Low-Hanging Fruit: Obfuscating non-critical values in JavaScript

Posted by Piskvor on Stack Overflow See other posts from Stack Overflow or by Piskvor
Published on 2011-02-10T15:18:01Z Indexed on 2011/02/10 15:25 UTC
Read the original article Hit count: 285

Filed under:
|

I'm making an in-browser game of the type "guess what place/monument/etc. is in this satellite/aerial view", using Google Maps JS API v3.

However, I need to protect against cheaters - you have to pass a google.maps.LatLng and a zoom level to the map constructor, which means a cheating user only needs to view source to get to this data. I am already unsetting every value I possibly can without breaking the map (such as center and the manipulation functions like setZoom()), and initializing the map in an anonymous function (so the object is not visible in global namespace).

Now, this is of course in-browser, client-side, untrusted JavaScript; I've read much of the tag and I'm not trying to make the script bullet-proof (it's just a game, after all). I only need to make the obfuscation reasonably hard against the 1337 Java5kryp7 haxz0rz - "kid sister encryption", as Bruce Schneier puts it. Anything harder than base64 encoding would deter most cheaters by eliminating the lowest-hanging fruit - if the cheater is smart and determined enough to use a JS debugger, he can bypass anything I can do (as I need to pass the value to Google Maps API in plaintext), but that's unlikely to happen on a mass scale (there will also be other, not-code-related ways to prevent cheating).

I've tried various minimizers and obfuscators, but those will mostly deal with code - the values are still shown verbatim.


TL;DR: I need to obfuscate three values in JavaScript. I'm not looking for bullet-proof armor, just a sneeze-guard. What should I use?

© Stack Overflow or respective owner

Related posts about JavaScript

Related posts about obfuscation