【導(dǎo)語】：一個(gè)開源的代碼混淆器，能將 JS 代碼混淆成可讀性低的代碼。

簡介

JavaScript Obfuscator 是一款功能強(qiáng)大的免費(fèi) JavaScript 混淆器，包含多種功能，能將代碼混淆成可讀性低的代碼，看上去是難以閱讀的代碼，其實(shí)具備和之前代碼一樣的功能，從而起到保護(hù)代碼的作用。

原代碼：

function hi() {console.log("Hello World!"); } hi(); 復(fù)制代碼

混淆后代碼：

function _0x5737(){var _0x3de046=['13797910djQtgr','202NzEpzv','2273TLhUKk','6976590XeTkcs','4633335tPFIvf','460SzVdaa','1260225mbbZER','49056QtXjli','1736NJoeHX','42116DYgHBM'];_0x5737=function(){return _0x3de046;};return _0x5737();}function _0x5e71(_0x1e04fb,_0x168fdd){var _0x57378a=_0x5737();return _0x5e71=function(_0x5e7194,_0x30106f){_0x5e7194=_0x5e7194-0xb6;var _0x3c5c20=_0x57378a[_0x5e7194];return _0x3c5c20;},_0x5e71(_0x1e04fb,_0x168fdd);}(function(_0x41d572,_0x45db5e){var _0x306ede=_0x5e71,_0x408f15=_0x41d572();while(!![]){try{var _0x4c3c37=-parseInt(_0x306ede(0xbb))/0x1*(parseInt(_0x306ede(0xba))/0x2)+-parseInt(_0x306ede(0xbd))/0x3+parseInt(_0x306ede(0xb8))/0x4*(parseInt(_0x306ede(0xbe))/0x5)+-parseInt(_0x306ede(0xbc))/0x6+-parseInt(_0x306ede(0xb6))/0x7*(-parseInt(_0x306ede(0xb7))/0x8)+-parseInt(_0x306ede(0xbf))/0x9+parseInt(_0x306ede(0xb9))/0xa;if(_0x4c3c37===_0x45db5e)break;else _0x408f15['push'](_0x408f15['shift']());}catch(_0x8596b2){_0x408f15['push'](_0x408f15['shift']());}}}(_0x5737,0xc1743));function hi(){console['log']('Hello\x20World!');}hi(); 復(fù)制代碼

主要特點(diǎn)：

• 變量重命名
• 字符串提取和加密
• 隨機(jī)添加無用代碼進(jìn)行混淆
• 控制流扁平化
• 各種代碼轉(zhuǎn)換 ...

支持的插件：

• Webpack 插件: webpack-obfuscator
• Webpack loader: obfuscator-loader
• Gulp: gulp-javascript-obfuscator
• Grunt: grunt-contrib-obfuscator
• Rollup: rollup-plugin-javascript-obfuscator
• Weex: weex-devtool
• Malta: malta-js-obfuscator
• Netlify 插件: netlify-plugin-js-obfuscator

項(xiàng)目地址是：

github.com/javascript-…

安裝使用

使用 Yarn 或 Npm 安裝

// yarn 安裝 $ yarn add --dev javascript-obfuscator // npm 安裝 $ npm install --save-dev javascript-obfuscator 復(fù)制代碼

CDN 引入

<script src="https://cdn.jsdelivr.net/npm/javascript-obfuscator/dist/index.browser.js"></script> 復(fù)制代碼

用法

簡單示例

var JavaScriptObfuscator = require('javascript-obfuscator');var obfuscationResult = JavaScriptObfuscator.obfuscate(`(function(){var variable1 = '5' - 3;var variable2 = '5' + 3;var variable3 = '5' + - '2';var variable4 = ['10','10','10','10','10'].map(parseInt);var variable5 = 'foo ' + 1 + 1;console.log(variable1);console.log(variable2);console.log(variable3);console.log(variable4);console.log(variable5);})();`,{compact: false,controlFlowFlattening: true,controlFlowFlatteningThreshold: 1,numbersToExpressions: true,simplify: true,stringArrayShuffle: true,splitStrings: true,stringArrayThreshold: 1} );console.log(obfuscationResult.getObfuscatedCode()); 復(fù)制代碼

輸出結(jié)果：

var _0x9947 = ['map','log','foo\x20','bvmqO','133039ViRMWR','xPfLC','ytpdx','1243717qSZCyh','2|7|4|6|9|','1ErtbCr','1608314VKvthn','1ZRaFKN','XBoAA','423266kQOYHV','3|0|5|8|1','235064xPNdKe','13RUDZfG','157gNPQGm','1639212MvnHZL','rDjOa','iBHph','9926iRHoRl','split' ]; function _0x33e4(_0x1809b5, _0x37ef6e) {return _0x33e4 = function (_0x338a69, _0x39ad79) {_0x338a69 = _0x338a69 - (0x1939 + -0xf * 0x1f3 + 0x1 * 0x469);var _0x2b223a = _0x9947[_0x338a69];return _0x2b223a;}, _0x33e4(_0x1809b5, _0x37ef6e); } (function (_0x431d87, _0x156c7f) {var _0x10cf6e = _0x33e4;while (!![]) {try {var _0x330ad1 = -parseInt(_0x10cf6e(0x6c)) * -parseInt(_0x10cf6e(0x6d)) + -parseInt(_0x10cf6e(0x74)) * -parseInt(_0x10cf6e(0x78)) + parseInt(_0x10cf6e(0x6a)) + -parseInt(_0x10cf6e(0x70)) + parseInt(_0x10cf6e(0x6e)) * -parseInt(_0x10cf6e(0x75)) + parseInt(_0x10cf6e(0x72)) + -parseInt(_0x10cf6e(0x67)) * parseInt(_0x10cf6e(0x73));if (_0x330ad1 === _0x156c7f)break;else_0x431d87['push'](_0x431d87['shift']());} catch (_0x9f878) {_0x431d87['push'](_0x431d87['shift']());}} }(_0x9947, -0xb6270 + 0x4dfd2 * 0x2 + 0x75460 * 0x2), function () {var _0x1f346d = _0x33e4, _0x860db8 = {'ytpdx': _0x1f346d(0x6b) + _0x1f346d(0x71),'bvmqO': function (_0x560787, _0x519b9e) {return _0x560787 - _0x519b9e;},'rDjOa': function (_0x4501fe, _0x2b07a3) {return _0x4501fe + _0x2b07a3;},'xPfLC': function (_0x5f3c9b, _0x434936) {return _0x5f3c9b + _0x434936;},'XBoAA': function (_0x535b8a, _0x42eef4) {return _0x535b8a + _0x42eef4;},'iBHph': _0x1f346d(0x65)}, _0x346c55 = _0x860db8[_0x1f346d(0x69)][_0x1f346d(0x79)]('|'), _0x3bf817 = 0x4bb * 0x1 + 0x801 + -0xcbc;while (!![]) {switch (_0x346c55[_0x3bf817++]) {case '0':console[_0x1f346d(0x7b)](_0x4c96d8);continue;case '1':console[_0x1f346d(0x7b)](_0x101028);continue;case '2':var _0x65977d = _0x860db8[_0x1f346d(0x66)]('5', -0x586 + -0x2195 + -0x6 * -0x685);continue;case '3':console[_0x1f346d(0x7b)](_0x65977d);continue;case '4':var _0x56d39b = _0x860db8[_0x1f346d(0x76)]('5', -'2');continue;case '5':console[_0x1f346d(0x7b)](_0x56d39b);continue;case '6':var _0x544285 = ['10','10','10','10','10'][_0x1f346d(0x7a)](parseInt);continue;case '7':var _0x4c96d8 = _0x860db8[_0x1f346d(0x68)]('5', 0x622 * -0x6 + 0x4a * 0x3 + 0x1 * 0x23f1);continue;case '8':console[_0x1f346d(0x7b)](_0x544285);continue;case '9':var _0x101028 = _0x860db8[_0x1f346d(0x6f)](_0x860db8[_0x1f346d(0x6f)](_0x860db8[_0x1f346d(0x77)], 0x6fb * 0x5 + 0x1ebf * 0x1 + -0x41a5), 0x209 * 0xa + 0x1314 + -0x276d);continue;}break;} }()); 復(fù)制代碼

obfuscate(sourceCode, options) 方法

該方法返回的對象 ObfuscationResult 包含以下公共方法：

• getObfuscatedCode()- 返回混淆后的代碼字符串（對 ObfuscationResult 對象調(diào)用 toString() 方法也將返回混淆代碼）；
• getSourceMap()- 如果 sourceMapMode 選項(xiàng)設(shè)置為 inline，則返回原代碼或空字符串；
• getIdentifierNamesCache()- 如果 identifierNamesCache 選項(xiàng)為啟用，則返回帶有標(biāo)識(shí)符名稱的緩存對象，否則返回 null。

該方法包含兩個(gè)參數(shù)：

• sourceCode(string, default:null) – 字符串原代碼；
• options(Object, default:null) – 可選的設(shè)置選項(xiàng) options 對象，具體有：

{compact: true,controlFlowFlattening: false,controlFlowFlatteningThreshold: 0.75,deadCodeInjection: false,deadCodeInjectionThreshold: 0.4,debugProtection: false,debugProtectionInterval: false,disableConsoleOutput: false,domainLock: [],domainLockRedirectUrl: 'about:blank',forceTransformStrings: [],identifierNamesCache: null,identifierNamesGenerator: 'hexadecimal',identifiersDictionary: [],identifiersPrefix: '',ignoreRequireImports: false,inputFileName: '',log: false,numbersToExpressions: false,optionsPreset: 'default',renameGlobals: false,renameProperties: false,renamePropertiesMode: 'safe',reservedNames: [],reservedStrings: [],seed: 0,selfDefending: false,simplify: true,sourceMap: false,sourceMapBaseUrl: '',sourceMapFileName: '',sourceMapMode: 'separate',sourceMapSourcesMode: 'sources-content',splitStrings: false,splitStringsChunkLength: 10,stringArray: true,stringArrayIndexesType: ['hexadecimal-number'],stringArrayEncoding: [],stringArrayIndexShift: true,stringArrayRotate: true,stringArrayShuffle: true,stringArrayWrappersCount: 1,stringArrayWrappersChainedCalls: true,stringArrayWrappersParametersMaxCount: 2,stringArrayWrappersType: 'variable',stringArrayThreshold: 0.75,target: 'browser',transformObjectKeys: false,unicodeEscapeSequence: false } 復(fù)制代碼

obfuscateMultiple(sourceCodesObject, options) 方法

sourceCodesObject 是字典鍵值對象，其中鍵是源代碼的標(biāo)識(shí)符，值是原代碼：

{foo: 'var foo = 1;',bar: 'var bar = 2;' } 復(fù)制代碼

該方法也返回一個(gè)字典鍵值對象，其鍵是原代碼的標(biāo)識(shí)符，值是 ObfuscationResult對象。

命令行使用

混淆單個(gè)文件

帶有 .js 擴(kuò)展名的單個(gè)文件的混淆：

javascript-obfuscator input_file_name.js [options] javascript-obfuscator input_file_name.js --output output_file_name.js [options] javascript-obfuscator input_file_name.js --output output_folder_name [options] javascript-obfuscator input_folder_name --output output_folder_name [options] 復(fù)制代碼

如果沒有使用 --output 指定輸出路徑，則混淆后的結(jié)果文件將存放到輸入文件的目錄中：

// 這會(huì)創(chuàng)建一個(gè)新文件 samples/sample-obfuscated.js javascript-obfuscator samples/sample.js --compact true --self-defending false// 這會(huì)創(chuàng)建一個(gè)新文件 output/output.js javascript-obfuscator samples/sample.js --output output/output.js --compact true --self-defending false 復(fù)制代碼

遞歸混淆目錄下的文件

http://www.360doc.com/content/21/1104/07/46403850_1002672849.shtml
http://www.360doc.com/content/21/1107/21/46403850_1003191175.shtml
http://www.360doc.com/content/21/1107/21/46403850_1003190908.shtml

https://gitee.com/numerical-control-system
https://www.thinksaas.cn/user/space/50002/
https://zhuanlan.zhihu.com/p/430534517
https://zhuanlan.zhihu.com/p/430536898
https://zhuanlan.zhihu.com/p/430537972

混淆輸入目錄下的所有 .js 文件。如果目錄中包含已經(jīng)帶有 -obfuscated 后綴的混淆文件，則忽略這些文件。

// 輸出結(jié)果到 ./dist 同級目錄下帶有 obfuscated 后綴的目錄中 javascript-obfuscator ./dist [options]// 輸出結(jié)果到 ./dist/obfuscated 目錄中 javascript-obfuscator ./dist --output ./dist/obfuscated [options] // creates a folder structure with obfuscated files under `./dist/obfuscated` path 復(fù)制代碼

開源前哨 日常分享熱門、有趣和實(shí)用的開源項(xiàng)目。參與維護(hù) 10萬+ Star 的開源技術(shù)資源庫，包括：Python、Java、C/C++、Go、JS、CSS、Node.js、PHP、.NET 等。

總結(jié)

以上是生活随笔為你收集整理的一个强大的 JS 代码混淆工具的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。