Memory Protection
Potency Medium
Resilience Medium
Cost High
Tags: rasp, tampering
Description
Memory Protection encapsulates array and object initializations in order to hide property literal values from direct memory analysis thwarting any attempts of data exfiltration.
The Memory Protection transformation searches for object/array literals to protect (e.g. {x: 1}
or [1, 2, 3]
) and ignores other data, such as locals or objects allocated through different means.
Currently, Memory Protection is not available through the web application and can not be enabled through the command line or Jscrambler plugins. Instead, Memory Protection must be explicitly enabled using Code Annotations:
Code Annotation Example
// @jscrambler enable memoryProtection
Example
const protectedObject = {};
protectedObject.prop = 100;
In the example above, the object stored in the protectedObject
variable will be protected, and values stored in it (such as prop = 100
) will be encrypted/decrypted as needed. This happens even if the code using protectedObject
is not protected with Jscrambler:
function distance(p1, p2) {
const xDiff = p2.x - p1.x;
const yDiff = p2.y - p1.y;
return Math.sqrt(xDiff * xDiff + yDiff * yDiff);
}
function getPoints() {
return [{x: 5, y: 3}, {x: 3, y: 0}];
}
console.log(distance(...getPoints()));
In the example above, Memory Protection is only applied to getPoints
, not distance
. However, the objects p1
and p2
are still protected when used in distance, and the data is still decrypted only when necessary (to calculate xDiff
and yDiff
).
More specifically, an object is protected when it is created in a code segment with Memory Protection, regardless of the locations where those objects are used.
Browser Compatibility
Browser | Compatible Versions | Tested Versions | Notes |
Chrome | 80+ | 80+ | |
Firefox | 80+ | 80+ | |
Internet Explorer | N/A | 8+ | |
Microsoft Edge | 111+ | 111+ | |
Safari | 12.1+ | 12.1+ | |
API Parameters
This transformation can only be used via Code Annotations.