator'); ... build:{ ... extendWebpack(cfg,{isServer,isClient}){ if(!ctx.dev&&!ctx.debug){ cfg.plugins.push(new JavaScriptObfuscator({ debugProtection: true, debugProtectionInterval: true, rotateStringArray: true, renameGlobals: true, stringArrayEncoding: 'rc4', stringArrayThreshold: 1 })); ... } ... } -
Thanks for your answer, I will try
-
You could make your app heavily rely on server responses then nobody can see all of your code.
-
Does anyone know how to exclude the vendor.js file from the obfuscation process? Thanks
-
@gaguerrero Quasar already uses Uglify.
build: { transpileDependencies: [], transformAssetUrls: {}, stylusLoaderOptions: {}, sassLoaderOptions: {}, scssLoaderOptions: {}, lessLoaderOptions: {}, env: {}, uglifyOptions: { compress: {}, mangle: {} } },You can change configuration with:
build: { uglifyOptions: { compress: {}, mangle: {} } },and looking at the docs: https://github.com/mishoo/UglifyJS
-
Thanks! works perfect, is it possible to exclude vendor.js file? I can’t tell by reading the uglify documentation.
-
I don’t think that is uglified by default. Because vendors.js comes from node_modules, some may already be obfuscated or compiled, etc. I think vendors.js is only assembled…
-
@gaguerrero Uglify doesn’t really obfuscate when mangling names, it only minifies.
Also, AFAIK vendor.js is not obfuscated by default.
