cool hit counter Talking about source code protection writings_Intefrankly

Talking about source code protection writings


Recently, I started to focus on source code protection, specifically because the source code of the product was stolen. The current way of this theft, by rough estimation, is that the source code on the web side is downloaded.

It must first be stated here that the web-side source code stealing is currently app-neutral. This is thankfully where the project is stored in two places and where 80% of the code implementation is not the same. So getting the web source code has no effect on the app. A word about the protection of writings is in order here.

As far as the law is concerned, the first thing a company should do is to apply for a copyright - a soft copy. This is the final option that can be implemented. The reason it's not the very beginning, considering everyone has a lot going on and no time for the petty theft. At a certain point of this petty bickering, I think it would be excellent if a lawsuit could be taken and legal protection requested.

Why do people love googlepay or appstore more. The most important reason is the large platform that allows you to publish your personal products and achieve a profitable personal income. But these advantages alone are not enough. Then the other advantage is that both platforms can give protection mechanisms to individuals or companies implementing their products. Ability to protect the source code of the product from being stolen. Of course the theft here is worthy of the average person, not the very person:google pay or appstore. The first two can naturally steal our installer since they have access to it. So what other companies have this capability? Various third-party platforms for downloading/providing browsing. These refer to the app of course no web is involved.

What are the ways we can implement protection for web platform products?

As we all know, isn't it easier to protect the code if it's written into the Js rather than the html layer whenever possible. This is only slightly more convenient to protect than the previous html, but by no means can it be completely controlled from being copied. I will illustrate three ways here, but not the widely used, this unknown. I've seen a lot of front-end projects that could be copied straight down, and that's unacceptable.

Option I:

Implement code encryption. The mechanism of code encryption is a lot of forums or blogs with a high number of write-ups. Turning the readable into the unreadable, turning the understandable into the unintelligible, e.g. encryption, base64 processing, etc. It does seem that the way is OK, but the hack is equally simple. However, we can control the flow of the implementation of the encryption of the key multivariate, the load of a different Key for decryption, and the final load. The way is more difficult than the previous one-time encryption and decryption, but it is possible to crack it with more time.

Option II:

Code obfuscation. Project source code obfuscation is an effective mechanism. However, the consequences of this approach are also clearly visible, and maintainability becomes more difficult. It even ends up being extremely easy to pick pits. The pit picker could be yourself, or more likely, someone else. There are many ways to confuse. As a simple example, a variable in one place is gradually dispersed to be assigned by other variables, while the variable name is similar.

Also the key functions used will be similarly operated, with multiple implementations of different names for the functions. Finally make a call to your own defined function at catch:e.g. call to your own official website. It is also not enough if it is only this way, it is still easy to be detected directly. There is nowhere to shield once you search for Location. So this time, just encrypt or base64 or otherwise process your own key processing code and then eval when you call it. As you can see, this obfuscation is implemented with a lot of attention to detail. Otherwise when you run it yourself, it will also point to itself in one place, if the product has two url's pointing to it. In addition, the project to carry out this operation, to use more random methods, the benefit of this is to steal the object in the process of use, will not regularly and irregularly appear bugs, but once the stealer used and recommended refactoring of the product, then his product instability, will inevitably bring his own results: reputation decline.

Programme III:

This option is the least recommended, yet the most effective. It is still presented here. The ws approach is used, with the frame in two layers. The base layer, simply being sent down or requesting the source code, the source code up to here is also in NetWor unrecognizable binary streams. The strings are displayed in memory, and the strings of the source file contents are loaded. Note that here it is loaded wherever it is used, and what is not used does not need to be loaded. To briefly explain, the content of each file is sent down in the form of an array, and the array includes key,content, not using different keys for content. And implement a calibration mechanism. Checksum key,key value is variable. The key value is generated from the timestamp. So what is sent down per user request varies because of the timestamp, thus enabling dynamic changes. Much more difficult for the cracked ones. So what feats are needed to crack this:Grab the network packet and take the packet data and crack it in a certain way. Some way here is also encrypted in layers, and the encryption must contain a parameter timestamp. Layer 2: In-memory fetching of content for loading. This achieves source code protection. Browsing this web hardly sees any js code, everything is done in memory. The best way to do it though is for the major browsers to support it, I guess. Directness to protect the web source code and maybe there wouldn't be so many theft projects in existence.

Also theft of product ideas, talk about that next time.


Recommended>>
1、The first application of blockchain to hit the ground is actually it
2、php coding specification
3、CICOM October Artificial Intelligence Month Jointly with Zhongguancun Double Creation Week Innovation Works Sogou and IBM to Spark AI Frenzy
4、Apple bans mining with iPhones but more devices are turning into miners
5、IEEEIEL Database Taking you to the academic ocean

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送

    已发送

    朋友将在看一看看到

    确定
    分享你的想法...
    取消

    分享想法到看一看

    确定
    最多200字,当前共

    发送中

    网络异常,请稍后重试

    微信扫一扫
    关注该公众号