Protection Options
ByteHide Shield offers a comprehensive set of code protection techniques to secure your JavaScript applications. This guide provides an overview of all available protection options.
Core Protections
Control Flow Flattening
Transforms the program flow to make it harder to follow and understand, while preserving functionality.
Dead Code Injection
Adds random blocks of non-functional code to increase complexity and obfuscate real functionality.
String Array
Moves string literals into a separate array and replaces them with array references, with optional encoding.
Self Defending
Makes code resilient against modifications and beautification attempts, causing it to break if tampered with.
Identifier Protections
Name Protection
Transforms identifier names (variables, functions, parameters) and property names into meaningless substitutes.
Object Keys Transform
Obfuscates property names in JavaScript objects, hiding their structure and purpose.
String Protections
Split Strings
Breaks string literals into smaller chunks that are concatenated at runtime.
Unicode Escape Sequence
Converts characters in strings to their Unicode escape sequence equivalents.
Browser Protections
Debug Protection
Makes debugging extremely difficult by implementing countermeasures against browser developer tools.
Console Output Disabling
Disables browser console functions to prevent code inspection and analysis.
Devtools Blocking
Detects when browser developer tools are opened and terminates execution or redirects the page to prevent code inspection.
Domain Lock
Restricts your JavaScript code to run only on specific domains or subdomains.
Data Protections
Numbers to Expressions
Converts numeric literals into complex mathematical expressions that evaluate to the same value.
Configuring Protections
You can configure Shield protections in several ways:
Configuration File
Create a shield.config.json file with your desired options:
{
"controlFlowFlattening": true,
"controlFlowFlatteningThreshold": 0.75,
"stringArray": true,
"stringArrayEncoding": ["base64"],
"selfDefending": true
}{
"controlFlowFlattening": true,
"controlFlowFlatteningThreshold": 0.75,
"stringArray": true,
"stringArrayEncoding": ["base64"],
"selfDefending": true
}Tool-Specific Configuration
For build tools like Webpack, you can configure the protections directly:
// webpack.config.js
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');
module.exports = {
// ... other webpack config
plugins: [
new ByteHideShieldPlugin({
projectToken: 'your-project-token',
config: {
controlFlowFlattening: true,
deadCodeInjection: true,
stringArray: true,
selfDefending: true
}
})
]
}// webpack.config.js
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');
module.exports = {
// ... other webpack config
plugins: [
new ByteHideShieldPlugin({
projectToken: 'your-project-token',
config: {
controlFlowFlattening: true,
deadCodeInjection: true,
stringArray: true,
selfDefending: true
}
})
]
}Presets
Shield includes several protection presets for common security needs:
- Optimized: Minimal protections with high performance
- Balance: Balanced approach between security and performance
- Maximum: Maximum security with more impact on performance
{
"optionsPreset": "balance",
// Additional options to override preset values
"debugProtection": true
}{
"optionsPreset": "balance",
// Additional options to override preset values
"debugProtection": true
}See the integration guides for more details on configuring Shield with various build tools.