AntonAleksandrov 270005D80F Comment (1) Visits (11777)
What is obfuscation?
Wikipedia defines code obfuscation in a following way
In software development, obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic, in order to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code. Programs known as obfuscators transform readable code into obfuscated code using various techniques.
Two important things to be noted from the above definition are
So basically obfuscating your code means converting it to a format that is difficult for humans to read. Not impossible. Just difficult.
So, what do we have in the above code? A single global function with multiple comments, myArray and maxValue variables declaration, invocation of getMaxValue() function and printing the result to console. Total of 747 bytes.
Now lets see how this code looks after a basic obfuscation
Even though you can still see the getMaxValue() function name it is much more difficult to read its code now. Using more advanced obfuscation mechamisms can hide variable and function names as well (will be discussed later). In addition - all comments are gone. White spaces are gone. All in all obfuscated code size is 203 bytes. 27% of the original. Neat, isn't it? Though not very useful during development and QA stages, obfuscating your code can greatly reduce your production application size.
Introduction to Google Closure Compiler application
In this blog we'll focus on the Google Closure Compiler engine.
Note that Java 1.7 is required for Closure Compiler to run.
Though Closure Compiler is available both as UI and API service we'll examine the third option - a stand alone application that can easily be integrated with any build process. You can download the latest version of Closure Compiler from http
From a command line run the following
java -jar compiler.jar --js script.js --js_output_file script.min.js
java is java binary
-jar compiler.jar tells java to run compiler.jar
--js script.js tells Closure Compiler to take script.js file as an input
Examine newly created script.min.js file. Easy as that!
Additional options for Closure Compiler
Closure Compiler application supports various additional options, you can read about all of them by invoking java -jar compiler.jar --help. Lets examine couple of them.
Using Closure Compiler during build process
Let's see how to add closure compiler to Ant build script. Fortunatelly compiler.jar file we're downloaded previously comes bundled with a ready-to-use ant task. Below is a sample build.xml script that obfuscates a single script.js file we've created previously.
Note the same properties we've seen previously - compilationLevel, output. However when it comes to source files it is much more interesting. Basically you can define multiple files from different directories to be obfuscated. In addition to being obfuscated they will also be concatenated to a single file thus reducing the number of required requests to get them. A bit more complex build script might looks similar to the one below.
Finally - the last question is
How to integrate all of above with Worklight application build process.
It is important to say that minification and concatenation feature is available out-of-the-box for mobile web and desktop web environments in Worklight Studio. You can read about enabling it here -
First of all, take compiler.jar file and put it under the directory of your choice. I will create a buildtools\ folder in the root of my project and keep it there.
Eventually the build script might look similar to the one on an image below.
And the result is
Now you can either integrate created target in a larger build script or just use build file as is and call it usin
The last important thing to note here would be the fact that this blog explains how to obfuscate web resources residing inside of initial application bundle (APK/IPA) and not actual source files. This means that direct update bundle still contains original files which will be delivered to your device overwriting the obfuscated ones.