search

AEPKILL / devtools-detector

Detect if DevTools is open
https://blog.aepkill.com/demos/devtools-detector/
MIT License
1.12k stars 105 forks source link

Very easy to bypass #76

Open doctor8296 opened 3 weeks ago

doctor8296 commented 3 weeks ago 
console.log = () => {};
console.table = () => {};
Function.prototype.constructor = () => {};
setInterval = () => {};

for (let i=0;i <1e6; i++) {
    clearInterval(i);
}

delete Navigator.prototype.userAgent

And a lot more. The only people likely to open the developer tools intentionally are those who know exactly what they’re doing, which might make this method less effective in practice, even if it technically works as designed.

The only case I can imagine is comical one: @ Open devtool @ Sees it has devtool protection @ Nah, I am too lazy to go any further

However, I really appreciate the impressive amount of research that’s gone into ensuring compatibility across nearly all browsers. Thanks for all the hard work!

doctor8296 commented 3 weeks ago

By the way, here another way to stuck the browser without ability to debugg it during crash trigger:

(async function f() {f(), f()})();
AEPKILL commented 2 weeks ago

Yes, this library merely adds a little bit of difficulty for the debuggers. If there's a higher demand for anti-debugging, you can try WebAssembly or VMP, or implement the core logic on the server side.

doctor8296 commented 2 weeks ago

@AEPKILL, my focus is more on strengthening the system—using unredefinable methods and similar techniques. I’m researching this a lot and working to counter script-based attacks, which are the most common. I’ve developed anti-cheat measures for several browser games, and while I haven’t yet implemented my strongest concept, it's beyond any existing protections out there, the same can be pretty much be used by your library. Because the only purpose of it is to protect source code and prevent debugging, so I think it can be useful in this case.

Maybe I will show later some of my tricks and how they can be used to protect this library from almost any "script based attacks"

AEPKILL commented 2 weeks ago

@doctor8296 Your ideas are very interesting. I'm particularly intrigued by the unredefinable methods you mentioned. Can you share some more details about how they work?

doctor8296 commented 2 weeks ago

@AEPKILL sure, but I'd prefer to talk privately about it, because some of protection methods are not public yet. Where can we do that, I have plenty of options, like telegram or discord (same username) or maybe just over email

AEPKILL commented 2 weeks ago

@doctor8296 Sure, I understand your need for privacy. I think email would be a great way to have this discussion. Please send your thoughts and details to my email address at [a@aepkill.com]. Looking forward to hearing from you soon!

AEPKILL commented 2 weeks ago

@doctor8296 It's almost 11 pm local time. I'm going to bed now. Sorry I might not reply to your emails and messages promptly.