← Back to Documentation

JS-Reactor User Manual

Introduction

JS-Reactor is a state-of-the-art JavaScript obfuscator designed to protect your intellectual property from reverse engineering, tampering, and theft. Unlike traditional minifiers or simple obfuscators, JS-Reactor employs Abstract Syntax Tree (AST) Virtualization to completely rewrite your code's logic into a custom bytecode format that is interpreted by a polymorphic virtual machine.

Key Features

1. AST Virtualization ("The Wall of Chaos")

Your original JavaScript code is parsed and converted into a custom instruction set. The original logic structures (loops, if-statements, function calls) are destroyed and replaced by a linear bytecode stream. This makes static analysis tools ineffective, as they cannot reconstruct the original high-level code.

2. Polymorphic Engine

Every time you protect your script, the engine generates a unique Virtual Machine. The opcodes, memory layout, and encryption keys are randomized. This means two builds of the same source code will look completely different, defeating signature-based detection mechanisms.

3. String Encryption

All string literals in your code are extracted and encrypted using strong algorithms. They are stored in a secure heap and are only decrypted at runtime when needed, preventing attackers from easily scraping sensitive data like API keys or internal URLs.

4. Control Flow Flattening

The execution flow of your application is flattened into a complex state machine. This technique breaks the visual structure of the code, making "spaghetti code" that is incredibly difficult for humans to trace.

5. Dead Code Injection

The engine injects meaningless, harmless code blocks (junk code) into the output. This increases the complexity of the control flow graph and exhausts reverse engineering tools attempting to analyze the logic.

6. Anti-Debugging & Anti-Tamper

(Optional) Built-in checks detect if a debugger (like Chrome DevTools) is attached or if the code has been formatted/modified. If a threat is detected, the application can crash or enter an infinite loop to prevent analysis.

Getting Started

Using the Web IDE

  1. Navigate to the JS-Reactor Web IDE (/js-reactor/editor).
  2. Paste your code into the editor pane.
  3. Configure Protections in the "Settings" tab on the right.
    • VM Protection: Recommended for core logic.
    • String Encryption: Essential for hiding secrets.
    • Anti-Debugging: Use with caution during development.
  4. Click Obfuscate.
  5. Wait for the process to complete, then Download or Copy the protected script.

Best Practices

  • Avoid Global Scope: Wrap your code in an IIFE (Immediately Invoked Function Expression) before protection if possible, although JS-Reactor handles globals well.
  • Performance: Virtualization adds overhead. If you have performance-critical loops (e.g., rendering loop in a game), consider moving them to a separate file or using "Light" protection settings for those specific parts.
  • Testing: Always test the protected script in a clean environment (Incognito mode) to ensure Anti-Debugging checks don't trigger falsely.

Troubleshooting

Script fails to run:

  • Check the browser console for errors.
  • Ensure your original code is valid syntax.
  • Try disabling "Anti-Debugging" or "Self Defending" to see if that resolves the issue.

Performance is slow:

  • Disable "Control Flow Flattening" for performance-heavy scripts.
  • Reduce the complexity of "Dead Code Injection".

API Reference

(Coming Soon) - An API for automated protection via CI/CD pipelines is currently in beta. Contact support for access.