Avatar of steva
steva
 asked on

Any way for Javascript to sense that it's been deminified?

Is there any way to sense that your code is running deminified, because some has turned on  something like the JS Deminifier extension in Firefox?  You might then abort to try to keep people from trying to reverse engineer your product.  I'm thinking maybe there's some action you can take that behaves differently in minified and demilnified code.  One thing that will be different is the timing. If the browser has to stop and deminify something before continuing you could possibly force a script to fail because some script it needs  hasn't loaded yet.  Just wondering if anyone has thought this through as a possible way to protect their code.

Thanks
JavaScript

Avatar of undefined
Last Comment
steva

8/22/2022 - Mon
leakim971

so the hacker just need to locate your code checking the timing and remove it ?
;-)
ASKER CERTIFIED SOLUTION
Dave Baldwin

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
leakim971

Are you aware you can run javascript on server side?
http://www.youtube.com/watch?v=bzCnUXEvF84

the only place where your code << can't >> be stolen..
steva

ASKER
Leakim,
so the hacker just need to locate your code checking the timing and remove it ?
Well, there wouldn't actually be code that checked the timing. You might write something that needed jQuery, for example,  but because of the time to deminify something first, the jQuery hasn't loaded by the time it's needed so the code that expects it hits an undefined error. There's no clue that you did something to cause that error or what to change in 10,000 lines of JavaScript to fix it, assuming you have something that will let you modify loaded JavaScript. (Is there such a thing?)

Dave,
There are many resources that can take your code and 'de-minify' it when it is not running.

Yes, but the real progress in reverse engineering comes when you can run deminified code, stepping through the code and watching how the variables change.  I'd like to prevent that.

I know 100% protection is not possible.  I'd just like to make it 10X harder than if I do nothing.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
steva

ASKER
Leakim,
I didn't see your second post when I posted the above. It may be possible to run JavaScript on the server, but if the JavaScript's main job is to manipulate the client's screen through the DOM, it seems that that code has to be in the client.
Dave Baldwin

You can't prevent people from decoding and running your code.  It's just a matter of time and resources.  You can protect it from the people like me who are too lazy to decode it but more serious coders and hackers probably won't have any trouble figuring it out.

Besides, what makes it worth stealing?  Generally, you'd be better off spending your time making things that earn money.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
steva

ASKER
Ok, let's close this out.  I just thought I'd throw out the idea and see what came back.

Thanks.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.