/

Unicode Escape Sequence

Protection ID: unicodeEscapeSequence

Unicode Escape Sequence is an obfuscation technique that converts standard string characters into their Unicode escape sequence equivalents. This makes strings significantly harder to read and understand when viewing the source code.

This protection is available in all editions of ByteHide Shield.

How It Works

Unicode Escape Sequence works by replacing normal characters in strings with their Unicode escape sequence representations. For example, the letter 'a' would be transformed to '\u0061', 'b' to '\u0062', and so on.

This transformation makes it much more challenging for someone examining your code to quickly understand the string contents, as the human-readable text becomes a series of Unicode escape sequences.

Unlike other string protections that move strings to arrays or split them, this protection keeps strings in their original locations but makes them harder to interpret visually.

Parameters

  • Enabled boolean : Enables the Unicode Escape Sequence transformation. false by default

This option can significantly increase the size of your obfuscated code, as each character may be replaced with a longer Unicode escape sequence. Use with caution for large codebases.

Configuration Examples

Basic Configuration (shield.config.json)

{
  "unicodeEscapeSequence": true
}

Combined with String Array

{
  "unicodeEscapeSequence": true,
  "stringArray": true,
  "stringArrayThreshold": 0.75
}

Build Tool Integration (Webpack)

// webpack.config.js
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');

module.exports = {
  // ... other webpack config
  plugins: [
    new ByteHideShieldPlugin({
      projectToken: 'your-project-token',
      config: {
        unicodeEscapeSequence: true
      }
    })
  ]
}

Code Transformation Example

Original Code

function showMessage(userName) {
  const greeting = "Hello, " + userName + "!";
  const welcomeMessage = "Welcome to our application.";
  
  document.getElementById('greeting').textContent = greeting;
  document.getElementById('welcome-message').textContent = welcomeMessage;
  
  console.log("User greeted: " + userName);
}

Transformed Code (with Unicode Escape Sequence)

function showMessage(userName) {
  const greeting = "\u0048\u0065\u006c\u006c\u006f\u002c\u0020" + userName + "\u0021";
  const welcomeMessage = "\u0057\u0065\u006c\u0063\u006f\u006d\u0065\u0020\u0074\u006f\u0020\u006f\u0075\u0072\u0020\u0061\u0070\u0070\u006c\u0069\u0063\u0061\u0074\u0069\u006f\u006e\u002e";
  
  document.getElementById('\u0067\u0072\u0065\u0065\u0074\u0069\u006e\u0067').textContent = greeting;
  document.getElementById('\u0077\u0065\u006c\u0063\u006f\u006d\u0065\u002d\u006d\u0065\u0073\u0073\u0061\u0067\u0065').textContent = welcomeMessage;
  
  console.log("\u0055\u0073\u0065\u0072\u0020\u0067\u0072\u0065\u0065\u0074\u0065\u0064\u003a\u0020" + userName);
}

Transformed Code (with Unicode Escape Sequence and Other Protections)

function _0x48a2(_0x17b34f) {
  const _0x29b8d = "\u0048\u0065\u006c\u006c\u006f\u002c\u0020" + _0x17b34f + "\u0021";
  const _0x3a8c2 = "\u0057\u0065\u006c\u0063\u006f\u006d\u0065\u0020\u0074\u006f\u0020\u006f\u0075\u0072\u0020\u0061\u0070\u0070\u006c\u0069\u0063\u0061\u0074\u0069\u006f\u006e\u002e";
  
  document["\u0067\u0065\u0074\u0045\u006c\u0065\u006d\u0065\u006e\u0074\u0042\u0079\u0049\u0064"]('\u0067\u0072\u0065\u0065\u0074\u0069\u006e\u0067')["\u0074\u0065\u0078\u0074\u0043\u006f\u006e\u0074\u0065\u006e\u0074"] = _0x29b8d;
  document["\u0067\u0065\u0074\u0045\u006c\u0065\u006d\u0065\u006e\u0074\u0042\u0079\u0049\u0064"]('\u0077\u0065\u006c\u0063\u006f\u006d\u0065\u002d\u006d\u0065\u0073\u0073\u0061\u0067\u0065')["\u0074\u0065\u0078\u0074\u0043\u006f\u006e\u0074\u0065\u006e\u0074"] = _0x3a8c2;
  
  console["\u006c\u006f\u0067"]("\u0055\u0073\u0065\u0072\u0020\u0067\u0072\u0065\u0065\u0074\u0065\u0064\u003a\u0020" + _0x17b34f);
}

When to Use

Unicode Escape Sequence is particularly useful in these scenarios:

  • Sensitive string content: When you want to hide specific text content that might reveal functionality
  • User-facing messages: To obfuscate messages that might give clues about application logic
  • Internal identifiers: For strings that identify internal components or functionality
  • Simple protection needs: When you need a basic level of string obfuscation without complex transformations

For optimal results:

  1. Use selectively on smaller code bases or critical sections due to the size increase
  2. Consider combining with String Array protection for critical strings
  3. Be aware of the file size implications for web applications
  4. Avoid using in combination with RC4 String Array encoding on large files

Compatibility Notes

Unicode Escape Sequence has the following compatibility considerations:

  • Browser compatibility: Excellent compatibility with all modern browsers
  • Code size impact: Significant increase in code size (can be 2-4x larger for string-heavy code)
  • Runtime performance: Minimal impact on runtime performance
  • Debugging: Makes debugging more difficult as strings are harder to read in source code

The file size increase can be substantial for applications with many strings. Consider the impact on download times for web applications, especially on mobile networks.

For maximum security, combine Unicode Escape Sequence with:

Previous
Identifier Renaming
Next
Self Defending