#__pragma__(...) is obfuscated. How to prevent it?

[chopin]

#__pragma__ ('noanno') is obfuscated to #__pragma__ (l1l1lll1_opy_ (u"࠭࡮ࡰࡣࡱࡲࡴ࠭ੱ")) How can I prevent it from obfuscation? pragma is compiler sensitive command, and it causes an error if obfuscated.

By the way, thank you for building this useful tool too. I was looking for a useful Python obfuscator for a long time. I will be really happy if this tool works for my source code.

[chopin]

I tested on small test code, but the obfuscated pragma () line compiled without an error. It seems that it produces an error only in a certain situations.

[chopin]

When I erased the line including pragma , Transcrypt threw another error in the new pragma . Following is the python source:

api = __pragma__ ('js',
    '{}',
    'BABYLON'
)

Following is the obfuscated code producing an error

l1lll1ll1ll1_opy_ = __pragma__ (l1l111l1_opy_ (u"ࠧ࡫ࡵࠪੲ"),
    l1l111l1_opy_ (u"ࠨࡽࢀࠫੳ"),
    l1l111l1_opy_ (u"ࠩࡅࡅࡇ࡟ࡌࡐࡐࠪੴ")
)

I checked the argument('l1l111l1opy '). It is a function existing in the file, and it looks ok. The error message doesn't say anything helping except the line number.

I think that Transcrypt fails recognizing pragma (). after obfuscated

[JdeH]

Hi!

So you're using Opy and Transcrypt in combination... I hadn't anticipated that, thought minifiation would do the trick well enough...

But... It probably can be solved, from my head: -Switch off string obfuscation altogether, it doesn't offer much protection anyhow. -Add \_\_pragma\_\_ to the list of names that shouldn't be obfuscated.

I've never tried Opy and Transcrypt together, though. I only use Opy (intensively) for the CPython code I write for my profession. Curious about your results. BTW l1l111l1_opy_ is the string deobfuscator function.

Keep me informed. Maybe some small alterations to Opy are required to spare the __pragma__'s. But as said you may get by with just switching of string obfuscation.

Kind regards Jacques

[chopin]

Transcrypt throws an syntax error on \_\_pragma\_\_. As you can see above pragma() is used in outside comment too.

As to minification, do you mean Pyminfier? Does it support multi module? Please give me a recommendation about a good minifier. I thought that Pyminifier and most other free obfuscators worked only in a single file.

Due to the issue of source protection of Javascript, I thought that it was ok even if Transcrypt produces unreadable code. I don't really want to read translated Javascript code, and actually I don't have to apply obfuscation if unreadable. But, Transcrypt is producing clean readable Javascript, so I need obfuscation.

[JdeH]

I don't mean using Pyminifier. It wasn't usable for me. I mean that the minified JavaScript that Transcrypt produces in the .min.js files, is hard to read anyhow and may not need any further obfuscation.

Currently I think Opy is the best Python minifier around, I wrote it because I could not find anything else. Have you tried Opy while setting string obfuscation to False in the config file? Does that work for you?

[chopin]

I didn't know generated *.min.js files are obfuscated already. I looked at the files, it was good enough. Problem solved. Thank you again!

[JdeH]

They are not really deliberately obfuscated, but the result isn't too easy to read... Take care not to include sourcemaps however, so don't use the -m switch.

[chopin]

Does .min.js file include source information if compiled with -m switch? I thought that source map created with -m switch was stored in .map files. Is it still not safe to distribute only *.min.js file if compiled with -m switch?

[JdeH]

No, the .min.js file doesn't contain source information, it only contains a link to where the sourcemap should be on the server. And the sourcemap (a different file) contains info about the sourcefiles. But if you only distribute the *.min.js file, this link is worthless (or rather: harmless).

About the .min.js file: It is generated by the Google Closure compiler, and its purpose is minification, not obfuscation. So its obscurity is a side effect. In very critical cases it may not be obscure enough. E.g. not all names are mangled and there are tools around that format it neatly as indendented "pretty" source (with the mangled names, that is).