String Obfuscator

Free online tool. All processing is client-side. No signup needed.

How to Use the String Obfuscator

1. Enter your input values above
2. Results update automatically
3. Copy or download the output

What is a String Obfuscator?

A String Obfuscator transforms readable text into Unicode lookalikes, invisible characters, reversed strings, or XOR-encrypted nonsense — making it unreadable to humans and casual automated scanners while remaining technically valid text. Common uses include: hiding email addresses from basic spam bots on websites, creating prank/cipher text, demonstrating Unicode security issues (homograph attacks), protecting sensitive strings in public code repositories, or creating puzzle/ARG (alternate reality game) content. This is obfuscation, NOT encryption — it deters casual snooping but can be reversed by a determined person.

How Does It Work?

Enter text and choose an obfuscation method: (1) Unicode Homoglyphs: replaces Latin characters with visually similar Unicode characters from other scripts (a → а Cyrillic, e → е Cyrillic), (2) Zero-Width Characters: inserts invisible Unicode characters (zero-width space, zero-width joiner) between visible chars, (3) Reverse: simply reverses the string, (4) XOR Cipher: XORs each character with a simple key (for reversible scrambling), (5) Base64 Encode: the simplest 'I can't read this' method. The deobfuscator reverses each method.

Formula

Obfuscation Methods:\n\nHomoglyphs (lookalike substitution):\nLatin → Unicode lookalike chars from Cyrillic, Greek, Math Symbol sets\nExample: 'Hello' → 'Ηеllо' (H = Greek Eta, e = Cyrillic ie, o = Cyrillic o)\n\nZero-Width Embedding:\nOriginal + invisible Unicode chars: \\u200B (ZWS), \\u200C (ZWNJ), \\u200D (ZWJ)\nEncoded message in invisible chars between visible text\n\nXOR Cipher:\nobfuscated[i] = text[i] XOR key[i % key.length]\nReversible: text[i] = obfuscated[i] XOR key[i % key.length]\n\nReverse: 'Hello' → 'olleH'\n\nBase64: standard Base64 encoding (not obfuscation per se, but commonly used)\n\n⚠️ This is NOT encryption — it's reversible without a secret key (except XOR, which is very weak)

Who Uses This Tool?

• Web developers obfuscating email addresses on public web pages from spam bots
• Security demonstrations: showing how homograph attacks spoof domain names
• Puzzle creators building ARGs, escape rooms, or CTF challenges
• Students learning about Unicode security and character encoding
• Temporary obfuscation of test data or configuration strings in development

Pro Tips

• For email obfuscation on websites, combine multiple methods: (1) HTML entity encode the @ and . characters, (2) use JavaScript to construct the email at runtime, (3) add honeypot fields. No single method is 100% effective
• Homograph domain attacks use Unicode lookalikes to spoof URLs: paypaΙ.com (with Greek Iota) looks like paypal.com. Modern browsers display punycode to mitigate this
• Zero-width character steganography can hide messages in visible text — forensic tools can detect the invisible Unicode codepoints
• XOR with a single-byte key is trivially breakable with frequency analysis. Don't use any of these methods for actual security — only for casual obfuscation

Frequently Asked Questions about String Obfuscator

Is string obfuscation the same as encryption?

No. Obfuscation makes text harder to read but can be reversed by anyone who knows the technique. Encryption requires a secret key and is mathematically designed to be irreversible without the key. Obfuscation = hiding in plain sight; encryption = locking in a safe.

How can I protect my email from spam bots?

No single method is perfect. Best approach: use a contact form with CAPTCHA instead of displaying your email. If you must display it, combine HTML entity encoding, JavaScript rendering, and periodic address changes. Accept that determined harvesters will find it.

Free online String Obfuscator — no signup, 100% client-side processing. All data stays in your browser.