

Cracking JXcore Again - kolodny
http://markhaase.com/2015/06/25/cracking-jxcore-again/

======
rimunroe
Is there anything to the JXcore project? I was at one meetup where (I think) a
core member gave a presentation on it that seemed loaded with inaccuracies
about Node and mobile development, and it sounded all quite suspect. Then I
went to their GitHub and and was unimpressed by it as well. I haven't found
anything about it that doesn't look pretty sketchy. Anyone more familiar with
it who can chime in?

------
killercup
tl;dr They take the original JXcore binary and append your compressed source
code (as base64 in a JSON structure).

I had at least hoped that (a) they didn't need the base64 overhead and (b)
used uglify to minify/obfuscate the code.

tl;dr^2 It's nice for deploying JS apps, the 'Protected JavaScript Source'
claim is bullshit.

------
nodefan
Since open sourcing the project, JXcore team hasn't made any claims on code
protection. The project is clearly focusing on running Node on mobile devices
and ease of deployment. Regrettably, the author has overlooked this.

~~~
rimunroe
The JXcore team has regrettably not done a great job of removing old and
misleading stuff from their site.

~~~
obastemur
It's not part of the website. It's an unlinked html page that is reachable
thanks to google. I'm wondering, for how long Mark is going to benefit that
page to keep saying "cracked" JXcore again?

------
obastemur
This is so dumb cheap Mark! This is an open source project and everything is
open in the wild while we stated several times there is no source code
protection on our Github page.

Second time you are doing this the same cheap way. Congrats!

~~~
rimunroe
What does that even mean? This does not sound like a very reasonable response.
What is cheap about what they did? The JXcore jxp page[1] makes assurances
that are clearly absurd.

[1] [http://jxcore.com/jxp/](http://jxcore.com/jxp/)

~~~
obastemur
is there any link from any of the jxcore pages to that year old page ? It even
says that download Beta 2... What beta 2 is that?

[https://github.com/jxcore/jxcore](https://github.com/jxcore/jxcore) is the
place (as you and he already knows) we publicly give out the source codes.
Even a new graduate can see what's been going on. Hey.. it's visible there is
nothing to crack.

~~~
rimunroe
...why do you still have that page at all?

[edit] It's pretty dishonest to knowingly keep a flatly misleading page like
that up. It's linked to by Google if you search for stuff on JXcore security,
and there are news articles that mention it, so people are likely going to
come to it.

~~~
obastemur
did not even realize we have this page till today... I'm going to keep that
page for Mark E. Hasse

[edit] and put a notice that there is no such a thing like protection.

BTW; What is dishonest? Claiming to cracking something open or letting us know
this page has no link and old but still there and on google ?

~~~
rimunroe
saying that you're going to keep that page up as long as it continues to make
claims about security.

(Also, I tried to move this to Twitter since I don't think a comment thread
here is a great venue for continued discussion about this)

------
hoare
that was surprisingly simple for such a strong wording for their obfuscation:D

