Memory Protection encapsulates array and object initializations in order to hide property literal values from direct memory analysis thwarting any attempts of data exfiltration.
The Memory Protection transformation searches for object/array literals to protect (e.g. {x: 1}
or [1, 2, 3]
) and ignores other data, such as locals or objects allocated through different means.
Currently, Memory Protection is not available through the web application and can not be enabled through the command line or Jscrambler plugins. Instead, Memory Protection must be explicitly enabled using Code Annotations:
// @jscrambler enable memoryProtection
// @jscrambler enable memoryProtection
const protectedObject = {};
protectedObject.prop = 100;
In the example above, the object stored in the protectedObject
variable will be protected, and values stored in it (such as prop = 100
) will be encrypted/decrypted as needed. This happens even if the code using protectedObject
is not protected with Jscrambler:
// File1.js (unprotected):
function distance(p1, p2) {
const xDiff = p2.x - p1.x;
const yDiff = p2.y - p1.y;
return Math.sqrt(xDiff * xDiff + yDiff * yDiff);
}
// File2.js (protected):
// @jscrambler enable memoryProtection
function getPoints() {
return [{x: 5, y: 3}, {x: 3, y: 0}];
}
console.log(distance(...getPoints()));
In the example above, Memory Protection is only applied to getPoints
, not distance
. However, the objects p1
and p2
are still protected when used in distance, and the data is still decrypted only when necessary (to calculate xDiff
and yDiff
).
More specifically, an object is protected when it is created in a code segment with Memory Protection, regardless of the locations where those objects are used.
Browser | Compatible Versions | Tested Versions | Notes |
---|---|---|---|
Chrome | 80+ | 80+ | |
Firefox | 90+ | 90+ | |
Internet Explorer | N/A | 8+ | |
Microsoft Edge | 116+ | 116+ | |
Safari | 13.1+ | 13.1+ |
This transformation can only be used via Code Annotations.