Safely host bot server in Javascript

[anjolo96]

Hello!

I have no experience in Encryptation or any methods to hide own code.

I am developing a bot for browser game, running in JavaScript.

Using Tampermonkey obviously :P,

I already managed to make bot later comunicates with a server a made in NodeJS.

The code can be stolen and played offline with almost no work,
What would be the best way to protect the code and make a bot service?

- Any way to encrypt javascript and keep it safe from leak?
- Or should go SERVER-SIDE code? Will require servers...

[Vox]

First of all, you can minify your Javascript. This is simply a way of reducing your code down as much as possible, while still keeping the same functionality. This does not protect your code, but it does make it easier to manage the reduced size of your code while copy/pasting/etc. your code.

Second, you can obfuscate it. Here are some of the known Javascript obfuscation techniques out there:

• _Number
• JSFuck
• JJencode
• AAencode
• URLencode
• Packer
• JS Obfuscator
• My Obfuscate

Here is the first obfuscator I found when looking through google.
Just a heads up, it is against the rules to release obfuscated code on MPGH as malicious code can hide within, and usually does. Minified JS is not obfuscated JS.


Another tip is to not use plain text wherever possible. Anything that is human-readable gives people trying to reverse your code some hints on what it is doing. After finishing your script, you can rename your functions to single letters or obscure combinations of letters.

Like you mentioned, any code that you hand to someone, they have. All client-sided code they put into tampermonkey is code they own. There is no real surefire way to protect client-side code. What you can do, however, is create a server that works in tandem with the client in such a way that without the code on the server (that is hidden from the users) computing for the client, the client would be basically useless.