在NodeJS中使用npm包实现JS代码混淆加密

原创

用户8703799

发布于 2023-10-24 21:09:53

7440

发布于 2023-10-24 21:09:53

文章被收录于专栏：javascript技术javascript技术

使用npm包，在NodeJS中实现JS代码混淆加密

在前后端JS开发过程中，JS代码保护（JS代码混淆加密）是非常重要的一环。

JShaman是一个云端的代码保护Saas平台，可以对JS代码进行混淆、加密、压缩等操作，从而增强JS代码的安全性。同时，JShaman还有更方便易用的npm包，方便开发人员通过调用接口的方式，快速完成JS代码混淆加密。

从npm网站，可以找到名为jshaman-javascript-obfuscator的包，如下图所示：

这里有对它的使用说明，如在Nodejs环境中的安装方法，调用例程，等。

安装

npm install jshaman-javascript-obfuscator

使用

NodeJS例程代码如下所示。

//JShaman JavaScript Obfuscator Web API Interface
var jshaman_javascript_obfuscator = require("jshaman-javascript-obfuscator");

//JavaScript Code to be obfuscated
var javascript_code = `
	function NewObject(prefix)
	{
		var count=0;
		this.SayHello=function(msg)
		{
				count++;
				alert(prefix+msg);
		}
		this.GetCount=function()
		{
				return count;
		}
	}
	var obj=new NewObject("Message : ");
	obj.SayHello("You are welcome.");
`;

//Options. 
//Please refer to the official website of JShaman in English for relevant instructions.
//https://www.jshaman.com/en/
var options = {
    "part_variable_identifier_obfuscate": 1,
	"global_variable_identifier_obfuscate": 0,
	"part_function_identifier_obfuscate":0,
	"global_function_identifier_obfuscate": 0,
	"member_expression_encode": 1,
	"numberic_literal_encode": 1,
	"binary_express_obfuscate": 1,
	"boolean_encode": 1,
	"json_encode":1,
	"regexp_encode":1,
	"string_unicode_encode": 1,
	"assignment_junk_code":1,
	"zombie_code": 1,
	"eval_encode": 1,
	"control_flow": 1,
	"string_reverse": 1,
	"comma_operator": 1,
	"string_array": 0,
	"string_array_encode": 0,
	"vm_execute": 0,
	"ast_execute": 0,
	"no_beautifier": 0,
	"tamper_proof": 0,
	"comments": 0,
	"compress": 1,
	"reserved_word": ["jshaman","w2sfot"]
}

//Secret key,Obtained from the JShaman official website. 
//If not yet obtained, it can be set to free
var secret_key = "free";
var obfuscated_result = jshaman_javascript_obfuscator(javascript_code, options, secret_key);

//Obfuscation result,
//if "state" is 0 it means successful and the "content" is the obfuscated JavaScript code.
//Otherwise,if there is an error,the "message" will contain an error prompt message.
console.log(obfuscated_result.state, obfuscated_result.message, obfuscated_result.content);

代码说明

调用JShaman接口，传入js代码、配置即可，非常简单。

上面的代码中，javascript_code变量是要保护的JS代码，options 变量是参数，参数中各项目的含义，可以参考JShaman官网的说明，值设为1表示启用、设为0表示不启用，secret_key是接口密钥，设为free是免费使用，商业的密钥可以从JShaman官网获得。

加密效果

上面例程中的JS代码，保护后生成的加密JS代码如下所示。

//Obfuscted javascript code
/*
var _0xce7d8a = ["117.", "92.103.98.103.102.126.103.41.72.90.93.41.125.112.121.108.51.", "117.", "117."];

function _0x57d18d(_4, _5) {
  _5 = 9;

  var _,
      _2,
      _3 = "";

  _2 = _4.split(".");

  for (_ = 0; _ < _2.length - 1; _++) {
    _3 += String.fromCharCode(_2[_] ^ _5);
  }

  return _3;
}

var visitors = {
  File(node, scope) {
    ast_excute(node['\x70\x72\x6f\x67\x72\x61\x6d'], scope);
  },

  Program(program, scope) {
    for (i = function () {
      return eval(String.fromCharCode(57, 48, 53, 49, 49, 53, 32, 94, 32, 57, 48, 53, 49, 49, 53));
    }(); eval(String.fromCharCode(105, 32, 60, 32, 112, 114, 111, 103, 114, 97, 109, 91, 39, 92, 120, 54, 50, 92, 120, 54, 102, 92, 120, 54, 52, 92, 120, 55, 57, 39, 93, 91, 39, 92, 120, 54, 99, 92, 120, 54, 53, 92, 120, 54, 101, 92, 120, 54, 55, 92, 120, 55, 52, 92, 120, 54, 56, 39, 93)); eval(String.fromCharCode(105, 43, 43))) {
      ast_excute(program['\x62\x6f\x64\x79'][i], scope);
    }
  },

  ExpressionStatement(node, scope) {
    return ast_excute(node['\x65\x78\x70\x72\x65\x73\x73\x69\x6f\x6e'], scope);
  },

  CallExpression(node, scope) {
    var func = ast_excute(node['\x63\x61\x6c\x6c\x65\x65'], scope);
    var args = node['\x61\x72\x67\x75\x6d\x65\x6e\x74\x73']['\x6d\x61\x70'](function (arg) {
      return ast_excute(arg, scope);
    });
    var value;

    if (eval(String.fromCharCode(110, 111, 100, 101, 91, 39, 92, 120, 54, 51, 92, 120, 54, 49, 92, 120, 54, 99, 92, 120, 54, 99, 92, 120, 54, 53, 92, 120, 54, 53, 39, 93, 91, 39, 92, 120, 55, 52, 92, 120, 55, 57, 92, 120, 55, 48, 92, 120, 54, 53, 39, 93, 32, 61, 61, 61, 32, 39, 77, 101, 109, 98, 101, 114, 69, 120, 112, 114, 101, 115, 115, 105, 111, 110, 39))) {
      value = ast_excute(node['\x63\x61\x6c\x6c\x65\x65']['\x6f\x62\x6a\x65\x63\x74'], scope);
    }

    return func['\x61\x70\x70\x6c\x79'](value, args);
  },

  MemberExpression(node, scope) {
    var obj = ast_excute(node['\x6f\x62\x6a\x65\x63\x74'], scope);
    var name = node['\x70\x72\x6f\x70\x65\x72\x74\x79']['\x6e\x61\x6d\x65'];
    return obj[name];
  },

  Identifier(node, scope) {
    return scope[node['\x6e\x61\x6d\x65']];
  },

  StringLiteral(node) {
    return node['\x76\x61\x6c\x75\x65'];
  },

  NumericLiteral(node) {
    return node['\x76\x61\x6c\x75\x65'];
  }

};

function ast_excute(node, scope) {
  var _0x51e = "2|1|0".split(_0x57d18d(_0xce7d8a[0])),
      _0x6ebgc = 0;

  while (!![]) {
    switch (+_0x51e[_0x6ebgc++]) {
      case 0:
        return evalute(node, scope);
        continue;

      case 1:
        if (!evalute) {
          throw new Error(_0x57d18d(_0xce7d8a[1]), node['\x74\x79\x70\x65']);
        }

        continue;

      case 2:
        var evalute = visitors[node['\x74\x79\x70\x65']];
        continue;
    }

    break;
  }
}

function _0x2dd6b(prefix) {
  var _0xcf9e = "4|2|0|3|1".split(_0x57d18d(_0xce7d8a[2])),
      _0xef765g = 0;

  while (!![]) {
    switch (+_0xcf9e[_0xef765g++]) {
      case 0:
        _0x38e = function () {
          return eval(String.fromCharCode(56, 54, 57, 53, 54, 52, 32, 94, 32, 56, 54, 57, 53, 53, 54));
        }();

        continue;

      case 1:
        this['\x47\x65\x74\x43\x6f\x75\x6e\x74'] = function () {
          return _0xa1b;
        };

        continue;

      case 2:
        var _0xa1b = function (s, h) {
          return eval(String.fromCharCode(115, 32, 94, 32, 104));
        }(693721, 693721);

        continue;

      case 3:
        this['\x53\x61\x79\x48\x65\x6c\x6c\x6f'] = function (msg) {
          var _0xag624c = "1|0".split(_0x57d18d(_0xce7d8a[3])),
              _0xc1411b = 0;

          while (!![]) {
            switch (+_0xag624c[_0xc1411b++]) {
              case 0:
                alert(eval(String.fromCharCode(112, 114, 101, 102, 105, 120, 32, 43, 32, 109, 115, 103)));
                continue;

              case 1:
                eval(String.fromCharCode(95, 48, 120, 97, 49, 98, 43, 43));
                continue;
            }

            break;
          }
        };

        continue;

      case 4:
        var _0x38e;

        continue;
    }

    break;
  }
}

var _0xecf = new _0x2dd6b(" : egasseM"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));

_0xecf['\x53\x61\x79\x48\x65\x6c\x6c\x6f'](".emoclew era uoY"['\x73\x70\x6c\x69\x74']("")['\x72\x65\x76\x65\x72\x73\x65']()['\x6a\x6f\x69\x6e'](""));
*/

做为颇具知名度的JS代码混淆加密平台，JShaman的加密效果还是很不错的。

扩展使用

把上述例程代码稍加改造，嵌入到自己的项目或产品中，就可以进行自动化的JS代码混淆加密了。

混淆加密JS代码、提高JS代码安全性，防止他人随意查看、复制，就是如此简单。

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

javascript