##String Concealment and Hexadecimal Encoding

The most basic layer of obfuscation involves moving human-readable strings into a centralized array and encoding them. This prevents a casual observer from searching for specific keywords or API endpoints within the source.

Instead of a direct call like console.log("Welcome"), an obfuscator might create a "string pool":

const _0x4a21 = ['\x57\x65\x6c\x63\x6f\x6d\x65', '\x6c\x6f\x67'];
(function(_0x3e21, _0x4a21b) {
    const _0x1f22 = function(_0x5a11) {
        while (--_0x5a11) {
            _0x3e21['push'](_0x3e21['shift']());
        }
    };
    _0x1f22(++_0x4a21b);
}(_0x4a21, 0x1a4));

const _0x1f22 = function(_0x2e3a, _0x3f4b) {
    _0x2e3a = _0x2e3a - 0x0;
    let _0x4f5c = _0x4a21[_0x2e3a];
    return _0x4f5c;
};

console[_0x1f22('0x1')](_0x1f22('0x0')); // Original: console.log("Welcome");

Here, Welcome and log are stored as hexadecimal escape sequences within _0x4a21, and a helper function _0x1f22 is used to retrieve them dynamically. This makes static analysis much harder.

##Identifer Renaming and Scope Manipulation

One of the most visually disruptive techniques is the renaming of variables, function names, and parameters to meaningless, often single-character or cryptic identifiers.

Original code:

function calculateTotal(price, quantity) {
    let subtotal = price * quantity;
    return subtotal + (subtotal * 0.05); // 5% tax
}
const finalAmount = calculateTotal(100, 2);
console.log(finalAmount);

After renaming:

function _0x1a2b3c(a, b) {
    let c = a * b;
    return c + (c * 0.05);
}
const d = _0x1a2b3c(100, 2);
console.log(d);