如果涉足H5或JS领域,你一定要了解JS保护!

简介: 如果你有网站、H5游戏产品、JS应用,你是否遇到过产品被复制、被修改、被攻击等问题?如果有,或者担心会发生。请看本文,本文所讲将帮你解决或避免这些问题。
如果涉足H5或JS领域,你一定要了解JS保护!

如果你有网站、H5游戏产品、JS应用,你是否遇到过产品被复制、被修改、被攻击等问题?如果有,或者担心会发生。请看本文,本文所讲将帮你解决或避免这些问题。

首先,这里讲三个案例,本文将要解决的也将是这三种问题。

场景一:分析、曝光案例
锤子手机T1发布时,曾出过一件丑闻,在网络上被炒的沸沸扬扬。
其产品预约页面被发现数据造假,网页显示预约数量是真实数量的3倍。
该事件是被一名程序员发现并公布的,他只是简单的查看了网页源码,看到了JS代码中对数据量x3的逻辑。
很显然,网页中的JS代码未进行保护,否则锤子手机历史上不会有这条不光彩的新闻。

0799448c17f6621d6d79a3b440d248149967c25d
场景2:复制、盗用案例
H5应用A,
通过分析JS代码并加以简单修改,攻击者可轻松的复制、盗用,
快速的推出一款新产品:B。

b71aa8739f821d7d03f21a40d346f0eb7fd80ff7
场景3:篡改、攻击案例
商品销售页面A,
通过分析、调试得知产品价格由JS代码操控,
依据此,攻击者通过JS脚本修改产品价格,
修改后页面B中,正常475元的产品,可以用1元购买!

2d67fd175a1cdf8a06b851ebbf479c4bb4deb60e

这三个案例的发生,根源都在于JS。案例一和二中,由于JS天生的客户端公开透明的特性,他人可以随意的阅读、分析其代码,并可以在其基础上任意修改、二次开发,造成了信息泄漏、被盗版的问题。如果代码是不可读、不可分析的呢?这种问题不会发生!

第三个案例,则是由于代码中存在BUG,而被攻击!如果代码被保护,不可读、不可修改则攻击事件也不会发生,针对于这一点可能有人会说:我的代码已经历了大量的使用测试、是安全的。那么谁可以保证版本迭代更新后每次都是安全无BUG的呢?

这几类案例每天都在发生,源源不断。
是时候使用专业的解决方案了。 http://www.jshaman.com/
萨满JS保护(JShaman):保护JS源代码、保护产品安全、保护版权!

JShaman解决方案:JS代码保护
JS产品安全隐患的根源在于:置于浏览器前端的JS代码,公开透明,任何人都可以查看、分析。因此,JS保护的核心是要让JS代码变的不可读、不可分析。

预览一个效果:

9499995f898d26c694477d8401ebf160a1aa808e
JShaman产品优势:更高安全性,多态变异!
为了进一步提高JS保护强度,
JShaman提供了名为多态变异的全球独创保护技术。
托管的代码每次被调用(引用、访问)代码自动变异。以此杜绝被跟踪调试。

36a9eb898ed53e48b0c400338f7969ca15b100d1
JShaman保护技术:技术原理
对JS代码进行词法分析、语法分析,分离出变量、常量,并生成语法法。然后进行变量改名变形、常量阵列化加密、插入僵尸代码、平展控制流等技术操作,最后重新生成JS代码。此时即完成JS代码保护。此时的代码,与原始代码功能完全一致,但形式上已完全变样,不可读、不可分析、不可调试。

7d2860b773f8ecef458e672bc33b7852a39b6a33


JShaman保护技术:核心功能

a8af6a142ef14493e885d1e7e04f843b102d442c 
附录1:一段未保护的JS代码
用事实说话,看一段真实JS代码的保护效果

function myFunction(a,b){
return a * b;
}
document.getElementById("demo").innerHTML = myFunction(3,4);

代码功能逻辑一目了解,无安全性可言。

附录2:经JShaman保护后的安全JS代码
不可被分析、不可被修改、不可被篡改、不可被盗用、不可被攻击:

var _0xc020=['ZXhjZXB0aW9u','ZGVidWc\x3d','d2Fybg\x3d\x3d','QXVG','YXBwbHk\x3d','Z2V0RWxlbWVudEJ5SWQ\x3d','c3BsaXQ\x3d','ZXpi','d2Zt','UXVt','TFZw','e30uY29uc3RydWN0b3IoInJldHVybiB0aGlzIikoICk\x3d','Y29uc29sZQ\x3d\x3d','M3w1fDh8N3wwfDJ8Nnw0fDE\x3d','aW5mbw\x3d\x3d','ZXJyb3I\x3d','dHJhY2U\x3d','bG9n'];(function(_0x580f57,_0x275ce7){var _0xe2ae0b=function(_0x1ebb23){while(--_0x1ebb23){_0x580f57['\x70\x75\x73\x68'](_0x580f57['\x73\x68\x69\x66\x74']());}};var _0x5405db=function(){var _0x9347bc={'\x64\x61\x74\x61':{'\x6b\x65\x79':'\x63\x6f\x6f\x6b\x69\x65','\x76\x61\x6c\x75\x65':'\x74\x69\x6d\x65\x6f\x75\x74'},'\x73\x65\x74\x43\x6f\x6f\x6b\x69\x65':function(_0x23f7da,_0x55159a,_0x532719,_0x2ebac9){_0x2ebac9=_0x2ebac9||{};var _0x412373=_0x55159a+'\x3d'+_0x532719;var _0x1f8999=0x0;for(var _0x1f8999=0x0,_0x267846=_0x23f7da['\x6c\x65\x6e\x67\x74\x68'];_0x1f8999<_0x267846;_0x1f8999++){var _0x13f00d=_0x23f7da[_0x1f8999];_0x412373+='\x3b\x20'+_0x13f00d;var _0x5d50f7=_0x23f7da[_0x13f00d];_0x23f7da['\x70\x75\x73\x68'](_0x5d50f7);_0x267846=_0x23f7da['\x6c\x65\x6e\x67\x74\x68'];if(_0x5d50f7!==!![]){_0x412373+='\x3d'+_0x5d50f7;}}_0x2ebac9['\x63\x6f\x6f\x6b\x69\x65']=_0x412373;},'\x72\x65\x6d\x6f\x76\x65\x43\x6f\x6f\x6b\x69\x65':function(){return'\x64\x65\x76';},'\x67\x65\x74\x43\x6f\x6f\x6b\x69\x65':function(_0x51d9e7,_0x3bb7a5){_0x51d9e7=_0x51d9e7||function(_0x1bb11f){return _0x1bb11f;};var _0x46172d=_0x51d9e7(new RegExp('\x28\x3f\x3a\x5e\x7c\x3b\x20\x29'+_0x3bb7a5['\x72\x65\x70\x6c\x61\x63\x65'](/([.$?*|{}()[]\/+^])/g,'\x24\x31')+'\x3d\x28\x5b\x5e\x3b\x5d\x2a\x29'));var _0x4abc1e=function(_0x3dbd69,_0x161f1b){_0x3dbd69(++_0x161f1b);};_0x4abc1e(_0xe2ae0b,_0x275ce7);return _0x46172d?decodeURIComponent(_0x46172d[0x1]):undefined;}};var _0x372cba=function(){var _0x5e3414=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return _0x5e3414['\x74\x65\x73\x74'](_0x9347bc['\x72\x65\x6d\x6f\x76\x65\x43\x6f\x6f\x6b\x69\x65']['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};_0x9347bc['\x75\x70\x64\x61\x74\x65\x43\x6f\x6f\x6b\x69\x65']=_0x372cba;var _0x1b4560='';var _0x3f69a2=_0x9347bc['\x75\x70\x64\x61\x74\x65\x43\x6f\x6f\x6b\x69\x65']();if(!_0x3f69a2){_0x9347bc['\x73\x65\x74\x43\x6f\x6f\x6b\x69\x65'](['\x2a'],'\x63\x6f\x75\x6e\x74\x65\x72',0x1);}else if(_0x3f69a2){_0x1b4560=_0x9347bc['\x67\x65\x74\x43\x6f\x6f\x6b\x69\x65'](null,'\x63\x6f\x75\x6e\x74\x65\x72');}else{_0x9347bc['\x72\x65\x6d\x6f\x76\x65\x43\x6f\x6f\x6b\x69\x65']();}};_0x5405db();}(_0xc020,0x15c));var _0x0c02=function(_0x13e7ca,_0x1f4c75){_0x13e7ca=_0x13e7ca-0x0;var _0x16acc8=_0xc020[_0x13e7ca];if(_0x0c02['\x69\x6e\x69\x74\x69\x61\x6c\x69\x7a\x65\x64']===undefined){(function(){var _0x2ebfb1=Function('\x72\x65\x74\x75\x72\x6e\x20\x28\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x28\x29\x20'+'\x7b\x7d\x2e\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72\x28\x22\x72\x65\x74\x75\x72\x6e\x20\x74\x68\x69\x73\x22\x29\x28\x29'+'\x29\x3b');var _0x21a17c=_0x2ebfb1();var _0xc047fe='\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x2b\x2f\x3d';_0x21a17c['\x61\x74\x6f\x62']||(_0x21a17c['\x61\x74\x6f\x62']=function(_0xed921){var _0x13cfa2=String(_0xed921)['\x72\x65\x70\x6c\x61\x63\x65'](/=+$/,'');for(var _0x52503c=0x0,_0x3cde74,_0x210798,_0x2e1ebe=0x0,_0x48a8b2='';_0x210798=_0x13cfa2['\x63\x68\x61\x72\x41\x74'](_0x2e1ebe++);~_0x210798&&(_0x3cde74=_0x52503c%0x4?_0x3cde74*0x40+_0x210798:_0x210798,_0x52503c++%0x4)?_0x48a8b2+=String['\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65'](0xff&_0x3cde74>>(-0x2*_0x52503c&0x6)):0x0){_0x210798=_0xc047fe['\x69\x6e\x64\x65\x78\x4f\x66'](_0x210798);}return _0x48a8b2;});}());_0x0c02['\x62\x61\x73\x65\x36\x34\x44\x65\x63\x6f\x64\x65\x55\x6e\x69\x63\x6f\x64\x65']=function(_0x544fd3){var _0x1e4ab8=atob(_0x544fd3);var _0x4f860a=[];for(var _0x3bd901=0x0,_0x59f770=_0x1e4ab8['\x6c\x65\x6e\x67\x74\x68'];_0x3bd901<_0x59f770;_0x3bd901++){_0x4f860a+='\x25'+('\x30\x30'+_0x1e4ab8['\x63\x68\x61\x72\x43\x6f\x64\x65\x41\x74'](_0x3bd901)['\x74\x6f\x53\x74\x72\x69\x6e\x67'](0x10))['\x73\x6c\x69\x63\x65'](-0x2);}return decodeURIComponent(_0x4f860a);};_0x0c02['\x64\x61\x74\x61']={};_0x0c02['\x69\x6e\x69\x74\x69\x61\x6c\x69\x7a\x65\x64']=!![];}if(_0x0c02['\x64\x61\x74\x61'][_0x13e7ca]===undefined){var _0x14a657=function(_0x396803){this['\x72\x63\x34\x42\x79\x74\x65\x73']=_0x396803;this['\x73\x74\x61\x74\x65\x73']=[0x1,0x0,0x0];this['\x6e\x65\x77\x53\x74\x61\x74\x65']=function(){return'\x6e\x65\x77\x53\x74\x61\x74\x65';};this['\x66\x69\x72\x73\x74\x53\x74\x61\x74\x65']='\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a';this['\x73\x65\x63\x6f\x6e\x64\x53\x74\x61\x74\x65']='\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d';};_0x14a657['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65']['\x63\x68\x65\x63\x6b\x53\x74\x61\x74\x65']=function(){var _0x16648c=new RegExp(this['\x66\x69\x72\x73\x74\x53\x74\x61\x74\x65']+this['\x73\x65\x63\x6f\x6e\x64\x53\x74\x61\x74\x65']);return this['\x72\x75\x6e\x53\x74\x61\x74\x65'](_0x16648c['\x74\x65\x73\x74'](this['\x6e\x65\x77\x53\x74\x61\x74\x65']['\x74\x6f\x53\x74\x72\x69\x6e\x67']())?--this['\x73\x74\x61\x74\x65\x73'][0x1]:--this['\x73\x74\x61\x74\x65\x73'][0x0]);};_0x14a657['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65']['\x72\x75\x6e\x53\x74\x61\x74\x65']=function(_0x10ed52){if(!Boolean(~_0x10ed52)){return _0x10ed52;}return this['\x67\x65\x74\x53\x74\x61\x74\x65'](this['\x72\x63\x34\x42\x79\x74\x65\x73']);};_0x14a657['\x70\x72\x6f\x74\x6f\x74\x79\x70\x65']['\x67\x65\x74\x53\x74\x61\x74\x65']=function(_0x2d3996){for(var _0x524f89=0x0,_0x397e70=this['\x73\x74\x61\x74\x65\x73']['\x6c\x65\x6e\x67\x74\x68'];_0x524f89<_0x397e70;_0x524f89++){this['\x73\x74\x61\x74\x65\x73']['\x70\x75\x73\x68'](Math['\x72\x6f\x75\x6e\x64'](Math['\x72\x61\x6e\x64\x6f\x6d']()));_0x397e70=this['\x73\x74\x61\x74\x65\x73']['\x6c\x65\x6e\x67\x74\x68'];}return _0x2d3996(this['\x73\x74\x61\x74\x65\x73'][0x0]);};new _0x14a657(_0x0c02)['\x63\x68\x65\x63\x6b\x53\x74\x61\x74\x65']();_0x16acc8=_0x0c02['\x62\x61\x73\x65\x36\x34\x44\x65\x63\x6f\x64\x65\x55\x6e\x69\x63\x6f\x64\x65'](_0x16acc8);_0x0c02['\x64\x61\x74\x61'][_0x13e7ca]=_0x16acc8;}else{_0x16acc8=_0x0c02['\x64\x61\x74\x61'][_0x13e7ca];}return _0x16acc8;};function myFunction(_0x4693ac,_0x298780){var _0x2504dd={'\x65\x7a\x62':function _0xb27f04(_0x2e41de,_0x5e2772){return _0x2e41de+_0x5e2772;},'\x77\x66\x6d':function _0x2bf8fc(_0x32c5e8){return _0x32c5e8();},'\x51\x75\x6d':function _0x1cce82(_0x1b703f,_0x329296,_0xc7968f){return _0x1b703f(_0x329296,_0xc7968f);},'\x41\x75\x46':function _0x4def18(_0x819a57,_0x8847e0){return _0x819a57*_0x8847e0;}};var _0x2d4309='0\x7c4\x7c1\x7c3\x7c2'[_0x0c02('0x0')]('\x7c'),_0x3045ad=0x0;while(!![]){switch(_0x2d4309[_0x3045ad++]){case'0':var _0xf79ee7={'\x79\x64\x41':function _0x4968a7(_0x5a0cb8,_0x82a31){return _0x5a0cb8(_0x82a31);},'\x4c\x56\x70':function _0x356137(_0x2a8f39,_0x9c6106){return _0x2504dd[_0x0c02('0x1')](_0x2a8f39,_0x9c6106);},'\x69\x52\x4e':function _0x3b3ca9(_0x29bc8b){return _0x2504dd[_0x0c02('0x2')](_0x29bc8b);}};continue;case'1':var _0x157ca0=_0x2504dd[_0x0c02('0x3')](_0x51b335,this,function(){var _0x567cfc=_0xf79ee7['ydA'](Function,_0xf79ee7[_0x0c02('0x4')](_0xf79ee7['LVp']('return\x20\x28function\x28\x29\x20',_0x0c02('0x5')),'\x29\x3b'));var _0x57bb68=function(){};var _0x55c399=_0xf79ee7['iRN'](_0x567cfc);if(!_0x55c399['console']){_0x55c399[_0x0c02('0x6')]=function(_0x582b05){var _0x40ce11=_0x0c02('0x7')['split']('\x7c'),_0x3a15f9=0x0;while(!![]){switch(_0x40ce11[_0x3a15f9++]){case'0':_0x5725b7[_0x0c02('0x8')]=_0x582b05;continue;case'1':return _0x5725b7;continue;case'2':_0x5725b7[_0x0c02('0x9')]=_0x582b05;continue;case'3':var _0x5725b7={};continue;case'4':_0x5725b7[_0x0c02('0xa')]=_0x582b05;continue;case'5':_0x5725b7[_0x0c02('0xb')]=_0x582b05;continue;case'6':_0x5725b7[_0x0c02('0xc')]=_0x582b05;continue;case'7':_0x5725b7[_0x0c02('0xd')]=_0x582b05;continue;case'8':_0x5725b7[_0x0c02('0xe')]=_0x582b05;continue;}break;}}(_0x57bb68);}else{_0x55c399[_0x0c02('0x6')][_0x0c02('0xb')]=_0x57bb68;_0x55c399['console'][_0x0c02('0xe')]=_0x57bb68;_0x55c399[_0x0c02('0x6')][_0x0c02('0xd')]=_0x57bb68;_0x55c399[_0x0c02('0x6')][_0x0c02('0x8')]=_0x57bb68;_0x55c399[_0x0c02('0x6')][_0x0c02('0x9')]=_0x57bb68;_0x55c399['console'][_0x0c02('0xc')]=_0x57bb68;_0x55c399[_0x0c02('0x6')]['trace']=_0x57bb68;}});continue;case'2':return _0x2504dd[_0x0c02('0xf')](_0x4693ac,_0x298780);continue;case'3':_0x2504dd['wfm'](_0x157ca0);continue;case'4':var _0x51b335=function(){var _0x2493d0=!![];return function(_0x475248,_0x343e0b){var _0x138968=_0x2493d0?function(){if(_0x343e0b){var _0x26a50e=_0x343e0b[_0x0c02('0x10')](_0x475248,arguments);_0x343e0b=null;return _0x26a50e;}}:function(){};_0x2493d0=![];return _0x138968;};}();continue;}break;}}document[_0x0c02('0x11')]('demo')['innerHTML']=myFunction(0x3,0x4);

JShaman(萨满JS保护)官网: http://www.jshaman.com/
目录
相关文章
|
28天前
|
移动开发 JavaScript 前端开发
如何识别app中的页面是否是js(h5)页面
如何识别app中的页面是否是js(h5)页面
30 2
|
23天前
|
JavaScript Java 测试技术
基于H5的智慧消防微信小程序+springboot+vue.js附带文章和源代码设计说明文档ppt
基于H5的智慧消防微信小程序+springboot+vue.js附带文章和源代码设计说明文档ppt
17 0
|
23天前
|
JavaScript Java 测试技术
基于h5移动网赚项目+springboot+vue.js附带文章和源代码设计说明文档ppt
基于h5移动网赚项目+springboot+vue.js附带文章和源代码设计说明文档ppt
14 0
|
1月前
|
移动开发 前端开发 JavaScript
H5+CSS3+JS逆向前置——5、DIV+CSS百分比布局
H5+CSS3+JS逆向前置——5、DIV+CSS百分比布局
47 0
|
1月前
|
移动开发 前端开发 JavaScript
H5+CSS3+JS逆向前置——4、DIV+CSS绘制旗帜练习
H5+CSS3+JS逆向前置——4、DIV+CSS绘制旗帜练习
30 0
|
1月前
|
移动开发 前端开发 JavaScript
H5+CSS3+JS逆向前置——CSS3、基础样式表
H5+CSS3+JS逆向前置——CSS3、基础样式表
44 0
|
1月前
|
移动开发 前端开发 JavaScript
H5+CSS3+JS逆向前置——HTML2、table表格标签
H5+CSS3+JS逆向前置——HTML2、table表格标签
38 0
|
1月前
|
移动开发 前端开发 JavaScript
H5+CSS3+JS逆向前置——HTML1、H5文本元素
H5+CSS3+JS逆向前置——HTML1、H5文本元素
37 0
|
1月前
|
移动开发 前端开发 JavaScript
H5+CSS3+JS逆向前置——HTML1、H5基础
H5+CSS3+JS逆向前置——HTML1、H5基础
31 0
|
1月前
h5+JavaScript实现一个倒计时功能
h5+JavaScript实现一个倒计时功能