Code Integrity
Help Center > Code Integrity > Documentation > Code Annotations > Countermeasure Injection

Countermeasure Injection

Some obfuscation techniques, such as Date Lock, rely on countermeasures to determine an action to perform in the event of an unathorized use of the application. However, it is also possible to explicitly trigger these countermeasures at any point of the code, using code annotations:

// @jscrambler define countermeasureInjection { countermeasures: { breakApplication: 1, deleteCookies: 1 } } as cmi
// @jscrambler enable cmi

If no countermeasures are specified, only breakApplication is used.

The countermeasure injection is only triggered one time by default, if you prefer to trigger it all the time, just set triggerOnce flag to false:

// @jscrambler define countermeasureInjection { triggerOnce: false, countermeasures: { breakApplication: 1, deleteCookies: 1 } } as cmi
// @jscrambler enable cmi

Usage Example

Consider the case of a mobile game implementing a custom anti-cheat mechanism. Once a cheater is detected, the application could reuse the existing countermeasures in addition to custom anti-cheat actions:

if (detectCheat()) {
    customAntiCheat();
    // @jscrambler define countermeasureInjection { countermeasures: { breakApplication: 0, realTimeNotifications: 1 } } as cmi
    // @jscrambler enable cmi
}

In this example, after the custom anti-cheat code, the application would still report the incident to the notification server.

Erroneous Uses and Unexpected Behavior

1. Global Annotations

Countermeasure injection can not be enabled using global annotations (e.g., // @jscrambler global enable countermeasureInjection), but global aliases still work:

// @jscrambler global define countermeasureInjection { countermeasures: { breakApplication: 1 } } as cmi
// @jscrambler enable cmi

2. Invalid Positioning

Countermeasure injections should be placed as if they were code statements, and should not be used in expressions or as class members. Additionally, they can not be the sole statements of if, while, for or similar statements.

Correct uses:

// @jscrambler enable countermeasureInjection

if (cond) {
    // @jscrambler enable countermeasureInjection
}

class A {
    constructor() {
        // @jscrambler enable countermeasureInjection
    }
}

Incorrect uses:

if (/* @jscrambler enable countermeasureInjection*/ cond) {}

if (cond) /* @jscrambler enable countermeasureInjection */ {}

if (cond) '@jscrambler enable countermeasureInjection';

var x = /* @jscrambler enable countermeasureInjection */ 1;

class X {
    // @jscrambler enable countermeasureInjection
    constructor() {}
}

3. Incompatible Countermeasures

Currently, when selecting breakApplication and Real Time notifications, no notifications are sent.