Rustfuscator is a command-line tool written in Rust that obfuscates JavaScript code to make it more difficult to read or reverse-engineer. The tool applies a combination of techniques, including variable renaming, string encoding, number obfuscation, dead code insertion, and function splitting to create a highly obfuscated output.
- Variable Obfuscation: Renames variables to random strings to make the code harder to understand.
- String Encoding: Encodes string literals in Base64 to hide their content.
- Number Obfuscation: Obfuscates numbers by turning them into complex arithmetic expressions.
- Dead Code Insertion: Inserts meaningless junk code into the function body to make reverse-engineering more difficult.
- Function Splitting: Splits function logic into smaller parts and inserts junk code in between.
- Whitespace and Comment Removal: Strips comments and unnecessary whitespace to reduce code readability.
- Ensure you have Rust installed. If not, follow this link to install it.
- Clone the repository:
git clone https://github.com/zokhcat/rustfuscator.git cd rustfuscator
- Build the project:
cargo build --release
Once you've built the project, you can use the tool to obfuscate your JavaScript files.
./rustfuscator --input <input_file.js> --output <output_file.obs.js>
- --input, -i: Path to the input JavaScript file that you want to obfuscate.
- --output, -o: Path where the obfuscated JavaScript file will be saved.
Example
./rustfuscator --input sample.js --output sample.obs.js
This will read the sample.js file, apply various obfuscation techniques, and save the result in sample.obs.js.
Future Todos:
- Variable Renaming
- String Encoding
- Control Flow Flattening
- Whitespace and Comment Removal
- Number Obfuscation
- Dead Code Insertion
- Function Expression Splitting
- Array/Object Flattening
- Encrypting JS code(Going to remove, don't see the point of encrypting)
Libraries that I am going to use: