Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Did you have a legitimate reason to make things harder for reverse engineers?


Why are you reverse engineering my code in the first place?


Because you gave it to me to run it. I want to know what is it exactly that I'm running.

Also, why do you mind me doing that?


No, I didn't give it to you to run. It's explained below if you read the whole thread.


Because it's broken for my usecase, and I need to do something slightly different on the webpage


You shouldn't have access to it -- it's on my private servers doing stuff for me. How did you get it?

I think the problem with this thread is people think I am writing browser code, or code that is going to be shared on GitHub.

I am not.

Also I'm only half joking as I've indicated with the "/s" below.


> You shouldn't have access to it -- it's on my private servers doing stuff for me. How did you get it?

Seems like the logical solution would be to restrict access to it then, rather than obfuscate it making it harder for yourself to maintain. But hey, you do you.


At the bottom of the thread I explain the intention is to protect against unauthorized access.

I also wouldn't obviously edit the obfuscated production code, so it wouldn't really be a problem.


> You shouldn't have access to it -- it's on my private servers doing stuff for me. How did you get it?

Well thanks for chiming in about a completely unrelated topic from website javascript. My comment wasn't getting downvoted until your slapfight with oauea blew up.


Specifically from the web page:

"It does not depend on a browser, so you can even run it on Node.js."


That wasn't a top level question though, it was a question to a commenter saying "We wanted to obfuscate this bit of code, to make life just a little bit harder for reverse engineers." That you obfuscate code nobody other than you can even access is completely irrelevant as a reply to that question.


So then you should ignore the entire thread and move on. Why are you wasting time on this?


To figure out what it's doing, obviously.


Please STOP that.


I'll make you a promise: if your code never ends up on my machine, I will never try to reverse it.

Otherwise, all bets are off.


Don't request it then :p


If it's not part of any service that's marketed to me, I won't. However, if some vendor wants to run code on my machine, I _will_ be inspecting it.


Why would I put it on YOUR machine? It's my code. Don't hack my servers, or all bets are off. /s


JS is often (but not always) transmitted from the server to execute on the client machine


You've never heard of NodeJS?


(but not always) <~ this includes nodejs


Friend, I'd love to come to an agreement that your code won't end up on my machine. I'm buying beers when we get together.


No thanks. Anything you submit to run on my machine is fair play :-)


This code should never run on your machine. :P


Then why are you obfuscating it or even worried about people deobfuscating it? This thread is about Javascript.


Dude, I write financial applications in Node. Node IS javascript.

These applications run on the back end. Some of the API facing VMs have been attacked and so to be honest I've configured them so that if someone did get access to them, they wouldn't find much. Maybe just some API keys I can invalidate. Although I probably won't do it -- an obfuscator like this could be very handy here.


Did you give a try of Deno. This is a JavaScript runtime but it produce a single binary. This would make sense in your case because it can be harder to inspect it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: