March 09, 2017

Jscrambler 101 — Self Defending

by Jscrambler

Jscrambler 101 — Self Defending

Last updated on: August 7th, 2018

Welcome back to Jscrambler 101! A collection of tutorials on how to use Jscrambler to protect your JavaScript. These tutorials cover Jscrambler version 5.4.

Introduction

Last time, on Jscrambler 101 — Code Annotations, we talked about using Code Annotations and how they can be useful when protecting an App.

This time, we’re going to talk about Self Defending. This tutorial will be based on a video where we’ll show you our Self Defending transformation in action. We’re going to start with an unprotected space shooter game and we’ll try to tamper the game.

You can follow this tutorial in one of two ways: by reading through the steps and watching each video section as found below, or by watching the whole video with closed captions on. Note that the videos have no audio.

Attempts to tamper an unprotected game

This is our unprotected space shooter. You’ll notice that we have 3 rockets at the start of the game. There’s also a "Buy Rockets" button at the top of the screen which allows us to buy more credits and continue the game.

(0:16-0:23)

We will try to add rockets without clicking the button and, therefore, without buying them. In this case, for tutorial purposes, we don't have any trigger to process the payment when we click the button — but, if there was any, the game creator would be losing money with the tampering we’re about to do.

You can see below that, when we click the button, the number of rockets increases.
One of the things we can do now is inspect the button element and access the onClick function in the "Event Listeners" tab. Now, we can add a breakpoint to the function and analyze the existing cr Object for any ‘Rocket’ reference.

(0:23-0:50)

We have already developed a script to analyze the cr Object and return any property with a ‘Rocket’ reference. As so, all we have to do is paste the script on our browser’s console and execute it. By doing that, we can see the returned properties that reference ‘Rocket’ on the bottom of the console:

(0:50-1:16)

We previously recorded what property we wanted after running the script and analyzing the properties. Now, we can use this property to add rockets. In this case, we’ll be adding 10 more rockets to our game. After that, you can see a total of 14 rockets at the top of the game:

(1:25-1:51)

Attempts to tamper a protected game

Now, we’re going to try the same thing on our protected game. This version is protected with Jscrambler's anti-debugging and anti-tampering, meaning we won’t be able to add the rockets as we did with our unprotected version of the same game. However, we’re still going to try.

Let's start by running the protected game. Since we have the browser's debugger opened, the game automatically pauses. Once we close it, the game will resume.

(2:01-2:35)

If we open the developer tools and try to resume the game, we'll be stuck on a loop. Multiple JavaScript VMs are created, and the call stack keeps increasing. If we keep trying to resume, the browser will eventually crash.

(2:35-2:53)

Another addition is that the code is harder to understand — it underwent several transformations to make it harder to interpret and replicate.

(2:55-3:22)

Once again, we try to inspect the rockets button, but this time we’re led back into the VM loop.

(3:31-3:38)

We can use the event listener for onClick to get the triggered function. But we can’t add a breakpoint to it and resume execution without being led back to the VM loop.

(3:40-4:10)

We can also try to make use of the rocket element that was used in the unprotected version, but due to the Jscrambler’s polymorphic behavior, the element is different and can’t be found.

(4:10-4:54)

Conclusion

This tutorial sums up how our Self Defending transformation works, with anti-debugging and anti-tampering. You can follow the whole video below — just be sure to enable the closed captions to understand each step of the video.

Remember to contact us at support@jscrambler.com if you have any questions.

You can go ahead and to proceed to our next tutorial, where we explore Control Flow Flattening and how you can use it to flatten and obfuscate your code.

Enjoy your testing and start protecting your applications ASAP!