Variable Masking hides local variables and function parameters from the source code, replacing them with array subscripts which are harder to read.
Consider the following code snippet holding local variables and function parameters:
function getUrl(protocol, domain) {
if(!protocol || !domain) throw new Error("Invalid Arguments");
var url = protocol + '://' + domain;
var endpoint = '/app';
return url + endpoint;
}
Here is an example of what the code would look like after transformed:
function getUrl(q,m) {
var a=[arguments];
if(!a[0][0] || !a[0][1])
throw new Error("Invalid Arguments");
a[5] = a[0][0] + '://' + a[0][1];
a[7] = '/app';
return a[5] + a[7];
}
Optionally, you can target global variables too. Please be advised that global variables shared between HTML/JavaScript files won't work with this transformation.
The following code snippet holds both local and global variables, and also function parameters:
// ...
var globalDomain = "jscrambler.com";
// ...
function getUrl(protocol) {
if(!protocol) throw new Error("Invalid Arguments");
var url = protocol + '://' + globalDomain;
var endpoint = '/app';
return url + endpoint;
}
Here is an example of what the code would look like after transformed:
var a = [];
// ...
a[9] = "jscrambler.com";
// ...
function getUrl(q) {
var b=[arguments];
if(!b[0][0])
throw new Error("Invalid Arguments");
b[5] = b[0][0] + '://' + a[9];
b[7] = '/app';
return b[5] + b[7];
}
// @jscrambler define variableMasking {options: [targetGlobalVars]} as varmask
// @jscrambler enable varmask
Note: Variable masking annotations should only be placed before function expressions or function declarations.
Variable Masking may cause AngularJS applications to break. This happens when using the names of function parameters to identify dependencies to be injected, specifically the ones started by "$". Variable Masking will rename those parameters and cause the injection to fail, in which case the transformation should be disabled.
Name | Required | Default Value | Description |
---|---|---|---|
options | No | [] | List of available options |
Name | Description |
---|---|
targetGlobalVars | Target global variables |
subscriptOutlining | Array subscripts generated by this transformation will have their own declarations, therefore becoming more friendly for control flow obfuscation |
Browser | Compatible Versions | Tested Versions | Notes |
---|---|---|---|
Chrome | 80+ | 80+ | |
Firefox | 90+ | 90+ | |
Internet Explorer | 8+ | 8+ | |
Microsoft Edge | 116+ | 116+ | |
Safari | 13.1+ | 13.1+ |
Example:
{
"keys": {
"accessKey": "XXXXXX",
"secretKey": "YYYYYY"
},
"applicationId": "ZZZZZZ",
"params": [
{
"name": "variableMasking",
"options": {
"options": []
}
}
]
}