Control flow flattening is a JavaScript code obfuscation technique whose purpose is to increase the complexity of the code to prevent malicious code analysis and decompilation.
This technique increases the complexity of the code by reorganizing the control flow statements in the code (such as if, for, while statements, etc.). Specifically, it breaks these statements into multiple small, nested statements, making the control flow paths in the code more complex and difficult to understand.
The following is a simple sample code for control flow flattening:
function foo(x, y) {
var a = x + y;
if (a > 10) {
while (a < 100) {
a += x;
if (a < 50) {
a -= y;
} else {
a += y;
}
}
} else {
for (var i = 0; i < a; i++) {
if (i % 2 == 0) {
a += x;
} else {
a -= y;
}
}
}
return a;
}
foo(3, 4);
After the control flow is flattened, the structure of the above code will become more complicated and difficult to understand, as follows:
function foo(x, y) {
var a = x + y;
if (a > 10) {
if (a < 100) {
while (true) {
if (a < 50) {
a -= y;
continue;
}
a += y;
continue;
}
} else {
while (true) {
if (a < 50) {
a -= y;
continue;
}
a += y;
continue;
}
}
} else {
for (var i = 0; i < a; i++) {
if (i % 2 == 0) {
a += x;
continue;
}
a -= y;
continue;
}
}
return a;
}
foo(3, 4);
Through the above processing, the control flow statements in the code are split into multiple small statement blocks, and some infinite loops and continue statements are used to increase the complexity of the code. The code processed in this way is more difficult to understand and analyze, thereby increasing the security of the code. In this example, the original if/else branch statement and while loop are replaced by a series of goto statements. This change makes the execution process of the code more complicated and difficult to understand, increases the degree of confusion of the code, and thus improves the security of the program.
It is worth noting that control flow flattening does not change the behavior of the program, it only changes the structure and execution flow of the program.
The above is a simple example. When the control flow flattening technology is actually used, more complex algorithms and transformation methods may be used to confuse the code.
jsjiami.com
If you have different views or questions about the content of the article, please leave a message in the comment area, or send me a private message.
You can also go to the website above, there is my contact information at the bottom to discuss in detail
If your own source code is encrypted and there is no backup, you can find us to solve the problem of recovering the source code, any encryption is fine.