Stunnix JavaScript Obfuscator and Encoder 4.4

Stunnix JavaScript Obfuscator and Encoder 4.4  is a unique solution for this piracy and misuse problem for code written in ECMAScript or JavaScript programming languages. It's both an obfuscation and encoding tool for JavaScript source code in .js files and in HTML, PHP, ASP and JSP pages, with advanced support for adding difficult to remove automatic licensing checks.

JavaScript Obfuscator converts scripts from input files into a highly mangled and obfuscated form. This makes them extermely difficult to study, analyse, reuse and re-work for competitors or customers, while fully retaining the functionality of the original code. By default that highly mangled and obfuscated code is encoded afterwards to hide the structure (control flow, division into subroutines and classes) of the script completely.

JavaScript Obfuscator is not a compiler to machine or pseudo code - the protected form will still be the usual script, thus it will work on all platforms the original code worked on. State of the art support for ensuring license conditions (expiration, several types of hostname checks, user-defined checks) is also available.

It is very advanced cross-platform (Windows, MacOS X and any Unix are supported!) professional obfuscator (encoder, scrambler) for obfuscation of client-side and server-side JavaScript in .js, .html, .asp, .php, .wsc and .wsh files, with support for encoding and for ensuring licensing condititions (like script expiration or binding script to the set of domains), with advanced GUI - Project Manager supporting projects with files spanning several directories (with ActiveX symbols extraction tool included) and very flexible and powerful commandline interface present.

It includes state-of-the-art support for ASP/PHP/SSI fragments embedded inside html code and in any place inside of JavaScript code and support for JavaScript in all html event handlers like onsubmit and for javascript code in "href=javascript:some_code()".

Includes unique utilities to gather project-specific exceptions:
utility to gather html form fields names and IDs of html elements, and utility to extract all symbols from ActiveX or OLE components;

Full support for products consisting of several JavaScript files and use of eval.

Full support for keeping library files scripts use in non-obfuscated (original) form.

Includes means to make analysis of changes between different releases of the obfuscated product more difficult.

Includes unique support for very easy preparation of code for obfuscation.

Source compression mode is also supported.

Comes with exception tables for Javascript core functions, W3C html model, non-standard Mozilla and MSIE html models, DOM, DOM Events, CSS model, SVG, XPATH and even XUL; also exceptions for ASP/ ADO/ WSH/ WSC frameworks are included.

Includes several configurable obfuscation engines for symbol names, strings and integers.

Supports multiple case-sensitive and case-insensitive exception tables, user-specified symbol mapping.

Included GUI has well-known IDE and "projects" concept.

Major Features:

1. JavaScript Obfuscator also can protect html, php, .asp and .jsp and other files that don't contain any scripts at all!
show details

• JavaScript Obfuscator is also an html obfuscator. It can remove html comments and redundant white space between html tags. Just assign a proper mode to the files that you wish to mangle. Html files with server-side markup (like .jsp, .asp, .php, .cfm) can also be mangled - html markup will be scrambled in them without touching server-side markup.

  2. JavaScript Obfuscator has support for obfuscating dynamic JavaScript code inside string arguments of "print()" calls and the like
show details

• JavaScript Obfuscator supports obfuscation and encoding of dynamic JavaScript - e.g. if pieces of JavaScript code computed from various variables are output to the client using document.write() by the client-side JavaScript code, the content of these pieces (e.g. names of variables in them) can be obfuscated.

• Also if client-side JavaScript code is output by any server-side language (e.g. ASP, ASP.NET, JSP, PHP, C/C++ or Perl), then the pieces of JavaScript code can be obfuscated inside the strings that are arguments of the desired method calls of the server-side language (i.e. JavaScript Obfuscator can modify any server-side language too!).

• The arguments of those methods can include expressions that compute pieces of JavaScript code using any operators and calls of other functions and methods; but only strings will be treated as JavaScript code and their content will be obfuscated.
  

3. Full support for projects consisting of several JavaScript files and use of eval
show details

• JavaScript Obfuscator, unlike other JavaScript obfuscators or encoders, was designed with multi-file complex projects in mind. This means that with the same set of obfuscation parameters given to a JavaScript symbol name will be obfuscated to the same name independant of its position and file location.

• In case some of the input files are changed, users can reprotect and redeploy only that file, without the need to reprotect entire JavaScript project.

• JavaScript Obfuscator also has support for code that uses eval() or any other statement that uses string containing names of variables or methods. Once properly marked up (by splitting the string into an expression that joins parts of the string and turning parts that contain only the name of variables or methods into calls of a special function), names of variables and functions in the string will be obfuscated properly. This allows the obfuscated JavaScript code to work as the original. This functionality was first introduced in JavaScript Obfuscator among all obfuscators for JavaScript. This manual "markup" gives 100% stability accross project rebuilds and is much more useful than automatic guesswork performed by other obfuscators for JavaScript.

• If JavaScript code contained in a string is too complex to split into parts by a programmer, users can use the unique feature of JavaScript Obfuscator - the ability to obfuscate dynamic JavaScript code. More information and samples on obfuscation of dynamic JavaScript code are available in the manual.

4. Many options to tightly control the obfuscation and encoding of JavaScript Obfuscator
show details

• As with all Stunnix products, JavaScript Obfuscator suite has many options to tightly control each aspect of operation. GUI (Obfuscation Project Manager) and commandline interfaces are equally capable.

• All names and semantics of commandline options are convenient and intuitive and follow GNU recommendations, forms in GUI are also easy to use and understand.

• To get an idea of how many options are available, please view the online demo .

5.  Ability to watermark JavaScript and to make the study of changes between versions of the same file more difficult

• Among the variety of options that control each aspect of JavaScript obfuscation and encoding, are ones that make obfuscated non-encoded versions of the same JavaScript source code different from each other. This makes analysis of changes between different versions of the software much more difficult. Another use is distributing unique versions of the obfuscated JavaScript code to each customer - this way developer can track which customer violated license conditions that resulted in distribution of the product on the internet.

• Key internal parameters of JavaScript encoding already depend on random values so the encoded version of the same file will be different on each run. Developers just have to run JavaScript Obfuscator to produce file specific to each customer.

6. JavaScript Obfuscator allows creation of lists of symbols that shouldn't be modified; Many exception tables for standard interfaces are included
show details

• A very rich set of exception tables is included with JavaScript Obfuscator for JavaScript core functions, ECMAScript core functions, W3C html model, non-standard Mozilla and MSIE html models, DOM, DOM Events, CSS model, SVG, XPATH and even XUL. Also exceptions for ASP, ADO, WSH and WSC frameworks are included. Each table is stored in a separate file whic makes it easy to select which sets of tables to use.

• Users have an option to list symbols that shouldn't be renamed (such list can be attached to each file individually). Strictly speaking, there are 2 types of lists, ones in which symbols are checked case-sensitive, and others in which symbols are checked case-insensitive. Users can also define lists of suffixes that should be kept in symbols as-is (so everything before the suffix is mangled, while keeping suffix the same) — that is if _onClick is in the list of such suffixes to keep and md5 symbolname mangler is active, then openBtn_onClick it will be replaced with something like zd8ac37d6e_onClick, User can easliy disable some of the exceptions in these shipped lists by designating some symbols as "antiexceptions" (these also can also be specified for each JavaScript file in the project).

• Due to the unique ability to extract symbols from html files (that allows the extaction of the ids of html elements and names of form fields) and the unique ability to extract all symbols expored by a given ActiveX or OCX control — not available with any other products — the generation of custom lists of exceptions is easy, fast and almost fully automated.

• Obfuscated and/or encoded code runs on any JavaScript interpreter

• Unlike output of some JavaScript Obfuscator encoders, the JavaScript code obfuscated and/or encoded by JavaScript Obfuscator runs on any fully-compliant JavaScript interpreter, including ones that are included with most popular browsers.

7. Full support for JavaScript.NET and ECMAScript

WareSeeker Editor