ARTICLE AD BOX
const fs = require("fs");
const path = require("path");
const JavaScriptObfuscator = require("javascript-obfuscator");
fs.readdirSync(inputDir).forEach((file) => {
const filePath = path.join(inputDir, file);
if (file.endsWith(".js.map")) {
fs.unlinkSync(filePath);
console.log(`🗑️: ${file}`);
return;
}
if (file.endsWith(".js")) {
const code = fs.readFileSync(filePath, "utf8");
const obfuscated = JavaScriptObfuscator.obfuscate(code, {
compact: true,
// TESTED
// confirmed to cause issues for iPhone, at least
// untested for Android
// controlFlowFlattening: true,
// controlFlowFlatteningThreshold: 0.75,
// ----------------------------------------------------------END
deadCodeInjection: true,
deadCodeInjectionThreshold: 0.4,
stringArray: true,
stringArrayEncoding: ["base64"],
stringArrayThreshold: 0.75,
renameGlobals: false,
sourceMap: false,
});
fs.writeFileSync(filePath, obfuscated.getObfuscatedCode());
console.log(`Obfuscated: ${file}`);
}
});
The above is my script to obfuscate my React+Capacitor app that will be run on iOS and Android.
After testing, the controlFlowFlattening settings cause immediate UI issues, i.e. bugs, and the app behaviors differently.
If I leave the control flow flattening out, and have just the above settings, are bugs still possible? I.e., is it still possible for my app to behave differently than without obfuscations, i.e. the intended behavior, when using just the above settings?
