jsobfu 0.1.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ZjQ5NmUzNTU1Mzk3ODdiZDNlMTkyNTQ5YWNmY2Y2MjJlNDVjNGZkMg==
+  data.tar.gz: !binary |-
+    MGJhOTA3NDJiMDg4ODY4MDE3NDBkYWRiMGFjNjhhY2FiZjdiYzczZA==
+SHA512:
+  metadata.gz: !binary |-
+    NDA3NmNiYTI1MjM0ZjFhNWMyYTJjMWFkNTU2YTdhZjg4ODYxNWJlMmQwNjZh
+    MWRjMTUzZmUyNDcwMmJmNjYxZDliN2ViZTYyYjA2MWVmZmFkNzIzZGUwZDhj
+    ZDFmMDUwZmY2Y2JiMmNjNjU0MzA2ZjRiZTAyOGIwMzYxZjM5YWE=
+  data.tar.gz: !binary |-
+    ODI4ZTgyOTFkZDBlZTdhZDFkN2M0ODU2NWJkYmMwYjYwZTFiNTc2Yjg1OGEx
+    YzdhZTRmNjcwYTNhNzlkNTgxYzU0YjJjODVkNmIwYWE4ZWYwZTk3MTY4NzQ4
+    NDM4ODEzODQ4NTI0ODA3NTJhMWQwZjY1NDJlNzA3ZGFlOGQzN2I=

data/lib/jsobfu.rb

@@ -0,0 +1,73 @@
+require 'rkelly'
+
+# The primary class, used to parse and obfuscate Javascript code.
+class JSObfu
+
+  require_relative 'jsobfu/scope'
+  require_relative 'jsobfu/utils'
+  require_relative 'jsobfu/ecma_tight'
+  require_relative 'jsobfu/hoister'
+  require_relative 'jsobfu/obfuscator'
+
+  # @return [JSObfu::Scope] the global scope
+  attr_reader :scope
+
+  # Saves +code+ for later obfuscation with #obfuscate
+  def initialize(code)
+    @code = code
+    @scope = Scope.new
+  end
+
+  # Add +str+ to the un-obfuscated code.
+  # Calling this method after #obfuscate is undefined
+  def <<(str)
+    @code << str
+  end
+
+  # @return [String] the (possibly obfuscated) code
+  def to_s
+    @code
+  end
+
+  # @return [RKelly::Nodes::SourceElementsNode] the abstract syntax tree
+  def ast
+    @ast || parse
+  end
+
+  # Parse and obfuscate
+  #
+  # @param opts [Hash] the options hash
+  # @option opts [Boolean] :strip_whitespace allow whitespace in the output code
+  #
+  # @return [String] if successful
+  def obfuscate(opts={})
+    @obfuscator = JSObfu::Obfuscator.new(scope: @scope)
+    @code = @obfuscator.accept(ast).to_s
+    if opts.fetch(:strip_whitespace, true)
+      @code.gsub!(/(^\s+|\s+$)/, '')
+      @code.delete!("\n")
+      @code.delete!("\r")
+    end
+    self
+  end
+
+  # Returns the obfuscated name for the variable or function +sym+
+  #
+  # @param [String] sym the name of the variable or function 
+  # @return [String] the obfuscated name
+  def sym(sym)
+    raise RuntimeError, "Must obfuscate before calling #sym" if @obfuscator.nil?
+    @obfuscator.renames[sym.to_s]
+  end
+
+protected
+
+  #
+  # Generate an Abstract Syntax Tree (#ast) for later obfuscation
+  #
+  def parse
+    parser = RKelly::Parser.new
+    @ast = parser.parse(@code)
+  end
+
+end

data/lib/jsobfu/ecma_tight.rb

@@ -0,0 +1,316 @@
+#
+# Implements an ECMAVisitor with minimal whitespace and indentation.
+#
+# Mostly a line-by-line copy of RKelly::Visitors::ECMAVisitor with the
+# whitespace trimmed out.
+#
+class JSObfu::ECMANoWhitespaceVisitor < RKelly::Visitors::ECMAVisitor
+
+  def visit_ParentheticalNode(o)
+    "(#{o.value.accept(self)})"
+  end
+
+  def visit_SourceElementsNode(o)
+    o.value.map { |x| "#{x.accept(self)}" }.join
+  end
+
+  def visit_VarStatementNode(o)
+    "var #{o.value.map { |x| x.accept(self) }.join(',')};"
+  end
+
+  def visit_ConstStatementNode(o)
+    "const #{o.value.map { |x| x.accept(self) }.join(',')};"
+  end
+
+  def visit_VarDeclNode(o)
+    "#{o.name}#{o.value ? o.value.accept(self) : nil}"
+  end
+
+  def visit_AssignExprNode(o)
+    "=#{o.value.accept(self)}"
+  end
+
+  def visit_NumberNode(o)
+    o.value.to_s
+  end
+
+  def visit_ForNode(o)
+    init    = o.init ? o.init.accept(self) : ';'
+    init    << ';' unless init.end_with? ';' # make sure it has a ;
+    test    = o.test ? o.test.accept(self) : ''
+    counter = o.counter ? o.counter.accept(self) : ''
+    "for(#{init}#{test};#{counter})#{o.value.accept(self)}"
+  end
+
+  def visit_LessNode(o)
+    "#{o.left.accept(self)}<#{o.value.accept(self)}"
+  end
+
+  def visit_ResolveNode(o)
+    o.value
+  end
+
+  def visit_PostfixNode(o)
+    "#{o.operand.accept(self)}#{o.value}"
+  end
+
+  def visit_PrefixNode(o)
+    "#{o.value}#{o.operand.accept(self)}"
+  end
+
+  def visit_BlockNode(o)
+    "{#{o.value.accept(self)}}"
+  end
+
+  def visit_ExpressionStatementNode(o)
+    "#{o.value.accept(self)};"
+  end
+
+  def visit_OpEqualNode(o)
+    "#{o.left.accept(self)}=#{o.value.accept(self)}"
+  end
+
+  def visit_FunctionCallNode(o)
+    "#{o.value.accept(self)}(#{o.arguments.accept(self)})"
+  end
+
+  def visit_ArgumentsNode(o)
+    o.value.map { |x| x.accept(self) }.join(',')
+  end
+
+  def visit_StringNode(o)
+    o.value
+  end
+
+  def visit_NullNode(o)
+    "null"
+  end
+
+  def visit_FunctionDeclNode(o)
+    "function #{o.value}" + function_params_and_body(o)
+  end
+
+  def visit_ParameterNode(o)
+    o.value
+  end
+
+  def visit_FunctionBodyNode(o)
+    "{#{o.value.accept(self)}}"
+  end
+
+  def visit_BreakNode(o)
+    "break" + (o.value ? " #{o.value}" : '') + ';'
+  end
+
+  def visit_ContinueNode(o)
+    "continue" + (o.value ? " #{o.value}" : '') + ';'
+  end
+
+  def visit_TrueNode(o)
+    "true"
+  end
+
+  def visit_FalseNode(o)
+    "false"
+  end
+
+  def visit_EmptyStatementNode(o)
+    ';'
+  end
+
+  def visit_RegexpNode(o)
+    o.value
+  end
+
+  def visit_DotAccessorNode(o)
+    "#{o.value.accept(self)}.#{o.accessor}"
+  end
+
+  def visit_ThisNode(o)
+    "this"
+  end
+
+  def visit_BitwiseNotNode(o)
+    "~#{o.value.accept(self)}"
+  end
+
+  def visit_DeleteNode(o)
+    "delete #{o.value.accept(self)}"
+  end
+
+  def visit_ArrayNode(o)
+    "[#{o.value.map { |x| x ? x.accept(self) : '' }.join(',')}]"
+  end
+
+  def visit_ElementNode(o)
+    o.value.accept(self)
+  end
+
+  def visit_LogicalNotNode(o)
+    "!#{o.value.accept(self)}"
+  end
+
+  def visit_UnaryMinusNode(o)
+    "-#{o.value.accept(self)}"
+  end
+
+  def visit_UnaryPlusNode(o)
+    "+#{o.value.accept(self)}"
+  end
+
+  def visit_ReturnNode(o)
+    "return" + (o.value ? " #{o.value.accept(self)}" : '') + ';'
+  end
+
+  def visit_ThrowNode(o)
+    "throw #{o.value.accept(self)};"
+  end
+
+  def visit_TypeOfNode(o)
+    "typeof #{o.value.accept(self)}"
+  end
+
+  def visit_VoidNode(o)
+    "void(#{o.value.accept(self)})"
+  end
+
+  [
+    [:Add, '+'],
+    [:BitAnd, '&'],
+    [:BitOr, '|'],
+    [:BitXOr, '^'],
+    [:Divide, '/'],
+    [:Equal, '=='],
+    [:Greater, '>'],
+    [:GreaterOrEqual, '>='],
+    [:In, 'in'],
+    [:InstanceOf, 'instanceof'],
+    [:LeftShift, '<<'],
+    [:LessOrEqual, '<='],
+    [:LogicalAnd, '&&'],
+    [:LogicalOr, '||'],
+    [:Modulus, '%'],
+    [:Multiply, '*'],
+    [:NotEqual, '!='],
+    [:NotStrictEqual, '!=='],
+    [:OpAndEqual, '&='],
+    [:OpDivideEqual, '/='],
+    [:OpLShiftEqual, '<<='],
+    [:OpMinusEqual, '-='],
+    [:OpModEqual, '%='],
+    [:OpMultiplyEqual, '*='],
+    [:OpOrEqual, '|='],
+    [:OpPlusEqual, '+='],
+    [:OpRShiftEqual, '>>='],
+    [:OpURShiftEqual, '>>>='],
+    [:OpXOrEqual, '^='],
+    [:RightShift, '>>'],
+    [:StrictEqual, '==='],
+    [:Subtract, '-'],
+    [:UnsignedRightShift, '>>>'],
+  ].each do |name,op|
+    define_method(:"visit_#{name}Node") do |o|
+      if op =~ /^[a-z]+$/
+        "#{o.left.accept(self)} #{op} #{o.value.accept(self)}"
+      else
+        "#{o.left.accept(self)}#{op}#{o.value.accept(self)}"
+      end
+    end
+  end
+
+  def visit_WhileNode(o)
+    "while(#{o.left.accept(self)})#{o.value.accept(self)}"
+  end
+
+  def visit_SwitchNode(o)
+    "switch(#{o.left.accept(self)})#{o.value.accept(self)}"
+  end
+
+  def visit_CaseBlockNode(o)
+    "{" + (o.value ? o.value.map { |x| x.accept(self) }.join('') : '') + "}"
+  end
+
+  def visit_CaseClauseNode(o)
+    if o.left
+      case_code = "case #{o.left.accept(self)}:"
+    else
+      case_code = "default:"
+    end
+    case_code += "#{o.value.accept(self)}"
+    case_code
+  end
+
+  def visit_DoWhileNode(o)
+    "do#{o.left.accept(self)}while(#{o.value.accept(self)});"
+  end
+
+  def visit_WithNode(o)
+    "with(#{o.left.accept(self)})#{o.value.accept(self)}"
+  end
+
+  def visit_LabelNode(o)
+    "#{o.name}:#{o.value.accept(self)}"
+  end
+
+  def visit_ObjectLiteralNode(o)
+    "{" + o.value.map { |x| x.accept(self) }.join(",\n") + '}'
+  end
+
+  def visit_PropertyNode(o)
+    "#{o.name}:#{o.value.accept(self)}"
+  end
+
+  def visit_GetterPropertyNode(o)
+    "get #{o.name}" + function_params_and_body(o.value)
+  end
+
+  def visit_SetterPropertyNode(o)
+    "set #{o.name}" + function_params_and_body(o.value)
+  end
+
+  def visit_FunctionExprNode(o)
+    name = (o.value == 'function') ? '' : ' '+o.value
+    "function" + name + function_params_and_body(o)
+  end
+
+  # Helper for all the various function nodes
+  def function_params_and_body(o)
+    "(#{o.arguments.map { |x| x.accept(self) }.join(',')})" +
+      "#{o.function_body.accept(self)}"
+  end
+
+  def visit_CommaNode(o)
+    "#{o.left.accept(self)},#{o.value.accept(self)}"
+  end
+
+  def visit_IfNode(o)
+    "if(#{o.conditions.accept(self)})#{o.value.accept(self)}" +
+      (o.else ? "else #{o.else.accept(self)}" : '')
+  end
+
+  def visit_ConditionalNode(o)
+    "#{o.conditions.accept(self)}?#{o.value.accept(self)}:" +
+      "#{o.else.accept(self)}"
+  end
+
+  def visit_ForInNode(o)
+    var = o.left.is_a?(RKelly::Nodes::VarDeclNode) ? 'var ' : ''
+    "for(#{var}#{o.left.accept(self)} in #{o.right.accept(self)})" +
+      "#{o.value.accept(self)}"
+  end
+
+  def visit_TryNode(o)
+    "try#{o.value.accept(self)}" +
+      (o.catch_block ? " catch(#{o.catch_var})#{o.catch_block.accept(self)}" : '') +
+      (o.finally_block ? " finally#{o.finally_block.accept(self)}" : '')
+  end
+
+  def visit_BracketAccessorNode(o)
+    "#{o.value.accept(self)}[#{o.accessor.accept(self)}]"
+  end
+
+  def visit_NewExprNode(o)
+    "new #{o.value.accept(self)}(#{o.arguments.accept(self)})"
+  end
+
+end

data/lib/jsobfu/hoister.rb

@@ -0,0 +1,84 @@
+#
+# Walks a Javascript AST and finds the immediate members of the
+# root scope, which is useful for "hoisting" var and function
+# declaration to the top of the function.
+#
+class JSObfu::Hoister < RKelly::Visitors::Visitor
+
+  # @return [Hash] the scope maintained while walking the ast
+  attr_reader :scope
+
+  # @return [Array<String>] the function names in the first level of this closure
+  attr_reader :functions
+
+  def initialize(opts={})
+    @parent_scope = opts.fetch(:parent_scope, nil)
+    @max_depth  = 1
+    @depth      = 0
+    @scope      = {}
+    @resolves   = []
+    @functions  = []
+    super()
+  end
+
+  def visit_SourceElementsNode(o)
+    return if @max_depth and @depth >= @max_depth
+    @depth += 1
+    o.value.each { |x| x.accept(self) }
+    @depth -= 1
+  end
+
+  def visit_VarDeclNode(o)
+    scope[o.name] = o
+  end
+
+  def visit_FunctionDeclNode(o)    
+    @functions << o.value
+    scope[o.value] = o
+  end
+
+  %w{
+    AddNode ArgumentsNode ArrayNode AssignExprNode BitAndNode BitOrNode
+    BitXOrNode BitwiseNotNode BlockNode BracketAccessorNode BreakNode
+    CaseBlockNode CaseClauseNode CommaNode ConditionalNode
+    ConstStatementNode ContinueNode DeleteNode DivideNode
+    DoWhileNode DotAccessorNode ElementNode EmptyStatementNode EqualNode
+    ExpressionStatementNode FalseNode ForInNode ForNode FunctionBodyNode
+    FunctionExprNode GetterPropertyNode GreaterNode GreaterOrEqualNode
+    IfNode InNode InstanceOfNode LabelNode LeftShiftNode LessNode
+    LessOrEqualNode LogicalAndNode LogicalNotNode LogicalOrNode ModulusNode
+    MultiplyNode NewExprNode NotEqualNode NotStrictEqualNode NullNode
+    NumberNode ObjectLiteralNode OpAndEqualNode OpDivideEqualNode
+    OpEqualNode OpLShiftEqualNode OpMinusEqualNode OpModEqualNode
+    OpMultiplyEqualNode OpOrEqualNode OpPlusEqualNode OpRShiftEqualNode
+    OpURShiftEqualNode OpXOrEqualNode ParameterNode PostfixNode PrefixNode
+    PropertyNode RegexpNode ResolveNode ReturnNode RightShiftNode
+    SetterPropertyNode StrictEqualNode StringNode
+    SubtractNode SwitchNode ThisNode ThrowNode TrueNode TryNode TypeOfNode
+    UnaryMinusNode UnaryPlusNode UnsignedRightShiftNode
+    VoidNode WhileNode WithNode
+  }.each do |type|
+    define_method(:"visit_#{type}") do |o|
+    end
+  end
+
+  # @return [String] Javascript that declares the discovered variables
+  def scope_declaration(opts={})
+    keys = scope.keys.dup
+    if opts.fetch(:shuffle, true)
+      keys = keys.shuffle
+    end
+
+    keys.delete_if { |k| @functions.include? k }
+
+    if @parent_scope
+      keys.delete_if { |k| @parent_scope.has_key? k }
+      keys.map! { |k| @parent_scope.renames[k.to_s] || k }
+    end
+
+    str = if keys.empty? then '' else "var #{keys.join(",")};" end
+    # puts str if str.length>0
+    str
+  end
+
+end