DEV Community

Adam Roynon
Adam Roynon

Posted on

What is Code Obfuscation?

Code obfuscation is a way to disguise what code is actually doing while still allowing the code to be compiled or interpreted. Obfuscating code can be used to make it harder for someone else to understand and read the code. Imagine you're writing code that you don't want to be stolen, such as a proprietary project, you could obfuscate the source code which would make it more difficult for someone else to steal.

The below code snippet shows a function being declared in JavaScript and then called. All this code does is print the string value "Hello John" to the developer console. This code is not obfuscated, so it can be read and understood by anyone who understands JavaScript.

function hello(name){
    console.log("Hello " + name)
}
hello("John");
Enter fullscreen mode Exit fullscreen mode

A simple way to obfuscate code would be to change the variable and function names to letters. This would make the code harder to read but not impossible. The code below the same as the above snippet but with the variable and function names changed. it is still quite easy to read and understand. Imagine applying this obfuscation to a larger file of code, so that there are many different variables and functions to keep track of and follow.

function a(b){
    console.log("Hello " + b);
}
a("John");
Enter fullscreen mode Exit fullscreen mode

We could also take this obfuscated code and put it all in one line and remove all the unneeded whitespace from the source code. This makes it slightly harder to read and track, as now you need to figure out where the brackets start and end, which is harder to do without the indentation and separation of lines. Again, with this small example, even this obfuscated code is still quite easy to read and understand.

function a(b){console.log("Hello "+b);}a("John");
Enter fullscreen mode Exit fullscreen mode

There are many different ways to obfuscate code. The important thing to remember with obfuscation is that the code is still executable, the above examples can all be executed and will all result in the same output to the console. String encryption could be used to hide the values of a string within source code, so that they are not readable. Changing the control flow can make the code more complicated to follow but still result in the same output. You could also put in dummy code, that doesn't do anything, or any other method that makes the code harder to read.

The below code is the same as all the other examples, it prints the string "Hello John" to the console, but a more complicated obfuscation has been applied to the source code. If you take this code and executed within a browser you will see that it results in the same output, as that is the point of obfuscation. It makes the code harder to read and understand but can still be executed and run without having the be changed beforehand.

var _0x550c=['log','Hello\x20','John'];(function(_0xb479be,_0x4bb6ab){var _0x44c2ed=function(_0x39774b){while(--_0x39774b){_0xb479be['push'](_0xb479be['shift']());}};_0x44c2ed(++_0x4bb6ab);}(_0x550c,0x1e6));var _0x56ae=function(_0x53c015,_0x1de9bd){_0x53c015=_0x53c015-0x0;var _0x525622=_0x550c[_0x53c015];return _0x525622;};function hello(_0x4b81bb){console[_0x56ae('0x0')](_0x56ae('0x1')+_0x4b81bb);}hello(_0x56ae('0x2'));
Enter fullscreen mode Exit fullscreen mode

This article was originally published at https://acroynon.com

Top comments (0)