Domain Lock

Potency Medium
Resilience Medium
Cost Medium
Tags: domain, lock, IP, code lock

Description

Domain Lock locks code to a specific domain name or IP address. This is a good transformation to avoid someone stealing the protected code and running it on their own domain or locally. This is also a good transformation to enforce license agreements. Countermeasures can be specified (optionally) to be executed when the code runs in any other domain/IP.

Consider combining this transformation with obfuscation transformations to harden the resulting code making it more resilient to automated de-obfuscator tools and harder to understand by a human. You may also find useful to combine this transformation with other locks:

Input Examples

  • mywebsite.com - Code will break if not running inside the mywebsite.com domain
  • mywebsite.com, www.mywebsite.com - Code will break if not running inside either mywebsite.com or www.mywebsite.com
  • mywebsite.com, *.mywebsite.com - Code will break if not running inside mywebsite.com or all of its sub-domains
  • 192.168.* - Code will break if not running in an IP inside the 192.168. network
  • file://Users/you/* - Code will break if not running inside your user directory

Code Annotation Example

// @jscrambler define domainLock {domains: [example.com], countermeasures: {breakApplication: 1, customCallback: report.callbackFunction}} as dl1

Option Types

Name Required Default Value Description
domains Yes N/A List of domains/IPs where the code is allowed to run (Supports wildcard to match sub-domains, IP network, and IP host range).
countermeasures Yes {"deleteCookies": false,"breakApplication": true,"realTimeNotifications": false} List of available countermeasures

Countermeasures

Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
breakApplication Breaks the application's functionality.
realTimeNotifications Sends a notification when a violation occurs.

API Parameters

Example:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "domainLock",
      "options": {
        "domains": [
          "VALUE1",
          "VALUE2"
        ],
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "breakApplication": true,
          "realTimeNotifications": false
        }
      }
    }
  ]
}