Source code encryption


#1

Hello Nativescript Team,

How do I secure my Nativescript source code which bundle by webpack plugin. I tried Jscrambler from last 15 days but they also dont know how secure Nativescript code


#2

Code encryption was on the roadmap as far back as 2.1 but it appears to have been abandoned since. @NathanaelA had his own plugin for sale but I’m not sure from his website if it’s still available. You can check here: http://fluentreports.com/blog/?p=159 or maybe he’ll chime in here in this thread.

Here is a link to the Progress/Telerik version that they were working on but it hasn’t had any changes in at least 6 months now. https://github.com/NativeScript/nativescript-app-encryption They’ve also quit mentioning it on the NS roadmap https://www.nativescript.org/roadmap.


#3

I’m the author of AppProtection site and developer of the technology, so I’m a bit biased. I spent a couple weeks looking at all the different encryption systems out there from Java, to Cordova, Titanium, etc. So please take these all with a grain of salt, I do have a built in bias. :wink:

Telerik encryption is unfortunately almost worthless. It will stop a very causal hacker; but any one who has any interest in getting your code can break it in a few minutes, if they have any understanding of how a NS app works. It doesn’t provide any real security; and I think after I did a private email to them about how many holes it had in it; I believe they have pretty much dropped it since it has such a poor foundation.

JSScrambler actually can be used, but you have to get several things working. It actually doesn’t do a bad job on things. It can be broken, but it takes a bit of work.

My own product; I haven’t really seen the demand to continue with it, so it has kinda just sat around doing nothing other than being used for some of my own products. :wink: My main business is contract work; so I can get pretty busy with contracts, and so some of the plans I’ve had for AppProtection.net have not been implemented yet…

I was partially on hold for some direction because of a different project; but the direction has become very clear today; and so I hope to have something available publically within the month. :smiley:

If you are interested in it; please send me an email.

Nathanael A.


#4

Have a look here> https://www.nativescript.org/blog/protecting-your-source-code-with-jscrambler


#5

You can also try and make it yourself. This is always good practice - even if you intend to use some other third party services at a later time.

First decide what the most vulnerable parts are and focus on them. For example if you want to secure reading a database, start by encrypting the data in the database file. Then your main concern is of course on the data decryption section in your app.

You need to obfuscate the encryption code (use some web tools, change functions and variable naming, insert dead code, mix the logic etc), but also split the code and logic into several different parts in your app. Don’t call these parts sequentially. Have one obfuscated part read the data, other several obfuscated parts which include the decryption logic etc.

There is no unhackable code but you can try to make it as complicated as you can.

Good luck!