Anti-Tampering

Potency Medium
Resilience High
Cost Medium
Tags: rasp, tampering

Description

Anti-Tampering protects your application against tampering attacks. Countermeasures can be specified (optionally) to be executed when someone tries to tamper with the code.

Anti-Tampering is fully compatible with the browser's Content-Security Policy (CSP).

Code Annotation Example

// @jscrambler global define antiTampering {countermeasures: {breakApplication: 1}} as at
// @jscrambler enable at
function a() {

}

// @jscrambler enable at
function b() {

}

Note: Anti-Tampering can be used on multiple places on the same file, however it cannot have different options in each of those places. This means that you can only define it once, and then enable it across the file. When using Anti-Tampering as a parameter, only disable annotations are allowed.

Option Types

Name Required Default Value Description
maxTargetsPerFunction No 3 Max number of targets per function
validatedRange No 15 Max number of characters to be validated per Function
mode Yes ["RCK","SKL"] Transformation Modes
countermeasures Yes {"deleteCookies": false,"breakApplication": true,"realTimeNotifications": false,"dataExfiltrationPrevention": false,"selfDestruct": false} List of available countermeasures
options No ["tolerateBenignPoisoning"] List of available options

Mode

This option allows the user to define which modes to use, to work around compatibility limitations.

The following environments are known to be incompatible with SKL mode:

  • Node.js before v10: update to node v10 or above, or only enable RCK mode instead
  • React Native with Hermes enabled: disable Hermes, or only enable RCK mode instead

Note: the React Native plugin (jscrambler-metro-plugin) automatically turns off SKL mode when the enabledHermes option is set to true.

Name Description
RCK Integrity Check mode RCK
SKL Integrity Check mode SKL

Countermeasures

Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
breakApplication Breaks the application's functionality.
realTimeNotifications Sends a notification when a violation occurs.
dataExfiltrationPrevention Prevents a malicious actor from carrying out an unauthorized data transfer by blocking network requests.
selfDestruct Attempts to damage the state and behavior of the application and/or the environment that is running the application.

Options

Name Description
tolerateBenignPoisoning Blocks only malicious native function poisoning

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 80+ 80+
Firefox 90+ 90+
Internet Explorer N/A 8+
Microsoft Edge 116+ 116+
Safari 13.1+ 13.1+

API Parameters

Example:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "antiTampering",
      "options": {
        "maxTargetsPerFunction": 3,
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "breakApplication": true,
          "realTimeNotifications": false,
          "dataExfiltrationPrevention": false,
          "selfDestruct": false
        }
      }
    }
  ]
}