VM Self Defending

Section

Pro

v6.2.0+

The vmSelfDefending option adds multi-layered tamper detection, code integrity checks, anti-hooking, anti-agent detection, and anti-reverse-engineering protection to the VM runtime. When combined with vmDebugProtection, it provides comprehensive defense against both manual and AI-powered analysis.

Sensitive environment detection

This option binds the obfuscated code to its target runtime environment and uses advanced browser fingerprinting to detect automation tools. Code protected with this option will intentionally break when run in:

Headless browsers (headless Chrome/Chromium, PhantomJS)
Browser automation tools (Puppeteer, Playwright, Cypress, Selenium/ChromeDriver, Nightmare)
Node.js (when target is set to browser)
jsdom or similar server-side DOM emulations
Environments where native browser builtins have been hooked or replaced

The code will work correctly in regular browsers (Chrome, Firefox, Safari, Edge), including when loaded inside iframes, browser extensions (content scripts), and Web Workers. If you need to run automated tests against protected code, disable vmSelfDefending for test builds — this option is designed to prevent automated analysis and cannot be safely used with any automation framework.

This option force-enables vmBytecodeArrayEncoding and adds ~25% overhead to VM runtime speed.

Recommended: Use together with vmDebugProtection, vmBytecodeArrayEncodingKey, and vmBytecodeArrayEncodingKeyGetter for maximum protection.

This option works best with target: 'browser'.

Strict Mode Compatibility

VM Debug Protection