Is it possible to hide a javascript function code?

Question

Let's say I have a normal function:

function coolsecretalgo() {
    return 42;
}

I tought of hiding it's code by using this function:

function hide(fname) {
    var fn=self[fname]
    Object.defineProperty(fn,"toString",{"value": ()=>fname+"() { [native code] }"})
    Object.defineProperty(fn.toString,"toString",{"value": ()=>"toString() { [native code] }"})
    Object.defineProperty(fn.toString.toString,"toString",{"value": fn.toString.toString})
}

Is there any way to unhide such hidden function?

hide("coolsecretalgo")
undefined
coolsecretalgo
ƒ coolsecretalgo() { [native code] }
coolsecretalgo.toString
ƒ toString() { [native code] }
coolsecretalgo.toString.toString
ƒ toString() { [native code] }
coolsecretalgo.toString.toString.toString
ƒ toString() { [native code] }

Are there better ways to do it?

I mean: is it possible to write a function like:

function unhide(funcname) {
...some code..
}

and then

unhide("coolsecretalgo")

and get back the original code?

The code is sent to the browser as code. You cannot prevent its examination. — Pointy, Feb 28 '20 at 17:22
In addition to what @pointy said: look into minifying JavaScript. It still sends the code as it does normally, but it’ll obscure the code and make it difficult to read. https://javascript-minifier.com/ — Dortimer, Feb 28 '20 at 17:24
can "unhide" it by looking at the actual script received from the server. Nothing you can do about that. — , Feb 28 '20 at 17:24
You can encrypt it and require the client-side user present a passcode to decrypt. This will make it very difficult (if done right) by reviewing the source code of the webpage itself. Otherwise you're simply obscuring it, which will not prevent someone who is determined to get the code. — Jared Farrish, Feb 28 '20 at 17:27
In Pointy and the other's defense, you have to define qualitatively what "hiding" it means to you. — Jared Farrish, Feb 28 '20 at 17:28
[This answer](https://stackoverflow.com/a/237189/9119186) might help — Vencovsky, Feb 28 '20 at 17:28
I agree with the others, obfuscation is the best you can hope for, but even that can be reverse engineered. If you really need to hide the code, like for security, then it needs to run on the backend and push the results to the the JS frontend. — Michael Babcock, Feb 28 '20 at 17:28
It doesn't matter if such a technique works, because anybody who wants to see the source code can just look in the browser "Network" developer tool and see exactly what the HTTP response contained. — Pointy, Feb 28 '20 at 17:29
@JaredFarrish just what I said: can a function code be hidden by code and not unhidden? I am not talking about anything different. Not obfuscation, not security. Just hiding a function code as I did in the example. — Zibri, Feb 28 '20 at 17:29
@amy I just did! follow the example. Once "hidden" it can't be unhidden (as far as I know) that is my question. — Zibri, Feb 28 '20 at 17:30
If you hide a value (that represents a function), you've hashed it. Doing that one-way, e.g., without a (known) unhiding mechanism, is one-way hashing and akin to checksumming. So you can hash it with SHA256 or MD5, if all you want is to generate/acquire it locally for comparison. Otherwise, that's an encryption procedure with all that requires to undo the hashing without additional knowledge (like a passphrase). — Jared Farrish, Feb 28 '20 at 17:33
ok, @Pointy good answer. So is there a better way to hide through code? — Zibri, Feb 28 '20 at 17:37
@pointy this answer the question on how to unhide it (which I knew). The question is: is there a way to hide it using code? — Zibri, Feb 28 '20 at 17:39
What you are describing here is called code obfuscation. With interpreted languages such as JavaScript, the code needs to be there at runtime, one way or another. What obfuscation does it makes it much harder to be human readable, that's about it. This is also sometimes called minification. Although the main intent of minification is to compress the code, but as a side effect it also gets obfuscated. Once you obfuscate it, you can not un-obfuscate to the original code. Sometimes when code is minified, map files are kept for debugging purposes. — Ralph, Feb 28 '20 at 17:41
The original question was: "is there a way to unhide this". He shows you. You're moving the goal post now and asking for a better way to hide it. That wasn't the original question. — , Feb 28 '20 at 17:41
@amy and pointy you should have just answered: "coolsecretalgo code can be easily retrieved using... but if you do it in this way....it can't be retrieved anymore" that's what I am searching. For research purposes. — Zibri, Feb 28 '20 at 17:42
@amy no: the original question is in the title: is it possible to hide a function code BY USING javascript code? Not debating if it's useful or not. — Zibri, Feb 28 '20 at 17:43
@Zibri I'm not debating its usefulness either. Work on that reading comprehension. — , Feb 28 '20 at 17:46
@amy ok then if you have a better way to expose my question you're welcome to suggest an edit. — Zibri, Feb 28 '20 at 17:48
and here is a partial solution: **Object.defineProperty(Function.prototype, 'toString', {value: function () {return this.name+"() { [native code] }"}})** — Zibri, Feb 29 '20 at 00:11

score 0 · Answer 1 · answered Feb 28 '20 at 17:28

0

If you can concatenate the string and run it through eval() could do the trick. It's not the safes option though and I wouldn't recommend it.

answered Feb 28 '20 at 17:28

Akin Aguda

413
1
4
12

hmm.. no.. the point is is it possible to write a function "unhide ("coolsecretalgo")" ? – Zibri Feb 28 '20 at 17:31

Is it possible to hide a javascript function code?

1 Answers1