DEV Community

WangLiwen
WangLiwen

Posted on

JavaScript regular expression encryption

Can regular expressions be encrypted?

Yes, you can. At least it can be confirmed that it is possible in JavaScript programming.

What is the use of regular expression encryption?

You can hide some important and private string contents, making the logic and secrets of the code less vulnerable to prying eyes.

Regular expression encryption example

Example

var reg = new RegExp("hello","g");

After being encrypted by JShaman JavaScript Obfuscator, this line of JS code can become the following form.

var reg=new RegExp("\u0068\u0065\u006c\u006c\u006f","\u0067");

Or

var _0x73d8bg=["hello","g"];var reg=new RegExp(_0x73d8bg[0],_0x73d8bg[1]);

Or

var _0xf=["97.108.101.101.102.","110."];function _0x3c(str,dy_key){dy_key=9;var i,k,str2="";k=str.split(".");for(i=0;i<k.length-1;i++){str2+=String.fromCharCode(k[i]^dy_key);}return str2;}var reg=new RegExp(_0x3c(_0xf[0]),_0x3c(_0xf[1]));

"Literal" form regular expressions cannot be directly encrypted However, there are two ways to write regular expressions. The one above demonstrates the "constructor" method, and there is also a "literal" method. For example: var reg = /hello/g; Regular expressions defined in "literal" form cannot be directly encrypted.

In practical programming, it is inevitable to use regular expressions in "literal" form. How to achieve unified encryption of regular expressions that can handle both "constructor" and "literal" methods? There is indeed a way, which is to convert the "literal" form into "constructor" form.

convert the "word-count" regular expression to a "constructor function"
Of course, it's not manual modification, which is too inconvenient. Below is an example code that converts a literal regular expression to a constructor function in Node.js.

const parser = require('@babel/parser')
const traverse = require('@babel/traverse').default
const generator = require('@babel/generator').default
var types = require('@babel/types'); 

var js_code = `
function a(){
    var reg1 = /hello/g;
    var reg2 = new RegExp("hello","g");
}
`

var ast = parser.parse(js_code) 

traverse(ast, {
    RegExpLiteral(path){
        //console.log(path.node.pattern, path.node.flags);
        console.log(generator(path.node).code);

        var pattern = path.node.pattern;
        var flags = path.node.flags;
        var new_expression = types.newExpression(
            types.identifier("RegExp"),
            [types.stringLiteral(pattern),types.stringLiteral(flags)]
        )
        path.replaceWith(new_expression);
    }
})

console.log(generator(ast).code);

Enter fullscreen mode Exit fullscreen mode

Technical principle

Convert JS code into an AST (Abstract Syntax Tree), detect regular expressions in literal form from the AST, convert them into constructor form, and finally convert the AST back into JS code.

In this way, the transformed Cada format can be uniformly obfuscated and encrypted.

Top comments (0)