Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Allow source code to run, but not show it
#1
Lightbulb 
https://qb64phoenix.com/forum/showthread.php?tid=1462

This thread has me asking entirely out of ignorance: is there a way in "BAM" or "QBJS" to provide source code and run it, without allowing a different user to see the source code, or allowing that user to see a small portion of it?
Reply
#2
That's a great question.

BASIC Anywhere Machine is just one HTML file.

It is a client-side application meant to work offline, requiring no server.

As far as I know, there is no way to hide the content of a client-side HTML file.

The usual approach is by somewhat obfuscating the code with a "minifier" tool that makes the code really hard to read.

Related reading: https://www.freecodecamp.org/news/javasc...%20results.
Reply
#3
(02-11-2023, 11:57 PM)CharlieJV Wrote: That's a great question.

BASIC Anywhere Machine is just one HTML file.

It is a client-side application meant to work offline, requiring no server.

As far as I know, there is no way to hide the content of a client-side HTML file.

The usual approach is by somewhat obfuscating the code with a "minifier" tool that makes the code really hard to read.

Related reading: https://www.freecodecamp.org/news/javasc...%20results.

Something I haven't looked at much for lack of interest:  WASM.  That could be an option for creating web applications that do not reveal the source code.

EDIT:

Actually, BASIC Anywhere Machine is the result of me looking at WASM and thinking "yuck."  When I first got interested in QB64, my instant thought: "hey, it transpiles to C++ code before becoming an executable.  What if I grabbed that C++, fed that to emscripten, and created WASM?  I could have QB64 programs running on the web !

Then I realized that emscripten involved way too much of a learning curve for the amount of benefit.  So I did a hard exit stage left and went the TiddlyWiki + wwwBASIC way.
Reply
#4
(02-11-2023, 11:43 PM)mnrvovrfc Wrote: https://qb64phoenix.com/forum/showthread.php?tid=1462

This thread has me asking entirely out of ignorance: is there a way in "BAM" or "QBJS" to provide source code and run it, without allowing a different user to see the source code, or allowing that user to see a small portion of it?

For QBJS there are a few ways to do this.  You can use the Share feature to create a link to your program.  The Auto or Play option will not show the source code.

Either of these options will also enable an export feature, which will allow you to download a “compiled” version of your program, which you can share on your website or upload to a sharing site like itch.io.
Reply
#5
(02-12-2023, 03:37 PM)dbox Wrote:
(02-11-2023, 11:43 PM)mnrvovrfc Wrote: https://qb64phoenix.com/forum/showthread.php?tid=1462

This thread has me asking entirely out of ignorance: is there a way in "BAM" or "QBJS" to provide source code and run it, without allowing a different user to see the source code, or allowing that user to see a small portion of it?

For QBJS there are a few ways to do this.  You can use the Share feature to create a link to your program.  The Auto or Play option will not show the source code.

Either of these options will also enable an export feature, which will allow you to download a “compiled” version of your program, which you can share on your website or upload to a sharing site like itch.io.

If I've got it right, please correct me if I misunderstood:

With QBJS, the result is the BASIC code transpiled to javascript.

The BASIC code, which would be really easy to read, no longer exists.  What we have is javascript that is minimised. (Well, not really minimised, but still fairly cryptic.)

Hard as heck to read, but if you know how to read javascript, css, and html, then you can see exactly what the program is doing, even reverse engineer the BASIC program.  That would be a huge pain in the caboose, but it is just to point out what I think is accurate (based on my understanding): there is no hiding the original code for a client-side web application.  It can only be obfuscated.

But as far as obfuscating the original BASIC code goes, QBJS converting it to javascript and minimising that javascript is really good standard web obfuscation.  BASIC Anywhere Machine  makes no attempt at all to obfuscate anything.

Here's a QBJS "Hello World" program (the BASIC source below that).  Not much fun to read, so nicely obfuscated:

Code: (Select All)
async function __qbjs_run() {
QB.start(); QB.setTypeMap({ GXPOSITION:[{ name: 'x', type: 'LONG' }, { name: 'y', type: 'LONG' }], GXDEVICEINPUT:[{ name: 'deviceId', type: 'INTEGER' }, { name: 'deviceType', type: 'INTEGER' }, { name: 'inputType', type: 'INTEGER' }, { name: 'inputId', type: 'INTEGER' }, { name: 'inputValue', type: 'INTEGER' }], FETCHRESPONSE:[{ name: 'ok', type: 'INTEGER' }, { name: 'status', type: 'INTEGER' }, { name: 'statusText', type: 'STRING' }, { name: 'text', type: 'STRING' }]});
    await GX.registerGameEvents(function(e){});
    QB.sub_Screen(0);

  var ___v5795186 = 0; for ( i =  1 ;  i  <=  10;  i = i  + 1) { if (QB.halted()) { return; } ___v5795186++;  if (___v5795186 % 100 == 0) { await QB.autoLimit(); }
      await QB.sub_Print(["hello world"]);
  }
QB.end();


}

The QBJS BASIC code that generated the javascript above:

Code: (Select All)
for i = 1 to 10
print "hello world"
next i
Reply
#6
So, it is correct that QBJS compiles the BASIC code to Javascript.  I haven’t really made any effort at this point to obfuscate or minimize the generated JS.  (I was actually trying to make it fairly readable for easier troubleshooting, ha!). However, there are many very good libraries for Javascript obfuscation.  I could certainly incorporate that into the Export functionality if there was enough interest.
Reply
#7
(02-12-2023, 04:42 PM)dbox Wrote: So, it is correct that QBJS compiles the BASIC code to Javascript.  I haven’t really made any effort at this point to obfuscate or minimize the generated JS.  (I was actually trying to make it fairly readable for easier troubleshooting, ha!). However, there are many very good libraries for Javascript obfuscation.  I could certainly incorporate that into the Export functionality if there was enough interest.

I think that would be an awesome (super-convenient) option.

I can imagine scenarios in which we want the javascript easy to read, and scenarios in which we want to minimise the code (for compacting big programs or for obfuscating, or for both goals.)
Reply




Users browsing this thread: 1 Guest(s)