/

Self Defending

Protection ID: selfDefending

Self Defending is an advanced protection technique that makes your code resilient against modifications and tampering. It adds anti-tampering mechanisms that cause the code to stop functioning if someone attempts to beautify, reformat, or otherwise modify the protected code.

This protection is available in all editions of ByteHide Shield.

How It Works

Self Defending protection adds special checks throughout your code that verify the integrity of the obfuscated result. If someone tries to beautify the code (using tools like Prettier or JS Beautify) or modify it in any way, these checks will detect the changes in code structure and cause deliberate malfunctions.

This makes it significantly harder for attackers to analyze your code, as most reverse engineering attempts begin with reformatting obfuscated code to make it more readable.

When this option is enabled, the protected JavaScript code must remain exactly as generated. Do not minify, beautify, or modify the code in any way after Shield has processed it, as this will trigger the self-defense mechanisms.

Parameters

  • Enabled boolean : Enables Self Defending protection for your code. false by default

When Self Defending is enabled, the compact option is automatically set to true, as the protection relies on specific code formatting.

Configuration Examples

Basic Configuration (shield.config.json)

{
  "selfDefending": true
}

Build Tool Integration (Webpack)

// webpack.config.js
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');

module.exports = {
  // ... other webpack config
  plugins: [
    new ByteHideShieldPlugin({
      projectToken: 'your-project-token',
      config: {
        selfDefending: true
      }
    })
  ]
}

Implementation Details

Self Defending works through several mechanisms:

  1. Integrity checks: The code includes checks that verify its own structure hasn't been altered
  2. Format sensitivity: Carefully constructed code patterns that break when reformatted
  3. String references: Self-referential code that validates its own integrity
  4. Control flow protection: Special constructs that become invalid when reformatted

The implementation is designed to be subtle yet effective, making it extremely difficult to modify the code without triggering the defensive mechanisms.

The actual implementation details are intentionally not disclosed in detail, as this would make it easier to bypass the protection.

Code Example

Here's a conceptual example of how Self Defending works, though the actual implementation is much more complex and varied:

Original Code

function calculateTotal(items) {
  let total = 0;
  
  for (let i = 0; i < items.length; i++) {
    total += items[i].price;
  }
  
  return total;
}

Protected Code with Self Defending

function _0x4e81f7(_0x57dd4c){let _0x31a5db=0x0;for(let _0x5cf9be=0x0;_0x5cf9be<_0x57dd4c['\x6c\x65\x6e\x67\x74\x68'];_0x5cf9be++){if(function(_0x31a5db){return/\\(.|\n)/['\x74\x65\x73\x74'](function(){console['\x6c\x6f\x67'](_0x31a5db);}['\x74\x6f\x53\x74\x72\x69\x6e\x67']())?!0x1:!0x0;}()){_0x31a5db+=_0x57dd4c[_0x5cf9be]['\x70\x72\x69\x63\x65'];}}return _0x31a5db;}

If someone tries to beautify this code with a tool like Prettier:

// After beautification (which would break the code)
function _0x4e81f7(_0x57dd4c) {
  let _0x31a5db = 0x0;
  for (let _0x5cf9be = 0x0; _0x5cf9be < _0x57dd4c['\x6c\x65\x6e\x67\x74\x68']; _0x5cf9be++) {
    if (
      function (_0x31a5db) {
        return /\\(.|\n)/['\x74\x65\x73\x74'](
          function () {
            console['\x6c\x6f\x67'](_0x31a5db);
          }['\x74\x6f\x53\x74\x72\x69\x6e\x67']()
        )
          ? !0x1
          : !0x0;
      }()
    ) {
      _0x31a5db += _0x57dd4c[_0x5cf9be]['\x70\x72\x69\x63\x65'];
    }
  }
  return _0x31a5db;
}

The code would fail to work correctly after beautification because the integrity checks would detect the altered structure.

When to Use

Self Defending protection is particularly valuable in these scenarios:

  • License verification code: Protect code that validates licenses
  • Premium features: Safeguard implementation of premium functionality
  • Critical business logic: Secure algorithms and logic that represent intellectual property
  • Security-sensitive applications: Add an extra layer of protection to financial or sensitive applications

For optimal implementation:

  1. Apply Self Defending to production builds only
  2. Use it in combination with other Shield protections
  3. Ensure your build process doesn't modify the protected code after Shield processing
  4. Test thoroughly to ensure the protection doesn't interfere with legitimate functionality

Compatibility Notes

Self Defending protection has the following compatibility considerations:

  • Browser compatibility: Works in all major browsers
  • Performance impact: Minimal impact on runtime performance
  • Build process considerations: Must be the final transformation applied to the code
  • Debugging: Makes debugging extremely difficult by design, should not be used during development

Source maps are not compatible with Self Defending protection, as they would defeat the purpose of making the code tamper-resistant.

For maximum security, combine Self Defending with:

Previous
Unicode Escape Sequence
Next
Debug Protection