JSProtect: A Scalable Obfuscation Framework for Mini-Games in WeChat

• URL: http://arxiv.org/abs/2509.24498v1
• Date: Mon, 29 Sep 2025 09:13:18 GMT
• Title: JSProtect: A Scalable Obfuscation Framework for Mini-Games in WeChat
• Authors: Zhihao Li, Chaozheng Wang, Zongjie Li, Xinyong Peng, Zelin Su, Qun Xia, Haochuan Lu, Ting Xiong, Man Ho Lam, Shuzheng Gao, Yuchong Xie, Cuiyun Gao, Shuai Wang, Yuetang Deng, Huafeng Ma,
• Abstract summary: Existing JavaScript obfuscation tools are ill-equipped for large-scale applications, suffering from prohibitive processing times, severe runtime performance degradation, and unsustainable code size inflation.<n>This paper introduces JSProtect, a high- throughput parallelized obfuscation framework designed to overcome these fundamental limitations.
• Score: 19.16643135585517
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The WeChat mini-game ecosystem faces rampant intellectual property theft to other platforms via secondary development, yet existing JavaScript obfuscation tools are ill-equipped for large-scale applications, suffering from prohibitive processing times, severe runtime performance degradation, and unsustainable code size inflation. This paper introduces JSProtect, a high-throughput parallelized obfuscation framework designed to overcome these fundamental limitations. At the core of our framework is the Parallel-Aware Scope Analysis (PASA) algorithm, which enables two key optimizations: independent code partitioning for multi-core processing and independent namespace management that aggressively reuses short identifiers to combat code bloat. Our evaluation demonstrates that JSProtectprocesses 20MB codebases in minutes, maintaining 100\% semantic equivalence while controlling code size inflation to as low as 20\% compared to over 1,000\% with baseline tools. Furthermore, it preserves near-native runtime performance and provides superior security effectiveness against both static analysis tools and large language models. This work presents a new paradigm for industrial-scale JavaScript protection that effectively balances robust security with high performance and scalability.

Related papers

• Secure Code Generation via Online Reinforcement Learning with Vulnerability Reward Model [60.60587869092729]
  Large language models (LLMs) are increasingly used in software development, yet their tendency to generate insecure code remains a major barrier to real-world deployment.<n>We propose SecCoderX, an online reinforcement learning framework for functionality-preserving secure code generation.
  arXiv  Detail & Related papers  (2026-02-07T07:42:07Z)
• RealSec-bench: A Benchmark for Evaluating Secure Code Generation in Real-World Repositories [58.32028251925354]
  Large Language Models (LLMs) have demonstrated remarkable capabilities in code generation, but their proficiency in producing secure code remains a critical, under-explored area.<n>We introduce RealSec-bench, a new benchmark for secure code generation meticulously constructed from real-world, high-risk Java repositories.
  arXiv  Detail & Related papers  (2026-01-30T08:29:01Z)
• From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis [6.038443052154118]
  JSIMPLIFIER is a comprehensive deobfuscation tool using a multi-stage pipeline with preprocessing.<n>We construct and release the largest real-world obfuscated JavaScript dataset with 44,421 samples.<n>Our results advance benchmarks for JavaScript deobfuscation research and practical security applications.
  arXiv  Detail & Related papers  (2025-12-16T04:13:09Z)
• JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation [34.88009582470047]
  Large Language Models (LLMs) have recently shown promise in automating the deobfuscation process.<n>We present JsDeObsBench, a benchmark designed to rigorously evaluate the effectiveness of LLMs in the context of JS deobfuscation.
  arXiv  Detail & Related papers  (2025-06-25T06:50:13Z)
• vApps: Verifiable Applications at Internet Scale [2.931173822616461]
  Verifiable Applications (vApps) is a novel development framework designed to streamline the creation and deployment of verifiable computing applications.<n>vApps offer a unified Rust-based Domain-Specific Language ( DSL) within a comprehensive SDK.<n>This eases the developer's burden in securing diverse software components, allowing them to focus on application logic.
  arXiv  Detail & Related papers  (2025-04-21T02:19:06Z)
• ELBA-Bench: An Efficient Learning Backdoor Attacks Benchmark for Large Language Models [55.93380086403591]
  Generative large language models are vulnerable to backdoor attacks.<n>$textitELBA-Bench$ allows attackers to inject backdoor through parameter efficient fine-tuning.<n>$textitELBA-Bench$ provides over 1300 experiments.
  arXiv  Detail & Related papers  (2025-02-22T12:55:28Z)
• Shaping the Safety Boundaries: Understanding and Defending Against Jailbreaks in Large Language Models [55.253208152184065]
  Jailbreaking in Large Language Models (LLMs) is a major security concern as it can deceive LLMs to generate harmful text.<n>We conduct a detailed analysis of seven different jailbreak methods and find that disagreements stem from insufficient observation samples.<n>We propose a novel defense called textbfActivation Boundary Defense (ABD), which adaptively constrains the activations within the safety boundary.
  arXiv  Detail & Related papers  (2024-12-22T14:18:39Z)
• Dissecting Adversarial Robustness of Multimodal LM Agents [70.2077308846307]
  We manually create 200 targeted adversarial tasks and evaluation scripts in a realistic threat model on top of VisualWebArena.<n>We find that we can successfully break latest agents that use black-box frontier LMs, including those that perform reflection and tree search.<n>We also use ARE to rigorously evaluate how the robustness changes as new components are added.
  arXiv  Detail & Related papers  (2024-06-18T17:32:48Z)
• Defending Large Language Models against Jailbreak Attacks via Semantic Smoothing [107.97160023681184]
  Aligned large language models (LLMs) are vulnerable to jailbreaking attacks. We propose SEMANTICSMOOTH, a smoothing-based defense that aggregates predictions of semantically transformed copies of a given input prompt.
  arXiv  Detail & Related papers  (2024-02-25T20:36:03Z)
• Code Polymorphism Meets Code Encryption: Confidentiality and Side-Channel Protection of Software Components [0.0]
  PolEn is a toolchain and a processor architecturethat combine countermeasures in order to provide an effective mitigation of side-channel attacks. Code encryption is supported by a processor extension such that machineinstructions are only decrypted inside the CPU. Code polymorphism is implemented by software means. It regularly changes the observablebehaviour of the program, making it unpredictable for an attacker.
  arXiv  Detail & Related papers  (2023-10-11T09:16:10Z)
• Citadel: Simple Spectre-Safe Isolation For Real-World Programs That Share Memory [8.414722884952525]
  We introduce a new security property we call relaxed microarchitectural isolation (RMI)<n>RMI allows sensitive programs that are not-constant-time to share memory with an attacker while restricting the information leakage to that of non-speculative execution.<n>Our end-to-end prototype, Citadel, consists of an FPGA-based multicore processor that boots Linux and runs secure applications.
  arXiv  Detail & Related papers  (2023-06-26T17:51:23Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.