Open dooleyb1 opened 4 years ago
AustinZuniga
commented
4 years ago I solved this by modifying obfuscatingTransformer.js in node_modules\react-native-obfuscating-transformer\dist\
change
fs.writeFileSync(path.join(emitDir, filename), code);to
fs.writeFileSync(path.join(emitDir, filename), obfuscateCode_1.obfuscateCode(code, obfuscatorOptions));it seems the author forgot to modify this one.
dooleyb1
commented
4 years ago I solved this by modifying obfuscatingTransformer.js in node_modules\react-native-obfuscating-transformer\dist\
change
fs.writeFileSync(path.join(emitDir, filename), code);to
fs.writeFileSync(path.join(emitDir, filename), obfuscateCode_1.obfuscateCode(code, obfuscatorOptions));it seems the author forgot to modify this one.
@AustinZuniga thanks man that worked perfectly for the individual obfuscated files, however it still seems to have no effect on the overall bundle.js file. Any idea?
AustinZuniga
commented
4 years ago I solved this by modifying obfuscatingTransformer.js in node_modules\react-native-obfuscating-transformer\dist\ change
fs.writeFileSync(path.join(emitDir, filename), code);to
fs.writeFileSync(path.join(emitDir, filename), obfuscateCode_1.obfuscateCode(code, obfuscatorOptions));it seems the author forgot to modify this one.
@AustinZuniga thanks man that worked perfectly for the individual obfuscated files, however it still seems to have no effect on the overall
bundle.jsfile. Any idea?
I noticed that one too. Try comparing bundle.js with and without using react-native-obfuscating-transformer. Use a JS code beautifier and diff file tool to see the difference. It seems react-native-obfuscating-transformer is working by obfuscating the code, but the identifier names not turning into hexadecimal or mangled algorithm. Maybe it has something to do with metro transformer
dooleyb1
commented
4 years ago I solved this by modifying obfuscatingTransformer.js in node_modules\react-native-obfuscating-transformer\dist change
fs.writeFileSync(path.join(emitDir, filename), code);to
fs.writeFileSync(path.join(emitDir, filename), obfuscateCode_1.obfuscateCode(code, obfuscatorOptions));it seems the author forgot to modify this one.
@AustinZuniga thanks man that worked perfectly for the individual obfuscated files, however it still seems to have no effect on the overall
bundle.jsfile. Any idea?I noticed that one too. Try comparing bundle.js with and without using react-native-obfuscating-transformer. Use a JS code beautifier and diff file tool to see the difference. It seems react-native-obfuscating-transformer is working by obfuscating the code, but the identifier names not turning into hexadecimal or mangled algorithm. Maybe it has something to do with metro transformer
Yeah I can see from looking at the bundle.js that the code has definitely been changed and obfuscated a bit. Would just love for the identifier names to turn into the hexadecimal hash. Will leave this issue open and see if anyone can help. Thanks 👍
filippoitaliano
commented
4 years ago Hi! I tried several set of options with the same result: no obfuscation. I can see some differences between the original bundle and the obfuscated one but essentially nothing about stringsArray or selfDefence for instance. I can see the logs during bundling phase and I get the "obfuscated" files saved alongside the original ones so I assume the module is correctly integrated in metro config. The last configuration I experimented with is identical to the one shown by @dooleyb1 and the result is the same.
adevfromhere
commented
4 years ago Hi! I tried several set of options with the same result: no obfuscation. I can see some differences between the original bundle and the obfuscated one but essentially nothing about stringsArray or selfDefence for instance. I can see the logs during bundling phase and I get the "obfuscated" files saved alongside the original ones so I assume the module is correctly integrated in metro config. The last configuration I experimented with is identical to the one shown by @dooleyb1 and the result is the same.
Yep, seeing the same...
adevfromhere
commented
4 years ago I believe I found the root cause as to why variable / property and function names are not being obfuscated. Metrobundler transforms each javascript file independantly, and in obfuscateCode.js only Obfuscator.obfuscate is called, which leads me to believe that as each file is transformed, they don't have ref to all the objects to fully obfuscate.
The docs for javascript-obfuscator/javascript-obfuscator state that Obfuscator.obfuscateMultiple should be called.
dooleyb1
commented
4 years ago I believe I found the root cause as to why variable / property and function names are not being obfuscated. Metrobundler transforms each javascript file independantly, and in obfuscateCode.js only Obfuscator.obfuscate is called, which leads me to believe that as each file is transformed, they don't have ref to all the objects to fully obfuscate.
The docs for javascript-obfuscator/javascript-obfuscator state that Obfuscator.obfuscateMultiple should be called.
Have you tried changing the Obfuscator.obfuscate to Obfuscator.obfuscateMultiple method and seeing if it works?
adevfromhere
commented
4 years ago Not yet, it will take some time to figure out how to map all my flow objects to obfuscateMultiple.
adevfromhere
commented
4 years ago I won't have time to look into this until late next week (and I can't promise I will have time.)
In a nutshell I believe that obfuscateCode.js should be calling Obfuscator.obfuscateMultiple instead of Obfuscator.obfuscate.
Another thing to take into consideration is that some RN projects use Flow vs TypeScript. I'd only look into creating a patch that works with Flow, if applicable.
filippoitaliano
commented
4 years ago I still have flow types in a lot of legacy modules for instance. I'll migrate but progressively during functional refactoring not because I have typing issues.
dooleyb1
commented
4 years ago @filippoitaliano @TraneKJ @AustinZuniga Hey guys, have any of yous managed to get anywhere? Still no luck on my side.
filippoitaliano
commented
4 years ago Nowhere, I'm sorry! I abandoned obfuscation for now. This lib seems to be one of the most comprehensive out there but I didn't manage to make it work.
adevfromhere
commented
4 years ago No progress, my team had me do a POC with Jscrambler first, which I've done, and it works great, but for a heafty price-tag. The company I work for is now weighing the options of paying Jscrambler the annual subscription fee to handle obfuscation / anti-tampering, or giving me a work-item to fix what's broken in this open source library. I wont know for another 2 week if they choose the latter, if they do I will let this thread know.
barak109
commented
4 years ago @dooleyb1 @TraneKJ @filippoitaliano @AustinZuniga Any advise guys? doesn't work for me either
dooleyb1
commented
4 years ago @dooleyb1 @TraneKJ @filippoitaliano @AustinZuniga Any advise guys? doesn't work for me either
None yet unfortunately
Quantum-35
commented
4 years ago @adevfromhere What option did you go with?
whoami-shubham
commented
4 years ago try this plugin https://www.npmjs.com/package/obfuscator-io-metro-plugin
Karthi27p
commented
3 years ago try this plugin https://www.npmjs.com/package/obfuscator-io-metro-plugin
Can we use the source map generated by the obfuscator-io-metro-plugin to de obfuscate and symbolicate the line of crash in react native
hannigand
commented
3 years ago @dooleyb1 did you manage to resolve this? If not, did you use an alternative solution?
My files don't appear to be obfuscated at all.
Original file:
const App: React.FC = () => {
const myApiKey = 'foo';
console.log(myApiKey);Obfuscated file:
var App = function App() {
var myApiKey = 'foo';
console.log(myApiKey);With the following packages
"metro-react-native-babel-preset": "^0.59.0",
"react-native-typescript-transformer": "^1.2.13",
"react-native-obfuscating-transformer": "^1.0.0",
"react-native": "0.63.3",@dooleyb1 did you manage to resolve this? If not, did you use an alternative solution?
My files don't appear to be obfuscated at all.
Original file:
const App: React.FC = () => { const myApiKey = 'foo'; console.log(myApiKey);Obfuscated file:
var App = function App() { var myApiKey = 'foo'; console.log(myApiKey);With the following packages
"metro-react-native-babel-preset": "^0.59.0", "react-native-typescript-transformer": "^1.2.13", "react-native-obfuscating-transformer": "^1.0.0", "react-native": "0.63.3",
@hannigand No unfortunately I gave up attempting to implement obfuscation on my files and have not re-attempted since.
I have spent a good while playing around with multiple options and examples and can't seem to get it to work. My setup is the following:
metro.config.js
transformer.js
The command I am using to build the output js bundle for testing is the following:
npx react-native bundle --entry-file=index.js --bundle-output='./bundle.js' --dev=false --platform='ios' --assets-dest='./ios' --reset-cacheI can see the output from stdout of the transformer logging which files are being obfuscated, however when I look at the entire bundle and even the sub obfuscated files, the variable names and function calls are not encrypted.
Below is an example of a before and after obfuscation:
Before (screens.js):
After (screens.obfuscated.js):