Code Hardening

Code hardening protects the application from reverse engineering and automated/manual deobfuscation by making transformations more resilient and consecutively strengthening the application integrity.

How it works by default

When protecting your application, code hardening is implicitly included in all protection transformations. However, it won't target all JavaScript application files.

In order to reduce the impact in the file size growth, code hardening is only implicitly included in files that match the following criteria:

  • Single file applications will always be targeted
  • Otherwise, if the application has multiple JavaScript files
    • Only targets files with file size greater or equal to 5KB
    • And files which do not contain the word vendor in their file path (i.e. vendor-1.4.js, vendor/app.js, etc)

It is possible to customize code hardening behavior using Jscrambler's CLI or by means of Code Annotations. This overrides the default rules.

Usage with the API

Situations may arise where the user wants code hardening to target files with different file size (by default >= 5KB), in order to do that, users can set the --code-hardening-threshold flag through the Jscrambler CLI.

Examples

Let's consider an application with several JavaScript files smaller than 5KB and that the user wants to target every file with a file size equal to or greater than 2KB. By default those files would be ignored; to override this behavior, the user only has to set --code-hardening-threshold=2kb.

jscrambler -c jscrambler.json --code-hardening-threshold=2kb

To protect all the application's JavaScript files despite their file size, the user can set --code-hardening-threshold=0, which will have the desired effect.

jscrambler -c jscrambler.json --code-hardening-threshold=0

By setting --code-hardening-threshold even vendor files will be targeted as long as their file size is greater or equal than the set threshold.

Code Annotations

If you want to make sure that code hardening is (or is not) applied to a specific JavaScript file, you should use code annotations.

For instance, if you want to enforce code hardening, add the following code annotation to the beginning of the file:

// @jscrambler global enable codeHardening

In the other hand, if you want to disable it, use this code annotation:

// @jscrambler global disable codeHardening

Default rules are always ignored when using code annotations.