How to perform obfuscation of source code and protect source in electron js

javascript security electron obfuscation code-security
Kiran Maniya picture Kiran Maniya · Sep 25, 2019 · Viewed 15.3k times · Source

I recently developed an app with electron framework and am now worried about source code protection after reading security concerns related to electron javascript code.

I mean reverse engineering of the code is possible even if the app is built for production. My application contains many critical information like GitHub Private Token for AutoUpdate and much more.

I just have gone through many SO post but didn't find the perfect answer so resolve the problem. Obfuscation of javascript code or source code protection is not possible with electron? However, Obfuscation doesn't protect the code completely but it can make reverse engineering complex. if there is a workaround for doing so, let me know. I didn't find more than tl;dr in the security-related post of the electron.

I found an obfuscation method by obfuscator but seems it's gonna need manual obfuscation and nothing much about the source code protection like in NW.js Is there any better way to achieve it?

I found something helpful for obfuscation on Medium post. but didn't find anything about source protection.

Answer

Nicolas Guérinet picture Nicolas Guérinet · Dec 11, 2019

There is a library called bytenode which allows you to convert your Javascript files into binary files so that noone can read it.

https://www.npmjs.com/package/bytenode

First install bytenode on your server and in your folder:

>npm i -g bytenode
>npm i bytenode

Create a normal nodeJS file with the following code in it. Let's imagine we name the following code: ok.js

console.log('bytenode works');

Then, compile your javascript code. The command will create a .JSC file with the same name than your file.

user@machine:~$ bytenode -c ok.js

Then, in a main JS file, you will call your binary, let's call it test.js:

const bytenode = require('bytenode'); 
const myFile=require('./ok.jsc'); 
myFile;

Save it.

Then, you will call test.js: node test.js to test it. Do a "cat ok.jsc" to see that it is really a binary and that nobody can't see your code. You can move your original plain test js file to another location.

Related questions

SecurityError: Blocked a frame with origin from accessing a cross-origin frame

I am loading an <iframe> in my HTML page and trying to access the elements within it using Javascript, but when I try to execute my code, I get the following error: SecurityError: Blocked a frame with origin "…

Read More
Why does Google prepend while(1); to their JSON responses?

Why does Google prepend while(1); to their (private) JSON responses? For example, here's a response while turning a calendar on and off in Google Calendar: while (1); [ ['u', [ ['smsSentFlag', 'false'], ['hideInvitations', 'false'], ['remindOnRespondedEventsOnly', 'true'], ['hideInvitations_remindOnRespondedEventsOnly', 'false_true'], ['Calendar ID stripped …

Read More
Why is using the JavaScript eval function a bad idea?

The eval function is a powerful and easy way to dynamically generate code, so what are the caveats?

Read More