feat: project obfuscate

faretek1 · faretek1 · commit a736c464235c · 2025-09-21T12:02:57.000+01:00
This serves more as a test of the capabilities of sa.editor and allowed me to find a few bugs, rather than something you should use much. Uploading obfuscated code to scratch is against the community guidelines, however some people may find it useful - e.g. in comination with the turbowarp packager to deliver 'proprietary-like' obfuscated scratch projects for use outside of the scratch website.
diff --git a/scratchattach/editor/asset.py b/scratchattach/editor/asset.py
@@ -15,7 +15,7 @@ class AssetFile:
     - stores the filename, data, and md5 hash
     """
     filename: str
-    _data: bytes = field(repr=False, default_factory=bytes)
+    _data: Optional[bytes] = field(repr=False, default=None)
     _md5: str = field(repr=False, default_factory=str)
 
     @property
@@ -26,6 +26,7 @@ def data(self):
         if self._data is None:
             # Download and cache
             rq = requests.get(f"https://assets.scratch.mit.edu/internalapi/asset/{self.filename}/get/")
+            # print(f"Downloaded {url}")
             if rq.status_code != 200:
                 raise ValueError(f"Can't download asset {self.filename}\nIs not uploaded to scratch! Response: {rq.text}")
 
@@ -206,10 +207,12 @@ def to_json(self) -> dict:
         """
         _json = super().to_json()
         _json.update({
-            "bitmapResolution": self.bitmap_resolution,
             "rotationCenterX": self.rotation_center_x,
             "rotationCenterY": self.rotation_center_y
         })
+        if self.bitmap_resolution is not None:
+            _json["bitmapResolution"] = self.bitmap_resolution
+
         return _json
 
 
diff --git a/scratchattach/editor/mutation.py b/scratchattach/editor/mutation.py
@@ -261,7 +261,7 @@ def argument_settings(self) -> ArgSettings:
                            bool(commons.safe_get(self.argument_defaults, 0)))
 
     @property
-    def parsed_proc_code(self) -> list[str, ArgumentType] | None:
+    def parsed_proc_code(self) -> list[str | ArgumentType] | None:
         """
         Parse the proc code into arguments & strings
         """
diff --git a/scratchattach/editor/project.py b/scratchattach/editor/project.py
@@ -2,13 +2,14 @@
 
 import json
 import os
+import string
 import warnings
 from io import BytesIO, TextIOWrapper
 from typing import Optional, Iterable, Generator, BinaryIO
 from typing_extensions import deprecated
 from zipfile import ZipFile
 
-from . import base, meta, extension, monitor, sprite, asset, vlb, twconfig, comment, commons
+from . import base, meta, extension, monitor, sprite, asset, vlb, twconfig, comment, commons, mutation
 from scratchattach.site import session
 from scratchattach.utils import exceptions
 
@@ -284,3 +285,96 @@ def add_monitor(self, _monitor: monitor.Monitor) -> monitor.Monitor:
         _monitor.project = self
         _monitor.reporter_id = self.new_id
         self.monitors.append(_monitor)
+        return _monitor
+
+    def obfuscate(self, *, goto_origin: bool=True) -> None:
+        """
+        Randomly set all the variable names etc. Do not upload this project to the scratch website, as it is
+        against the community guidelines.
+        """
+        # this code is an embarrassing mess. If certain features are added to sa.editor, then it could become a lot cleaner
+        chars = string.ascii_letters + string.digits + string.punctuation
+
+        def b10_to_cbase(b10: int | float):
+            ret = ''
+            new_base = len(chars)
+            while b10 >= 1:
+                ret = chars[int(b10 % new_base)] + ret
+                b10 /= new_base
+
+            return ret
+
+        used = 0
+
+        def rand():
+            nonlocal used
+            used += 1
+
+            return b10_to_cbase(used)
+
+        for _sprite in self.sprites:
+            procedure_mappings: dict[str, str] = {}
+            argument_mappings: dict[str, str] = {}
+            done_args: list[mutation.Argument] = []
+
+            for _variable in _sprite.variables:
+                _variable.name = rand()
+            for _list in _sprite.lists:
+                _list.name = rand()
+            # don't rename broadcasts as these can be dynamically called
+
+            def arg_get(name: str) -> str:
+                if name not in argument_mappings:
+                    argument_mappings[name] = rand()
+                return argument_mappings[name]
+
+            for _block in _sprite.blocks.values():
+                if goto_origin:
+                    _block.x, _block.y = 0, 0
+
+                if _block.opcode in ("procedures_call", "procedures_prototype", "procedures_definition"):
+                    if _block.mutation is None:
+                        continue
+
+                    proccode = _block.mutation.proc_code
+                    if proccode is None:
+                        continue
+
+                    if proccode not in procedure_mappings:
+                        parsed_ppc = _block.mutation.parsed_proc_code
+
+                        if parsed_ppc is None:
+                            continue
+
+                        new: list[str | mutation.ArgumentType] = []
+                        for item in parsed_ppc:
+                            if isinstance(item, str):
+                                item = rand()
+
+                            new.append(item)
+
+                        new_proccode = mutation.construct_proccode(*new)
+                        procedure_mappings[proccode] = new_proccode
+
+                    _block.mutation.proc_code = procedure_mappings[proccode]
+
+                    assert _block.mutation.arguments is not None
+                    for arg in _block.mutation.arguments:
+                        if arg in done_args:
+                            continue
+                        done_args.append(arg)
+
+                        arg.name = arg_get(arg.name)
+
+                    # print(_block, _block.mutation)
+                elif _block.opcode in ("argument_reporter_string_number", "argument_reporter_boolean"):
+                    arg_name = _block.fields["VALUE"].value
+                    assert isinstance(arg_name, str)
+                    _block.fields["VALUE"].value = arg_get(arg_name)
+
+
+                # print(argument_mappings)
+
+            if goto_origin:
+                for _comment in _sprite.comments:
+                    _comment.x, _comment.y = 0, 0
diff --git a/tests/test_editor_obfuscation.py b/tests/test_editor_obfuscation.py
@@ -0,0 +1,30 @@
+import pprint
+import sys
+from pathlib import Path
+
+
+def test_project():
+    sys.path.insert(0, ".")
+    import scratchattach as sa
+    from util import session
+    sess = session()
+
+    path = Path(__file__).parent.parent / "intro for kelmare (yoda tour) (p2).sb3"
+
+    if path.exists():
+        print(f"loading cached {path}")
+        body = sa.editor.Project.from_sb3(path.open("rb"))
+    else:
+        print(f"Could not find {path}")
+        project = sess.connect_project(1074489898)
+        body = project.body()
+
+    body.obfuscate()
+
+    # body.save_json("obfuscated")
+    body.export("obfuscated.sb3")
+
+
+
+if __name__ == '__main__':
+    test_project()
