Skip to main content
M.Hasanin
M.Hasanin
Inspiring
November 26, 2017
Question

javascript obfuscator

  • November 26, 2017
  • 5 replies
  • 3560 views

Hi,

I was wondering about protecting my JavaScript Code inside pdf- should i copy every code to obfuscator Software or i can do it one time? any suggestion to powerful protection of my pdf or my code ? thanks in advance

This topic has been closed for replies.

5 replies

T
Test Screen Name
Legend
November 27, 2017

Of course if it were in the ISO standard the details would have to be completely public, so it would immediately cease to have any protection element...

D
Dave Merchant
Legend
November 27, 2017

Not necessarily; SWF content is permitted by Adobe's extension clauses, and the Flash Player source code isn't published. It is theoretically possible to include a definition that permits JSXBIN but only defines the concept of requiring 'a compatible interpreter' to run it. Not going to happen of course, Adobe has stopped tweaking the standards and a document that needs a proprietary handler will break the (now dominant) third party PDF engines in Web browsers etc.

If a PDF file's scripting is so valuable that you cannot possibly allow anyone to inspect the source code, then the only option is DRM (using Adobe's LiveCycle suite). Massively expensive to deploy, but as yet unbroken. Gov/Mil customers trust it.

JR Boulay
Community Expert
JR BoulayCommunity Expert
Community Expert
November 27, 2017

There is no 100% protection.

The goal is to make it long and laborious to recover the existing code and thus faster to create a new code from scratch.

One can also create false functions, tortuous functions or unnecessarily complicated ones. Do not forget to delete the comments and to minify the script.

Acrobate du PDF, InDesigner et Photoshopographe
JR Boulay
Community Expert
JR BoulayCommunity Expert
Community Expert
November 27, 2017

Hi.

This one works fine with Acrobat* 9 to DC: http://www.javascriptobfuscator.com/Javascript-Obfuscator.aspx

This one works with Acrobat* XI and DC: https://javascript-obfuscator.org/#intro-sub-2

Beware that some corporate networks routinely reject obfuscated PDF documents, and beware that an antivirus detects obfuscated PDF documents as "false positives". I had some issues with Avast…

* Reader, Pro and Standard

Acrobate du PDF, InDesigner et Photoshopographe
D
Dave Merchant
Legend
November 27, 2017

Obfuscation was used for years by Adobe themselves, back when they sold Acrobat 3D - the injected code to manipulate and animate the 3D scene was obfuscated by a routine that Right Hemisphere supplied.

However, it's important to remember that JavaScript is an interpreted language; most obfuscators work by creating a wrapper function which reads a section of encrypted text, converts it back into 'real' code, then executes it with the eval() function. That is why antivirus software hates it, but it's relatively simple to copy the script and run it in an external compiler to capture the de-obfuscated version. You won't get all your variable names and line breaks back, but it'll be understandable to a JS programmer. It also doesn't necessarily need to be decrypted; if someone simply wants to take your script and use it in another document as-is, they can copy the obfuscated version. Everything in the structure of a PDF file is accessible to the recipients of a document unless you use rights management protection. Most third-party PDF software ignores the password/certificate 'restrictions' applied in Acrobat, which is why you get the big warning message the first time you try to apply it.

Other Adobe products support 'Binary JavaScript' (JSXBIN) which is a lot harder to turn back into human-readable text, however the PDF ISO standard does not allow that type of code.

    Thom Parker
    Community Expert
    Thom ParkerCommunity Expert
    Community Expert
    November 26, 2017

    An obsfucator can be helpful to hide code, but it doesn't provide any real protection.

    Many obsfucators are designed to be used with HTML JavaScript, and so will not work Acrobat JavaScript, be careful which one you use.

    You'll need to obsfucate each script separately. The "Edit all scripts" options in Acrobat displays all event scripts mixed with XML markers for putting all the script back where they belong. So this code listing cannot be obsfucated without destroying the XML structure.

    Thom Parker - Software Developer at PDFScriptingUse the Acrobat JavaScript Reference early and often
      M.Hasanin
      M.HasaninAuthor
      Inspiring
      November 26, 2017

      what about this website ? does it compatible with acrobat ?

      http://www.javascriptobfuscator.com/?jsov=2.34

      Mohammad Hasanin
      Karl Heinz Kremer
      Community Expert
      Karl Heinz KremerCommunity Expert
      Community Expert
      November 26, 2017

      This is something you have to figure out. As you've probably figured, none of us experts are using these tools, which means that we don't know if this particular tool will produce code that works within Acrobat.

      T
      Test Screen Name
      Legend
      November 26, 2017

      Give up Is my advice. It’s inherently unprotectable.

      M.Hasanin
      M.HasaninAuthor
      Inspiring
      November 27, 2017

      i tried something by accident and that was for distribution that add kind of heavy protection without password, even i test the protection that prevent me to change my document or even access my code and i failed also i tried to crack the password that is not even exist and the document property tells me its not allowed to change the document or Document assemble, in first time in using acrobat i feel it really secured.

      Mohammad Hasanin
      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices