Self Defending protects functions and object literals concealing their logic, blocking code tampering attempts with anti-tampering techniques, and detecting debuggers to trigger defenses that thwart reverse engineering attempts. Countermeasures can be specified (optionally) to be executed when someone tries to debug or tamper with the code.
Note: if you intend to minify your code after protecting it with Jscrambler, make sure that the tolerateMinification
flag is enabled in your application. This makes it so that the modifications done by this process are not treated as malicious by this and other transformations. We nonetheless recommend that you use Jscrambler after minifying your code, as the last step of your build process, for optimum results.
The tolerate Benign Poisoning option allows to a certain degree, the native function poisoning considered by Jscrambler as "benign". Some mobile and web frameworks inject polyfills for specific native functions at runtime (f.e console.log or setInterval), and for that reason, Self-Defending considers them malicious. You should activate the tolerateBenignPoisoning option to prevent "benign actions" from breaking your application. If you are using:
Please include the tolerateBenignPoisoning option on the Self-Defending parameters.
// @jscrambler define selfDefending {threshold: 10480, options: [tolerateBenignPoisoning], countermeasures: {deleteCookies: 1, redirect: /logout}} as sd
// @jscrambler enable sd
Name | Required | Default Value | Description |
---|---|---|---|
threshold | No | 10240 | Minimum size (in bytes) that a function / object literal must have to be targeted by the transformation. |
options | No | [] | List of available options |
countermeasures | No | {"deleteCookies": false,"realTimeNotifications": false,"dataExfiltrationPrevention": false,"selfDestruct": false} | List of available countermeasures |
Name | Description |
---|---|
tolerateBenignPoisoning | Blocks only malicious native function poisoning |
Name | Description |
---|---|
customCallback | Name of the function to be called as a countermeasure. |
deleteCookies | Deletes all the cookies accessible via JavaScript. |
redirect | Redirects the user to a specific URL. |
realTimeNotifications | Sends a notification when a violation occurs. |
dataExfiltrationPrevention | Prevents a malicious actor from carrying out an unauthorized data transfer by blocking network requests. |
selfDestruct | Attempts to damage the state and behavior of the application and/or the environment that is running the application. |
Browser | Compatible Versions | Tested Versions | Notes |
---|---|---|---|
Chrome | 80+ | 80+ | |
Firefox | 90+ | 90+ | |
Internet Explorer | 9+ | 8+ | |
Microsoft Edge | 116+ | 116+ | |
Safari | 13.1+ | 13.1+ |
Example:
{
"keys": {
"accessKey": "XXXXXX",
"secretKey": "YYYYYY"
},
"applicationId": "ZZZZZZ",
"params": [
{
"name": "selfDefending",
"options": {
"threshold": 10240,
"options": [],
"countermeasures": {
"customCallback": null,
"deleteCookies": false,
"redirect": null,
"realTimeNotifications": false,
"dataExfiltrationPrevention": false,
"selfDestruct": false
}
}
}
]
}