JS_OBFUSCATOR_V1

JavaScript Obfuscator

Obfuscate JavaScript using a unique session-bound key so code can only be deobfuscated from the same browser session. Variable renaming, string encoding, and XOR encryption — all client-side, zero uploads.

Keye07f383454e33705

Output will appear here

How does the session key work?

When you visit this page, a random 256-bit key is generated and stored in your browser's sessionStorage. This key is used to XOR-encode your JavaScript. Since the key only exists in your current browser tab, any obfuscated output can only be deobfuscated on the same device in the same session. Closing the tab destroys the key.

What does the obfuscator do?

  • Variable renaming — local variable names are replaced with short _0x identifiers.
  • String encoding — string literals are XOR-encrypted and Base64-encoded.
  • XOR encryption — the entire payload is encrypted with a rolling XOR cipher using your session key.
  • Runtime bootstrap — the output includes a decoder that reads the key from sessionStorage at runtime.

Is this secure?

This is obfuscation, not encryption-at-rest. It prevents casual copying and reading of your logic, but a determined attacker can always extract the key from sessionStorage or run the deobfuscator in their own session. Use it to discourage casual theft, not to protect sensitive secrets.

Can I deobfuscate code from another session?

No — each session generates a unique key. If you close the tab or reset the key with the keybutton, the obfuscated output from a previous session cannot be recovered. Keep the tab open while you're working with obfuscated code.