robertsLando
commented
2 years ago I don't understand why you need to obfuscate your code when pkg already compiles it to bytecode that it's even better
Closed OrionWambert closed 1 year ago
robertsLando
commented
2 years ago I don't understand why you need to obfuscate your code when pkg already compiles it to bytecode that it's even better
OrionWambert
commented
2 years ago I read somewhere that the executable generated by pkg is readable using a hexadecimal editor, I prefer to obfuscate it to add one more security
gtmsingh
commented
2 years ago It might not be the intent of the issue raised but the stacktrace created from these can expose the file names and node packages being used. This might be unexpected when sharing the executable with customers who should not be able to figure out these.
Stacktrace helps in debugging and in dev mode execution, but having a mode of creating binary which can further hide such info (obfuscate) would be very useful.
rigwild
commented
2 years ago Had the same issue. Try to tweak your javascript-obfuscator config.
I found that stringArrayEncoding would make the program crash.
splitStrings can be very slow if you have very huge strings.
Also, selfDefending may break your code (nothing happens when running) if you bundle/minify/reformat it (see selfDefending
⚠️ Don't change obfuscated code in any way after obfuscation with this option, because any change like uglifying of code can trigger self defending and code wont work anymore!
Here is what I came up with that works for me (heavy obfuscation, you may reduce it to optimize performance) https://github.com/rigwild/waifu-stealer/blob/f4dc7f054335833d2c67ce51c83867978c79223c/builder.js#L28-L55
github-actions[bot]
commented
1 year ago This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 5 days. To ignore this issue entirely you can add the no-stale label
github-actions[bot]
commented
1 year ago This issue is now closed due to inactivity, you can of course reopen or reference this issue if you see fit.
Baker68
commented
1 year ago here is a config that works for me (low obfuscation,high performance):
const obfuscatorConfig = {
compact: true,
controlFlowFlattening: false,
deadCodeInjection: false,
debugProtection: false,
debugProtectionInterval: 0,
disableConsoleOutput: false,
identifierNamesGenerator: "hexadecimal",
log: false,
numbersToExpressions: false,
renameGlobals: false,
selfDefending: true,
simplify: false,
splitStrings: false,
stringArray: true,
stringArrayCallsTransform: false,
stringArrayEncoding: [],
stringArrayIndexShift: true,
stringArrayRotate: true,
stringArrayShuffle: true,
stringArrayWrappersCount: 1,
stringArrayWrappersChainedCalls: true,
stringArrayWrappersParametersMaxCount: 2,
stringArrayWrappersType: "variable",
stringArrayThreshold: 0.75,
unicodeEscapeSequence: false
};
0xARROWK
commented
1 year ago Hello @Baker68 ! Is it possible to know which commands you used ?
What version of pkg are you using?
5.7.0
What version of Node.js are you using?
v16.15.1
What operating system are you using?
Macos Monterey version 12.2.1 (21D62)
What CPU architecture are you using?
Apple M1
What Node versions, OSs and CPU architectures are you building for?
default
Describe the Bug
Hello ,
I'm working on a node js project and to go to production I need to convert the code to executable but using a tool to obfuscate the real code
To do this I use the library : javascript-obfuscator
Then when I use pkg I have an error that says that :
Finally when I open the executable it doesn't work.
Expected Behavior
I would like the executable file to work without errors
To Reproduce