Weixin Mini Program Introduction of code reinforcement

# Weixin Mini Program Introduction of code reinforcement

To enhance the ecological security of WeChat, Security issues in the development of Weixin Mini Program include code vulnerability to decompilation, core business logic vulnerability, algorithm vulnerability and so on, leading to the risk of Mini programs being cracked and core code stolen. The platform will provide code strengthening capabilities that enable the encryption of the Mini Program front-end code, In order to prevent code exposure and increase the difficulty of attackers reading the front-end code logic, developers should also pay attention to the strictness of their own development specifications to ensure the code quality of the Mini Programs and protect the Mini Program security. Weixin Mini Program Code hardening is a feature that provides developers to encrypt the front-end code of Mini Programs to prevent code exposure.

# I. Function profile

Code reinforcement function for the official provision of a plug-in, just install directly in the WeChat developer tools,Easy to operate, no additional time-consuming, JavaScript file can be passed to the encryption tool, so as to achieve character string encryption, attribute encryption, call conversion, code obfuscation and many other protection measures.It is recommended that sensitive data information in Weixin Mini Program, core algorithm logic, copyright content and other content that need security protection, can be code reinforcement.We hope that the following usage instructions (running environment, installation process, usage process, reverse checking process) will help developers make better use of this feature.

# II. Running environment

Download and install the developer tools1.06.2206271or above, and download the download for .

# III. Installation process

Way 1: Open the WeChat Developer Tools, select Tools - Plugins - Editor Extensions or Settings - Extend Settings - Editor Extension in the menu bar, find Code Reinforcing and click Get to install.Once the installation is successful, you can use the plug-in feature.

display

Method 2: Open the WeChat developer tools, directly click on the "extension" icon, search for "devtool-code-obfuscation" in the search bar and install.Once the installation is successful, you can use this feature.

display

# IV. USE PROCESS

The reinforcement configuration file is first generated, and the WeChat developer tools automatically creates a reinforcement configuration in the current workspace when the activation plug-in is loaded for the first time.

display

Select the code that needs to be reinforced, such as apagejs, and right-click to select "code reinforcement."

display

After selecting "Preview" / "Real machine debugging" / "" Upload," there will be a corresponding prompt pop-up. After clicking "OK," the code reinforcing will begin and you can complete the subsequent preview

display

# V. Reverse Check Process

1. When in vConsole orhttps://mp.weixin.qq.com/("Development Management - Operations Center - Error Logs - Error Content ") to view the error content with relevant DEBUG information (such as [DEBUG apagejs: 34]), which means that the error was caused by a reinforced file. Note that this feature does not appear in unrehardened files, which still retain the original error format (e.g. mock (apagejs: 5: 37)).
Incorrect content displayed in vConsole

display

Mp Weixin Mini Program Manage the error content displayed in the background

display

Find anyprojectmapsin the Developer Tools directory***.js.map.jsonFile, click on the top right corner of the panel editor title bar, open "Sourcemap code reinforcement debugging," the use of the tool can facilitate developers for the reinforcement of the file error analysis

display

display 3. Enter the corresponding DEBUG information. For example, [DEBUG apagejs: 34]. Enter "apagejs" and "34" into the left and right blank boxes, respectively. The former is the file name of the error, and the latter is the pc value in the vm. Click "Checkback" to display the error location and the corresponding file

display

If you click on "Positioning," you will show the source file of the code reinforcement debugging, and the specific location will be marked with red, so that you can find the

display 5. If you click on the wrong path, you jump directly to the file in the corresponding location

display

# Other Frequently Asked Questions

# Q1: Failed to show compilation results after reinforcement?

A1: means that the reinforced Weixin Mini Program content does not have a corresponding code in the Mini Program compilation result, so the replacement failed, and can be specifically investigated based on the failure prompt.

display

# Q2: If you want to do a batch of code reinforcement, how should you do it?

A2: If you need bulk code reinforcement, you can directly modify thecode_obfuscation_config.jsonTheconfigsfield in the

display

The code is as follows:

{
    "desc": "关于本文件的更多信息，请参考文档 代码加固开发者文档",
    "switch": true, // 加固总开关，关闭则不执行加固流程
    "configs": [
    {
    "path": "pages/index/index.js", // 加固文件的路径
    "sub_switch": true // 加固子开关，该文件是否需要加固
    }
  ]
}

# Q3: When using Sourcemap code to reinforce debugging, why can't I find the error path?

A3: src Miniprogram Root directory does not exist in the newspaper error file corresponding to the source file

display

# Q4: Will the code hardening affect the performance of the product?

A4: Product performance impacts relate to the content, size, and quantity of code reinforcing. They may affect code volume, product initialization time, and execution speed. They can be further explained in the performance explaination document .

If you have any questions, feel free to participate in the community discussion .