Memory Protection

Potency Medium
Resilience Medium
Cost High
Tags: rasp, tampering

Description

Memory Protection encapsulates array and object initializations in order to hide property literal values from direct memory analysis thwarting any attempts of data exfiltration.

The Memory Protection transformation searches for object/array literals to protect (e.g. {x: 1} or [1, 2, 3]) and ignores other data, such as locals or objects allocated through different means.

Currently, Memory Protection is not available through the web application and can not be enabled through the command line or Jscrambler plugins. Instead, Memory Protection must be explicitly enabled using Code Annotations:

Code Annotation Example

// @jscrambler enable memoryProtection

Example

// @jscrambler enable memoryProtection
const protectedObject = {};
protectedObject.prop = 100;

In the example above, the object stored in the protectedObject variable will be protected, and values stored in it (such as prop = 100) will be encrypted/decrypted as needed. This happens even if the code using protectedObject is not protected with Jscrambler:

// File1.js (unprotected):
function distance(p1, p2) {
  const xDiff = p2.x - p1.x;
  const yDiff = p2.y - p1.y;
  return Math.sqrt(xDiff * xDiff + yDiff * yDiff);
}
// File2.js (protected):
// @jscrambler enable memoryProtection
function getPoints() {
  return [{x: 5, y: 3}, {x: 3, y: 0}];
}
console.log(distance(...getPoints()));

In the example above, Memory Protection is only applied to getPoints, not distance. However, the objects p1 and p2 are still protected when used in distance, and the data is still decrypted only when necessary (to calculate xDiff and yDiff).

More specifically, an object is protected when it is created in a code segment with Memory Protection, regardless of the locations where those objects are used.

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 50+ 50+
Firefox 50+ 50+
Internet Explorer N/A 8+
Microsoft Edge 18+ 18+
Safari 11.1+ 9.1+

API Parameters

This transformation can only be used via Code Annotations.