Tuesday, March 18, 2014

Packing and Obfuscating Javascript Files, and also Deobfuscation

I personally wrote a thesis about Java obfuscation. Really. Anyway, this post would talk about Javascript file packing. There are several benefits of doing the packing process :
  • Minimizing the javascript file size, therefore speeding up the website download time for users using mobile device and less-than-3G bandwidths
  • Obfuscating the content of the javascript file, keeping unwanted eyes or parties (such as your client) from reading your source code. You might have spend much time and effort writing them so you don't want anyone to easily copy and modify your works.
But in some organization, like where I worked, needed to change the source code now and then. Normally we include a contract clause such as these "full source code of the application built must be given to the company that paid for the programming work". But sometimes we forgot to state the clause, or we might forgot to remind the programmer about the clause, leaving us without the original source code, and only two or three days to modify the application before it must went live/production.
This post would discuss about pack/unpack process using Dean Edward's Packer (http://dean.edwards.name/packer/). The obfuscation level is actually pretty weak, and the packing process is more similar to source code encoding technique rather than obfuscation techniques.


Packing Process

To pack a Javascript file, we could use .NET application provided in Dean Edward's site or to use the online packer found in this url. The resulting string could be pasted into a

No comments: