We will be at OWASP APPSEC EUROPE 2017 - Belfast! Let’s talk!MORE INFO

Help Center

Get to know more about our API, Code Annotations and Code Transformations

Randomization Seed

Jscrambler’s protections are polymorphic by default. This means everytime you protect your application the resulting code will not be the same as the previous one even with the same input code. This is advantageous since the protected code is never similar to it’s previous version which makes reverse engineering harder. Polymorphism is ensured by applying transformations in a different order each time but also by taking advantage of random behaviors present in some transformations.

Polymorphism is an excellent tool in assuring you have a high degree of protection but it can also pose some downsides. For example, if you found a protection that suited your code nicely and that you were satisfied with, you cannot reproduce the exact same effect in other protections due to polymorphism. Also, if you have to debug your protected code, having distinct code everytime your protect hinders your debugging efforts.

To address these issues you can take advantage of the Randomization Seed. Using this feature ensures the result of your transformation is deterministic, that is, if you provide the same input and the same seed, the result will always be exactly the same.

Each protection made generates a different seed which can be consulted on Jscrambler’s Webapp

This feature can only be used through Jscrambler’s API. You can do so by using our CLI tool or any of our packages.

How to use it

Consider following code

1
2
3
function addPrefix (num) {
return '_prefix' + 1 + num;
}

Protecting it using the NumberToString and StringEncoding transformations leads to distinct results. This happens because the transformations can be applied in a different order and also because StringEncoding can encode characters in different notations.

Protection 1) StringEncoding (unicode) followed by NumberToString

1
2
3
function addPrefix(num) {
return '\u005f\u0070\u0072\u0065\u0066\u0069\u0078' + +"1" + num;
}

Protection 2) StringEncoding (hexadecimal) followed by NumberToString

1
2
3
function addPrefix(num) {
return '\x5f\x70\x72\x65\x66\x69\x78' + +"1" + num;
}

Protection 3) NumberToString followed by StringEncoding;

1
2
3
function addPrefix(num) {
return '\x5f\x70\x72\x65\x66\x69\x78' + '\u0031' * 1 + num;
}

Every time the code is protected, a different result is obtained. In order to exactly reproduce any of the protections you must first retrieve the randomization seed.

On Jscrambler’s Webapp hover above the application you have protected and click on See Protection History. There you will find a list of the latest protections. Select the one you wish to reproduce and you will find the randomization seed at the top:

Randomization Seed in Jscrambler's Web app

Now that you have the seed either add it to your protection configuration

1
2
3
4
5
6
7
8
9
10
11
12
13
{
...
"params": [
{
"name": "stringEncoding"
},
{
"name": "numberToString"
}
],
"randomizationSeed": "SCsZphlB",
...
}

or use it via the CLI

1
jscrambler -c config.json -o dist/ -R SCsZphlB

and this will guarantee the next protection will have an expected result.

Using the Randomization Seed with modified files

You can use the seed even with a modified version of a file you’ve previously protected to reproduce most of the protection’s polymorphic behavior.

If you were to change the previous code to

1
2
3
function addPrefix (num) {
return '_otherprefix' + 1 + num;
}

and protect it using the seed (SCsZphlB), you would get

1
2
3
function addPrefix(num) {
return '\x5f\x6f\x74\x68\x65\x72\x70\x72\x65\x66\x69\x78' + '\u0031' * 1 + num;
}

If we compare the updated code to the previous version

1
2
3
4
// Previous transformation
function addPrefix(num) {
return '\x5f\x70\x72\x65\x66\x69\x78' + '\u0031' * 1 + num;
}

We can see that only the \x6f\x74\x68\x65\x72 characters have been added and that everything else remains the same.

If we refrain from using the seed, our updated may not be similar

1
2
3
function addPrefix(num) {
return '\u005f\u006f\u0074\u0068\u0065\u0072\u0070\u0072\u0065\u0066\u0069\u0078' + '\u0031' * 1 + num;
}