JSDefender Features: JS Obfuscation
for App Hardening

JSDefender uses multiple JS obfuscation techniques to protect applications against tampering, criminal misuse, and data theft. Here’s some information about our sophisticated obfuscation and protection techniques for your JavaScript-based products.

JSDefender for JavaScript demo on laptop image

Transforms Example Includes

TransformDescription
Domain & Date LockingJSDefender’s two primary locking features help you crack down on digital piracy and intellectual property theft. This in turn makes it easier for you to identify and report instances of attempted theft to the proper personnel.
Domain locking binds your JavaScript source code to a specific domain. Additionally, if your web application only runs on a specific subdomain of your site, JSDefender can also bind it to that subdomain for a more refined approach to security.
On the other hand, date locking allows you to put an extra time stamp on your application. With it, JSDefender injects code into the application to test if the current date and time is within an interval you set.
Control Flow ProtectionTraditionally, this method of JavaScript obfuscation introduces false conditional statements and misleading constructs to your code to confuse and break decompiling tools. It involves combining branching, conditional, and iterative constructs. This produces valid logic, but results in non-deterministic semantics whenever a hacker tries to run a decompiler on it.
JSDefender goes a step further for JavaScript hardening by producing spaghetti logic that’s challenging for even the most experienced hackers to analyze.
Additionally, JSDefender adds opaque predicates or dead code to your code, flattening the control flow to obfuscate JS code even further.
LiteralsThere are three different types of literals JSDefender can transform in JavaScript to obfuscate code and make them harder for debugging programs to interpret:
  • Boolean literals: Since these literals rely on a true/false binary, JSDefender transforms the literals into other expressions, resulting in the same output, but with no clear result.
  • Integer literals: JSDefender transforms integer literals into other, less obvious expressions that result in the same values when someone evaluates them. The program can also transform integer literals into a more vague radix, such as binary, decimal, hexadecimal, or octal.
  • String literals: The program extracts string literals into variables, replacing the original string with a set of corresponding variables to confuse debugging software.
Expression Sequence ObfuscationThrough this method, JSDefender produces hardened JavaScript by collecting adjacent expression statements around sensitive areas of your code. From there, JSDefender combines them into a sequence that’s harder for inexperienced hackers to understand. This is an ideal way to protect your code in the earliest stages of the software development lifecycle.
Function ReorderingLike in other programming languages, JavaScript is reliant upon its syntax being used in specific orders in order for the code to function properly.
The function reordering tool reduces your app’s attack surface area by moving functions from their original location in the code to new ones in the same lexical scope. When a developer turns on the “randomize” option, it sets the function into a new location at random.
Local DeclarationThis tool within JSDefender identifies the names of local declarations within your JavaScript code and mangles them. As a result, decompiling and debugging tools can’t easily read them, making it harder for hackers to reverse engineer your application or inject malicious code.
Property SparsingThis feature works hand in hand with transforming literals in your code. With it, JSDefender turns literal expression assignments into multiple identical or similar assignment statements so they’re more challenging to parse from each other.
Tamper DetectionJSDefender includes tamper detection features that can help you determine if an unauthorized user is attempting to make changes to your JavaScript source code. It works by wrapping critical code with guarding functions, which check for modifications during runtime. If it detects your code has been tampered with, it will not run as the hacker intended.
Debugger RemovalAs part of its core functionality, JSDefender can detect when a user’s browser has a debugging extension installed and actively running. When it does, it can prevent the user from tampering with the application’s source code.
Property IndirectionWhile having direct property access can be convenient for your team during the earliest phases of development, it’s also convenient for hackers who are trying to take advantage of your source code after launch.
The property indirection feature in JSDefender transforms direct property access in your app’s code to indirect property access, making it harder for them to tamper with your source code directly.
Variable GroupingJSDefender’s variable grouping protection feature separates variable declarations and initializations from within your code. Once it does, it moves the declaration to the end of the scope to make them harder to find.

Why Choose JSDefender?

JavaScript code is directly visible to anyone who has access to a web browser or the ability to inspect your application—and it’s not hard to gain access, even for the most rudimentary hackers. Therefore, it’s more important than ever to obfuscate JavaScript code, since applications made with this code are particularly vulnerable to reverse engineering attacks from hackers.

As one of the most robust JavaScript obfuscation tools available today, JSDefender offers hundreds of possible combinations of obfuscation techniques you can use to protect your application’s source code. All you have to do is simply open a command line and start up JSDefender for the program to start working and find ways to protect your code.

JSDefender laptop icon

Once you’ve started it, JSDefender will help you by scrambling, obfuscating, and jumbling the most vulnerable parts of your code, preventing criminals from being able to use it for their own purposes or use decompiling tools. In other words, your JavaScript code will go from unprotected and easy for hackers to understand and exploit to looking like pure gibberish that’s virtually impossible to understand, without negatively affecting the way the application runs.

Alongside a suite of app hardening tools from PreEmptive and other code security tools from our sister companies at Kiuwan and Ranorex, developers can prioritize security. You’ll never have to worry about your product’s security being an afterthought again, making it easier for you to take a DevSecOps approach.

See JS Obfuscation in Action

Here’s a webinar we conducted with an overview of how JSDefender can work for you as an obfuscation tool. Mike, our customer success expert, walks through how to use the tool for JS code obfuscation using a classic arcade game as an example.

Before
After

Start a Free Trial Today

Make security a top priority in your application development process. Start a free trial of PreEmptive’s code obfuscation tools and see how we can help you make app security one less thing to worry about.