Solutions
By Need
JavaScript Protection
Magecart Mitigation
Mobile App Protection
Data Leakage Prevention
Third Party Control
Customer Hijacking Prevention
User Data Protection & Compliance
By Sector
Financial Services
IT & Software
E-Commerce
Healthcare
Media & OTT
Gaming & Gambling
Products
Code Integrity
Application Shielding
Runtime Protection
JavaScript Threat Monitoring
Webpage Integrity
Webpage Inventory
Third Party Management
User Data Management
Webpage Threat Mitigation
Resources
Partners
Docs
Blog
Learning Hub
Help Center > Code Integrity > Documentation > Transformations > Anti-Tampering

Anti-Tampering

Potency Medium
Resilience High
Cost Medium
Tags: rasp, tampering

Description

Anti-Tampering protects your application against tampering attacks. Countermeasures can be specified (optionally) to be executed when someone tries to tamper with the code.

Anti-Tampering is fully compatible with the browser's Content-Security Policy (CSP).

Code Annotation Example

// @jscrambler global define antiTampering {countermeasures: {breakApplication: 1}} as at
// @jscrambler enable at
function a() {

}

// @jscrambler enable at
function b() {

}

Note: Anti-Tampering can be used on multiple places on the same file, however it cannot have different options in each of those places. This means that you can only define it once, and then enable it across the file. When using Anti-Tampering as a parameter, only disable annotations are allowed.

Support

Some environments are incompatible with SKL mode:

  • Node.js before v10: update to node v10 or above, or only enable RCK mode instead
  • React Native with Hermes *enabled: disable Hermes, or only enable RCK mode instead

Option Types

Name Required Default Value Description
maxTargetsPerFunction No 3 Max number of targets per function
validatedRange No 15 Max number of characters to be validated per Function
mode Yes ["RCK","SKL"] Transformation Modes
countermeasures Yes {"deleteCookies": false,"breakApplication": true,"realTimeNotifications": false,"dataExfiltrationPrevention": false,"selfDestruct": false} List of available countermeasures

Countermeasures

Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
breakApplication Breaks the application's functionality.
realTimeNotifications Sends a notification when a violation occurs.
dataExfiltrationPrevention Prevents a malicious actor from carrying out an unauthorized data transfer by blocking network requests.
selfDestruct Attempts to damage the state and behavior of the application and/or the environment that is running the application.

Mode

Name Description
RCK Integrity Check mode RCK
SKL Integrity Check mode SKL

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 80+ 80+
Firefox 80+ 80+
Internet Explorer N/A 8+
Microsoft Edge 111+ 111+
Safari 12.1+ 12.1+

API Parameters

Example:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "antiTampering",
      "options": {
        "maxTargetsPerFunction": 3,
        "validatedRange": 15,
        "mode": [
          "RCK",
          "SKL"
        ],
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "breakApplication": true,
          "realTimeNotifications": false,
          "dataExfiltrationPrevention": false,
          "selfDestruct": false
        }
      }
    }
  ]
}