Tamper Protection

Tamper Protection safeguards the runtime behavior from being altered by JavaScript pitfalls.

⚠️ Tamper Protection requires eval and ran in a non-strict mode environment!

• This can break your code.
• Due to the security concerns of arbitrary code execution, you must enable this yourself.

Option name: "lock.tamperProtection"

Option values: true/false/Function

Input / Output

This example showcases how Tamper Protection transforms the code. Try it out by changing the input code and see changes apply in real-time.

Improves Global Concealing

Tamper Protection with Global Concealing can detect at runtime if certain global functions have been monkey-patched. The following code exemplifies this:

Native function check

This monkey-patch can be detected by inspecting the fetch.toString() value:

Certain global functions are checked before each invocation to ensure that (1) the arguments cannot be intercepted and (2) their behavior cannot be altered.

Stealthy global

A direct eval invocation can access the local scope, only if it has not been redefined.

This method securely obtains the real global object for both the browser and NodeJS. Properties on the global object can still be changed however.

Disallows Strict Mode

Tamper Protection requires the script to run in non-strict mode. Detection of the script in Strict Mode will be considered tampering. You can control the tampering response using the lock.countermeasures option.

Custom Implementation

options.lock.tamperProtection(fnName)

Control which functions are changed. Returns a boolean.

Usage Example

The provided code example will obfuscate the file input.js and write the output to a file named output.js.

Enabled In

• High Preset: No
• Medium Preset: No
• Low Preset: No

See Also

• Countermeasures