Code Integrity
Help Center > Code Integrity > Documentation > Transformations > Anti Monkey Patching

Anti Monkey Patching

Potency Low
Resilience Low
Cost Low
Tags: rasp, tampering

Description

Anti Monkey Patching protects your code against classical Monkey Patching, some types of poisoning and protects your Class Members. Countermeasures can be specified (optionally) to be executed when someone tries to tamper with the code.

Anti Monkey Patching is fully compatible with the browser's Content-Security Policy (CSP).

Global Code Annotation Example

Here the transformation is applied to all of the globalFunctions in the file, except for function b.

// @jscrambler global define antiMonkeyPatching {mode: 'blockList', globalFunctions: ['b'], countermeasures: {breakApplication: 1}} as amp
// @jscrambler enable amp
function a() {

}

function b() {

}

function c() {

}
...

Local Code Annotation Example

Here the transformation is only applied to function b. Since the transformation is only applied to one function the use of the allowList and the blockList is deemed unnecessary.

function a() {

}

// @jscrambler define antiMonkeyPatching {countermeasures: {breakApplication: 1}} as amp
// @jscrambler enable amp
function b() {

}
...

Option Types

Name Required Default Value Description
countermeasures Yes {"deleteCookies": false,"breakApplication": true,"realTimeNotifications": false,"dataExfiltrationPrevention": false,"selfDestruct": false} List of available countermeasures
mode No blockList Transformation Modes
globalFunctions No [] N/A

Countermeasures

Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
breakApplication Breaks the application's functionality.
realTimeNotifications Sends a notification when a violation occurs.
dataExfiltrationPrevention Prevents a malicious actor from carrying out an unauthorized data transfer by blocking network requests.
selfDestruct Attempts to damage the state and behavior of the application and/or the environment that is running the application.

Mode

Name Description
allowList Provide a list of global functions to be affected by the transformation
blockList Provide a list of global functions to not be affected. Empty will target all

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 80+ 80+
Firefox 90+ 90+
Internet Explorer 11+ 8+
Microsoft Edge 116+ 116+
Safari 13.1+ 13.1+

API Parameters

Example:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "antiMonkeyPatching",
      "options": {
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "breakApplication": true,
          "realTimeNotifications": false,
          "dataExfiltrationPrevention": false,
          "selfDestruct": false
        },
        "mode": "blockList",
        "globalFunctions": []
      }
    }
  ]
}