It is impossible to completely protect the code, no matter how you pack it, to run it, it must be accessible and decrypted, which means that the key must be stored locally.
Consider this scenario;
The authors of the electronic system and the asar file format implement encryption similar to password protected zip and give you the opportunity to specify the archive password at compile time so that it is "safely" stored inside the .exe and the asar file cannot be opened / read without it.
The hacker could still understand the key by compiling the electron itself with some test keys, such as AAAA and AAAB, then comparing the resulting binary to determine the location of the key string inside it. As soon as they learn how to extract the key from exe, the game is over.
I think the strongest protection you can do is change the source code of the electron to store and retrieve the key, but even then the attacker can decompile the code, compare it with the decompiled standard version of the electron, find out where your code changes start and reconstruct until they figure out how you store the key.
Again, at the moment when they have a key, the game ends, and in order for the electron to run any code, it had to read it, which means that it must have an accessible key locally. Catch 22.
Simon james odell
source share