Split Strings

Protection ID: splitStrings

Split Strings is an effective obfuscation technique that breaks string literals in your code into smaller chunks and then concatenates them at runtime. This makes it significantly harder for attackers to search for specific text patterns in your code.

This protection is available in all editions of ByteHide Shield.

How It Works

Split Strings works by:

1. Identifying string literals in your code
2. Breaking each string into multiple smaller chunks
3. Using string concatenation to reconstruct the original strings at runtime

This process makes it much more difficult for someone to search for known text in your code, such as API endpoints, function names, or specific messages. When combined with other obfuscation techniques, it adds another layer of protection against reverse engineering.

Parameters

• Enabled boolean : Enables the Split Strings protection. false by default

• Chunk Length number : Sets the maximum length of each chunk when splitting strings. 10 by default

Configuration Examples

Basic Configuration (shield.config.json)

{
  "splitStrings": true
}

Advanced Configuration

{
  "splitStrings": true,
  "splitStringsChunkLength": 4
}

Build Tool Integration (Webpack)

// webpack.config.js
const ByteHideShieldPlugin = require('@bytehide/webpack-shield');

module.exports = {
  // ... other webpack config
  plugins: [
    new ByteHideShieldPlugin({
      projectToken: 'your-project-token',
      config: {
        splitStrings: true,
        splitStringsChunkLength: 5
      }
    })
  ]
}

Code Transformation Example

Original Code

function displayWelcomeMessage(username) {
  const message = "Welcome to our application, " + username + "! We're excited to have you join our community.";
  document.getElementById('welcome-container').innerText = message;
  
  logActivity("User " + username + " logged in successfully");
}

Transformed Code (with Split Strings)

function displayWelcomeMessage(username) {
  const message = "Welco" + "me to" + " our " + "appli" + "catio" + "n, " + username + "! We" + "'re e" + "xcite" + "d to " + "have " + "you j" + "oin o" + "ur co" + "mmuni" + "ty.";
  document.getElementById('welco' + 'me-co' + 'ntain' + 'er').innerText = message;
  
  logActivity("User " + username + " log" + "ged i" + "n suc" + "cessf" + "ully");
}

Transformed Code (with Split Strings and other protections)

function _0x4a8b1e(_0x5e1fc8) {
  const _0x32e4a1 = "Welco" + "me to" + " our " + "appli" + "catio" + "n, " + _0x5e1fc8 + "! We" + "'re e" + "xcite" + "d to " + "have " + "you j" + "oin o" + "ur co" + "mmuni" + "ty.";
  document["getEl" + "ement" + "ById"]('welco' + 'me-co' + 'ntain' + 'er')["inner" + "Text"] = _0x32e4a1;
  
  _0x23f7ab("User " + _0x5e1fc8 + " log" + "ged i" + "n suc" + "cessf" + "ully");
}

When to Use

Split Strings protection is particularly useful in these scenarios:

• API endpoints: Hide URLs and API endpoints to prevent direct tampering
• Sensitive messages: Split error or success messages that might reveal functionality
• Key identifiers: Break up key element IDs or selectors used in your code
• Database queries: Obscure SQL or NoSQL query strings

For optimal results:

1. Use a smaller chunk length (3-5 characters) for highly sensitive strings
2. Combine with String Array protection for maximum security
3. Apply to code containing sensitive identifiers, messages, or URLs
4. Use in conjunction with other obfuscation techniques for comprehensive protection

Compatibility Notes

Split Strings protection is highly compatible with all JavaScript environments:

• Browser compatibility: Works in all browsers with no performance issues
• Code size impact: Slightly increases code size, but the impact is minimal
• Runtime performance: Negligible impact on runtime performance
• Debugging: Makes debugging more difficult, but doesn't typically cause issues

Related Protections

For maximum security, combine Split Strings with:

• String Array
• Control Flow Flattening
• Numbers to Expressions