The author didn't do that in article. You sure can replace toString (which can b...

geocar · on June 16, 2021

> You sure can replace toString (which can be detected as-well)

Are you sure? You can make “native code” functions with .bind(null)

    (function(){ var a=function(){};a.prototype.toString=navigator.credentials.create.toString.bind(navigator.credentials.create); return new a();})().toString()

sometimesshit · on June 16, 2021

Yes, I'm. For the record, your code can be detected easily using,

toString.name

Which results "bound toString" wheres real one results "toString"

geocar · on June 16, 2021

You can set toString.name

sometimesshit · on June 16, 2021

You can of course, but how about these?

(function(){ var a=function(){};a.prototype.toString=navigator.credentials.create.toString.bind(navigator.credentials.create); return new a();})().toString == Function.prototype.toString

yields false where

navigator.credentials.create.toString == Function.prototype.toString

yields true

geocar · on June 16, 2021

Of course you can "just" modify Function.prototype.toString as well. And so on.

sometimesshit · on June 17, 2021

You know what that can be detected as-well. I'm trying to prove my point that it's endless cat and mouse game.

geocar · on June 17, 2021

I think we're talking past each other then.