Solutions
By Need
JavaScript Protection
Magecart Mitigation
Mobile App Protection
Data Leakage Prevention
Third Party Control
Customer Hijacking Prevention
User Data Protection & Compliance
By Sector
Financial Services
IT & Software
E-Commerce
Healthcare
Media & OTT
Gaming & Gambling
Products
Code Integrity
Application Shielding
Runtime Protection
JavaScript Threat Monitoring
Webpage Integrity
Webpage Inventory
Third Party Management
User Data Management
Webpage Threat Mitigation
Resources
Partners
Docs
Blog
Learning Hub
Help Center > Code Integrity > Documentation > Code Annotations > Countermeasure Injection

Countermeasure Injection

Some obfuscation techniques, such as Date Lock, rely on countermeasures to determine an action to perform in the event of an unathorized use of the application. However, it is also possible to explicitly trigger these countermeasures at any point of the code, using code annotations:

// @jscrambler define countermeasureInjection { countermeasures: { breakApplication: 1, deleteCookies: 1 } } as cmi
// @jscrambler enable cmi

If no countermeasures are specified, only breakApplication is used.

The countermeasure injection is only triggered one time by default, if you prefer to trigger it all the time, just set triggerOnce flag to false:

// @jscrambler define countermeasureInjection { triggerOnce: false, countermeasures: { breakApplication: 1, deleteCookies: 1 } } as cmi
// @jscrambler enable cmi

Usage Example

Consider the case of a mobile game implementing a custom anti-cheat mechanism. Once a cheater is detected, the application could reuse the existing countermeasures in addition to custom anti-cheat actions:

if (detectCheat()) {
    customAntiCheat();
    // @jscrambler define countermeasureInjection { countermeasures: { breakApplication: 0, realTimeNotifications: 1 } } as cmi
    // @jscrambler enable cmi
}

In this example, after the custom anti-cheat code, the application would still report the incident to the notification server.

Erroneous Uses and Unexpected Behavior

1. Global Annotations

Countermeasure injection can not be enabled using global annotations (e.g., // @jscrambler global enable countermeasureInjection), but global aliases still work:

// @jscrambler global define countermeasureInjection { countermeasures: { breakApplication: 1 } } as cmi
// @jscrambler enable cmi

2. Invalid Positioning

Countermeasure injections should be placed as if they were code statements, and should not be used in expressions or as class members. Additionally, they can not be the sole statements of if, while, for or similar statements.

Correct uses:

// @jscrambler enable countermeasureInjection

if (cond) {
    // @jscrambler enable countermeasureInjection
}

class A {
    constructor() {
        // @jscrambler enable countermeasureInjection
    }
}

Incorrect uses:

if (/* @jscrambler enable countermeasureInjection*/ cond) {}

if (cond) /* @jscrambler enable countermeasureInjection */ {}

if (cond) '@jscrambler enable countermeasureInjection';

var x = /* @jscrambler enable countermeasureInjection */ 1;

class X {
    // @jscrambler enable countermeasureInjection
    constructor() {}
}

3. Incompatible Countermeasures

Currently, when selecting breakApplication and Real Time notifications, no notifications are sent.