Anyway to encrypt a Chrome-extension from not exposing the source code?
Asked
Active
Viewed 6,279 times
8
-
1Confused for a while, till I saw from the tags that you mean Chrome extension :) - you should edit your question. – David Tang Dec 13 '10 at 05:54
4 Answers
9
you can hide your code using obfuscator. there are lots of available in market.
there are few tools like Google Closure compiler, and lots of online javascript ofuscators are available in market. you can use any. but it doesn't guarantee the confidentialness of the code. anyone expert with javascript can de-obfuscate that code.
Here are two methods: 1. make your functionality available via web services. so important code reside on server and extension will communicate with the server and will process the output from server. 2. use NPAPI but its not a good method.
As per me a good strategy is to try to give a good extensions to user. if there is already something awesome in market no body will try to copy your addon. try to be ahead of your competitors.
EDIT: NPAPI is deprecated.
Hrishikesh Kale
- 136
- 1
- 7
-
Since Chome updated all their security in manifest v2 the `eval` function can no longer be used. I think because of the way that obfuscators work they all need eval so you can no longer protect code using this method. – Jon Doe Apr 16 '15 at 02:58
-
@ChristianJuth Obfuscators aren't always using `eval`, and even with v2 it's possible to enable `unsafe-eval` if needed. – Xan Apr 16 '15 at 07:04
-
@Xan My bad. I changed the wording of my answer a little. Just out of curiosity can you post a link to obfuscator that doesn't use eval. I am curious how they work. – Jon Doe Apr 16 '15 at 12:47
-
@ChristianJuth I think the problem is terminology. A minifier, for instance, is an obfuscator. There are plenty of techniques to make code unreadable as a preprocessing step (like the mentioned Closure compiler) other than the one you describe in your answer. – Xan Apr 16 '15 at 14:48
-
@Xan I would be careful comparing a minifier and an obfuscator because they are different. Even though they both make your code unreadable minifiers are optimized for speed while obfuscators aim to protect your code. Minified code can very easily be reformatted. It does take some work to reverse engineer the code (mainly because of all the variable names), but it is not as hard as decrypting obfuscated code. – Jon Doe Apr 16 '15 at 15:21
4
as you can read here you can't. you can make your code hard to read and understand, but thats all.
(that other question is about hiding the javascript-code in an html-page, but thats mostly the same (as far as i know, chrome-extension are just written in js/css/html, please correct me if i'm wrong))
1
With manifest v2 obfuscators are harder to used because eval is considered unsafe security reasons.
Perhaps one of the biggest changes in the new manifest v2 scheme is that extensions can no longer use dynamic script evaluation techniques like eval() or new Function(), or pass strings of JS code to functions that will cause an eval() to be used, like setTimeout(). In addition, certain commonly used JavaScript libraries, such as Google Maps and certain templating libraries, are known to use some of these techniques.
Source https://developer.chrome.com/extensions/tut_migration_to_manifest_v2#using
I recommend just minifying the code. The way minifiers work (given they do not all work completely the same) is they remove every space a change your variable names to single letters to reduce characters. This removes a lot of the meaning from your code and makes ut very hard to read. It is not full proof, but it will at add an extra very tedious step to read your code. On top of that minifiers were designed for compression and to make your code run faster. My favorite minifier is UglifyJS.
Jon Doe
- 2,172
- 1
- 18
- 35
0
- leave important code logic on your server (webservices help)
- inject sensitive html and js into iframes(the creation of this html can be done dynamically)
But I guess it all boils down to the architecture of your code
pkanane
- 2,545
- 2
- 18
- 17