1. Introduction
Electron is a framework for creating desktop applications using a front-end technology stack. It is a Node.js application, and the development application has two parts: the main script (main process) and the H5 front end (renderer process). The main process is developed using Node.js, which is packaged by the tool (electron Builder for this article) and compressed into an ASAR file. This ASAR is like a compressed folder, which can be decompressed by the tool ASAR. After decompression, you can see the original source code, but the code is the source code without any processing. This article addresses the problem of how to obfuscate and encrypt the source code of the main process. The solution is to use Webpack to obfuscate the source code and bytenode to encrypt the obfuscated code.
2. The source code
The directory structure of the code is as follows:
- The Build directory contains the WebPack build scripts
- Dist is the output directory that electron- Builder packages
- Obf is an encrypted script
- Dist -obf is the final obfuscated and encrypted output directory for the main process
- HTMLS is the front-end H5 project code
3. The confusion
Obfuscation is done via Webpack, and here is the basic build script:
'use strict'
const path = require('path')
const { CleanWebpackPlugin } = require('clean-webpack-plugin')
module.exports = {
mode: 'production'.context: path.resolve(__dirname, '.. '),
entry: {
main: './src/main.js'
},
output: {
filename: '[name].js'.path: path.resolve(__dirname, '.. /dist-obf'),},plugins: [
new CleanWebpackPlugin()
],
target: "electron-main"
}
Copy the code
The processed source code is compressed and obfuscated, as shown below.
4. The encryption
After obfuscation, the code is basically unreadable, but it is still clear text. You can see that the Chinese and English constants inside are recognizable. Therefore, through the process of encryption, the output of the confused JS file is a file in the form of bytes, whose content is hexadecimal and unreadable.
The encryption tool Bytenode is used, and the entry of the encryption script is the main.js file confused in Step 2. Therefore, only one file is required, and the code is as follows:
require('bytenode').compileFile({
filename: './dist-obf/main.js'.output: './dist-obf/main.jsc'
});
process.exit(0)
Copy the code
The contents of the encrypted file are unreadable as follows:
5. Package validation
The package is carried out using electron Builder, and the output after the package (MAC is used in this article) is in dist/ MAC /demo1.app. Right not. The app shows package content, can be in the following path not. The app/Contents/Resources/app. Asar find the main process of package. Asar: asar extract app.asar./ As you can see, what you package in is obfuscated and encrypted code, which accomplishes the goal of this article. Example: