1. Introduction

Electron is a framework for creating desktop applications using a front-end technology stack. It is a Node.js application, and the development application has two parts: the main script (main process) and the H5 front end (renderer process). The main process is developed using Node.js, which is packaged by the tool (electron Builder for this article) and compressed into an ASAR file. This ASAR is like a compressed folder, which can be decompressed by the tool ASAR. After decompression, you can see the original source code, but the code is the source code without any processing. This article addresses the problem of how to obfuscate and encrypt the source code of the main process. The solution is to use Webpack to obfuscate the source code and bytenode to encrypt the obfuscated code.

2. The source code

The directory structure of the code is as follows:

The Build directory contains the WebPack build scripts
Dist is the output directory that electron- Builder packages
Obf is an encrypted script
Dist -obf is the final obfuscated and encrypted output directory for the main process
HTMLS is the front-end H5 project code

3. The confusion

Obfuscation is done via Webpack, and here is the basic build script:

'use strict'

const path = require('path')
const { CleanWebpackPlugin } = require('clean-webpack-plugin')

module.exports = { 
  mode: 'production'.context: path.resolve(__dirname, '.. '),
  entry: {
    main: './src/main.js'
  },
  output: {
    filename: '[name].js'.path: path.resolve(__dirname, '.. /dist-obf'),},plugins: [
    new CleanWebpackPlugin()
  ],
  target: "electron-main"
}
Copy the code

The processed source code is compressed and obfuscated, as shown below.

4. The encryption

After obfuscation, the code is basically unreadable, but it is still clear text. You can see that the Chinese and English constants inside are recognizable. Therefore, through the process of encryption, the output of the confused JS file is a file in the form of bytes, whose content is hexadecimal and unreadable.

The encryption tool Bytenode is used, and the entry of the encryption script is the main.js file confused in Step 2. Therefore, only one file is required, and the code is as follows:

require('bytenode').compileFile({
  filename: './dist-obf/main.js'.output: './dist-obf/main.jsc'
}); 
process.exit(0)
Copy the code

The contents of the encrypted file are unreadable as follows:

5. Package validation

The package is carried out using electron Builder, and the output after the package (MAC is used in this article) is in dist/ MAC /demo1.app. Right not. The app shows package content, can be in the following path not. The app/Contents/Resources/app. Asar find the main process of package. Asar: asar extract app.asar./ As you can see, what you package in is obfuscated and encrypted code, which accomplishes the goal of this article. Example:

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Electron: Confuses and encrypts the main process code

1. Introduction

2. The source code

3. The confusion

4. The encryption

5. Package validation

Electron: Confuses and encrypts the main process code

1. Introduction

2. The source code

3. The confusion

4. The encryption

5. Package validation

Related Posts

Webpack Basics (3) – Multi-page packaging

What you need to know about JS arrays

Simple React code for neatness