We will be at OWASP APPSEC EUROPE 2017 - Belfast! Let’s talk!MORE INFO

Help Center

Get to know more about our API, Code Annotations and Code Transformations

String Concealing

Potency
2 / 3
Resilience
3 / 5
Cost
1 / 5

Tags: string,conceal,obfuscation

Description

Consider the following variable declarations holding string literal values:

1
2
3
var protocol = 'http';
var domain = 'jscrambler.com';
var url = protocol + '://' + domain;

The code will look something like this after transformation:

1
2
3
4
5
6
var o = {
f: function() { /* decoding algorithm and encoded data */ }
}
var protocol = o.f(13);
var domain = o.f(32);
var url = protocol + o.f(7) + domain;

Consider using Identifiers Renaming to remove the remaining information
that is useful for a human to understand what the variables mean, forcing the
user to debug the code in run-time.

Option Types

Name Required Default Value Description
freq No 1 Probability of applying the transformation when the node allows for the transformation to happen.
min No N/A Minimum number of times the transformation is applied on the node.
max No -1 Maximum number of times the transformation is applied on the node.

API Parameters

Example:

1
2
3
4
5
6
7
8
9
10
11
12
13
{
"keys": {
"accessKey": "XXXXXX",
"secretKey": "YYYYYY"
},
"applicationId": "ZZZZZZ",
"params": [
{
"name": "stringConcealing",
"options": {}
}
]
}